Rip, Eigrp, Ospf and Acl

Dynamic Routing Basics
2009, Velocis Systems
Routed versus Routing Protocols

Routed protocols used between routers to direct user traffic; also called network protocols
Examples: IP, IPX, DECnet, AppleTalk, NetWare, OSI, VINES
Routing protocols used between routers to maintain routing tables

Examples: RIP, IGRP, OSPF, BGP, EIGRP
Networking FundamentalsLayer 3 Switching
Network Protocol Protocol name
Destination Exit Port Network to Use 1.0 2.0 3.0 1.1 2.1 3.1
8-2
DYNAMIC ROUTING
Dynamic Routing: Dynamic routing is the process of routing protocols running on the router communicating with neighbor routers. If a change occurs in the network the dynamic routing protocols automatically inform all routers about the change.
Networking FundamentalsLayer 3 Switching 2009, Velocis Systems 8-3
Dynamic Routing
Most internetworks use dynamic routing
A D
B C
A D
B C
A network change blocks the established path...

and an alternate route is found dynamically.

2009, Velocis Systems 8-4
Routing Protocols
What is a Routing Protocol?

10.120.2.0 172.16.1.0
Routing protocols are used between routers to determine paths and maintain routing tables. Once the path is determined a router can route a routed protocol.
E0
S0
Network Protocol Connected RIP EIGRP
Destination Network 10.120.2.0 172.16.2.0 172.17.3.0
Exit Interface E0 S0 S1
172.17.3.0
Routed Protocol: IP Routing protocol: RIP, EIGRP

Autonomous Systems: Interior or Exterior Routing Protocols

IGPs: RIP, EIGRP EGPs: BGP
Autonomous System 100
Autonomous System 200
An autonomous system is a collection of networks under a common administrative domain

IGPs operate within an autonomous system
8-7
Administrative Distance: Ranking Routes

I need to send a packet to Network E. Both router B and C will get it there. Which route is best? Router A
EIGRP Administrative Distance=90

Router B
RIP Administrative Distance=120
E Router C Router D
8-8
Distance Vector versus Link State

Distance vector Sends routing table info only to neighbors, so change communication may need one min/router Also called routing by rumor Easy to configure, but slow Link state Floods routing information about itself to all nodes, so changes are known immediately Efficient, but complex to configure Ciscos EIGRP hybrid Efficient and easy to configure
Distance Vector Routing Protocols

B C DistanceHow far VectorIn which direction D A
D Routing Table
C Routing Table
B Routing Table
A Routing Table
Pass periodic copies of routing table to neighbor routers and accumulate distance vectors
Distance VectorSources of Information and Discovering Routes

10.1.0.0
E0
10.2.0.0 A
S0 S0
10.3.0.0 B
S1 S0
10.4.0.0 C
E0
Routing Table 10.1.0.0 10.2.0.0 E0 S0 0 0
Routing Table 10.2.0.0 S0 10.3.0.0 S1 0 0
Routing Table 10.3.0.0 10.4.0.0 S0 E0 0 0
Routers discover the best path to destinations from each neighbor
8-11

10.1.0.0
E0
10.2.0.0 A
S0 S0
10.3.0.0 B
S1 S0
10.4.0.0 C
E0
Routing Table 10.1.0.0 10.2.0.0 10.3.0.0 E0 S0 S0 0 0 1
Routing Table 10.2.0.0 10.3.0.0 10.4.0.0 10.1.0.0 S0 S1 S1 S0 0 0 1 1
Routing Table 10.3.0.0 10.4.0.0 10.2.0.0 S0 E0 S0 0 0 1
8-12

10.1.0.0
E0
10.2.0.0 A
S0 S0
10.3.0.0 B
S1 S0
10.4.0.0 C
E0
Routing Table 10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0 E0 S0 S0 S0 0 0 1 2
Routing Table 10.2.0.0 10.3.0.0 10.4.0.0 10.1.0.0 S0 S1 S1 S0 0 0 1 1
Routing Table 10.3.0.0 10.4.0.0 10.2.0.0 10.1.0.0 S0 E0 S0 S0 0 0 1 2
8-13
Distance VectorSelecting Best Route with Metrics

A 56 RIP Hop count T1 56 EIGRP Bandwidth
T1 B
Information used to select the best path for routing

Distance VectorMaintaining Routing Information

Process to update this routing table Topology change causes routing table update
Updates proceed step-by-step from router to router


Process to update this routing table Router A sends out this updated routing table after the next period expires Topology change causes routing table update


Process to update this routing table Router A sends out this updated routing table after the next period expires Process to update this routing table Topology change causes routing table update

RIP Overview
19.2 kbps T1 T1
Hop count metric selects the path Routes update every 30 seconds
T1
RIP Configuration
ter(config)#router rip
Starts the RIP routing process
(config-router)#network network-number Selects participating attached networks The network number must be a major classful network number
8-19
RIP Configuration Example

E0 172.16.1.0 S2 S2 10.1.1.2 B S3 S3 E0 192.168.1.0
A 172.16.1.1 10.1.1.1
C 10.2.2.2 10.2.2.3 192.168.1.1
2.3.0.0 router rip network 172.16.0.0 network 10.0.0.0
2.3.0.0 router rip network 192.168.1.0 network 10.0.0.0
router rip network 10.0.0.0
8-20
Verifying the Routing Protocol RIP

E0 172.16.1.0 S2 S2 10.1.1.2 B S3 S3 E0 192.168.1.0 A 172.16.1.1 10.1.1.1 C 10.2.2.2 10.2.2.3 192.168.1.1
RouterA#sh ip protocols Routing Protocol is "rip" Sending updates every 30 seconds, next due in 0 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain Ethernet0 1 1 2 Serial2 1 1 2 Routing for Networks: 10.0.0.0 172.16.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.1.2 120 00:00:10 Distance: (default is 120)
Displaying the IP Routing Table

E0 172.16.1.0 S2 S2 10.1.1.2 B S3 S3 E0 192.168.1.0 A 172.16.1.1 10.1.1.1 C 10.2.2.2 10.2.2.3 192.168.1.1
RouterA#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 1 subnets 172.16.1.0 is directly connected, Ethernet0 10.0.0.0/24 is subnetted, 2 subnets 10.2.2.0 [120/1] via 10.1.1.2, 00:00:07, Serial2 10.1.1.0 is directly connected, Serial2 192.168.1.0/24 [120/2] via 10.1.1.2, 00:00:07, Serial2
C R C R
Link-State Routing Protocols

B C D
Link-State Packets Topological Database SPF Algorithm
Routing Table
Shortest Path First Tree
After initial flood, pass small event-triggered link-state updates to all other routers
EIGRP Overview
6-24
What Is Enhanced IGRP (EIGRP)?

IP Routing Protocols
AppleTalk Routing Protocol
IP Routing Protocols Enhanced IGRP

AppleTalk Routing Protocol
IPX Routing Protocols
IPX Routing Protocols
EIGRP supports:
Rapid convergence Reduced bandwidth usage Multiple network-layer protocols

EIGRP Features
Advanced distance vector 100% loop free Fast convergence Easy configuration Less network design constraints than OSPF
8-26
EIGRP Features (cont.)
Incremental updates Supports VLSM networks Classless routing
8-27
Advantages of EIGRP
Uses multicast instead of broadcast Utilizes link bandwidth Unequal cost path load balancing Manual summarization can be done in any interface at any router within the network
EIGRP Support for Route Summarization

172.16.0.0 /24 192.168.42.0 /27 10.0.0.0 /18
172.16.0.0 /16
172.16.0.0 /16 192.168.42.0 /24
EIGRP performs route summarization

Classful network boundaries (default) Arbitrary network boundaries (manual)
Configuring EIGRP
6-30
Configuring Summarization
(config-router)#
no auto-summary
Turns off autosummarization for the EIGRP process

(config-if)#
ip summary-address eigrp <as-number> <address> <mask>
Creates a summary address to be generated by this interface

Verifying EIGRP Operation

6-32
Verifying EIGRP Operation

Router#
show ip eigrp neighbors

Router#
Displays the neighbors discovered by IP EIGRP Displays the IP EIGRP topology table Displays current EIGRP entries in the routing table Displays the parameters and current state of the active routing protocol process Displays the number of IP EIGRP packets sent and received
show ip eigrp topology

Router#
show ip route eigrp

Router#
show ip protocols
Router#
show ip eigrp traffic
8-33
Example EIGRP Configuration
8-34
R2 EIGRP Configuration
<output omitted> interface FastEthernet0/0 ip address 172.17.2.2 255.255.255.0 <output omitted> interface Serial0/0/1 bandwidth 64 ip address 192.168.1.102 255.255.255.224 <output omitted> router eigrp 100 network 172.17.2.0 0.0.0.255 network 192.168.1.0
8-35
Verifying EIGRP: show ip eigrp neighbors

R1#show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT (sec) (ms) 0 192.168.1.102 Se0/0/1 10 00:07:22 10 R1# RTO Q Seq Cnt Num 2280 0 5
8-36
Verifying EIGRP: show ip route eigrp

R1#show ip route eigrp D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:07:01, Serial0/0/1 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.16.0.0/16 is a summary, 00:05:13, Null0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks D 192.168.1.0/24 is a summary, 00:05:13, Null0 R1#show ip route <output omitted> Gateway of last resort is not set D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:06:55, Serial0/0/1 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.16.0.0/16 is a summary, 00:05:07, Null0 C 172.16.1.0/24 is directly connected, FastEthernet0/0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.96/27 is directly connected, Serial0/0/1 D 192.168.1.0/24 is a summary, 00:05:07, Null0
8-37
Verifying EIGRP: show ip protocols

R1#show ip protocols Routing Protocol is "eigrp 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 100 EIGRP NSF-aware route hold timer is 240s <output omitted> Maximum path: 4 Routing for Networks: 172.16.1.0/24 192.168.1.0 Routing Information Sources: Gateway Distance Last Update (this router) 90 00:09:38 Gateway Distance Last Update 192.168.1.102 90 00:09:40 Distance: internal 90 external 170
Verifying EIGRP: show ip eigrp interfaces
R1#show ip eigrp interfaces IP-EIGRP interfaces for process 100 Xmit Queue Interface Peers Un/Reliable Fa0/0 0 0/0 Se0/0/1 1 0/0
Mean SRTT 0 10
Pacing Time Un/Reliable 0/10 10/380
Multicast Flow Timer 0 424
Pending Routes 0 0
8-39
Verifying EIGRP: show ip eigrp topology

R1#show ip eigrp topology IP-EIGRP Topology Table for AS(100)/ID(192.168.1.101) Codes: P - Passive, A - Active, U - Update, Q - Query, R Reply, r - reply Status, s - sia Status P 192.168.1.96/27, 1 successors, FD is 40512000 via Connected, Serial0/0/1 P 192.168.1.0/24, 1 successors, FD is 40512000 via Summary (40512000/0), Null0 P 172.16.0.0/16, 1 successors, FD is 28160 via Summary (28160/0), Null0 P 172.16.1.0/24, 1 successors, FD is 28160 via Connected, FastEthernet0/0 P 172.17.0.0/16, 1 successors, FD is 40514560 via 192.168.1.102 (40514560/28160), Serial0/0/1
8-40
Verifying EIGRP: show ip eigrp traffic

R1#show ip eigrp traffic IP-EIGRP Traffic Statistics for AS 100 Hellos sent/received: 429/192 Updates sent/received: 4/4 Queries sent/received: 1/0 Replies sent/received: 0/1 Acks sent/received: 4/3 Input queue high water mark 1, 0 drops SIA-Queries sent/received: 0/0 SIA-Replies sent/received: 0/0 Hello Process ID: 113 PDM Process ID: 73
8-41
OSPF Overview
What Is OSPF?
Has fast convergence Supports VLSM Processes updates efficiently Selects paths based on bandwidth
8-43
OSPF Terminology
OSPF Terminology
8-45
OSPF Areas
8-46
Drawbacks of link state routing
The initial discovery causes flooding Link-state routing is memory and processor intensive.
8-47
OSPF Cost
Places router at the root of the tree and calculates the shortest path to each destination based on cumulative cost cost = 100000000/bandwidth bps
8-48
OSPF Operation
Router ID
Number by which the router is known to OSPF Default: The highest IP address on an active interface at the moment of OSPF process startup Can be overridden by a loopback interface: Highest IP address of any active loopback interface
Exchange Process
A
172.16.5.1/24 E0
Down State
172.16.5.2/24 E1
8-51
Exchange Process
A
172.16.5.1/24 E0
Down State
172.16.5.2/24 E1
I am router ID 172.16.5.1 and I see no one.

Init State
Router B Neighbors List 172.16.5.1/24, int E1
8-52
Exchange Process
A
172.16.5.1/24 E0
Down State
172.16.5.2/24 E1

Init State
Router B Neighbors List 172.16.5.1/24, int E1 I am router ID 172.16.5.2, and I see 172.16.5.1.
8-53
Exchange Process
A
172.16.5.1/24 E0
Down State
172.16.5.2/24 E1

Init State
Router B Neighbors List 172.16.5.1/24, int E1 I am router ID 172.16.5.2, and I see 172.16.5.1. Router A Neighbors List 172.16.5.2/24, int E0
Two-Way State
8-54
Discovering Routes
E0 172.16.5.1
afadjfjorqpoeru 39547439070713
DR E0 172.16.5.3
Exstart State
Hello
I will start exchange because I have router ID 172.16.5.1.

No, I will start exchange because I have a higher router ID.
Hello
8-55
Discovering Routes
E0 172.16.5.1
DR E0 172.16.5.3
Exstart State
Hello
I will start exchange because I have router ID 172.16.5.1.

No, I will start exchange because I have a higher router ID.

Exchange State
Hello
Here is a summary of my link-state database.

DBD
DBD
Here is a summary of my link-state database.

Discovering Routes (cont.)

DR E0 172.16.5.1
E0 172.16.5.3
LSAck
Thanks for the information!
LSAck
8-57
OSPF Operation in a Point-to-Point Topology
Point-to-Point Neighborship
Router dynamically detects its neighboring router using the Hello protocol Adjacency is automatic as soon as the two routers can communicate
OSPF packets are always sent as multicast 224.0.0.5
8-59
Configuring OSPF in a Single Area
Configuring OSPF on Internal Routers

Broadcast Network A
10.64.0.2 10.64.0.1 E0 E0
Point-to-Point Network B
S0 10.2.1.2 10. 2.1.1 S1
<Output Omitted> interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! <Output Omitted>

router ospf 1 network 10.0.0.0 0.255.255.255 area 0
<Output Omitted> interface Ethernet0 ip address 10.64.0.2 255.255.255.0 ! interface Serial0 ip address 10.2.1.2 255.255.255.0 <Output Omitted> router ospf 50 network 10.2.1.2 0.0.0.0 area 0 network 10.64.0.2 0.0.0.0 area 0
Can Assign Network or Interface Address.

Verifying OSPF Operation
Verifying OSPF Operation

Router#
show ip protocols
Verifies that OSPF is configured

Router#
show ip route
Displays all the routes learned by the router

Router#
show ip ospf interface
Displays area ID and adjacency information

Verifying OSPF Operation (cont.)

Router#
show ip ospf
Router#
show ip ospf neighbor detail
Displays OSPF timers and statistics

Router#
show ip ospf database
Displays information about DR, BDR and neighbors

Verifying OSPF Operation (cont.)

Router#
clear ip route *
Allows you to clear the IP routing table

Router#
debug ip ospf option
Displays router interaction during the hello, exchange, and flooding processes
8-65
ACCESS-LISTS
8-66
Why Use Access Lists?
Token Ring
FDDI
Manage IP Traffic as network access grows
8-67
Why Use Access Lists?

172.16.0.0
Token Ring
FDDI
Internet
172.17.0.0
Filter packets as they pass through the router

Access List Applications

Transmission of packets on an interface
Permit or deny packets moving through the router Permit or deny vty access to or from the router Without access lists all packets could be transmitted onto all parts of your network
What Are Access Lists?

E0
Incoming Packet
Access List Processes

Source Permit?
Outgoing Packet
S0
Standard Checks Source address Generally permits or denies entire protocol suite
8-70

E0
Incoming Packet

Source and Destination Protocol Permit?
Outgoing Packet
S0
Standard Checks Source address Generally permits or denies entire protocol suite Extended Checks Source and Destination address Generally permits or denies specific protocols

E0
Incoming Packet

Source and Destination Protocol Permit?
Outgoing Packet
S0
Standard Checks Source address Generally permits or denies entire protocol suite Extended Checks Source and Destination address Generally permits or denies specific protocols Inbound or Outbound
Outbound Access Lists

Packet Inbound Interface Packets Choose Interface S0 Outbound Interfaces
Y Routing Table Entry
?
N
Access N List ?
Y
Packet Discard Bucket


Packet Inbound Interface Packets Choose Interface Test Access List Statements Access N List ?
Y
S0 Outbound Interfaces E0 Packet Permit ?

Y
?
N


Packet Inbound Interface Packets Choose Interface Test Access List Statements Access N List ?
Y
S0 Outbound Interfaces E0 Packet Permit ?

N Y
?
N
Discard Packet Notify Sender Packet Discard Bucket If no access list statement matches then discard the packet
A List of Tests: Deny or Permit

Packets to interfaces in the access group
Match First Test Y Y ?
Deny
Permit Destination Interface(s)

Deny
A List of Tests: Deny or Permit

Packets to Interface(s) in the Access Group
Match First Test Y Y ? N
Deny Deny
Y Match Next Test(s) ? Y
Permit Permit Destination Interface(s)

Deny
Access List Configuration Guidelines

Access list numbers indicate which protocol is filtered The order of access list statements controls testing There is an implicit deny any as the last access list test every list should have at least one permit statement Create access lists before applying them to interfaces Access list, filter traffic going through the router; they do not apply to traffic originated from the router
8-78
Access List Command Overview

Step 1: Set parameters for this access list test statement (which can be one of several statements)
Router(config)#
access-list access-list-number { permit | deny } { test conditions }
8-79
Access List Command Overview

Step 1: Set parameters for this access list test statement (which can be one of several statements)
Router(config)#
access-list access-list-number { permit | deny } { test conditions }
Step 2: Enable an interface to use the specified access list

Router(config-if)#
{ protocol } access-group access-list-number {in | out}
IP Access lists are numbered 1-99 or 100-199

How to Identify Access Lists

Access List Type IP Standard Number Range/Identifier 1-99
Standard IP lists (1 to 99) test conditions of all IP packets from source addresses
8-81

Access List Type IP Standard Extended Number Range/Identifier 1-99 100-199
Standard IP lists (1 to 99) test conditions of all IP packets from source addresses Extended IP lists (100 to 199) can test conditions of source and destination addresses, specific TCP/IP protocols, and destination ports
8-82

Access List Type IP Standard Extended Standard Extended SAP filters Named Number Range/Identifier 1-99 100-199 800-899 900-999 1000-1099 Name (Cisco IOS 11.2. F and later)
IPX
Standard IP lists (1 to 99) test conditions of all IP packets from source addresses Extended IP lists (100 to 199) can test conditions of source and destination addresses, specific TCP/IP protocols, and destination ports
Configuring Standard IP Access Lists

Networking FundamentalsLayer 3 Switching 2009, Velocis Systems 8-84 10-84
Standard IP Access List Configuration

Router(config)#
access-list access-list-number {permit|deny} source [mask]
Sets parameters for this list entry IP standard access lists use 1 to 99 Default wildcard mask = 0.0.0.0 no access-list access-list-number removes entire access-list
8-85
Standard IP Access List Configuration

Router(config)#
access-list access-list-number {permit|deny} source [mask]
Sets parameters for this list entry IP standard access lists use 1 to 99 Default wildcard mask = 0.0.0.0 no access-list access-list-number removes entire access-list
Router(config-if)#
ip access-group access-list-number Activates the list on an interface Sets inbound or outbound testing Default = Outbound no ip access-group access-list-number removes access-list from the interface Networking FundamentalsLayer 3 Switching 2009, Velocis Systems 8-86 { in | out }
Standard IP Access List Example

172.16.3.0 Non172.16.0.0 S0 E0 E1 172.16.4.0 172.16.4.13
access-list 1 deny 172.16.4.13 0.0.0.0
Deny a specific host

Standard IP Access List Example 2

172.16.3.0 Non172.16.0.0 S0 E0 E1 172.16.4.0 172.16.4.13
access-list 1 deny 172.16.4.13 0.0.0.0 access-list 1 permit 0.0.0.0 255.255.255.255 (implicit deny all) (access-list 1 deny 0.0.0.0 255.255.255.255)
Deny a specific host

Control vty Access With Access Class

Filter Virtual Terminal (vty) Access to a Router

console e0
Console port (direct connect)
0 1 2 34
Physical port e0 (Telnet)
Virtual ports (vty 0 through 4)
Five virtual terminal lines (0 through 4) Filter addresses that can access into the routers vty ports Filter vty access out from the router
How to Control vty Access

e0
0 1 2 34
Physical port (e0) (Telnet)
Router#
Virtual ports (vty 0 through 4)
Setup IP address filter with standard access list statement Use line configuration mode to filter access with the access-class command Set identical restrictions on all vtys
Virtual Terminal Line Commands

Router(config)#
line vty#{vty# | vty-range}
Enters configuration mode for a vty or vty range

Router(config-line)#
access-class access-list-number {in|out}
Restricts incoming or outgoing vty connections for address in the access list
Virtual Terminal Access Example

Controlling Inbound Access
access-list 12 permit 192.89.55.0 0.0.0.255 ! line vty 0 4 access-class 12 in
Permits only hosts in network 192.89.55.0 to connect to the routers vtys
8-93
Configuring Extended IP Access Lists

Standard versus External Access List

Standard
Filters Based on Source. Permit or deny entire TCP/IP protocol suite. Range is 1 through 99
Extended
Filters Based on Source and destination. Specifies a specific IP protocol and port number. Range is 100 through 199.
8-95
Extended IP Access List Configuration

Router(config)#
access-list access-list-number { permit | deny } protocol source source-wildcard [operator port] destination destination-wildcard [ operator port ] [ established ] [log]
Sets parameters for this list entry
8-96
Extended IP Access List Configuration

Router(config)# { permit | deny [operator port] [ operator port access-list access-list-number } protocol source source-wildcard destination destination-wildcard ] [ established ] [log]
Sets parameters for this list entry

Router(config-if)# ip access-group access-list-number { in | out }
Activates the extended list on an interface
8-97
Extended Access List Example 1

172.16.3.0 Non172.16.0.0 S0 E0 E1 172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20
Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0

Permit all other traffic
8-98

172.16.3.0 Non172.16.0.0 S0 E0 E1 172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip any any (implicit deny all) (access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)

8-99

172.16.3.0 Non172.16.0.0 S0 E0 E1 172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip any any (implicit deny all) (access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255) interface ethernet 0 ip access-group 101 out


172.16.3.0 Non172.16.0.0 S0 E0 E1 172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0
0.0.0.255
any eq 23
Deny only Telnet from subnet 172.16.4.0 out of E0 Permit all other traffic

172.16.3.0 Non172.16.0.0 S0 E0 E1 172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0 access-list 101 permit ip any any (implicit deny all)
0.0.0.255
any eq 23

172.16.3.0 Non172.16.0.0 S0 E0 E1 172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0 access-list 101 permit ip any any (implicit deny all) interface ethernet 0 ip access-group 101 out
0.0.0.255
any eq 23
Where to Place IP Access Lists

S0 E0 E0
A B
S0 S1 S1
C
E0
To0
Token Ring
E0
E1
Place extended access lists close to the source Place standard access lists close to the destination
Recommended:
Monitoring Access List Statements

wg_ro_a#show {protocol} access-list {access-list number}
wg_ro_a#show access-lists {access-list number}
wg_ro_a#show access-lists Standard IP access list 1 permit 10.2.2.1 permit 10.3.3.1 permit 10.4.4.1 permit 10.5.5.1 Extended IP access list 101 permit tcp host 10.22.22.1 any eq telnet permit tcp host 10.33.33.1 any eq ftp permit tcp host 10.44.44.1 any eq ftp-data
8-105

Rip, Eigrp, Ospf and Acl

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Rip, Eigrp, Ospf and Acl

Caricato da

Copyright:

Formati disponibili

Dynamic Routing Basics

2009, Velocis Systems

Routed versus Routing Protocols

Routing protocols used between routers to maintain routing tables

Network Protocol Protocol name

2009, Velocis Systems

A network change blocks the established path...

and an alternate route is found dynamically.

2009, Velocis Systems

What is a Routing Protocol?

Network Protocol Connected RIP EIGRP

Destination Network 10.120.2.0 172.16.2.0 172.17.3.0

Routed Protocol: IP Routing protocol: RIP, EIGRP

Autonomous Systems: Interior or Exterior Routing Protocols

Autonomous System 100

Autonomous System 200

An autonomous system is a collection of networks under a common administrative domain

IGPs operate within an autonomous system

2009, Velocis Systems

Administrative Distance: Ranking Routes

EIGRP Administrative Distance=90

RIP Administrative Distance=120

Networking FundamentalsLayer 3 Switching

2009, Velocis Systems

Distance Vector versus Link State

Distance Vector Routing Protocols

Distance VectorSources of Information and Discovering Routes

Routing Table 10.1.0.0 10.2.0.0 E0 S0 0 0

Routing Table 10.2.0.0 S0 10.3.0.0 S1 0 0

Routing Table 10.3.0.0 10.4.0.0 S0 E0 0 0

Routers discover the best path to destinations from each neighbor

Networking FundamentalsLayer 3 Switching

2009, Velocis Systems

Distance VectorSources of Information and Discovering Routes

Routing Table 10.1.0.0 10.2.0.0 10.3.0.0 E0 S0 S0 0 0 1

Routing Table 10.2.0.0 10.3.0.0 10.4.0.0 10.1.0.0 S0 S1 S1 S0 0 0 1 1

Routing Table 10.3.0.0 10.4.0.0 10.2.0.0 S0 E0 S0 0 0 1

Routers discover the best path to destinations from each neighbor

Networking FundamentalsLayer 3 Switching

2009, Velocis Systems

Distance VectorSources of Information and Discovering Routes

Routing Table 10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0 E0 S0 S0 S0 0 0 1 2

Routing Table 10.2.0.0 10.3.0.0 10.4.0.0 10.1.0.0 S0 S1 S1 S0 0 0 1 1

Routing Table 10.3.0.0 10.4.0.0 10.2.0.0 10.1.0.0 S0 E0 S0 S0 0 0 1 2

Routers discover the best path to destinations from each neighbor

Networking FundamentalsLayer 3 Switching

2009, Velocis Systems

Distance VectorSelecting Best Route with Metrics

Information used to select the best path for routing

Distance VectorMaintaining Routing Information

Updates proceed step-by-step from router to router

Distance VectorMaintaining Routing Information

Updates proceed step-by-step from router to router

Distance VectorMaintaining Routing Information

Updates proceed step-by-step from router to router

Starts the RIP routing process

Networking FundamentalsLayer 3 Switching

2009, Velocis Systems

RIP Configuration Example

C 10.2.2.2 10.2.2.3 192.168.1.1

2.3.0.0 router rip network 172.16.0.0 network 10.0.0.0

2.3.0.0 router rip network 192.168.1.0 network 10.0.0.0

router rip network 10.0.0.0