Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Chapter
Routing Protocol
Static Routing
Default Routing
Dynamic Routing
RIP
RIPv2
IGRP
EIGRP
OSPF
Frame-Relay
Switch
VPN
Layers
IP Addresses
Wireless
Routing Basics
What is Routing ?
o The term “routing” is used for taking a packet from one device and sending it
through the network to another device on a different network.
o Routers don’t really care about hosts—they only care about networks and the best
path to each network.
Routers route traffic to all the networks in your internetwork. To be able to route packets,
a router must know, at a minimum, the following:
Destination address
Neighbor routers from which it can learn about remote networks
Possible routes to all remote networks
The best route to each remote network
How to maintain and verify routing information
Routing Example :
192.168.20.1
192.168.10.1 F0/0
F0/0
192.168.10.2 192.168.20.2
Internet
• Routing is taking place from Host_A to Host_B through the Lab_A Router.
• To be able to route, the router must know how to get into the network
172.16.20.0.
ROUTING TYPES
1. Static Routing
2. Default Routing
3. Dynamic Routing
1. Static Routing.
Static routing occurs when you manually add routes in each router’s routing table.
By default, Static routes have an Administrative Distance (AD) of 1
Features
There is no overhead on the router CPU
There is no bandwidth usage between routers
It adds security, because the administrator can choose to allow routing access to
certain networks only.
2. Default Routing.
Default routing is used to send packets with a remote destination network not
in the routing table to the next-hop router.
We can only use default routing on stup networks. Those with only one exit
Path out of the network.
Configuration Default Routing
Router(config)#ip route 0.0.0.0 0.0.0.0 Next-Hop_Address
Router(config)#ip route 0.0.0.0 0.0.0.0 Exit interface
Router(config)#ip default-network ?
3. Dynamic Routing.
Dynamic routing is when protocols are used to find networks and update routing
table on routers.
A routing protocol defines the set of rules used by router when it communicates
routing information between neighbor routers
There are two type of routing protocols used in internetwors:
Interior Gateway Protocols (IGPs)
IGPs are used to exchange routing information with routers in the same
Autonomous System(AS) number.
Exterior Gateway Protocols (EGPs)
EGPs are used to communicate between different Autonomous System.
Autonomous System.
An autonomous system is a collection of networks under a common
administrative domain, which basically means that all routers sharing the same routing
table information are in the same AS.
Routing Protocol Basics.
• Administrative Distances
• Routing protocol
• Routing Loops
Administrative Distances.
The Administrative Distance (AD) is used to rate the trustworthiness of routing
information received on a router from a neighbor router. An Administrative Distance is an
integer from 0 to 255, where 0 is the most trusted and 255 means no traffic will be passed
via this route.
If a router receives two updates listing he sane remote network, the first thing the
router checks is the AD. If one of the advertised routes has lower AD than the other, then
the route with the lowest AD will be placed in the routing table.
If both advertised routes to the same network have the same AD, then routing
protocol metrics (such as hop count or bandwidth of the lines) will be used to find the
best path to the remote network. The advertised route with the lowest metric will be
placed in the routing table.
But if both advertised routes have the same AD as well as the same metrics, then
the routing protocol will load-balance in the remote network
Default Administrative Distances
Route Source Default AD
Connected interface 0
Static Route 1
EIGRP 90
IGRP 100
OSPF 110
RIP 120
External EIGRP 170
Unknown 255 This route will never be used
Routing Protocols.
There are three classes of Routing Protocol
• Distance vector protocol
• Link state protocol
• Hybrid protocol
Hybrid protocol
Hybrid protocol use aspects of both distance-vector and link state protocol.
Ex: EIGRP
Converged Network
Routing Loops
Distance-vector routing protocols keep track of any changes to the internet work
by broadcasting periodic routing updates out all active interfaces. This broadcast includes
the complete routing table.
Routing loops can occur because a every router isn’t updated simultaneously.
Routing Loops Example
Router D
The interface to Network 5 fails. All routers know about Network 5 from Router
E. RouterA, in its tables, has a path to Network 5 through Router B.
When Network 5 fails, Router E tells Router C. This causes Router C to stop
routing to Network 5 through Router E. But Routers A, B, and D don’t know about
Network 5 yet, so they keep sending out update information. Router C will eventually
send out its update and cause B to stop routing to Network 5, but Routers A and D are
still not updated. To them, it appears that Network 5 is still available through Router B
with a metric of 3.The problem occurs when Router A sends out its regular 30-second
“Hello, I’m still here—these are the links I know about” message, which includes the
ability to reach Network 5 and now Routers B and D receive the wonderful news that
Network 5 can be reached from Router A, so Routers B and D then send out the
information that Network 5 is available. Anypacket destined for Network 5 will go to
Router A, to Router B, and then back to Router A.This is a routing loop.
Loop Avoidance
Split Horizon
This reduces incorrect routing information and routing overhead in a distance-
vector network by enforcing the rule that routing information cannot be sent back in the
direction from which it was received
Route Poisoning
when Network 5 goes down, Router E initiates route poisoning by
advertising Network 5 as 16, or unreachable. When Router C receives a route poisoning
from Router E, it sends an update, called a poison reverse, back to Router E. This ensures
all routes on the segment have received the poisoned route information.
Secret Password
Router>enable
Router#configuration terminal
Router(config)#enable secret *****
F0/0
30.0.0.1
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2 or S0/0 exit interface
1700A(config)#ip route 40.0.0.0 255.0.0.0 20.0.0.2 or S0/0 (exit interface)
1700A(config)#ip route 50.0.0.0 255.0.0.0 20.0.0.2 or S0/0 (exit interface)
1700A(config)#exit
1700A#show ip interface brief
1700A# show ip protocol
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A#show controllers S3/0 (to see a DCE end or DTE end)
3600A(config-if)#clock rate 64000
3600A(config)#interface Serial 3/1
3600A(config-if)#ip address 30.0.0.1. 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#control Z
3600A#show ip route
3600A#show ip interface brief
3600A(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1 or 20.0.0.2
3600A(config)#ip route 50.0.0.0 255.0.0.0 40.0.0.2 or 40.0.0.1
3600A(config)#exit
3600A#show ip interface brief
3600A# show ip protocol
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 40.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 30.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#control Z
1700B#show ip route
1700B#show ip interface brief
1700B(config)#ip route 10.0.0.0 255.0.0.0 40.0.0.1 or 40.0.0.2
1700B(config)#ip route 20.0.0.0 255.0.0.0 40.0.0.1 or 40.0.0.2
1700B(config)#ip route 30.0.0.0 255.0.0.0 40.0.0.1 or 40.0.0.2(exit interface) S0/0
1700B(config)#exit
1700B#show ip interface brief
1700B#show ip route
1700B#show ip protocol
1700B#ping 10.0.0.1
Default Routing Configuration
LAB
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2
or
1700A(config)#ip route 0.0.0.0 0.0.0.0 S0/0
or
1700A(config)#ip default-network 0.0.0.0 0.0.0.0 20.0.0.0
1700A(config)#exit
1700A#show ip interface brief
1700A#show ip protocol
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A#show controllers S3/0 (to see a DCE or DTE )
3600A(config-if)#clock rate 64000
3600A(config)#interface Serial 3/1
3600A(config-if)#ip address 30.0.0.1. 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#control Z
3600A#show ip route
3600A#show ip interface brief
3600A(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.2
or
3600A(config)#ip route 0.0.0.0 0.0.0.0 S3/1
or
3600A(config)#ip default-network 30.0.0.0
3600A(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1 or S3/0(static routing)
3600A(config)#exit
3600A#show ip interface brief
3600A#show ip protocol
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 40.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 30.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#control Z
1700B#show ip route
1700B#show ip interface brief
1700B(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.1
or
1700B(config)#ip route 0.0.0.0 0.0.0.0 S0/0
or
1700B(config)#ip default-network 30.0.0.0
1700B(config)#exit
1700B#show ip interface brief
1700B#show ip route
1700B#show ip protocol
1700B#ping 10.0.0.1
Routing Information Protocol (RIP)
RIP Timers
Hold-down timer
This sets the amount of time during which routing information is suppressed.
Routers will enter into the hold-down state when an update packet is received that
indicated the route is unreachable. This continues until entire an update packet is received
with a better metric or until the hold-down timer expires. The default is 180 seconds
S3/1
S3/0
50.0.0.1
20.0.0.2
3600A
20.0.0.1 50.0.0.2
S0/0 60.0.0.2 S0/0
30.0.0.2 60.0.0.1
10.0.0.1 30.0.0.1 S1/0 S1/1 S1/0 F0/0
F0/0 S0/1 80.0.0.1
1700A 3600B 1700B
S1/0 S1/1
40.0.0.1 70.0.0.2
S0/0
S0/1
40.0.0.2 70.0.0.1
3600C
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/1
1700A(config-if)#ip address 30.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 1/0
1700A(config-if)#ip address 40.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A#configuration terminal
1700A(config)#router rip
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#network 30.0.0.0
1700A(config-router)#network 40.0.0.0
1700A(config-router)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A#show ip protocol
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config)#interface Serial 3/1
3600A(config-if)#ip address 50.0.0.1. 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#exit
3600A(config)#router rip
3600A(config-router)#network 20.0.0.0
3600A(config-router)#network 50.0.0.0
3600A(config-router)#control Z
3600A#show ip route
3600A#show ip interface brief
3600A# show ip protocol
3600B
Router>enable
Router#configuration terminal
Router(config)#hostname 3600B
3600B(config)#interface S1/0
3600B(config-if)#ip address 30.0.0.2 255.0.0.0
3600B(config-if)#no shutdown
3600B(config-if)#clock rate 64000
3600B(config)#interface Serial 1/1
3600B(config-if)#ip address 60.0.0.1. 255.0.0.0
3600B(config-if)#no shutdown
3600B(config-if)#clock rate 64000
3600B(config-if)#exit
3600B(config)#router rip
3600B(config-router)#network 30.0.0.0
3600B(config-router)#network 60.0.0.0
3600A(config-router)#control Z
3600B#show ip route
3600B#show ip interface brief
3600B# show ip protocol
3600C
Router>enable
Router#configuration terminal
Router(config)#hostname 3600C
3600C(config)#interface S0/0
3600C(config-if)#ip address 40.0.0.2 255.0.0.0
3600C(config-if)#no shutdown
3600C(config-if)#clock rate 64000
3600C(config)#interface Serial 0/1
3600C(config-if)#ip address 70.0.0.1. 255.0.0.0
3600C(config-if)#no shutdown
3600C(config-if)#clock rate 64000
3600C(config-if)#exit
3600C(config)#router rip
3600C(config-router)#network 40.0.0.0
3600C(config-router)#network 70.0.0.0
3600C(config-router)#control Z
3600C#show ip route
3600C#show ip interface brief
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 80.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 50.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 1/0
1700B(config-if)#ip address 60.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 1/1
1700B(config-if)#ip address 70.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#control Z
1700B#show ip route
1700B#show ip interface brief
1700B#show ip protocol
1700B#configuration terminal
1700B(config)#router rip
1700B(config-router)#network 50.0.0.0
1700B(config-router)#network 60.0.0.0
1700B(config-router)#network 70.0.0.0
1700B(config-router)#network 80.0.0.0
1700B(config-router)#control Z
1700B#show ip interface brief
1700B#show ip protocol
• Both RIPv1 and RIPv2 are distance-vector protocols, which means that each router
running RIP sends its complete routing tables out all active interfaces at periodic time
intervals.
• The timers and loop-avoidance schemes are the same in both RIP versions.
• Both RIPv1 and RIPv2 are configured as classful addressing, (but RIPv2 is
considered classless because subnet information is sent with each route update)
• Both have the same administrative distance (120)
• RIP is an open standard, you can use RIP with any brand of router.
• Alogrithm – Bellman Ford
• Multicast addresse 224.0.0.9
Classful Classless
192.168.1.17 - 22 192.168.1.33 - 46
192.168.1.5 192.168.1.9
F0/0 S0/0 S0/0
S3/0 S3/1 F0/0
192.168.1.6 192.168.1.10
Answer:
IP Addresses 192.168.1.0/24
Need 2 IP Addresses 22 = 4 – 2= 2
192.168.1. 12 6 3 1 8 4 2 1
8 4 2 6
Borrowing 2 bits
Network ID First Host ID Last Host ID Broadcast ID
192.168.1.4 192.168.1.5 192.168.1.6 192.168.1.7
192.168.1.8 192.168.1.9 192.168.1.10 192.168.1.11
Need 6 IP Addresses 23 = 8 – 2 = 6
192..168.1. 12 6 3 1 8 4 2 1
8 4 2 6
Borrowing 3 bits
Network ID First Host ID Last Host ID Broadcast ID
The following IP already use
192.168.1.8 192.168.1.9 192.168.1.14 192.168.1.15
So we are use following IP Addresses
192.168.1.16 192.168.1.17 192.168.1.22 192.168.1.23
Need 14 IP Addresses 24 = 16 – 2 = 14
Borrowing 4 bits
192.168.1. 12 6 3 1 8 4 2 1
8 4 2 6
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 192.168.1.17 255.255.255.248
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 192.168.1.5 255.255.255.252
1700A(config-if)#no shutdown
1700A(config-if)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A(config)#router rip
1700A(config-router)#version 2
1700A(config-router)#network 192.168.1.4
1700A(config-router)#network 192.168.1.16
1700A(config)#exit
1700A#show ip interface brief
1700A# show ip protocol
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 192.168.1.6 255.255.255.252
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config)#interface Serial 3/1
3600A(config-if)#ip address 192.168.1.9 255.255.255.252
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#control Z
3600A#show ip route
3600A#show ip interface brief
3600A(config-router)#router rip
3600A(config-router)#version 2
3600A(config-router)#network 192.168.1.4
3600A(config-router)#network 192.168.1.8
3600A(config)#exit
3600A#show ip interface brief
3600A# show ip protocol
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 192.168.1.33 255.255.255.240
1700B(config-if)#no shutdown
1700B(config-if)#interface Serial 0/0
1700B(config-if)#ip address 192.168.1.10 255.255.255.252
1700B(config-if)#no shutdown
1700B(config-if)#control Z
1700B#show ip route
1700B#show ip interface brief
1700B(config)#router rip
1700B(config-if)#version 2
1700B(config-router)#network 192.168.1.8
1700B(config-router)#network 192.168.1.32
1700B(config-router)#control Z
1700B#show ip interface brief
1700B#show ip route
1700B#show ip protocol
1700B#ping 192.168.1.17
To change Update time, Invalid time, Hold downtime &
Flush out time by default to customize use following command
Router>en
Router#configuration terminal
Router(config)#router RIP
Router(config-router)#time basic **(update) **(invalid) **(hold down) **(flush time)
RIP V1 & RIP V2 Configuration
(Router Information Protocol Version 1 & Router Information Protocol Version 2)
LAB
RIP V1 RIP V2
10.0.0.1
20.0.0.1 20.0.0.2 30.0.0.1 30.0.0.2 40.0.0.1
F0/0 S0/0
S3/0 S3/1 S0/0 F0/0
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A(config)#router rip
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config)#exit
1700A#show ip interface brief
1700A# show ip protocol
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config)#interface Serial 3/1
3600A(config-if)#ip address 30.0.0.1. 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#control Z
3600A#show ip route
3600A#show ip interface brief
3600A(config)#router rip
3600A(config-router)#network 20.0.0.0
3600A(config-router)#router rip
3600A(config-router)#version 2
3600A(config-router)#network 30.0.0.0
3600A(config)#exit
3600A#show ip interface brief
3600A# show ip protocol
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 40.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#interface Serial 0/0
1700B(config-if)#ip address 30.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#control Z
1700B#show ip route
1700B#show ip interface brief
1700B(config)#router rip
1700B(config-if)#version 2
1700B(config-router)#network 30.0.0.0
1700B(config-router)#network 40.0.0.0
1700B(config-router)#control Z
1700B#show ip interface brief
1700B#show ip route
1700B#show ip protocol
1700B#ping 10.0.0.1
Another type to configure RIPV2 in this 1700A Router
Serial S0/0 interface configuration command
1700B(config-if)#interface Serial 0/0
1700B(config-if)#ip received version 1
Interior Gateway Routing Protocol (IGRP)
IGRP RIP
Can be used in large internetworks Works best in smaller networks
Uses an autonomous system number for Does not yse aytibiniys system numbers
activation
Gives a full route table update every 90 Gives full route table update every 30
seconds seconds
Has an administrative distance of 100 Has an administrative distance of 120
Uses bandwidth and delay of the line as Uses only hop count to determine the best
metric (lowest composite metric),with a path to a remote network, with 15 hops
maximum hop count of 255 being the maximum
IGRP Timers
To control performance, IGRP includes the following timers with default settings:
Update timers :
These specify how frequently routing-update messages should be sent. The
default is 90 seconds.
Invalid timers :
These specify how long a router should wait before declaring a route invalid if it
doesn’t receive a specific update about it. The default is three times the update period.
Holddown timers :
These specify the holddown period. The default is three times the update timer
period plus 10 seconds.
Flush timers :
These indicate how much time should pass before a route should be flushed from
the routing table. The default is seven times the routing update period. If the update timer
is 90 seconds by default, then 7 × 90 = 630 seconds elapse before a route will be flushed
from the route table.
10.0.0.1
20.0.0.1 20.0.0.2 30.0.0.1 30.0.0.2 40.0.0.1
F0/0 S0/0
S3/1 F0/0
S3/0 S0/0
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#router igrp 100 (autonomous system number)
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#control Z
1700A#show ip interface brief
1700A# show ip protocol
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#interface Serial 3/1
3600A(config-if)#ip address 30.0.0.1. 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#exit
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 40.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 30.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)#router igrp 100 (autonomous system number)
1700B(config-router)#network 10.0.0.0
1700B(config-router)#network 20.0.0.0
1700B(config-router)#control Z
1700B#show ip interface brief
1700B#show ip route
1700B#show ip protocol
1700B#ping 10.0.0.1
EIGRP (Enhanced Interior Gateway Routing Protocol)
Note:
Cisco calls EIGRP a distance vector routing protocol, or sometimes an
advanced distance vector or even a hybrid routing protocol.
• EIGRP supports different Network layer protocols through the use of protocol-
dependent modules (PDMs).
• Each EIGRP PDM will maintain a separate series of tables containing the routing
information that applies to a specific protocol.
• It means that there will be IP/EIGRP tables, IPX/EIGRP tables, and
AppleTalk/EIGRP tables.
Neighbor Discovery
Before EIGRP routers are willing to exchange routes with each other, they must
become neighbors.There are three conditions that must be met for neighborship
establishment:
Hello or ACK received
AS numbers match
Feasible distance
This is the best metric along all paths to a remote network, including the metric
to the neighbor that is advertising that remote network. This is the route that you will find
in the routing table, because it is considered the best path. The metric of a feasible
distance is the metric reported by the neighbor (called reported distance), plus the metric
to the neighbor reporting the route.
Reported distance ( Advertised Distance )
This is the metric of a remote network, as reported by a neighbor. It is also
the routing table metric of the neighbor.
Neighbor table
Each router keeps state information about adjacent neighbors. When a newly
discovered neighbor is learned, the address and interface of the neighbor are recorded,
and this information is held in the neighbor table, stored in RAM. There is one neighbor
table for each protocol-dependent module.
Topology table
The topology table is populated by the PDMs and acted upon by the Diffusing
Update Algorithm (DUAL). It contains all destinations advertised by neighboring
routers, holding each destination address and a list of neighbors that have advertised the
destination. For each neighbor, the advertised metric is recorded, which comes only from
the neighbor’s routing table. If the neighbor is advertising this destination, it must be
using the route to forward packets.
Feasible successor
A destination entry is moved from the topology table to the routing table when
there is a feasible successor. A feasible successor is a path whose reported distance is less
than the feasible distance, and it is considered a backup route. EIGRP will keep up to six
feasible successors in the topology table. Only the one with the best metric
(the successor).is placed in the routing table.
Successor
A successor route is the best route to a remote network. A successor route is used
by EIGRP to forward traffic to a destination and is stored in the routing table. It is backed
up by a feasible successor route that is stored in the topology table—if one is available.
• A feasible successor is a backup route and is stored in the topology table.
• A successor route is stored in the topology table and also placed in the routing
table.
Reliable Transport Protocol (RTP)
o EIGRP uses a proprietary protocol, called Reliable Transport Protocol (RTP), to
manage the communication of messages between EIGRP-speaking routers.
o EIGRP sends updates via multicast traffic, it uses the Class D address 224.0.0.10.
o If EIGRP doesn’t get a reply from a neighbor, it will switch to using unicasts to
resend the same data.
o If it still doesn’t get a reply after 16 unicast attempts, the neighbor is declared dead.
EIGRP Metrics
Another really sweet thing about EIGRP is that unlike many other protocols that
use a single factor to compare routes and select the best possible path, EIGRP can use a
combination of four:
Bandwidth
Delay
Load
Reliability
MTU
Like IGRP, EIGRP uses only bandwidth and delay of the line to determine the
best path to a remote network by default.
S3/1
S3/0
50.0.0.1
20.0.0.2
512 kbps 3600A 128 kbps
20.0.0.1 50.0.0.2
S0/0 60.0.0.2 S0/0
256 kbps 30.0.0.2 60.0.0.1 256 kbps
10.0.0.1 30.0.0.1 S1/0 S1/1 S1/0 F0/0
F0/0 S0/1 80.0.0.1
1700A 3600B 1700B
S1/0 S1/1
40.0.0.1 70.0.0.2
S0/0
S0/1
40.0.0.2 70.0.0.1
3600C
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface S0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#bandwidth 512
1700A(config)#interface Serial 0/1
1700A(config-if)#ip address 30.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#bandwidth 256
1700A(config)#interface S1/0
1700A(config-if)#ip address 40.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#bandwidth 128
1700A(config-if)#exit
1700A(config)#router EIGRP 500 (autonomous no: 0 – 65565)
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#network 30.0.0.0
1700A(config-router)#network 40.0.0.0
1700A(config-router)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A#show ip EIGRP topology
1700A#show ip EIGRP neighbors
If we want to stop Fast Ethernet Port to advertise,
type following command:
1700A(config)#router EIGRP 500
1700A(config-router)#passive-interface F0/0 (enable command)
1700A(config-router)#no passive-interface F0/0 (disable command)
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#bandwidth 512
3600A(config-if)#interface S3/1
3600A(config-if)#ip address 50.0.0.1. 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#bandwidth 128
3600A(config-if)#exit
3600A(config)#router EIGRP 500
3600A(config-router)#network 20.0.0.0
3600A(config-router)#network 50.0.0.0
3600A(config-router)#control Z
3600A#show ip route
3600A#show ip interface brief
3600A#show ip EIGRP topology
3600A#show ip EIGRP neighbors
3600B
Router>enable
Router#configuration terminal
Router(config)#hostname 3600B
3600B(config)#interface S1/0
3600B(config-if)#ip address 30.0.0.2 255.0.0.0
3600B(config-if)#no shutdown
3600B(config-if)#clock rate 64000
3600B(config-if)#bandwidth 256
3600B(config)#interface S1/1
3600B(config-if)#ip address 60.0.0.1. 255.0.0.0
3600B(config-if)#no shutdown
3600B(config-if)#clock rate 64000
3600B(config-if)#bandwidth 256
3600B(config-if)#exit
3600B(config)#router EIGRP 500
3600B(config-router)#network 30.0.0.0
3600B(config-router)#network 60.0.0.0
3600B(config-router)#control Z
3600B#show ip route
3600B#show ip interface brief
3600B#show ip EIGRP topology
3600B#show ip EIGRP neighbor
3600C
Router>enable
Router#configuration terminal
Router(config)#hostname 3600C
3600C(config)#interface S0/0
3600C(config-if)#ip address 40.0.0.2 255.0.0.0
3600C(config-if)#no shutdown
3600C(config-if)#clock rate 64000
3600C(config if)#bandwidth 128
3600C(config)#interface S0/1
3600C(config-if)#ip address 70.0.0.1. 255.0.0.0
3600C(config-if)#no shutdown
3600C(config-if)#clock rate 64000
3600C(config if)#bandwidth 512
3600C(config-if)#exit
3600C(config)#router EIGRP 500
3600C(config-router)#network 40.0.0.0
3600C(config-router)#network 70.0.0.0
3600C(config-router)#control Z
3600C#show ip route
3600C#show ip interface brief
3600C#show ip EIGRP topology
3600C#show ip EIGRP neighbor
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 80.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface S0/0
1700B(config-if)#ip address 50.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#bandwidth 128
1700B(config)#interface S1/0
1700B(config-if)#ip address 60.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#bandwidth 256
1700B(config)#interface S1/1
1700B(config-if)#ip address 70.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#bandwidth 512
1700B(config-if)#exit
1700B(config)#router EIGRP 500
1700B(config-router)#network 50.0.0.0
1700B(config-router)#network 60.0.0.0
1700B(config-router)#network 70.0.0.0
1700B(config-router)#network 80.0.0.0
1700B(config-router)#control Z
1700B#show ip interface brief
1700B#show ip EIGRP topology
1700B#show ip EIGRP neighbor
EIGRP Summarization Configuration
LAB
20.0.0.1 20.0.0.2
10.0.0.1 S0/0 S0/1 30.0.0.1
F0/0 F0/0
1700 A 3600 A
Loopback 0 - 172.168.4.1
Loopback 1 - 172.168.5.1
Loopback 2 - 172.168.6.1
Loopback 3 - 172.168.7.1
Loopback 4 - 172.168.8.1
Loopback 5 - 172.168.9.1
Loopback 6 - 172.168.10.1
Loopback 7 - 172.168.11.1
Loopback 8 - 172.168.12.1
1700A
Router>en
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface fast Ethernet 0/0
1700A(config-if)#ip address 10.0.01 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#interface S0/0
1700A(config-if)#ip address 20.0.0.1 255.0.0.0
1700A(config-if)#exit
1700A(config)#router EIGRP 500
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A#show ip EIGRP topology
1700A#show ip EIGRP neighbors
1700B
Router>en
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface fast Ethernet 0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#interface S0/1
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)# interface Loop back 0
1700B(config-if)# ip address 172.168.4.1 255.255.0.0
1700B(config-if)# interface Loop back 1
1700B(config-if)# ip address 172.168.5.1 255.255.0.0
1700B(config-if)# interface Loop back 2
1700B(config-if)# ip address 172.168.6.1 255.255.0.0
1700B(config-if)# interface Loop back 3
1700B(config-if)# ip address 172.168.7.1 255.255.0.0
1700B(config-if)# interface Loop back 4
1700B(config-if)# ip address 172.168.8.1 255.255.0.0
1700B(config-if)# interface Loop back 5
1700B(config-if)# ip address 172.168.9.1 255.255.0.0
1700B(config-if)# interface Loop back 6
1700B(config-if)# ip address 172.168.10.1 255.255.0.0
1700B(config-if)# interface Loop back 7
1700B(config-if)# ip address 172.168.11.1 255.255.0.0
1700B(config-if)# interface Loop back 8
1700B(config-if)# ip address 172.168.12.1 255.255.0.0
1700B(config-if)#exit
1700B(config)#router EIGRP 500
1700B(config-router)#network 20.0.0.0
1700B(config-router)#network 30.0.0.0
1700B(config-router)#network 172.168.4.1
1700B(config-router)#network 172.168.5.1
1700B(config-router)#network 172.168.6.1
1700B(config-router)#network 172.168.7.1
1700B(config-router)#network 172.168.8.1
1700B(config-router)#network 172.168.9.1
1700B(config-router)#network 172.168.10.1
1700B(config-router)#network 172.168.11.1
1700B(config-router)#network 172.168.12.1
1700B(config-router)#control Z
1700B#show ip route
1700B#show ip interface brief
1700B#show ip EIGRP topology
1700B#show ip EIGRP neighbors
256 kpbs
S1/0 40.0.0.1 40.0.0.2 S3/2
1700 A 3600 A
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#bandwidth 768
3600A(config-if)#interface S3/1
3600A(config-if)#ip address 30.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#bandwidth 512
3600A(config-if)#interface S3/2
3600A(config-if)#ip address 40.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#bandwidth 256
3600A(config-if)#exit
3600A(config)#router EIGRP 500
3600A(config-router)#network 20.0.0.0
3600A(config-router)#network 30.0.0.0
3600A(config-router)#network 40.0.0.0
3600A(config-router)#network 50.0.0.0
Open Shortest Path First (OSPF) is an open standards routing protocol that’s been
implemented by a wide variety of network vendors, including Cisco.
This works by using the Dijkstra algorithm. First, a shortest path tree is
constructed, and then the routing table is populated with the resulting best paths. OSPF
converges quickly, although perhaps not as quickly as EIGRP, and it supports multiple,
equal-cost routes to the same destination. But unlike EIGRP, it only supports IP routing.
Each router in the network connects to the backbone called area 0, or the
backbone area.OSPF must have an area 0, and all routers should connect to this area if
at all possible.But routers that connect other areas to the backbone within an AS are
called Area Border Routers (ABRs). Still, at least one interface must be in area 0.
OSPF runs inside an autonomous system, but can also connect multiple
autonomous systems together. The router that connects these ASes together is called an
Autonomous System Boundary Router (ASBR).
OSPF Terminology
Link
A link is a network or router interface assigned to any given network. When an
interface is added to the OSPF process, it’s considered by OSPF to be a link.
Router ID
The Router ID (RID) is an IP address used to identify the router. Cisco chooses
the Router ID by using the highest IP address of all configured loopback interfaces. If no
loopback interfaces are configured with addresses, OSPF will choose the highest IP
address of all active physical interfaces.
Neighbors
Neighbors are two or more routers that have an interface on a common
network,such as two routers connected on a point-to-point serial link.
Adjacency
An adjacency is a relationship between two OSPF routers that permits the direct
exchange of route updates. OSPF is really picky about sharing routing information—
unlike EIGRP, which directly shares routes with all of its neighbors. Instead, OSPF
directly shares routes only with neighbors that have also established adjacencies. And not
all neighbors will become adjacent—this depends upon both the type of network and the
configuration of the routers.
Hello protocol
The OSPF Hello protocol provides dynamic neighbor discovery and maintains
neighbor relationships. Hello packets and Link State Advertisements (LSAs) build and
maintain the topological database. Hello packets are addressed to 224.0.0.5.
Neighborship database
The neighborship database is a list of all OSPF routers for which Hello packets
have been seen. A variety of details, including the Router ID and state, are maintained on
each router in the neighborship database.
Topology database
The topology database contains information from all of the Link State
Advertisement packets that have been received for an area. The router uses the
information from the topology database as input into the Dijkstra algorithm that computes
the shortest path to every network. LSA packets are used to update and maintain the
topology database.
Link State Advertisement
A Link State Advertisement (LSA) is an OSPF data packet containing link-state
and routing information that’s shared among OSPF routers. There are different types of
LSA packets. An OSPF router will exchange LSA packets only with routers to which it
has established adjacencies.
Designated router
A designated router (DR) is elected whenever OSPF routers are connected to the
same multi-access network. A prime example is an Ethernet LAN.
Backup designated router
A backup designated router (BDR) is a hot standby for the DR on multi-access
links The BDR receives all routing updates from OSPF adjacent routers, but doesn’t
flood LSA updates.
OSPF areas
An OSPF area is a grouping of contiguous networks and routers. All routers in
the same area share a common Area ID.
Broadcast (multi-access)
Broadcast (multi-access) networks such as Ethernet allow multiple devices to
connect to (or access) the same network, as well as provide a broadcast ability in which a
single packet is delivered to all nodes on the network. In OSPF, a DR and a BDR must be
elected for each broadcast multi-access network.
Non-broadcast multi-access
Non-Broadcast Multi-Access (NBMA) networks are types such as Frame Relay,
X.25, and Asynchronous Transfer Mode (ATM). These networks allow for multi-access,
but have no broadcast ability like Ethernet. So, NBMA networks require special OSPF
configuration to function properly and neighbor relationships must be defined.
Point-to-point
Point-to-point refers to a type of network topology consisting of a direct
connection between two routers that provides a single communication path. The point-to-
point connection can be physical, as in a serial cable directly connecting two routers, or it
can be logical.
Point-to-multipoint
Point-to-multipoint refers to a type of network topology consisting of a series of
connections between a single interface on one router and multiple destination routers.All
of the interfaces on all of the routers sharing the point-to-multipoint connection belong to
the same network. As with point-to-point, no DRs or BDRs are needed.
SPF Tree Calculation
Within an area, each router calculates the best/shortest path to every network in
that same area.This calculation is based upon the information collected in the topology
database and an algorithm called shortest path first (SPF)
OSPF uses a metric referred to as cost. A cost is associated with every outgoing
interface included in an SPF tree. The cost of the entire path is the sum of costs of the
outgoing interfaces along the path.
Cisco uses a simple equation of 108/ bandwidth.The bandwidth is the configured
bandwidth for the interface. Using this rule, a 100Mbps Fast Ethernet interface would
have a default OSPF cost of 1 and a 10Mbps Ethernet interface would have a cost of 10.
An interface set with a bandwidth of 64,000 would have a default cost of 1563.
1700A
Router>en
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#interface S0/0
1700A(config-if)#ip address 20.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#router OSPF 1 (Process ID 1 - 65535)
1700A(config-router)#network 10.0.0.0 0.255.255.255 area 0
1700A(config-router)#network 20.0.0.0 0.255.255.255 area 0
1700A(config-router)#control Z
1700A#show ip route
1700A#show ip OSPF interface
1700A#show ip OSPF neighbors
1700A#show ip OSPF database
3600A
Router>en
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#interface S3/1
3600A(config-if)#clock rate 64000
3600A(config-if)#ip address 30.0.0.1 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#exit
3600A(config)#router OSPF 2 (Process ID 1 - 65535)
3600A(config-router)#network 20.0.0.0 0.255.255.255 area 0
3600A(config-router)#network 30.0.0.0 0.255.255.255 area 0
3600A(config-router)#control Z
3600A#show ip route
3600A#show ip OSPF interface
3600A#show ip OSPF neighbors
3600A#show ip OSPF database
1700B
Router>en
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface fast Ethernet 0/0
1700B(config-if)#ip address 40.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#interface S0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)#router OSPF 1 (Process ID 1 - 65535)
1700B(config-router)#network 30.0.0.0 0.255.255.255 area 0
1700B(config-router)#network 40.0.0.0 0.255.255.255 area 0
1700B(config-router)#control Z
1700B#show ip route
1700B#show ip OSPF interface
1700B#show ip OSPF neighbors
1700B#show ip OSPF database
OSPF (Open Shortest Path First) Broadcast Area Configuration
LAB
1700 A
Loopback
20.0.0.1
F0/0 10.0.0.1
10.0.0.2 10.0.0.3
F0/0 F0/0
1700 B 1700 C
Loopback Loopback
30.0.0.1 40.0.0.1
1700A
Router>en
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#interface loop back 0
1700A(config-if)#ip address 20.0.0.1 255.0.0.0
1700A(config-if)#exit
1700A(config)#router OSPF 1 (Process ID 1 - 65535)
1700A(config-router)#network 10.0.0.0 0.255.255.255 area 0
1700A(config-router)#network 20.0.0.1 0.255.255.255 area 0
1700A(config-router)#control Z
1700A#show ip route
1700A#show ip OSPF interface
1700A#show ip OSPF neighbors
1700A#show ip OSPF database
1700B
Router>en
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 10.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#interface loop back 0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#exit
1700B(config)#router OSPF 1 (Process ID 1 - 65535)
1700B(config-router)#network 10.0.0.0 0.255.255.255 area 0
1700B(config-router)#network 30.0.0.1 0.255.255.255 area 0
1700B(config-router)#control Z
1700B#show ip route
1700B#show ip OSPF interface
1700B#show ip OSPF neighbors
1700B#show ip OSPF database
1700C
Router>en
Router#configuration terminal
Router(config)#hostname 1700C
1700C(config)#interface Fast Ethernet 0/0
1700C(config-if)#ip address 10.0.0.3 255.0.0.0
1700C(config-if)#no shutdown
1700C(config-if)#interface loop back
1700C(config-if)#ip address 40.0.0.1 255.0.0.0
1700C(config-if)#exit
1700C(config)#router OSPF 1 (Process ID 1 - 65535)
1700C(config-router)#network 10.0.0.0 0.255.255.255 area 0
1700C(config-router)#network 40.0.0.1 0.255.255.255 area 0
1700C(config-router)#control Z
1700C#show ip route
1700C#show ip OSPF interface
1700C#show ip OSPF neighbors
1700C#show ip OSPF database
OSPF (Open Shortest Path First) – Multi Area Configuration
LAB
1700A
Router>en
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#interface S0/0
1700A(config-if)#ip address 20.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#interface loop back 0
1700A(config-if)#ip address 1.1.1.1 255.255.255.255
1700A(config-if)#control Z
1700A# show ip interface brief
1700A#configuration terminal
1700A(config)#router OSPF 1
1700A(config-router)#network 10.0.0.0 0.255.255.255 area 0
1700A(config-router)#network 20.0.0.0 0.255.255.255 area 0
1700A(config-router)#network 1.1.1.1 0.0.0.0 area 0
1700A(config-router)#control Z
1700A#show ip route
1700A#show ip OSPF interface
1700A#show ip OSPF neighbors
1700A#show ip OSPF database
3600A
Router>en
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#interface S3/1
3600A(config-if)#ip address 30.0.0.1 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#interface loop back
3600A(config-if)#ip address 2.2.2.2 255.255.255.255
3600A(config-if)#exit
3600A(config)#router OSPF 2
3600A(config-router)#network 20.0.0.0 0.255.255.255 area 0
3600A(config-router)#network 30.0.0.0 0.255.255.255 area 0
3600A(config-router)#network 2.2.2.2 0.0.0.0 area 0
3600A(config-router)#control Z
3600A#show ip route
3600A#show ip OSPF interface
3600A#show ip OSPF neighbors
3600A#show ip OSPF database
3600B
Router>en
Router#configuration terminal
Router(config)#hostname 3600B
3600B(config)#interface S1/0
3600B(config-if)#ip address 30.0.0.2 255.0.0.0
3600B(config-if)#no shutdown
3600B(config-if)#clock rate 64000
3600B(config-if)#interface S1/1
3600B(config-if)#ip address 40.0.0.1 255.0.0.0
3600B(config-if)#no shutdown
3600B(config-if)#interface loop back
3600B(config-if)#ip address 3.3.3.3 255.255.255.255
3600B(config-if)#exit
3600B(config)#router OSPF 3
3600B(config-router)#network 30.0.0.0 0.255.255.255 area 0
3600B(config-router)#network 40.0.0.0 0.255.255.255 area 1
3600B(config-router)#network 3.3.3.3 0.0.0.0 area 1
3600B(config-router)#control Z
3600B#show ip route
3600B#show ip OSPF interface
3600B#show ip OSPF neighbors
3600B#show ip OSPF database
To create Virtual link collect update information
between all routers on different areas network to type
following command
3600B(config)#router OSPF 3
3600B(config-router)#area virtual-link
3600B(config-router)#loopback 4.4.4.4
3600C
Router>en
Router#configuration terminal
Router(config)#hostname 3600C
3600C(config)#interface S0/0
3600C(config-if)#ip address 40.0.0.2 255.0.0.0
3600C(config-if)#no shutdown
3600C(config-if)#clock rate 64000
3600C(config-if)#interface S1/0
3600C(config-if)#ip address 50.0.0.1 255.0.0.0
3600C(config-if)#no shutdown
3600C(config-if)#interface loop back
3600C(config-if)#ip address 4.4.4.4 255.255.255.255
3600C(config-if)#exit
3600C(config)#router OSPF 4
3600C(config-router)#network 40.0.0.0 0.255.255.255 area 1
3600C(config-router)#network 50.0.0.0 0.255.255.255 area 2
3600C(config-router)#network 4.4.4.4 0.0.0.0 area 2
3600C#show ip route
3600C#show ip OSPF interface
3600C#show ip OSPF neighbors
3600C#show ip OSPF database
1700B
Router>en
Router#configuration terminal
Router(config)#hostname 1700B
1700A(config)#interface S0/0
1700B(config-if)#ip address 50.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 60.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#interface loop back
1700B(config-if)#ip address 5.5.5.5.5 255.255.255.255
1700B(config-if )#exit
1700B(config)#router OSPF 5
1700B(config-router)#network 50.0.0.0 0.255.255.255 area 2
1700B(config-router)#network 60.0.0.0 0.255.255.255 area 2
1700B(config-router)#network 5.5.5.5 0.0.0.0 area 2
1700B(config-router)#control Z
1700B#show ip route
1700B#show ip OSPF interface
1700B#show ip OSPF neighbors
1700B#show ip OSPF database
Wan Technologies
Frame-Relay
Frame-Relay Overview
Frame-Relay
OSI Reference Model
Application
Presentation
IP/IPX/Apple talk etc.,
Session
FRAME-RELAY
Transport
EIA/TIA-232, EIA/TIA-449, V.35, X.21,
Network EIA/TIA-530
Data-link
Frame Relay Terminology
Physical
• Problem:
– Broadcast traffic must be replicated for
each active connection.
– Split-horizon rule prevents routing updates received on
one interface from being forwarded out the same interface.
–
Resolving Reachability Issues
• Split horizon can cause problems in NBMA environments.
• Subinterfaces can resolve split horizon issues.
• Solution: A single physical interface simulates multiple logical
interfaces.
– Use LMI to get locally significant DLCI from the Frame Relay
switch.
– Use Inverse ARP to map the local DLCI to the remote router’s
network layer address.
Frame Relay Signaling
Cisco supports three LMI standards:
• Cisco
• ANSI T1.617 Annex D
• ITU-T Q.933 Annex A
Access rate:
The maximum speed at which the Frame Relay interface can transmit.
Committed Information Rate (CIR)
The maximum bandwidth of data guaranteed to be delivered.
Virtual Circuits
Frame Relay operates using virtual circuits,
3600 B
DLCI
DLCI - 100 101
1700 B
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#iinterface F0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#interface S0/0
1700A(config-if)#encapsulation frame-relay
1700A(config-if)#exit
1700A(config-if)#interface S0/0.100 Point-to-Point
1700A(config-subif)#ip address 20.0.0.1 255.0.0.0
1700A(config-subif)#no shutdown
1700A(config-subif)#frame-relay interface-dlci 100
1700A(config-if)#interface S0/0
1700A(config-if)#encapsulation frame-relay
1700A(config-if)#exit
1700A(config-if)#interface S0/0.200 Point-to-Point
1700A(config-subif)#ip address 30.0.0.1 255.0.0.0
1700A(config-subif)#no shutdown
1700A(config-subif)#frame-relay interface-dlci 200
1700A(config-if)#interface S0/0
1700A(config-if)#encapsulation frame-relay
1700A(config-if)#exit
1700A(config-if)#interface S0/0.300 Point-to-Point
1700A(config-subif)#ip address 40.0.0.1 255.0.0.0
1700A(config-subif)#no shutdown
1700A(config-subif)#frame-relay interface-dlci 300
1700A(config-subif)#control Z
1700A#show ip interface brief
1700A#configuration terminal
1700A(config)#router ospf 1
1700A(config-router)#network 10.0.0.0 0.255.255.255 area 0
1700A(config-router)#network 20.0.0.0 0.255.255.255 area 0
1700A(config-router)#network 30.0.0.0 0.255.255.255 area 0
1700A(config-router)#network 40.0.0.0 0.255.255.255 area 0
1700A(config-router)#control Z
1700A#sh ip route
1700A#show frame-relay map
LMI Configuration
1700A#conf t
1700A(config)#interface S0/0
1700A(config-if)#frame-relay lmi-type cisco
Or
1700A(config-if)#frame-relay lmi-type ansi
Or
1700A(config-if)#frame-relay lmi-type c
1700A(config-ig)#control Z
1700A#sh ip route
1700A#show frame-relay map
1700A#show frame-relay pvc
1700A#show frame-relay lmi
3600B
Router>enable
Router#configuration terminal
Router(config)#hostname 3600B
3600B(config)#interface S1/0
3600B(config-if)#ip address 20.0.0.2 255.0.0.0
3600B(config-if)#no shutdown
3600B(config-if)#interface Loopback 0
3600B(config-if)#ip address 50.0.0.1 255.0.0.0
3600B(config-if)#interface S1/0
3600B(config-if)#encapsulation frame-relay
3600B(config-if)#ip address 20.0.0.2 255.0.0.0
3600B(config-if)#no shutdown
3600B(config-if)#ip ospf network point-to-point
3600B(config-if)#control Z
3600B#sh ip route
3600B#configuration terminal
3600B(config)#router ospf 1
3600B(config-router)#network 20.0.0.0 0.255.255.255 area 0
3600B(config-router)#network 50.0.0.0 0.255.255.255 area 0
3600B(config-router)#control Z
3600B#show frame-relay map
3600B#conf t
3600B(config)#interface S1/0
3600B(config-if)#frame-relay lmi-type cisco
Or
3600B(config-if)#frame-relay lmi-type ansi
Or
3600B(config-if)#frame-relay lmi-type c
3600B(config-ig)#control Z
3600B#sh ip route
3600B#show frame-relay map
3600B#show frame-relay pvc
3600B#show frame-relay lmi
3600C
Router>enable
Router#configuration terminal
Router(config)#hostname 3600C
3600C(config-if)#interface Loopback 0
3600C(config-if)#ip address 60.0.0.1 255.0.0.0
3600C(config-if)#interface S0/0
3600C(config-if)#encapsulation frame-relay
3600C(config-if)#ip address 30.0.0.2 255.0.0.0
3600C(config-if)#no shutdown
3600C(config-if)#ip ospf network point-to-point
3600C(config-if)#exit
3600C(config)#router ospf 1
3600C(config-router)#network 30.0.0.0 0.255.255.255 area 0
3600C(config-router)#network 60.0.0.0 0.255.255.255 area 0
3600C(config-router)#control Z
3600C#show frame-relay map
3600C#configuration terminal
3600C(config)#interface S0/0
3600C(config-if)#frame-relay lmi-type cisco
Or
3600C(config-if)#frame-relay lmi-type ansi
Or
3600C(config-if)#frame-relay lmi-type
3600C(config-ig)#control Z
3600C#sh ip route
3600C#show frame-relay map
3600C#show frame-relay pvc
3600C#show frame-relay lmi
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#iinterface loopback 0
1700B(config-if)#ip address 70.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#interface S0/0
1700B(config-if)#encapsulation frame-relay
1700B(config-if)#ip address 40.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#ip ospf network point-to-point
1700B(config-if)#exit
1700B(config)#router ospf 1
1700B(config-router)#network 40.0.0.0 0.255.255.255 area 0
1700B(config-router)#network 70.0.0.0 0.255.255.255 area 0
1700B(config-router)#control Z
1700B#show frame-relay map
1700B#configuration terminal
1700B(config)#interface S0/0
1700B(config-if)#frame-relay lmi-type cisco
Or
1700B(config-if)#frame-relay lmi-type ansi
Or
1700B(config-if)#frame-relay lmi-type
1700B(config-ig)#control Z
1700B#sh ip route
1700B#show frame-relay map
1700B#show frame-relay pvc
1700B#show frame-relay lmi
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#frame-relay switching
3600A(config)# interface Serial3/0
3600A(config-if)#encapsulation frame-relay
3600A(config-if)#frame-relay intf-type dce
3600A(config-if)# frame-relay lmi-type cisco
3600A(config-if)# frame-relay route 100 interface Serial3/1 101
3600A(config-if)# frame-relay route 200 interface Serial3/2 201
3600A(config-if)# frame-relay route 300 interface Serial3/3 301
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)# interface Serial3/1
3600A(config-if)#encapsulation frame-relay
3600A(config-if)#frame-relay intf-type dce
3600A(config-if)# frame-relay lmi-type cisco
3600A(config-if)#frame-relay route 101 interface Serial3/0 100
3600A(config-if)#clockrate 64000
3600A(config-if)#no shutdown
3600A(config-if)#interface Serial3/2
3600A(config-if)#encapsulation frame-relay
3600A(config-if)#frame-relay intf-type dce
3600A(config-if)# frame-relay lmi-type cisco
3600A(config-if)#frame-relay route 201 interface Serial3/0 200
3600A(config-if)#clock rate 64000
3600A(config-if)#no shutdown
3600A(config-if)# interface Serial3/3
3600A(config-if)#encapsulation frame-relay
3600A(config-if)#frame-relay intf-type dce
3600A(config-if)# frame-relay lmi-type cisco
3600A(config-if)#frame-relay route 301 interface Serial3/0 300
3600A(config-if)#clockrate 64000
3600A(config-if)#no shutdown
3600A(config-if)#control Z
3600A#show frame-relay lmi
3600A#show frame-relay
3600A# show frame-relay pvc
3600A#show frame-relay map
3600A#
3600 B
DLCI
DLCI - 100 101
1700 B
1700A
Router>en
Router#configuration terminal
Router(config)#ho
Router(config)#hostname 1700A
1700A(config)#interface f0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface s0/0
1700A(config-if)#encapsulation frame-relay
1700A(config-if)#ip address 20.0.0.1 255.0.0.0
1700A(config-if)#exit
1700A(config)#interface s0/0
1700A(config-if)#ip ospf network point-to-multipoint
1700A(config-if)#no shutdown
1700A(config)#router ospf 1
1700A(config-router)#network 10.0.0.0 0.255.255.255 area 0
1700A(config-router)#network 20.0.0.0 0.255.255.255 area 0
1700A(config-router)#^Z
1700A#show ip ospf neighbors
1700A#show ip ospf database
3600B
Router>en
Router#configuration terminal
Router(config)#hostname 3600B
3600B(config)#interface loop back 0
3600B(config-if)#ip address 30.0.0.1 255.0.0.0
3600B(config)#interface s1/0
3600B(config-if)#encapsulation frame-relay
3600B(config-if)#ip address 20.0.0.2 255.0.0.0
3600B(config-if)#no shutdown
3600B(config-if)#ip ospf network point-to-multipoint
3600B(config-if)#^Z
3600B(config)#router ospf 1
3600B(config-router)#network 20.0.0.0 0.255.255.255 area 0
3600B(config-router)#network 30.0.0.0 0.255.255.255 area 0
3600B(config-router)#control Z
3600B# show ip route
3600B# show frame-relay map
3600B# show frame-relay pvc
3600C
Router>en
Router#configuration terminal
Router(config)#hostname 3600C
3600C(config)#interface loop back 0
3600C(config-if)#ip address 40.0.0.1 255.0.0.0
3600C(config)#interface s1/0
3600C(config-if)#encapsulation frame-relay
3600C(config-if)#ip address 20.0.0.3 255.0.0.0
3600C(config-if)#no shutdown
3600C(config-if)#ip ospf network point-to-multipoint
3600C(config-if)#^Z
3600C(config)#router ospf 1
3600C(config-router)#network 20.0.0.0 0.255.255.255 area 0
3600C(config-router)#network 40.0.0.0 0.255.255.255 area 0
3600C(config-router)#control Z
3600C# show ip route
3600C#show frame-relay map
3600C# show frame-relay pvc
3600A
Router>en
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#frame-relay switching
3600A(config)#interface s3/0
3600A(config-if)#encapsulation frame-relay
3600A(config-if)#frame-relay intf-type dce
3600A(config-if)#frame-relay route 100 interface s3/1 101
3600A(config-if)#frame-relay route 200 interface s3/2 201
3600A(config-if)#frame-relay route 300 interface s3/3 301
3600A(config-if)#clock rate 64000
3600A(config-if)#no shutdown
3600A(config)#interface s3/1
3600A(config-if)#encapsulation frame-relay
3600A(config-if)#frame-relay intf-type dce
3600A(config-if)#frame-relay route 101 interface s3/1 100
3600A(config-if)#clock rate 64000
3600A(config)#interface s3/2
3600A(config-if)#encapsulation frame-relay
3600A(config-if)#frame-relay intf-type dce
3600A(config-if)#frame-relay route 201 interface s3/2 200
3600A(config-if)#clock rate 64000
3600A(config)#interface s3/3
3600A(config-if)#encapsulation frame-relay
3600A(config-if)#frame-relay intf-type dce
3600A(config-if)#frame-relay route 301 interface s3/3 300
3600A(config-if)#clock rate 64000
3600A(config-if)#control Z
3600A#show frame-relay map
3600A#show frame-relay pvc
There are a few important rules that a packet follows when it’s being compared with an
access list:
• It’s always compared with each line of the access list in sequential order—i.e.,
it’ll always start with the first line of the access list, then go to line 2, then line 3,
and so on.
• It’s compared with lines of the access list only until a match is made. Once the
packet matches the condition on a line of the access list, the packet is acted upon,
and no further comparisons take place.
• There is an implicit “deny” at the end of each access list—this means that if a
packet doesn’t match the condition on any of the lines in the access list, the packet
will be discarded.
These use only the source IP address in an IP packet as the condition test.
All decisions are made based on source IP address. This means that standard access lists
basically permit or deny an entire suite of protocols.
Extended access lists can evaluate many of the other fields in the
Layer 3 and layer 4 headers of an IP packet. They can evaluate source and destination IP
addresses, the protocol field in the Network layer header, and port number at the
Transport layer header. This gives extended access lists the ability to make much more
granular decisions when controlling traffic.
Technically there really are only two since named access lists are either standard or
extended and not actually a new type. They’re created and referred to differently than
standard and extended access lists. But they’re functionally the same.
One access list per interface, per protocol, per direction is allowed.
There is an implicit deny any statement as the last access list test. Every list needs at
least one permit statement.
Any time a new entry is added to the access list, it will be placed at the bottom of the
list.
Access lists filter traffic going through the router; they do not apply to traffic
originating from the router.
You cannot remove one line from an access list. If you try to do this, you will remove
the entire list.
1700 A 1700 B
Switch Switch
Permit all
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#line vty 0 4
1700A(config-line)#password 123
1700A(config-line)#enble secret
1700A(config-line)#login
1700A(config-line)#exit
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#router rip
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A#show ip protocol
1700A(config)#access-list 10 deny 30.0.0.3 0.0.0.0 (standard access-list range 1-99)
(we want to deny this IP only S0,wildcard mask 0.0.0.0 )
1700A(config)#access-list 10 permit any (access to telnet others IP)
1700A(config)#line vty 0 4 (inform to telnet)
1700A(config-line)#access-class 10 in (enble)
1700A(config-line)#no access-class 10 in (disable)
1700A(config-line)#control Z
1700A#show ip access-list
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#router rip
1700B(config-router)#network 20.0.0.0
1700B(config-router)#network 30.0.0.0
1700B(config-router)#control Z
1700B#show ip route
1700B#show ip interface brief
1700B#show ip protocol
1700 A 1700 B
Switch Switch
Permit all
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#router rip
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A#show ip protocol
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#router rip
1700B(config-router)#network 20.0.0.0
1700B(config-router)#network 30.0.0.0
1700B(config-router)#control Z
1700B#show ip route
1700B#show ip interface brief
1700B#show ip protocol
Extended access lists Configuration
LAB - 2
1700 A 1700 B
Switch Switch
Permit all
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#router rip
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A#show ip protocol
1700A(config)#access-list 100 deny tcp 30.0.0.3 0.0.0.0 10.0.0.0 0.255.255.255 eq 80
or
1700A(config)#access-list 100 deny tcp host 30.0.0.3 10.0.0.0 0.255.255.255 eq 80
1700A(config)#interface F0/0
1700A(config-if)#ip access-group 100 out (which interface we want to configure S0/0)
or
1700A(config-if)#interface S0/0
1700A(config-if)#ip access-group 100 in (which interface we want to configure F0/0)
1700A#
1700A#
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#router rip
1700B(config-router)#network 20.0.0.0
1700B(config-router)#network 30.0.0.0
1700B(config-router)#control Z
1700B#show ip route
1700B#show ip interface brief
1700B#show ip protocol
1700B(config)#access-list 199 deny icmp 10.0.0.2 0.0.0.0 30.0.0.0 0.255.255.255 echo
1700B(config)#access-list 199 permit ip any any
1700B(config)#interface S0/0
1700B(config-if)#ip access-group 199 in
1700B(config-if)#control Z
1700B#show ip access-list
Network Address Translator (NAT)
This is used when a end user's network only needs to have a few addresses
available to access the Global Internet.
A table is created on the router that lists 'inside' local addresses to 'inside'global addresses
which are the legal IP addresses.
This mapping can be done statically or via the use of a dynamic pool of available legal
addresses.
For both static and dynamic NAT the process occurs as follows:
An inside station connects to an outside station.
When the first packet arrives from the inside station the router checks the NAT table.
If no static match has been found the router carries out a translation of the inside
address to an outside address from the available pool of outside addresses by
replacing the address. The resultant mapping is saved as a 'simple entry'.
The outside station receives the packet and replies to the outside address given by the
NAT table.
The router carries out a lookup in its table of inside to outside address mappings and
forwards the packet to the station with the inside address.
The packet is received and the rest of the conversation uses the NAT table.
When the first packet arrives from the inside station the router checks the NAT
table.
If no static match has been found the router carries out a translation
of the inside address to an outside address from the available pool of outside
addresses by replacing the address. The resultant mapping is saved as an
'extended entry'. If other inside addresses wants to connect to outside stations then
the same IP address is used but a different TCP port is utilised to distinguish the
conversations.
The outside station receives the packet and replies to the outside address
given by the NAT table.
The router carries out a lookup in its table of inside to outside address and port
mappings and forwards the packet to the station with the inside address.
The packet is received and the rest of the conversation uses the NAT table.
S0/0
1700 A 1700 B
Switch
Switch
10.0.0.2 10.0.0.3
30.0.0.2
SERVER
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2
1700A(config)#exit
1700A#show ip route
1700A#show ip interface brief
1700A#config t
1700A(config)#ip nat inside source static 10.0.0.2 20.0.0.1
1700A(config)#interface F0/0
1700A(config-if)#ip nat inside
1700A(config-if)#interface S0/0
1700A(config-if)#ip nat outside
1700A(config-if)#exit
1700A#debug ip nat ?
1700A#show ip nat translation
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
ISP
10.0.0.64 20.0.0.1 20.0.0.2 30.0.0.1
F0/0 S0/0 S0/0 F0/0
1700 A
Switch Switch
Network 6 Bits
10.
NID - 10.0.0.64
FHID - 10.0.0.65
LHID - 10.0.0.126
BCID - 10.0.0.127
Subnetmask – 255.255.255.192
Network 3 Bits
128 64 32 16 8 4 2 1
200. 200. 200.
NID - 200.200.200.8
FHID - 200.200.200.9
LHID - 200.200.200.14
BCID - 200.200.200.15
Subnetmask – 255.255.255.248
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.64 255.255.255.192
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2
1700A(config)#exit
1700A#show ip route
1700A#show ip interface brief
1700A#config t
1700A(config)#access-list permit 1 10.0.0.64 0.0.0.63
1700A(config)#ip nat pool CCNA 200.200.200.9 200.200.200.14 netmask 255.255.255.248
1700A(config)#ip nat inside source list 1 pool CCNA
1700A(config)#interface F0/0
1700A(config-if)#ip nat inside
1700A(config-if)#interface S0/0
1700A(config-if)#ip nat outside
1700A(config-if)#exit
1700A#debug ip nat
1700A#show ip nat translation
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)#ip route 200.200.200.0 255.255.255.0 20.0.0.1
1700B(config)#exit
1700B#show ip route
PAT (Port Address Translation) Configuration(o.k)
LAB
ISP
10.0.0.1 20.0.0.1 30.0.0.1
20.0.0.2
F0/0 S0/0 F0/0
S0/0
1700 A 1700 B
Switch
Switch
10.0.0.2 10.0.0.3
30.0.0.2
SERVER
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2
1700A(config)#access-list 1 permit 10.0.0.0 0.255.255.25
1700A(config)#ip nat inside source list 1interface S0/0 overload
1700A(config)#interface F0/0
1700A(config-if)#ip nat inside
1700A(config-if)#interface S0/0
1700A(config-if)#ip nat outside
Why we configured PAT, private network communicate to
public network.Because Private IP is non-routable addresses.
In remote network to communicate public addresses to
configure Port forwarding following command.
1700A(config)#ip nat inside source static tcp 10.0.0.2 21 20.0.0.1 21 extendable
1700A(config)#ip nat inside source static tcp 10.0.0.2 80 20.0.0.1 80 extendable
10.0.0.2 - which machine communicate to the network
20.0.0.2 - which public ip to access
21 - FTP port number
80 - HTTP port number
Extendable - continue
How to check?
In remote machine (whatever network)
ftp://20.0.0.1/ (which file we want to download?)
http://20.0.0.1/shalom.html
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
High-Level Data-Link Control (HDLC)
HDLC is the default encapsulation used by Cisco routers over synchronous serial
links.
Each vendor has a different way for the HDLC protocol to encapsulate multiple
Network layer protocols.
o Point-to-Point Protocol (PPP) is a Data Link layer protocol that can be used over
either asynchronous serial (dial-up) or synchronous serial (ISDN) media.
o It uses the LCP (Link Control Protocol) to build and maintain data-link
connections.
o Network Control Protocol (NCP) is used to allow multiple Network layer
protocols (routed protocols) to be used on a point-to-point connection.
o The basic purpose of PPP is to transport layer 3 packets across a Data Link layer
point-to-point link.
Link Control Protocol (LCP) offers different PPP encapsulation options including the
following
Authentication
This option tells the calling side of the link to send information that can identify
the user. The two methods are PAP and CHAP.
Compression
This is used to increase the throughput of PPP connections by compressing the
data or payload prior to transmission. PPP decompresses the data frame on the receiving
end.
Error detection
PPP uses Quality and Magic Number options to ensure a reliable, loop-free data
link.
Multilink
Starting in IOS version 11.1, multilink is supported on PPP links with Cisco
routers. This option allows several separate physical paths to appear to be one logical
path at layer 3. For example, two T1s running multilink PPP would appear as a single
3Mbps path to a layer 3 routing protocol.
PPP callback
PPP can be configured to call back after successful authentication. With callback
enabled, a calling router (client)will contact a remote router (server) and authenticate as
described in the previous section. Both routers must be configured for the callback
feature. Once authentication is completed, the remote router will terminate the connection
and then re-initiate a connection to the calling router from the remote router.
Dial-up or
Circuit-
Switched
Network
Link-establishment phase
LCP packets are sent by each PPP device to configure and test the link. These
packets contain a field called the Configuration Option that allows each device to see the
size of the data, compression, and authentication. If no Configuration Option field
ispresent, then the default configurations are used.
Authentication phase
If required, either CHAP or PAP can be used to authenticate a link. Authentication
takes place before Network layer protocol information is read. It is possible that link-
quality determination may occur at this same time.
ISP
30.0.0.1
20.0.0.1 20.0.0.2
10.0.0.1
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#username CCNA password 123 (Destination username and Password)
1700A(config)#interface Serial S0/0
1700A(config-if)#enacapsulation PPP
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#PPP authentication PAP
1700A(config-if)#PPP PAP sent-username CCSP password 123 (Source user and password)
1700A(config-if)#exit
1700A(config)#router rip
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#^Z
1700A#show ip route
1700A#show ip protocol
1700A#show ip interface brief
1700A#debug PPP authentication
1700A#config t
1700A(config)#interface S0/0
1700A(config-if)#shoutdown
1700A(config-if)#no shutdown
1700A#
*Mar 5 01:05:07.671: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar 5 01:05:07.671: Se0/0 PPP: Using default call direction
*Mar 5 01:05:07.671: Se0/0 PPP: Treating connection as a dedicated line
*Mar 5 01:05:07.671: Se0/0 PPP: Session handle[31000006] Session id[6]
*Mar 5 01:05:07.671: Se0/0 PPP: Authorization required
*Mar 5 01:05:07.679: Se0/0 PAP: Using hostname from interface PAP
*Mar 5 01:05:07.679: Se0/0 PAP: Using password from interface PAP
*Mar 5 01:05:07.679: Se0/0 PAP: O AUTH-REQ id 3 len 13 from "ccsp"
*Mar 5 01:05:07.683: Se0/0 PAP: I AUTH-REQ id 3 len 13 from "ccna"
*Mar 5 01:05:07.683: Se0/0 PAP: Authenticating peer ccna
*Mar 5 01:05:07.687: Se0/0 PPP: Sent PAP LOGIN Request
*Mar 5 01:05:07.687: Se0/0 PPP: Received LOGIN Response PASS
*Mar 5 01:05:07.691: Se0/0 PPP: Sent LCP AUTHOR Request
*Mar 5 01:05:07.691: Se0/0 PPP: Sent IPCP AUTHOR Request
*Mar 5 01:05:07.691: Se0/0 LCP: Received AAA AUTHOR Response PASS
*Mar 5 01:05:07.691: Se0/0 IPCP: Received AAA AUTHOR Response PASS
*Mar 5 01:05:07.695: Se0/0 PAP: O AUTH-ACK id 3 len 5
*Mar 5 01:05:07.695: Se0/0 PAP: I AUTH-ACK id 3 len 5
*Mar 5 01:05:07.699: Se0/0 PPP: Sent CDPCP AUTHOR Request
*Mar 5 01:05:07.699: Se0/0 PPP: Sent IPCP AUTHOR Request
*Mar 5 01:05:07.703: Se0/0 CDPCP: Received AAA AUTHOR Response PASS
*Mar 5 01:05:07.747: %SYS-5-CONFIG_I: Configured from console by console
*Mar 5 01:05:08.701: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,
changed state to up
Interface serial shutdown, to see a state up or down the two
authentications displayed in screen
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)#username CCSP password 123 (Destination username and Password)
1700B(config)#interface Serial 0/0
1700B(config-if)#encapsulation PPP
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#PPP authentication PAP
1700B(config-if)#PPP PAP sent-username CCNA password 123 (Source user and password)
1700B(config-if)#exit
1700B(config)#router rip
1700B(config-router)#network 20.0.0.0
1700B(config-router)#network 30.0.0.0
1700B(config-router)#^Z
1700B#show ip route
1700B#debug PPP authentication
1700B#
ISP
30.0.0.1
20.0.0.1 20.0.0.2
10.0.0.1
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#username 1700B password 123 (Destination username and password)
1700A(config)#interface Serial S0/0
1700A(config-if)#enacapsulation PPP (Authentication Protocol)
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#PPP authentication CHAP
1700A(config-if)#exit
1700A(config)#router rip
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#^Z
1700A#show ip route
1700A#show ip protocol
1700A#show ip interface brief
1700A#debug PPP authentication
1700A#config t
1700A(config)#interface S0/0
1700A(config-if)#shoutdown
1700A(config-if)#no shutdown
1700A(config-if)#
*Mar 5 14:53:43.225: %LINK-5-CHANGED: Interface Serial0/0, changed state to adm
inistratively down
*Mar 5 14:53:44.227: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,
changed state to down
*Mar 5 14:53:46.326: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar 5 14:53:46.326: Se0/0 PPP: Using default call direction
*Mar 5 14:53:46.326: Se0/0 PPP: Treating connection as a dedicated line
*Mar 5 14:53:46.326: Se0/0 PPP: Session handle[D700003B] Session id[61]
*Mar 5 14:53:46.326: Se0/0 PPP: Authorization required
*Mar 5 14:53:46.338: Se0/0 CHAP: O CHALLENGE id 57 len 26 from "1700A"
*Mar 5 14:53:46.342: Se0/0 CHAP: I CHALLENGE id 57 len 26 from "1700B"
*Mar 5 14:53:46.346: Se0/0 CHAP: Using hostname from unknown source
*Mar 5 14:53:46.346: Se0/0 CHAP: Using password from AAA
*Mar 5 14:53:46.346: Se0/0 CHAP: O RESPONSE id 57 len 26 from "1700A"
*Mar 5 14:53:46.350: Se0/0 CHAP: I RESPONSE id 57 len 26 from "1700B"
*Mar 5 14:53:46.354: Se0/0 PPP: Sent CHAP LOGIN Request
*Mar 5 14:53:46.354: Se0/0 PPP: Received LOGIN Response PASS
*Mar 5 14:53:46.358: Se0/0 PPP: Sent LCP AUTHOR Request
*Mar 5 14:53:46.358: Se0/0 PPP: Sent IPCP AUTHOR Request
*Mar 5 14:53:46.358: Se0/0 LCP: Received AAA AUTHOR Response PASS
*Mar 5 14:53:46.362: Se0/0 IPCP: Received AAA AUTHOR Response PASS
*Mar 5 14:53:46.362: Se0/0 CHAP: O SUCCESS id 57 len 4
*Mar 5 14:53:46.366: Se0/0 CHAP: I SUCCESS id 57 len 4
*Mar 5 14:53:46.366: Se0/0 PPP: Sent CDPCP AUTHOR Request
*Mar 5 14:53:46.370: Se0/0 PPP: Sent IPCP AUTHOR Request
*Mar 5 14:53:46.370: Se0/0 CDPCP: Received AAA AUTHOR Response PASS
*Mar 5 14:53:47.368: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,
changed state to up
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)#username 1700A password 123 (Destination username and password)
1700B(config)#interface Serial S0/0
1700B(config-if)#enacapsulation PPP (Authentication Protocol)
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#PPP authentication CHAP
1700B(config-if)#exit
1700B(config)#router rip
1700B(config-router)#network 20.0.0.0
1700B(config-router)#network 30.0.0.0
1700B(config-router)#^Z
1700B#show ip route
1700B#show ip protocol
1700B#show ip interface brief
1700A#debug PPP authentication
1700A#config t
1700A(config)#interface S0/0
1700A(config-if)#shoutdown
1700A(config-if)#no shutdown
1700B#
*Mar 2 00:23:21.542: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down
EIGRP OSPF
20.0.0.2
30.0.0.2
F0/0 S0/0 S3/0 S3/1
S0/0 F0/0
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#router eigrp 100
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#^Z
1700A#show ip route
1700A#show ip protocol
1700A#show ip interface brief
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#interface S3/1
3600A(config-if)#ip address 30.0.0.1 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#exit
3600A(config)#router eigrp 100
3600A(config-router)#network 20.0.0.0
3600A(config-router)#router ospf 1
3600A(config-router)#network 30.0.0.0 0.255.255.255 area 0
3600A(config-router)#exit
3600A(config)#router eigrp 100
3600A(config-router)#redistribute ospf 1 metric 1 1 0 1 1 (EIGRP have band,load….,)
3600A(config-router)#router ospf 1
3600A(config-router)#redistribute eigrp 100 metric 1 subnet (ospf have a wildcard mask)
3600A(config-router)#^Z
3600A#show ip route
3600A#show ip interface brief
3600A#show ip protocol
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 40.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 30.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)router ospf 1
1700B(config-router)#network 30.0.0.0
1700B(config-router)#network 40.0.0.0
\
Redistribution of RIP and EIGRP Configuration
LAB
RIP EIGRP
20.0.0.2
30.0.0.2
F0/0 S0/0 S3/0 S3/1
S0/0 F0/0
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#router rip
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#^Z
1700A#show ip route
1700A#show ip protocol
1700A#show ip interface brief
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#interface S3/1
3600A(config-if)#ip address 30.0.0.1 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#exit
3600A(config)#router rip
3600A(config-router)#network 20.0.0.0
3600A(config-router)#router eigrp 100
3600A(config-router)#network 30.0.0.0
3600A(config-router)#exit
3600A(config)#router rip
3600A(config-router)#redistribute eigrp 100 metric 1(metric 1 have a rip hop count)
3600A(config-router)#router eigrp 100
3600A(config-router)#redistribute rip metric 1 1 0 1 1 (bandwidth,delay,load,reliability,MTU,)
3600A(config-router)#^Z
3600A#show ip route
3600A#show ip interface brief
3600A#show ip protocol
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 40.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 30.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)router eigrp 100
1700B(config-router)#network 30.0.0.0
1700B(config-router)#network 40.0.0.0
Redistribution of RIP and OSPF Configuration
LAB
RIP OSPF
20.0.0.2
30.0.0.2
F0/0 S0/0 S3/0 S3/1
S0/0 F0/0
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#router rip
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#^Z
1700A#show ip route
1700A#show ip protocol
1700A#show ip interface brief
3600A
Router>enable
Router#configuration terminal
Router(config)#hostname 3600A
3600A(config)#interface S3/0
3600A(config-if)#ip address 20.0.0.2 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#interface S3/1
3600A(config-if)#ip address 30.0.0.1 255.0.0.0
3600A(config-if)#no shutdown
3600A(config-if)#clock rate 64000
3600A(config-if)#exit
3600A(config)#router rip
3600A(config-router)#network 20.0.0.0
3600A(config-router)#router ospf 1
3600A(config-router)#network 30.0.0.0 0.255.255.255 area 0
3600A(config-router)#exit
3600A(config)#router rip
3600A(config-router)#redistribute ospf 1 metric 1(metric 1 have a rip hop count)
3600A(config-router)#router ospf 1
3600A(config-router)#redistribute rip metric 1 subnet (because ospf have a wildcard mask)
3600A(config-router)#^Z
3600A#show ip route
3600A#show ip interface brief
3600A#show ip protocol
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 40.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 30.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)router ospf 1
1700B(config-router)#network 30.0.0.0
1700B(config-router)#network 40.0.0.0
Fundamentals of Switching
SWITCH
LAN Segmentation
In a collision domain, a frame sent by a device can cause collision with a frame
sent by another device in the same collision domain. Moreover, a device can hear the
frames destined for any device in the same collision domain.
Layer 2 Switching
• Layer – 2 switching is hardware based, which means it uses the MAC address from
the host NIC card to filter the network traffic.
• Layer 2 switches are fast because they do not look at the network layer header
information, instead it looks at the frames hardware address before deciding to either
forward the frame or drop it.
For this one reason the switch cannot completely replace routers in the internetwork.
Bridges are software based. While switches are hardware based because they use ASIC
(Application Specific Integrated Circuit) chip that help make filtering decisions.
LAN Switching
Forward and filter decision – forwarding and filtering frames based on the
bridge table entries and the bridge logic.
A bridge or switch maintains a forwarding table (also known as bridge table or MAC
address table) which maps destination physical addresses with the interfaces or ports to
forward frames to the addresses.
A bridge or switch builds a bridge table by learning the MAC addresses of the connected
devices. When a bridge is first powered on, the bridge table is empty. The bridge listens
to the incoming frames and examines the source MAC addresses of the frames. For
example, if there is an incoming frame with a particular source MAC address received
from a particular interface, and the bridge does not have an entry in its table for the MAC
address, an entry will be created to associate the MAC address with the interface.
The default aging time for an entry in a bridge table is 300 seconds (5 minutes). It means
that an entry will be removed from the bridge table if the bridge has not heard any
message from the concerned host for 5 minutes.
ADDRESS LEARNING
• The source address will always be the hardware address of the device transmitting
the frame, and the destination address will either be all 1’s which is a broadcast.
• With the network or subnet address specified and the host address all 1’s are
multicast.
eg: 255.255.255.255 (broadcast)
172.16.255.255 (multicast)
o Multicast sends the frame to a certain network or subnet and all hosts
within that network or subnet.
o broadcast of all 1’s sends the frame to all networks and hosts.
There are three types of switching method:
Store-and-forward switching
The entire frame is received and the CRC is computed and verified before
forwarding the frame.
If the frame is too short (i.e. less than 64 bytes including the CRC), too long (i.e.
more than 1518 bytes including the CRC), or has CRC error, it will be discarded.
It has the lowest error rate but the longest latency for switching. However, for
high-speed network (e.g. Fast Ethernet or Gigabit Ethernet network), the latency is not
significant.
It is the most commonly used switching method, and is supported by most
switches.
NOTE:
Bridges only support store-and-forward switching. Most new switch models also
use store-and-forward switching.
However, it should be noted that Cisco 1900 switches use fragment-free switching
by default.
Redundant Topology Overview
Broadcast Storms
Spanning-Tree Protocol
Spanning Tree Protocol or STP (IEEE 802.1d) is used to solve the looping
problem.It runs on bridges and switches in a network. It implements a Spanning
Tree Algorithm (STA), which calculates a loop-free topology for the network.
STP ensures that there is only one active path between any two network segments
by blocking the redundant paths. A redundant path is used only when the
corresponding active path failed. It is not used for load-balancing.
Because STP solves the looping problem by blocking one or more links in a
network, the frames traveling between some source / destination devices may not
be able to use the shortest physical path.
Bridges exchange STP information using messages called Bridge Protocol Data
Units (BPDUs) through Layer 2 multicast.
A Port of Bridge running STP can be in one of the following:
By default, the transition from the blocking state to the listening state takes 20
seconds (MaxAge time), from the listening state to the learning state takes 15 seconds
(FwdDlay time), and from the listening state to the forwarding state takes another 15
seconds (FwdDlay time). The whole process takes 50 seconds
Spanning-Tree Operation
• One root bridge per network
• One root port per nonroot bridge
• One designated port per segment
• Nondesignated ports
A spanning tree consists of a root bridge, which likes the root of a living tree.
There is only one root bridge in the whole switched network. There is a single path from
the root bridge (root) to each network segment (leaf). The paths form the spanning tree of
the network. The bridges place the interfaces on the spanning tree in the forwarding state,
and the interfaces not on the spanning tree in the blocking state.
Each bridge has an 8-byte Bridge ID, which is the concatenation of the priority
(2-byte)and the MAC address (6 byte) of the bridge. The default priority of a device is
32,768.
The bridge with the lowest bridge ID is elected as the root bridge.
The root path cost of a bridge (i.e. cost of the path from the bridge to the root bridge) is
the accumulated cost of the links along the root path. The cost of a link is determined by
its bandwidth.
The following default costs are used for different types of links:
Root port
The root port of a bridge is the port that is the closest to the root bridge in terms of
path cost. The path cost can be calculated based on the information stored in the BPDUs
sent by the root bridge.
Designated port
For each physical network segment, the bridge with the lowest cost to the root
bridge is elected as the designated bridge of that segment. If two or more bridges have
the same cost to the root bridge, the bridge with the lowest bridge ID is elected. The
designated bridge puts the port connected to that segment in the forwarding state. This
port is known as a designated port. For those segments that are directly connected to the
root bridge, the root bridge is their designated bridge.
Spanning-Tree Protocol Root Bridge Selection
Configuration BPDU
Topology Change Notification (TCN) BPDU
The root bridge sends a Configuration BPDU (or Hello BPDU) out each interface
periodically (every 2 seconds, by default). Each bridge forwards the BPDU to the other
bridges downstream after updating several fields in the BPDU, including the cost from
this bridge to the root bridge. As long as such BPDUs are received periodically, a bridge
knows that the path to the root bridge is still working. Otherwise, it needs to update its
spanning tree.
A Configuration BPDU is 35 bytes long and contains the following information:
In other words, it is the time interval required for a port (on the alternate path) to
transit from the blocking state to the listening state.The default MaxAge is 20
seconds.
Forward Delay time (fwddlay) (2 bytes) in 1/256 second.The time interval for a port
to move from the listening state to the learning state. It is also the time interval for a
port to move from the learning state to the forwarding.The default forward
delay time interval is 15 seconds.
TCN BPDU :
A Topology Change Notification (TCN) BPDU is sent out when a bridge detects
that a port in the forwarding state is going down or a port is moving to the forwarding
state (e.g.the port is enabled by the administrator). The bridge will send TCN BPDUs out
of its root port towards the root bridge at every Hello interval until it is acknowledged. A
TCN BPDU is only 4 bytes long, which includes protocol ID, version field, and message
type field. It virtually contains no information.
When a non-root bridge receives a TCN BPDU, it will forward the BPDU
upstream towards the root bridge. It will also set the TCA bit in the next Configuration
BPDU going downstream. The Configuration BPDU notifies the downstream bridge that
the TCN BPDU has been received so that it can stop sending out TCN BPDUs.
When the root bridge receives a TCN BPDU, it will send out a Configuration
BPDU with the TCA bit set, just like a non-root bridge. In addition, the TC bit of the
BPDU will also be set to notify all the bridges in the network that there is a topology
change. The TC bit will be set by the root bridge for a certain period of time
(MaxAge + Fwddlay).
When a bridge receives a BPDU with the TC bit set, it will shorten the aging time
of its bridge table entries from the default of 300 seconds to the Forward Delay time.
Therefore the entries will be timed out quickly and the bridge will learn the topology of
the new spanning tree.
VLAN Operation Overview
A Virtual LAN (VLAN) is a broadcast domain created based on the functional, security,
or other requirements, instead of the physical locations of the devices, on a switch or
across switches. With VLANs, a switch can group different interfaces into different
broadcast domains. Without VLANs, all interfaces of a switch are in the same broadcast
domain; switches connected with each other are also in the same broadcast domain,
unless there is a router in between.
Different ports of a switch can be assigned to different VLANs. A VLAN can also span
multiple switches.
The advantages of implementing VLAN are:
. It can group devices based on the requirements other than their physical
locations.
. It breaks broadcast domains and increases network throughput.
. It provides better security by separating devices into different VLANs.
. Since each VLAN is a separate broadcast domain, devices in different VLANs
cannot listen or respond to the broadcast traffic of each other.
. Inter-VLAN communication can be controlled by configuring access control
lists on the router or Layer 3 switch connecting the VLANs.
Static VLAN
Assigning VLANs to switch ports based on the port numbers.
It is easier to set up and manage.
Dynamic VLAN
Assigning VLANs to switch ports based on the MAC addresses of the
devices connected to the ports.
Cisco switches support a separate instance of spanning tree and a separate bridge
table for each VLAN.
A VLAN = A Broadcast Domain = Logical Network (Subnet)
VLAN Operation
VLAN Trunking
There are two different types of links in a switched network:
Access link
A link that is part of only one VLAN. Therefore, a port connecting to an access
link can be a member of only one VLAN.
Trunk link
A 100 Mbps or 1000 Mbps point-to-point link that connects switches or routers,
and carries frames of different VLANs.Therefore, a port connecting to a trunk link can be
a member of multiple VLANs. All VLANs are configured on a trunk link by default.
VLAN Trunking, by making use of frame tagging, allows traffic from different VLANs
to transmit through the same Ethernet link (trunk link) across switches.
VLAN Trunking identifies the VLAN from which a frame is sent by tagging the frame
with the source VLAN ID (12-bit long). This feature is known as frame tagging or
frame identification.
With frame tagging, a switch knows which ports it should forward a broadcast frame
(forward out the ports which have the same VLAN ID as the source VLAN ID). It also
knows which bridge table it should use for forwarding an unicast frame (since a separate
bridge table is used for each VLAN).
A frame tag is added when a frame is forwarded out to a trunk link, and is removed when
the frame is forwarded out to an access link. Therefore, any device attached to an access
link is unaware of its VLAN membership.
Cisco switches support two trunking protocols:
. An ISL header is 26 bytes long and contains the 12-bit VLAN ID, MAC
addresses of the sending and the receiving switch, and some other information.
. An ISL trailer is 4 bytes long and contains the CRC of the frame.
. It supports a separate instance of spanning tree for each VLAN by using a Cisco
proprietary feature called Per-VLAN Spanning Tree (PVST+). Different
instances of spanning tree allow the STP parameters of different VLANs to be
configured independently. For example, we can break a network loop by
blocking different links for different VLANs instead of blocking the same link for
all VLANs, so that the available bandwidth can be used more efficiently.
IEEE 802.1q
. It inserts a 4-byte header to the middle of the original Ethernet header. The
802.1q header contains the 12-bit VLAN ID and some other information.
Recalculation of the FCS is required after the insertion of the 802.1q header as the
original header has been changed.
It did not support a separate instance of spanning tree for each VLAN originally.
However, Cisco switches can use PVST+ with 802.1q to support this feature.
IEEE has also defined a new specification called 802.1S, which can be used with 802.1q
to support multiple instances of spanning tree.
It defines one VLAN as the native VLAN. It does not insert 802.1q header into
the frames sent from the native VLAN over a trunk link. The default native
LAN is VLAN 1.
Since 802.1q is defined as a type of Ethernet frame, it does not require that every
device on a link understands 802.1q. By defining a trunk port as a member of
the native VLAN, any Ethernet device (even if it does not understand 802.1q)
connected to the trunk port can read frames for the native VLAN.
Both sides of a trunk link must agree on which VLAN is used as the native
VLAN. Otherwise, the trunk will not operate properly.
802.1Q Trunking
Importance of Native VLANs
802.1Q Frame
Per-VLAN Spanning Tree
ISL Tagging
ISL Encapsulation
VLAN 2
VLAN 1
VLAN 3
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#no ip addresses
1700A(config-if)#interface F0/0.1(sub interface creation)
1700A(config-subif)#encapsulation Dot1Q 1 (encapsulation type)
1700A(config-subif)#ip address 192.168.10.17 255.255.255.240
1700A(config-subif)#no shutdown
1700A(config-subif)#interface F0/0.2
1700A(config-subif)#encapsulation Dot1Q 2
1700A(config-subif)#ip address 192.168.10.33 255.255.255.240
1700A(config-subif)#no shutdown
1700A(config-subif)#interface F0/0.3
1700A(config-subif)#encapsulation Dot1Q 3
1700A(config-subif)#ip address 192.168.10.49 255.255.255.240
1700A(config-subif)#no shutdown
1700A(config-subif)#^Z
1700A#show ip route
3550 Switch
Switch>en
Switch#config t
Switch(config)#host name 3550
3550(config)#interface vlan 1
3550(config-if)#ip address 192.168.10.1 255.255.255.0
3550(config-if)#no shutdown
3550(config-if)#exit
3550(config)#ip default gateway 192.168.10.17
3550(config)#interface F0/1
3550(config-if)#description connection 1700A
3550(config-if)#interface F0/2
3550(config-if)#description connection 3560
3550(config-if)#exit
3550(config)#interface F0/1 (Through Router)
3550(config-if)#switch port trunk encapsulation dot1Q
3550(config-if)#switch port mode trunk
3550(config)#interface F0/2 (Through Switch)
3550(config-if)#switch port trunk encapsulation dot1Q
3550(config-if)#switch port mode trunk
3550(config-if)#exit
3550(config)#vtp mode server
3550(config)#vtp domain CCSP
3550(config-if)#^Z
3550#show interface trunk
3550#config t
3550(config)#vlan 3
3550(config-vlan)#name sales
3550(config-vlan)#^Z
3550#show vlan
3550(config)#interface F0/5
3550(config-if)#switchport mode access
3550(config-if)#switch port access vlan 3
3550(config)#interface F0/6
3550(config-if)#switchport mode access
3550(config-if)#switch port access vlan 3
3550(config-if)#^Z
3550#show vlan
3550#show interface trunk
3560 Switch
Switch>en
Switch#config t
Switch(config)#hostname 3560
3560(config)#interface F0/2
3560(config-if)#description connection to 3550
3560(config-if)#exit
3560(config)#inter vlan 1
3560(config-if)#ip address 192.168.10.2 255.255.255.0
3560(config-if)#no shutdown
3560(config-if)#exit
3560(config)#ip default gateway 192.168.10.17
3560(config)#interface F0/1
3560(config-if)#switch-port trunk encapsulation dot1Q
3560(config-if)#switch-port modetrunk
3560(config)#vtp mode client
3560(config)#vtp domain CCSP
3560(config-if)#^Z
3560#show interface trunk
3560#show vtp status
3560#config t
3560(config)#vlan 2
3560(config-vlan)#name production
3560(config-vlan)#^Z
3560#show vlan
3560(config)#interface F0/2
3560(config-if)switch-port mode access vlan 2
3560(config-if)#switch-port access vlan 2
3560(config)#interface F0/3
3560(config-if)switch-port mode access vlan 2
3560(config-if)#switch-port access vlan 2
3560(config-if)#^Z
3560#show spanning tree
3560#show interface trunk
3560#show vtp status
3560#show vlan
Virtual Private Networks (VPN)
A virtual private network (VPN) allows the creation of private networks across the
Internet, enabling privacy and tunneling of non-TCP/IP protocols.
VPNs are used to give remote users and disjointed networks connectivity over a
public medium like the Internet instead of using more expensive permanent means.
What is a VPN?
VPN is a generictermthatdescribesanycombinationoftechnologiesthatcanbeusedtosecure
a connection through an otherwise unsecured or untrusted network.
Types of VPNs
Types of VPNs are named based upon the role they play in a business. There are
three different categories of VPNs:
Remote access VPNs
Remote access VPNs allow remote users like telecommuters to securely access the
corporate network wherever and whenever they need to.
Site-to-site VPNs
Site-to-site VPNs, or intranet VPNs, allow a company to connect its remote sites
to the corporate backbone securely over a public medium like the Internet instead of
requiring more expensive WAN connections like Frame Relay.
Extranet VPNs
Extranet VPNs allow an organization’s suppliers, partners, and customers to be
connected to the corporate network in a limited way for business-to-business (B2B)
communications.
VPN Components: Security
Keys
• Secret code that the encryption algorithm uses to create a unique
version of cipher-text
• 8-bits keys = 256 combinations or two to the eighth power
• 16-bits keys = 65,536 combinations or two to the 16th power
• 56-bits keys = 72,057,594,037,927,900 or two to the 56th power
• 168-bits keys …
Remote Access Virtual Private Network
Public Server
Sales e-mail
world wide web
File Transfer
Mobile User
Finance
Mobile user
Internet
Gateway
IT
Management
Public Server
Sales e-mail
world wide
web
File Transfer
Finance
Remote Site
Internet
Gatewayl
IT
Management
Internet
Public Server
Sales e-mail Partnets
world wide
web
File Transfer
Finance
Internet
Gatewayl
IT
Management
Customers
Internet
IPSec can’t be used to encrypt non-IP traffic. This means that if you run into a
situation where you have to encrypt non-IP traffic, you’ll need to create a GRE
tunnel for it and then use IPSec to encrypt that tunnel
IP Sec Transforms
An IPSec transform specifies a single security protocol with its corresponding
security algorithm; without these transforms, IPSec wouldn’t be able to give us its glory.
Its very important to understand the security protocols and the supporting
encryption and hashing algorithms that IPSec relies upon.
Security Protocols
Anti-replay service :
You can only use the anti-replay service if data origin authentication is selected.
Anti-replay election is based upon the receiver, meaning the service is effective only if
the receiver checks the sequence number. In case you were wondering, a replay attack is
when a hacker nicks a copy of an authenticated packet and later transmits it to the
intended destination. When the duplicate, authenticated IP packet gets to the destination,
it can disrupt services and other ugly stuff. The Sequence Number field is designed to foil
this type of attack.
Traffic flow :
For traffic flow confidentiality to work, you have to have tunnel mode selected.
And it’s most effective if it’s implemented at a security gateway where tons of traffic
amasses— a situation that can mask the true source-destination patterns of bad guys
trying to breach your network’s security.
Virtual Private Network (VPN) Site-to-Site Configuration
LAB
1700 A 20.0.0.1
1700B 20.0.0.2 1700C
S0/0
S0/0
10.0.0.3 10.0.0.4
20.0.0.1
1700A 20.0.0.2 1700B
S0/0
S0/0
10.0.0.3 10.0.0.4
1700A
Router>en
Router#config t
Router(config)#hostname 1700A
1700A(config)#interface F0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#interface S0/0
1700A(config-if)#ip address 20.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#crypto isakmp enble
(Internet security Architecture key management protocol)
1700A(config)#crypto isakmp policy 10 (1- 10000 Policy number)
1700A(config-isakmp)#authentication pre-share
1700A(config-isakmp)#encryption 3des
1700A(config-isakmp)#hash sha (authentication for between hacks)
1700A(config-isakmp)#group 5 (integrity checking)
1700A(config-isakmp#exit
1700A(config)#crypto isakmp key CISCO address 20.0.0.2 (Destination address)
1700A(config)#crypto ipsec transform-set 20 esp-3des esp-sha-hmac ah-sha-hmac
1700A(config-crypto-trans)#exit
1700A(config)#access-list 100 permit ip 10.0.0.0 0.255.255.255 30.0.0.0 0.255.255.255
1700A(config)#crypto map AAA 10 ipsec-isakmp (10 – Policy number)
1700A(config-cryptomap)#match address 100
1700A(config-cryptomap)#set peer 20.0.0.2 (Destinaion address)
1700A(config-cryptomap)#set transform-set 20 (20 – Transform name)
1700A(config-cryptomap)#set pfs group 5 (Perfect forward security)
1700A(config-cryptomap)#exit
1700A(config)#interface S0/0
1700A(config-if)#crypto map AAA (Which int., we want to start encryption)
1700A(config-if)#^Z
1700A#show ip route
1700A#config t
1700A(config)#router rip
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#^Z
1700A#ping 30.0.0.1
1700A#show crypto isakmp sa
1700A#show crypto ipsec sa
inbound ah sas:
spi: 0x8EEC094D(2397833549)
transform: ah-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: 1, crypto map: aaa
sa timing: remaining key lifetime (k/sec): (4507657/3450)
replay detection support: Y
Status: ACTIVE
outbound ah sas:
spi: 0x232953F4(589911028)
transform: ah-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: 2, crypto map: aaa
sa timing: remaining key lifetime (k/sec): (4507657/3448)
replay detection support: Y
Status: ACTIVE
1700B
Router>en
Router#config t
Router(config)#hostname 1700B
1700B(config)#interface F0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)#interface S0/0
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)#crypto isakmp enble
(Internet security Architecture key management protocol)
1700B(config)#crypto isakmp policy 10 (1- 10000 Policy number)
1700B(config-isakmp)#authentication pre-share
1700B(config-isakmp)#encryption 3des
1700B(config-isakmp)#hash sha (authentication for between hacks)
1700B(config-isakmp)#group 5 (integrity checking)
1700B(config-isakmp#exit
1700B(config)#crypto isakmp key CISCO address 20.0.0.1 (Destination address)
1700B(config)#crypto ipsec transform-set 20 esp-3des esp-sha-hmac ah-sha-hmac
1700B(config-crypto-trans)#exit
1700B(config)#access-list 100 permit ip 30.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
1700B(config)#crypto map AAA 10 ipsec-isakmp (10 – Policy number)
1700B(config-cryptomap)#match address 100
1700B(config-cryptomap)#set peer 20.0.0.1 (Destinaion address)
1700B(config-cryptomap)#set transform-set 20 (20 – Transform name)
1700B(config-cryptomap)#set pfs group 5 (Perfect forward security)
1700B(config-cryptomap)#exit
1700B(config)#interface S0/0
1700B(config-if)#crypto map AAA (Which int., we want to start encryption)
1700B(config-if)#^Z
1700B#show ip route
1700B#config t
1700B(config)#router rip
1700B(config-router)#network 20.0.0.0
1700B(config-router)#network 30.0.0.0
1700B(config-router)#^Z
1700B#ping 10.0.0.1
1700B#show crypto isakmp sa
1700B#show crypto ipsec sa
1700B#show crypto IPsec SA
interface: Serial0/0
Crypto map tag: aaa, local addr 20.0.0.2
inbound ah sas:
spi: 0x232953F4(589911028)
transform: ah-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: 1, crypto map: aaa
sa timing: remaining key lifetime (k/sec): (4433696/1897)
replay detection support: Y
Status: ACTIVE
outbound ah sas:
spi: 0x8EEC094D(2397833549)
transform: ah-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: 2, crypto map: aaa
sa timing: remaining key lifetime (k/sec): (4433696/1894)
replay detection support: Y
Status: ACTIVE
F0/0
F0/0
10.0.0.1 30.0.0.1
Switch
30.0.0.2
10.0.0.3 10.0.0.4
Step 1 - Install JAVA Runtime Environment ver 5 and above (Local machine).
Step 2 - Install SDM (Security Device Manager)
1700A
Router>en
Router#config t
Router(config)#hostname 1700A
1700A(config)#username CCNA privilege level 15 password 123
1700A(config)#line vty 0 4
1700A(config-line)#privilege level 15
1700A(config-line)#exit
1700A(config)#interface F0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#ip http authentication local
1700B
Router>en
Router#config t
Router(config)#hostname 1700B
1700B(config)#username CCSP privilege level 15 password 123
1700B(config)#line vty 0 4
1700B(config-line)#privilege level 15
1700B(config-line)#exit
1700B(config)#interface F0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)#ip http authentication local
IPv6 with GRE (Generic Routing Encapsulation) Tunnel Configuration
LAB
20.0.0.2 1700B
1700A 20.0.0.1 S0/0
S0/0 Internet
fec
2
0:: F0/0
11
F0/0 1:1
:/
/ 11 30.0.0.1
:2
10.0.0.1
:1
2
c0
fe
Switch
VPN Tunnel
10.0.0.3 10.0.0.4
1700A
Router>en
Router#config t
Router(config)#hostname 1700A
1700A(config)#ipv6 unicast-routing
1700A(config)#ipv6 cef (Cisco Express Forwarding)
1700A(config)#interface F0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#interface S0/0
1700A(config-if)#ip address 20.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#^Z
1700A#show ip route
1700A#config t
1700A(config)#router eigrp 100 (0 - 65535)
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#^Z
1700A(config)#int tunnel 0
1700A(config-if)#ipv6 ospf 1 area0
1700A(config-if)#exit
1700A(config)#crypto isakmp enble
(Internet security Architecture key management protocol)
1700A(config)#interface tunnel 0
1700A(config-if)#tunnel source S0/0
1700A(config-if)#tunnel destination 20.0.0.2 (Public IP)
1700A(config-if)#ipv6 address fec0::1:1/112
1700A(config)#crypto isakmp policy 10 (1- 10000 Policy number)
1700A(config-isakmp)#authentication pre-share
1700A(config-isakmp)#encryption 3des
1700A(config-isakmp)#hash sha (authentication for between hacks)
1700A(config-isakmp)#group 5 (integrity checking)
1700A(config-isakmp#exit
1700A(config)#crypto isakmp key CISCO address 20.0.0.2 (Destination address)
1700A(config)#crypto ipsec transform-set 20 esp-3des esp-sha-hmac ah-sha-hmac
1700A(config-crypto-trans)#exit
1700A(config)#access-list 100 permit ip 10.0.0.0 0.255.255.255 30.0.0.0 0.255.255.255
1700A(config)#crypto map AAA 10 ipsec-isakmp (10 – Policy number)
1700A(config-cryptomap)#match address 100
1700A(config-cryptomap)#set peer 20.0.0.2 (Destinaion address)
1700A(config-cryptomap)#set transform-set 20 (20 – Transform name)
1700A(config-cryptomap)#set pfs group 5 (Perfect forward security)(optional)
1700A(config-cryptomap)#exit
1700A(config)#interface S0/0
1700A(config-if)#crypto map AAA (Which int., we want to start encryption)
1700A(config-if)#^Z
1700A#ping 30.0.0.1
1700A#ping fec0::1:1
1700A#show crypto isakmp sa
1700A#show crypto ipsec sa
1700B
Router>en
Router#config t
Router(config)#hostname 1700B
1700B(config)#ipv6 unicast-routing
1700B(config)#ipv6 cef (Cisco Express Forwarding)
1700B(config)#interface F0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)#interface S0/0
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#^Z
1700B#show ip route
1700B#config t
1700B(config)#router eigrp 100 (0 - 65535)
1700B(config-router)#network 20.0.0.0
1700B(config-router)#network 30.0.0.0
1700B(config-router)#^Z
1700B(config)#int tunnel 0
1700B(config-if)#ipv6 ospf 1 area 0
1700B(config-if)#exit
1700B(config)#crypto isakmp enble
(Internet security Architecture key management protocol)
1700B(config)#interface tunnel 0
1700B(config-if)#tunnel source S0/0
1700B(config-if)#tunnel destination 20.0.0.1 (Public IP)
1700B(config-if)#ipv6 address fec0::1:2/112
1700B(config)#crypto isakmp policy 10 (1- 10000 Policy number)
1700B(config-isakmp)#authentication pre-share
1700B(config-isakmp)#encryption 3des
1700B(config-isakmp)#hash sha (authentication for between hacks)
1700B(config-isakmp)#group 5 (integrity checking)
1700B(config-isakmp#exit
1700B(config)#crypto isakmp key CISCO address 20.0.0.1 (Destination address)
1700B(config)#crypto ipsec transform-set 20 esp-3des esp-sha-hmac ah-sha-hmac
1700B(config-crypto-trans)#exit
1700B(config)#access-list 100 permit ip 30.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
1700B(config)#crypto map AAA 10 ipsec-isakmp (10 – Policy number)
1700B(config-cryptomap)#match address 100
1700B(config-cryptomap)#set peer 20.0.0.1 (Destinaion address)
1700B(config-cryptomap)#set transform-set 20 (20 – Transform name)
1700B(config-cryptomap)#set pfs group 5 (Perfect forward security)(optional)
1700B(config-cryptomap)#exit
1700B(config)#interface S0/0
1700B(config-if)#crypto map AAA (Which int., we want to start encryption)
1700B(config-if)#^Z
1700B#show ip route
1700B#ping 10.0.0.1
1700b#ping fec0::1:1
1700B#show crypto isakmp sa
1700B#show crypto ipsec sa
1700B#show crypto IPsec SA
20.0.0.1
1700A
S0/0
Switch F0/0
10.0.0.1
Internet
Back-up 10.0.0.4
TFTP server
10.0.0.3
Router(config)#interface F0/0
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#^Z
Router#ping 10.0.0.3
Router>en
Router#config t
Router(config)#line console 0
Router(config-line)#password 123
Router(config-line)#login
Secure
Shell 20.0.0.1
Server S0/0
F0/0
10.0.0.1
Internet
10.0.0.3 10.0.0.4
1700A
Router>en
Router#config t
Router(config)#hostname 1700A
1700A(config)#interface F0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#ip domain-name CCNA.COM
1700A(config)#crypto key generate rsa usage-keys modulus 1024
1700A(config)#user-name CCSP password 123
1700A(config)#line vty 0 4
1700A(config-line)#login local
1700A(config-line)#exit
1700A(config)#enable secret 123
Configuration Back-up
20.0.0.1
1700A 20.0.0.2 1700B
S0/0
S0/0
Remot Back-up
FTP Server
10.0.0.4 30.0.0.2
Back-up
FTP server
10.0.0.3
1700A
Router>en
Router#config t
Router(config)#hostname 1700A
1700A(config)#interface F0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#ip FTP username Administrator
1700A(config)#ip FTP password 1700
1700A(config)#archive
1700A(config-archive)#path ftp://10.0.0.3 /Cisco backup/rip (any routing protocol)
1700A(config-archive)#path ftp://30.0.0.2 /Cisco backup/rip (any routing protocol)
1700A(config-archive)#write memory
If we want to change any configuration copy running
conffg to startingconfig automatically backup.
20.0.0.1
1700A 20.0.0.2 1700B
S0/0
S0/0
Syslog Server
30.0.0.2
10.0.0.3 10.0.0.4
1700A
Router>en
Router#config t
Router(config)#hostname 1700A
1700A(config)#logging 30.0.0.2
1700A(config)#logging trap notification
1700A(config)#logging sourch-interface F0/0
1700A(config)#archive
1700A(config-archive)log config
1700A(config-archive-log-cfg)#logging enable
1700A(config-archive-cfg)#hidekeys (Password Doesnot see in syslock server)
1700A(config-archive-cfg)#notify syslog
1700A(config-archive-cfg)#^Z
1700A#show
IPV6 Routing Configuration
10.0.0.1
fec0::1:1/112
F0/0
S0/0 S0/1
fec0::11:1
fec0::10:2
1700A
fec0::10:1 fec0::11:2
S0/0 fec0::12:1 fec0::12:2 S0/1
S0/1 S0/0 1700C
1700B
F0/0 F0/0
20.0.0.1
30.0.0.1
fec0::2:1/112
fec0::3:1/112
1700A
Router>en
Router#config t
Router(config)#hostname 1700A
1700A(config)#ipv6 unicast-routing
1700A(config)#ipv6 cef (Cisco Express Forwarding)
1700A(config)#interface F0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#ipv6 address fec0::1:1
1700A(config-if)#no shutdown
1700A(config-if)#interface S0/0
1700A(config-if)#ipv6 address fec0::10:1/112
1700A(config-if)#no shutdown
1700A(config-if)#interface S0/1
1700A(config-if)#ipv6 fec0::12:1/112
1700A(config-if)#no shutdown
1700A(config-if)#^Z
1700A#show ip route
1700A(config)#router OSPF 1 (Process ID 1 - 65535)
1700A(config-router)#network 10.0.0.0 0.255.255.255 area 0
1700A(config-router)#exit
1700A(config)#interface F0/0
1700A(config-if)#ipv6 ospf 1 area 0
1700A(config-if#interface S0/0
1700A(config-if)#ipv6 ospf 1 area 0
1700A(config-if)#interface S1/1
1700A(config-if)#ipv6 ospf 1 area 0
1700A(config-if)#^Z
1700A#show ip route
1700A#show ipv6 route
1700B
Router>en
Router#config t
Router(config)#hostname 1700B
1700B(config)#ipv6 unicast-routing
1700B(config)#ipv6 cef (Cisco Express Forwarding)
1700B(config)#interface F0/0
1700B(config-if)#ip address 20.0.0.1 255.0.0.0
1700B(config-if)#ipv6 address fec0::2:1/112
1700B(config-if)#no shutdown
1700B(config-if)#interface S0/0
1700B(config-if)#ipv6 address fec0::10:2/112
1700B(config-if)#no shutdown
1700B(config-if)#interface S0/1
1700B(config-if)#ipv6 fec0::12:1/112
1700B(config-if)#no shutdown
1700B(config)#router OSPF 1 (Process ID 1 - 65535)
1700B(config-router)#network 20.0.0.0 0.255.255.255 area 0
1700B(config-router)#exit
1700B(config)#interface F0/0
1700B(config-if)#ipv6 ospf 1 area 0
1700B(config-if#interface S0/0
1700B(config-if)#ipv6 ospf 1 area 0
1700B(config-if)#interface S1/1
1700B(config-if)#ipv6 ospf 1 area 0
1700B(config-if)#^Z
1700B#show ip route
1700B#show ipv6 route
1700C
Router>en
Router#config t
Router(config)#hostname 1700C
1700C(config)#ipv6 unicast-routing
1700C(config)#ipv6 cef (Cisco Express Forwarding)
1700C(config)#interface F0/0
1700C(config-if)#ip address 30.0.0.1 255.0.0.0
1700C(config-if)#ipv6 address fec0::3:1/112
1700C(config-if)#no shutdown
1700C(config-if)#interface S0/0
1700C(config-if)#ipv6 address fec0::12:2/112
1700C(config-if)#no shutdown
1700C(config-if)#interface S0/1
1700C(config-if)#ipv6 fec0::11:2/112
1700C(config-if)#no shutdown
1700C(config-if)#exit
1700C(config)#router OSPF 1 (Process ID 1 - 65535)
1700C(config-router)#network 30.0.0.0 0.255.255.255 area 0
1700C(config-router)#exit
1700C(config)#interface F0/0
1700C(config-if)#ipv6 ospf 1 area 0
1700C(config-if#interface S0/0
1700C(config-if)#ipv6 ospf 1 area 0
1700C(config-if)#interface S1/1
1700C(config-if)#ipv6 ospf area 0
1700C(config-if)#^Z
1700C#show ip route
1700C#show ipv6 route
Dynamic Host Configuration Protocol Configuration
LAB
DHCP DHCP
Server Relay
10.0.0.1 20.0.0.1 30.0.0.1
20.0.0.2
F0/0 S0/0 F0/0
S0/0
Unicast
1700 A 1700 B
Switch
Switch
10.0.0.2 10.0.0.3
30.0.0.2
SERVER
1700A
Router>enable
Router#configuration terminal
Router(config)#hostname 1700A
1700A(config)#interface Fast Ethernet 0/0
1700A(config-if)#ip address 10.0.0.1 255.0.0.0
1700A(config-if)#no shutdown
1700A(config)#interface Serial 0/0
1700A(config-if)#ip address 20.0.0.1. 255.0.0.0
1700A(config-if)#no shutdown
1700A(config-if)#exit
1700A(config)#router rip
1700A(config-router)#network 10.0.0.0
1700A(config-router)#network 20.0.0.0
1700A(config-router)#control Z
1700A#show ip route
1700A#show ip interface brief
1700A#config t
1700A(config)#service dhcp
1700A(dhcp-config)#ip dhcp pool ccna (Some name)
1700A(dhcp-config)#network 10.0.0.0 255.0.0.0
1700A(dhcp-config)#default-router 10.0.0.1
1700A(dhcp-config)#dns-server xxx.xxx.xxx.xxx
1700A(dhcp-config)#netbios-name-server xxx.xxx.xxx.xxx (If DNS not available to use)
1700A(dhcp-config)#exit
1700A(config)#ip dhcp excluded-address 10.0.0.2 10.0.0.10
1700A(config)#exit
1700A#show ip dhcp database
1700A#show ip dhcp binding
1700A(config)#service dhcp
1700A(dhcp-config)#ip dhcp pool ccna (Some name)
1700A(dhcp-config)#network 30.0.0.0 255.0.0.0
1700A(dhcp-config)#default-router 30.0.0.1
1700A(dhcp-config)#dns-server xxx.xxx.xxx.xxx
1700A(dhcp-config)#netbios-name-server xxx.xxx.xxx.xxx (If DNS not available to use)
1700A(dhcp-config)#exit
1700A(config)#ip dhcp excluded address 30.0.0.2 30.0.0.10
1700A(config)#exit
1700A#show ip dhcp database
1700A#show ip dhcp binding
1700B
Router>enable
Router#configuration terminal
Router(config)#hostname 1700B
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip address 30.0.0.1 255.0.0.0
1700B(config-if)#no shutdown
1700B(config)#interface Serial 0/0
1700B(config-if)#ip address 20.0.0.2 255.0.0.0
1700B(config-if)#no shutdown
1700B(config-if)#exit
1700B(config)#router rip
1700B(config-router)#network 30.0.0.0
1700B(config-router)#network 20.0.0.0
1700B(config-router)#control Z
1700B#show ip route
1700B#show ip interface brief
1700B#config t
1700B(config)#interface Fast Ethernet 0/0
1700B(config-if)#ip helpher-address 20.0.0.1 (next hop address)
CISCO DEFINATIONS