You are on page 1of 176

Training and Development Department

Cisco Certied Network Associate


CCNA (200-120)
Lab Manual
A Comprehensive Coverage of the Cisco Certied
Network Associate Course Topics

Authored By
Khawar Butt
Penta CCIE #12353
CCDE# 20110020

www.kbits.in

Module - 1 IPV4 Address

Module 1 - IPV4 Address


An IP address is an address used to uniquely identify a device on an IP network. The
address is made up of 32 binary bits which can be divisible into a network portion and
host portion with the help of a subnet mask. The 32 binary bits are broken into four
octets (1 octet = 8 bits). Each octet is converted to decimal and separated by a period
(dot). For this reason, an IP address is said to be expressed in dotted decimal format (for
example, 172.16.81.100). The value in each octet ranges from:

7
128
0

6
64
0

5
32
0

4
16
0

3
8
0

2
4
0

1
2
0

0
1
0

Decimal
Value =
0

7
128
1

6
64
1

5
32
1

4
16
1

3
8
1

2
4
1

1
2
1

0
1
1

Decimal
Value =
255

Binary to Decimal Conversion


Here is how binary octets convert to decimal
The right most bit, or least signicant bit, of an octet holds a value of 20. The bit just to
the left of that holds a value of 21. This continues until the leftmost bit, or most
signicant bit, which holds a value of 27. So if all binary bits are a one, the decimal
equivalent would be 255 as shown here:

1
128
128+

1
64
64+

1
32
32+

1
16
16+

1
8
8+

1
4
4+

1
2
2+

1
1
1+

Decimal
Value =
255

Here is a sample octet conversion when not all of the bits are set to 1.

0
128
0

1
64
64+

0
32
0

0
16
0

0
8
0

0
4
0

0
2
0

1
1
1+

Decimal
Value =
65

And this is sample shows an IP address represented in both binary and decimal.

10.
1.
23.
19
(Decimal)
00001010.00000001.00010111.00010011 (Binary)
These octets are broken down to provide an addressing scheme that can accommodate
large and small networks. There are ve different classes of networks, A to E.
Given an IP address, its class can be determined from the three high-order bits.

The following gure shows the signicance in the three high order bits and the range of
addresses that fall into each class. For informational purposes, Class D and Class E
addresses are also shown.

Class A
0
1
2
3
4
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
0
<
24 bits (Host ID)
>
<
NET ID
>

1.0.0.0 - 127.255.255.255
Class B
0
1
2
3
4
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
1 0
<
16 bits (Host ID)
>
<
NET ID
>

182.0.0.0 - 191.255.255.255
Class C
0
1
2
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
1 1 0
<
NET ID

3
4
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
< 8 bits (Host ID) >
>

192.0.0.0 - 223.255.255.255
Class D
0
1
2
3
4
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
1 1 1 0
Multicast Group ID 28 bit
Multicast

224.0.0.0 - 239.255.255.255
Class E
0
1
2
3
4
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
1 1 1 1
0
27 bit (Future Use)
Experimental

240.0.0.0 - 254.255.255.255
2

In a Class A address, the rst octet is the network portion, Octets 2, 3, and 4 (the next 24
bits) are for the network manager to divide into subnets and hosts as he/she sees t.
Class A addresses are used for networks that have more than 65,536 hosts (actually, up
to 16777214 hosts!).
In a Class B address, the rst two octets are the network portion, Octets 3 and 4 (16 bits)
are for local subnets and hosts. Class B addresses is used for networks that have
between 256 and 65534 hosts.
In a Class C address, the rst three octets are the network portion, Octet 4 (8 bits) is for
local subnets and hosts perfect for networks with less than 254 hosts.
In class D, all four octets are network portion so leaving no host portion. All class D
addresses have been reserved for multicast.

Network Masks
A network mask helps you know which portion of the address identies the network and
which portion of the address identies the node. Class A, B, and C networks have default
masks, also known as natural masks, as shown here:

Class A : 255.0.0.0
Class B : 255.255.0.0
Class C : 255.255.255.0
An IP address on a Class A network that has not been subnetted would have an
address/mask pair similar to: 8.20.15.1 255.0.0.0. To see how the mask helps you
identify the network and node parts of the address, convert the address and mask to
binary numbers.

8.20.15.1 = 00001000.00010100.00001111.00000001
255.0.0.0 = 11111111.00000000.00000000.00000000
Once you have the address and the mask represented in binary, then identifying the
network and host ID is easier. Any address bits which have corresponding mask bits set
to 1 represent the network ID. Any address bits that have corresponding mask bits set to
0 represent the node ID.

8.20.15.1 = 00001000.00010100.00001111.00000001
255.0.0.0 = 11111111.00000000.00000000.00000000
NW ID = 00001000 = 8
HOST ID = 00010100.00001111.00000001 = 20.15.1

Understanding Subnetting:
Subnetting allows you to create multiple logical networks that exist within a single Class
A, B, or C network. If you do not subnet, you are only able to use one network from your
Class A, B, or C network, which is unrealistic. Each data link on a network must have a
unique network ID, with every node on that link being a member of the same network. If
you break a major network (Class A, B, or C) into smaller subnetworks, it allows you to
create a network of interconnecting subnetworks. Each data link on this network would
then have a unique network/subnetwork ID.

In order to subnet a network, extend the natural mask using some of the bits from the
host ID portion of the address to create a subnetwork ID. For example, given a Class C
network of 204.17.5.0 which has a natural mask of 255.255.255.0, you can create
subnets in this manner:

204.17.5.0
- 11001100.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
<--------------------------|SUB|---By extending the mask to be 255.255.255.224, you have taken three bits (indicated by
"sub") from the original host portion of the address and used them to make subnets. With
these three bits, it is possible to create eight subnets. With the remaining ve host ID
bits, each subnet can have up to 32 host addresses, 30 of which can actually be assigned
to a device since host ids of all zeros or all ones are not allowed (it is very important to
remember this). So, with this in mind, these subnets have been created.

204.17.5.0 255.255.255.224 host address range 1 to 30


204.17.5.32 255.255.255.224 host address range 33 to 62
204.17.5.64 255.255.255.224 host address range 65 to 94
204.17.5.96 255.255.255.224 host address range 97 to 126
204.17.5.128 255.255.255.224 host address range 129 to 158
204.17.5.160 255.255.255.224 host address range 161 to 190
204.17.5.192 255.255.255.224 host address range 193 to 222
204.17.5.224 255.255.255.224 host address range 225 to 254
Note: There are two ways to denote these masks. First, since you are using three bits
more than the "natural" Class C mask, you can denote these addresses as having a 3bit
subnet mask. Or, secondly, the mask of 255.255.255.224 can also be denoted as /27 as
there are 27 bits that are set in the mask. This second method is used with CIDR. Using
this method, one of these networks can be described with the notation prex/length.

For example,
204.17.5.32/27
denotes the network 204.17.5.32 with subnet mask of 255.255.255.224

Take a look at how a Class B network might be subnetted. If you have network
172.16.0.0, then you know that its natural mask is 255.255.0.0 or 172.16.0.0/16.
Extending the mask to anything beyond 255.255.0.0 means you are subnetting. You can
quickly see that you have the ability to create a lot more subnets than with the Class C
network. If you use a mask of 255.255.248.0 (/21), how many subnets and hosts per
subnet does this allow for?

172.16.0.0
10101100.00010000.00000000.00000000
255.255.248.0 11111111.11111111.11111000.00000000
-|sub|
You are using ve bits from the original host bits for subnets. This allows you to have 32
subnets. After using the ve bits for subnetting, you are left with 11 bits for host
addresses. This allows each subnet so have 2048 host addresses, 2046 of which could be
assigned to device.

Chapter at a Glance
1. IP addresses must be unique in a network.
2. IP addresses only have meaning when read in conjunction with a subnet mask
ANDing.
3. 32 bits (0 or 1) divided into 4 octets.
4. IP address has two portions network and host.
5. Each octet has a decimal value range of 0 to 255, except for the rst octet, which is
1 to 255.
6. The network portion can not be all 0's nor all 1's.
7. The rst octet can not be 127 (network), this is reserved for loopback and also to
check if protocol stack is correctly congured. Errors can easily be resolved by
reloading TCP/IP and rebooting.
8. The host portion can not be all 0's this denes the network address.
9. The host portion can not be all 1's this denes a broadcast in that particular
network.
10. The IP address 255.255.255.255 denes a general broadcast.

Useful Statistics
1st Octet
Range
(Decimal)

1st
octet
Struct.
(Binary)

1 127

0XXXXXXX

128 191

Total
No. of NW

Maximum
Number
of H/N

Address
Struct.

Default Mask

27-2
126

224-2
16,777,214

N.H.H.H

255.0.0.0

10XXXXXX

214
16,384

216-2
65,534

N.N.H.H

255.255.0.0

192 223

110XXXXX

221
2,097,152

28-2
254

N.N.N.H

255.255.255.0

224 239

1110XXXX

Reserved for multicasting

240 255

1111XXX0

Reserved for experimental and future use

Class

Note that X= 0 or 1, also N = Network portion and H = Host portion

Subnetting
Steps of Subnetting
1. Find the number of networks required.
2. Find the number of bits to borrow (Use the chart below).

...
...

10
1024

9
512

8
256

7
128

6
64

5
32

4
16

3
8

2
4

1
2

0
1

For Example, if we require 16 networks, number of bits to be borrowed =4.


Bits to Borrow

...
...

10
1024

9
512

8
256

7
128

6
64

5
32

4
16

3
8

2
4

1
2

0
1

Increment No.
3. Find the Increment number on the chart.
In the above example, increment no. = 16
4. Write the New mask (256 Increment)
5. Write the new network numbers. Use the increment to write the numbers. First
network will be the increment and the last network will be one increment less than the
mask.
6. Write the range of valid hosts and the broadcast address for each network.
(Note to the instructor: Please explain the subnetting steps by solving examples
each from Class A, Class B and Class C)

Subnetting Exercises
1. You have a Class C address of 192.168.5.0. You would like to break it into 7 Subnets.
Write the new Subnet Mask, First, Last and Broadcast addresses for the new
Subnetworks.
2. You have a Class B address of 150.5.0.0. You would like to break it into 15 Subnets.
Write the new Subnet Mask, First, Last and Broadcast addresses for the First 5
Subnetworks.
3. You have a Class A address of 50.0.0.0. You would like to break it into 50 Subnets.
Write the new Subnet Mask, First, Last and Broadcast addresses for the First 5
Subnetworks.
4. If you have sub-netted a network 172.16.0.0 with a mask of /20. Which of the
following addresses are broadcast addresses? (Choose all that apply)
172.16.32.255
172.16.47.255
172.16.79.255
172.16.159.255
5. What would your subnet mask be if you want 5 networks with 20 hosts each?
6. You are required to break the 172.15.0.0 network into subnets having a capacity of
450 hosts with the maximum allowed subnets. What would your mask be?
7. Convert 1101 1001 into Decimal and Hex.
8. If your mask is 255.255.255.224, which of the following addresses are valid IP
Addresses? (Choose all that apply)
192.165.4.37
195.5.2.63
172.6.5.32
11.5.1.94
9. If your mask on a Class C network is /29, how many subnets and host per subnet do
you have?
10. What is the binary range of Class A, Class B and Class C addresses?
11. If you routers ID is 192.168.1.60/240, what is the range of valid addresses that you
can congure for a PC connected to the same Interface?

Module 2 OSI Reference Model

OSI Reference Model


Layering Benets & Reasons
1.To divide the interrelated aspects of network operation into less complex operations.
2.To dene standard interfaces to achieve compatibility and multi-vendor integration.
3.To achieve a modular approach to networking protocols so new applications and
services can be deployed without redesigning other layers.
4.To keep changes in one area from affecting other layers.
5.To ease troubleshooting using data packets which will have specic information about
each layer.

Layer
Layer
Layer
Layer
Layer
Layer
Layer

7
6
5
4
3
2
1

Application
Presentation
Session
Transport
Network
Data Link
Physical

Application Layer (Layer 7)


1.Provides interface between OSI RM and end user applications.
2.Provides network services to user client/server-based applications.
3.Establishes and denes program-to-program communication.
4. Identies availability of intended communication partner.
5. Examples include ftp, tftp, http, www browsers, DNS, SMTP, telnet.

Presentation Layer (Layer 6)


1.Denes data format for transmission.
2.Ensures arriving data from the network can be used by the application and
information sent by the application can be transmitted on the network.
3.Performs encryption and decryption.
4.Example representations include ASCII, EBCDIC, JPEG, TIFF, PICT, MPEG, MIDI,
HTML.

Session Layer (Layer 5)


1.Denes how to start, control and end sessions.
2.RPCs operate at this layer.
3.Logon Validation happens at this layer.
4.Named Pipes dened at this layer Named Pipes use TCP to guarantee
communications, example NetLogon.
5.Session layer organizes communication through simplex, half-duplex or full-duplex.
6. Example protocols include SQL, RPC, NetBIOS, Named Pipes.

Transport Layer (Layer 4)


1. Segments data to be passed down to the Network layer and reassembles data for the
Session and upper layers.
2. Provides the choice of connection-oriented and guaranteed (TCP) or connectionless
and non-guaranteed (UDP) delivery of data.
3. Provides end-to-end transport services.
4. Provides ow control to overcome congestion in the receiving host's buffers.
5. TCP uses port numbers to multiplex from the Transport layer through to the
Application layer.
[multiplex = ability to send different data from a number of applications in the same
transport connection]

3 Flow Control Mechanisms:


Buffering:
Each computer has enough buffer space to hold data before it is processed.
Congestion Avoidance:
Receiving computer notices its buffers are lling quickly and sends a stop message to the
sending host to temporarily stop transmitting while it processes data already received. It
then signals that it is ready for more data. Example protocols Synchronous Data Link
Control (SDLC), Link Access Procedure, Balanced (LAPB), ICMP Source Quench (slows
down rate instead of stopping it).
Windowing:
Denes maximum number of packets that can be sent before an acknowledgment is
expected.
6. Connection-oriented protocols establish and terminate sessions, for example, the TCP
3-way handshake.
7. Ports are dened in RFC 1700.
8. The rst 1023 ports are reserved, or well-known ports used by the Operating System.
9. The remaining ports (1024 65,535) are available for use by client/server-based
applications.

Port

TCP Based Applications


Application
Port

Application

20, 21
23

FTP
TELNET

69
70

TFTP
GOPHER

25
53
67

SMTP
DNS
DHCP Server

80
119
161

HTTP
NNTP
SNMP

68

DHCP Client

179

BGP

10. Example protocols include TCP, UDP, SPX, IPX

10

Network Layer (Layer 3)


1.Denes the network address.
2.Routers operate at this layer.
3.Segments from the Transport layer are placed into packets and passed down to the
Data Link layer.
4.Network layer routes data from one node to another.
5.Determines the best path/route to destination device to use for routing data on the
internetwork this is done by the protocol using hop count (IP RIP) or tick (IPX RIP),
where 1 tick = 1/18th of a second.
6.Network layer maintains routing table.
7.IP addressing consists of a network and host address specied with a Subnet Mask.
8.IPX addressing 2a.01c0.1234.5ac9 consists of network and host (MAC) address. The
Right-most 12 Hex-digits represents the MAC Address or Host address and and
remaining Hex-digits in the front represent the Network Address. The Network Address
can be up to 8 Hexadecimal digits, dened by the Network Administrator. In this
example, 2a is the network address and 01c0.1234.5ac9 is the MAC or host address.

Data Link Layer (Layer 2)


1. Provides error-free link between 2 devices CRC used for error checking.
2. Packets from the Network layer are placed into frames.
3. Data Link layer handles physical transmission of data from one node to another.
4. Handles error notication.
5. IEEE subdivided this layer into 2 sub-layers:
Logical Link Control (LLC)
Uses Destination Service Access Points (DSAP) and Source Service Access Points (SSAP)
to help lower protocols access Network layer protocols.
Media Access Control (MAC)
Builds frames from bits.
Performs CRC.
Handles MAC addresses rst 6 digits of 12 hex dene vendor ID, next 6 is the serial
number for that vendor ID.
6. Protocols in the 2nd layer.

LAN
WAN

Ethernet, Token Ring, FDDI, ArcNet


PPP, SLIP, Frame Relay, ISDN, ATM, X.25,
SDLC, HDLC, CDP, MPLS.

7. Media access methods:


Contention-based Ethernet (CSMA/CD),Token-passing, Polling etc.
8. WAN technologies:
Plain Old Telephone Service (POTS), Integrated Services Digital Network (ISDN),
Dedicated leased line T, Serial Line Internet Protocol (SLIP), Point to Point Protocol
(PPP), Frame Relay, ATM, MPLS etc.
9. Internetworking devices used at the 2nd layer:
Bridges, Switches etc.

11

Physical Layer (Layer 1)


1. Denes connections RJ-45, RJ-11, BNC, HSSI, RS-232
2. Places frames, represented as bits, onto media as electric signals or pulses of light
3. Hubs and repeaters operate at this layer.

TCP Overview
1. TCP = Transmission Control Protocol
Connection-oriented protocol
Provides a reliable unicast end-to-end byte stream over an unreliable internetwork.
2. Before any data transfer, TCP establishes a connection:
One TCP entity is waiting for a connection (server)
The other TCP entity (client) contacts the server
3. The actual procedure for setting up connections is more complex.
4. Each connection is full duplex.
5. Byte stream is broken up into chunks which are called segments
6. Receiver sends acknowledgments (ACKs) for segments
7. TCP maintains a timer. If an ACK is not received in time, the segment is retransmitted.
8. Detecting errors:
TCP has checksums for header and data.
Segments with invalid checksums are discarded
Each byte that is transmitted has a sequence number.
9. To the lower layers, TCP handles data in blocks, the segments.
10. To the higher layers TCP handles data as a sequence of bytes and does not
identify boundaries between bytes
11. So: Higher layers do not know about the beginning and end of segments!

TCP Three-way Handshake

SYN (Seq. No. = X)

SYN (Seq. No. = Y), ACK (Ack No. = X+1)

ACK (Seq. No. = X+1, Ack No. = Y+1)

CLIENT

SERVER

12

Module 3 Router Basics

13

Router Basics
Router Conguration Sources
Routers can be congured from:
1. Console terminal.
2. Auxiliary port externally, via modems.
3. Virtual terminals (Telnet) after installation.

Internal Conguration Components


1. RAM
Contains dynamic / running conguration
2. NVRAM
Contains backup of conguration (startup conguration)
3. Flash
Contains copy of Cisco IOS
4. ROM
Contains a subset of IOS
Contains bootable IOS image
5. Interfaces
Network connections which packets enter/exit from routers, e.g. Ethernet, serial, BRI,
Token Ring
6. Console and auxiliary ports
Main command-line interface used for conguration.

Router Startup Sequence Summary


1. Bootstrap program loaded from ROM
2. Bootstrap runs the POST
3. Bootstrap locates IOS in Flash
4. IOS is expanded and then loaded into RAM
5. Once IOS is loaded into RAM, it looks for startup-cong in NVRAM
6. If found, the conguration is loaded into RAM

Router Modes
1. User EXEC mode (look, but don't change)
Automatically enter this mode when router is turned on.
You can perform basic tasks, such as connect to remote devices, perform basic tests.
Prompt : Router>

14

2. Privileged EXEC mode


High-level testing commands
Set operating parameters
Command to enter: Router>enable
Prompt: Router#
3. Global conguration mode
Commands apply to features that affect the system as a whole
Enter from privileged EXEC mode with command:
Router#cong t
Prompt: Router(cong)#
4. Interface mode
Congure interface, such as Ethernet, serial
Enter from global conguration mode with command:
Router(cong)#int e 0/0
Or
Router (cong)#int s 0/0
Prompt: Router (cong-if)#
5. Setup mode
Helps new user to create a conguration for the rst time, via a series of questions
Prompted at bootup or enter setup at:
Router# prompt
6. Rommon mode
Provides router with a small subset of IOS and helps router boot if IOS not found in Flash
Prompt : Rommon 1>

OVERVIEW OF USER INTERFACE COMMANDS


Editing commands
1. Ctrl-A beginning of line
2. Ctrl-E end of line
3. Ctrl-F forward one character
4. Ctrl-B back one character
5. Esc-F forward one word
6. Esc-B back one word
Command History
1. Enabled by default
2. 10 commands recorded in history buffer by default
3. Use history size command to change to a maximum of 256
4. Ctrl-P or Up arrow shows most recent
5. Show history command at privileged EXEC mode shows if enabled and history size
6. Tab keys completes entries of known keywords

15

Setting Router Name


Router(cong)#hostname <desired_name>

Welcome Banner
1. Displayed when router is accessed
2. Displayed prior to prompting for a password
3. Syntax :
Router(cong)#banner motd #message#

Saving Conguration Changes


1. To save running (active) conguration to startup conguration for availability at next
bootup
Router#copy running-cong startup-cong
2. To delete startup conguration
Router#erase startup-cong
3. Then reload
Router#reload

Viewing / Verifying Conguration


Router(cong)#show run

Router Status Commands


Router#show version
1. Shows IOS conguration
2. Image le name and location
3. How long router is up and active
Router#show startup-cong
1. Shows image size
2. Shows backup conguration le
Router#show running-cong
1. Shows current, active conguration
Router#Show interfaces
1. Shows statistics/parameters for all congured interfaces

Router#show ash
1. Shows information on Flash memory device includes all IOS images

16

Router Passwords
Setting Console Password
To set the Line Console Password
Router(cong)#line con 0
Router(cong)#login
Router(cong)#password xxxxxx

Setting Enable Mode Password


To set the enable Password
Router(cong)#enable password xxxxxxx

Setting Encrypted Enable Mode Password


To set the enable secret
Router(cong)#enable secret xxxxxx
Note: Enable secret overrides the enable password.

Setting Telnet Session Password


To set the Telnet Session Password
Router(cong)#line vty 0 4
Router(cong-line)#login
Router(cong-line)#password xxxxx
Note: To remove the password requirement for Telnet session, use the following command:
Router(cong-line)#no login

17

Lab 1 Connecting a Dump Terminal


/ PC to the Router
Following are the steps to connect Dump Terminal PC to Router
1. Connect the Console Adapter to either Com1 or Com2 on the back of your PC.
2. Connect the Rollover cable from the back of the Console Adapter to the Console Port on
the Router.
3. Make sure the PC is up and running before turning the Router on.

Hyper Terminal Congurations


1. Open Hyper Terminal under Accessories.
2. Give the Connection a Name (Cisco).
3. Specify that you are using either Com1 or Com2 (based on what port you connected the
console adapter to).
4. On the Port Properties dialog, Click on Restore Defaults and then Click on OK.
5. Press Enter couple of times.
6. If the router is up, you should see the Router prompt.

18

Module 4 Router Basics Labs

19

Lab 2 - Stepping Through Different


Command Modes and Getting Help
Stepping Through Different Command Modes
Router> indicates that you are in User Exec Mode.
On the Router >
Type
Router> enable
and Press Enter.
Your prompt should look like
Router#
The Router# indicates that you are in Privileged Exec Mode
Type
Router#Disable.
It will take you from Privileged Mode to User Mode. Your prompt should look like
Router>
You can also type in Router#en to go into Privileged Mode from User Mode. The reason
being, there is no other command in User Exec mode that starts with the letters en.
Similarly, you can type Router#Disa instead of Router#disable at the Privilege Mode to
go into User Exec Mode.
If you want to exit out completely, type Router#logout. Logout will log you out of the
router. You should see the prompt asking you press Enter to get started.
Press Enter.
You can also type Router#Exit to logout of the Router from either User or Privilege Mode.
Press Enter to get started again.
Type ?. It displays all the commands that can be type in the current Mode (User Exec). It
will give a short description about each command and stop after each page.
Press the Enter Key. What happens? Write it down.
Press the Spacebar Key. What happens? Write it down.
Type Router#?
If you want to exit out of help without seeing all the commands press Ctrl-C or Esc.

20

Type Router>enable.
Type Router#? followed by the spacebar key until you return back to the prompt.
Did you see more commands when Typed Router#? in Privileged Mode than in User
Mode?
Cisco Help is Context sensitive. It displays help based on where you typed ?
If you wanted to nd out about all the commands that start with a specic letter, you can
type that letter followed by ?. It will only display commands that start with that letter.
Type Router#s?. What does it show you?
To go to the Global Conguration mode, type Router# congure terminal from the
Privileged Mode. You can also type Router#cong t to have the same effect. Your
prompt should look like Router(cong)#. This is the prompt for Global Conguration
Mode.
Type Router#exit. To go down one level you could use exit.
Type Router#disable. This should take you to User Exec Mode. Can we get to
conguration mode from here?
Type Router#Cong t. What happens?
Type Router>en. Your prompt should look like Router#.
Type Router#cong t. Your Prompt should like Router (cong)#. Can we logout from
here?
Type Router# logout. What happens?

How to Congure a Specic Interface.


To go to congure a specic interface, you have to go into that interface. The command
that will allow you to go into a specic interface is as follows :
Router#interface <Type> <Slot/Port>
Type Router#int ethernet 0/0.
You could also have typed Router# int e 0/0.
This allows you to congure the Ethernet interface 0/0. The prompt should look like
Router(cong-if)#.
If you wanted to congure the Serial interface, type
Router#Interface Serial 0/0 or Router# Int S 0/0. Does your prompt change?
The prompt for all your interfaces is the generic Router(cong-if)#

21

To go back to Global Conguration, Type Router(cong-if)#exit.


Type Router(cong)# Int e 0/0 to go back into interface conguration mode.
To go back directly back into Privileged Mode, you can either type Ctrl-Z or end.
Router(cong-if)#end
Where did END take you ?
Type Router(cong)#Cong t
Type Router(cong)#Int e 0/0
Router(cong-if)#Ctrl-Z
Where did CTRL-Z take you?

Stepping through Context-sensitive Help to set the Time for


the Router
In the Privileged Mode,
Type Router#cl?
What command will allow you to set the Clock?
Type Router#clock ?. What should you type next?
Type Router#clock set ? What should you type next? (HH:MM:SS)
Type Router#clock set 17:25:00 and Press Enter.
What is response?
Type Router#clock set 17:25:00 1 ? What should you type next? (DD:MM:YYYY)
Type Router#clock set 17:25:00 30 july? What should you type next?
Type Router# clock set 17:25:00 30 july 2014 and Press Enter.

Terminal History
What happened when we pressed up arrow?
Type Router#show history. It shows the last set of commands you have typed. By
default, the router will keep track of the last 10 commands.
Type Router#terminal history size 100 to change the history size to 100.
Type Router#show terminal to see the change. (Towards the bottom of the output)

22

Editing Keys
Press CTRL P. It will show you the Previous Command.
Press CTRL-P. It will show you the command you typed before the previous command.
Press CTRL N. It will show you the Next Command.
Where is the cursor at? Let us say that you want to change something at the beginning of
the line. Rather than using the arrow keys to scroll to the beginning of the line, you can
accomplish the same by pressing CTRL A.
Press CTRL-A. The cursor should be at the beginning of the line.
Press CTRL E. CTRL-E takes the cursor to the end of the line.

Show Commands
All show commands are typed in Privilege Exec Mode (#).
Type router#show interface serial0/0.
What is the status of the line?
What is the Encapsulation type on the Serial interface?
Type router#show version.
What does this command display?
What is the name of the le that was used to boot the Router?
How many interfaces does your router have?
Type router#show ip interface brief.
What does this command display?

Disabling Domain-lookup and Synchronizing the console


line
In global conguration mode, Type Router(cong)#no ip domain-lookup.
This command prevents the router from doing a Name lookup if you mistype a
command?
In global conguration mode, Type Router(cong)# line console 0.
Type Router(cong-line)# logging synchronous.
This prevents console messages from getting inserted into your command as you are
typing.

Type Router(cong-line)# no exec-timeout.


This command prevents the session from getting timed out after 2 minutes of idle time.

23

Lab 3 Setting the Hostname,


Banner and Saving Conguration
Setting the Router Hostname
Go to Global Conguration by typing Router#Cong t
Type Router#hostname xxxxx (Where xxxxx is KBITS)
What happened to your prompt?
It should be KBITS(cong)#
KBITS(cong)#exit

Setting the Banner for Logging in


Go to Global Conguration by typing Router# Cong t
Type Router#Banner Motd #Welcome to KBITS#
Note:(You can start and end the message with Delaminating character of your choice)
Type Router#End
Type Router#logout
Press Enter. Do you see the banner displayed?

Saving the Running-Cong File


Go to Privilege Mode.
Type Router# Show running-Cong OR Router#Show Run
Does it show the hostname and Banner you set in the previous lab?
Router#Show startup-cong OR Router#sh star
Do you have any startup-conguration le? Why not?
To save this conguration,
Type Router#Copy running-cong startup-cong or
Router#Copy Run Start OR
Press Enter to take the default [Starup-cong] for Destination Filename
Router#write OR Router#wr

24

Lab 4 Creating Aliases


Creating Aliases for Frequently Used Commands
Router#cong t
Router(cong)#alias exec shr sh run
(This command creates a shortcut shr for the show run command)
Router(cong)#alias exec shs sh start
(This command creates a shortcut shs for the show start command)
Router(cong)#alias exec ship sh ip int brief
(This command creates a shortcut ship for the show ip int brief command)
Router(cong)#alias exec shv sh ver
(This command creates a shortcut shv for the show version command)
Router(cong)#alias exec cc cong t
(This command creates a shortcut cc for the cong t command)
Testing the Aliases
Try the different aliases you have created by typing them one at a time.

25

Lab 5 Setting a Line Console


Password
Setting the Line Console Password
Router>en
Router#cong t
Router(cong)#line console 0
Router(cong-line)#login
Router(cong-line)#password newyork
Router(cong-line)#end

Testing the Line Console Password


Type Logout to exit out of the router's console. You should see a message that says
Press Return to get started.
Press Enter.
Do you get a prompt for password to get into User Exec mode?
Type newyork (The password that was set).
Are you in User Exec mode?
Type en to get into Privilege Exec mode. Did it prompt you for a password?

26

Lab 6 Setting a Enable Password


Setting the Enable Password
Router>en
Router#cong t
Router(cong-line)#enable password cisco@123
Router(cong-line)#end

Testing the Enable Password


Type Logout to exit out of the router's console. You should see a message that says
Press Return to get started.
Press Enter.
Do you get a prompt for password to get into User Exec mode?
Type newyork (The Console password that was set).
Are you in User Exec mode?
Type en to get into Privilege Exec mode.
Did it prompt you for a password?
Type cisco@123. (The enable password that was set).
Are you in Privilege Exec Mode?

27

Lab 7 Setting a Enable Secret


Password
Setting the Enable Secret Password
Router>en
Router#cong t
Router(cong-line)#enable secret kbits@123
Router(cong-line)#end

Testing the Enable Secret Password


Type Logout to exit out of the router's console. You should see a message that says
Press Return to get started.
Press Enter.
Do you get a prompt for password to get into User Exec mode?
Type newyork (The Console password that was set).
Are you in User Exec mode?
Type en to get into Privilege Exec mode. Did it prompt you for a password?
Type cisco@123. (The enable password that was set).
Did it work?
Type kbits@123
Did it work?
Type show running-cong
Do you see both passwords?
Which password works?

28

Lab 8 Basic Serial Connection


(HDLC)
S0/0

S0/0

R1

R2

Finding the Clock Source


Type
Router#show Controller S 0/0.
Look for the word DCE or DTE in the top three lines.
If it says DCE, you will provide the Clock (Speed for the link). It is normally specied by
the Telephone Company based on your contract.

Conguring the Serial Interfaces with IP Addresses and


bringing them up.
Go into Global conguration mode by typing
Router#cong t.
Enter into the Interface conguration mode for the Serial Interface by typing
Router(cong)#int S 0/0.
Set the IP Address of the Interface by typing IP Address 10.0.0.X 255.0.0.0 where X is
your number ( 1 or 2 ).
Router(cong-if)#ip address 10.0.0.1 255.0.0.0 (Router, R1)
&
Router(cong-if)#ip address 10.0.0.2 255.0.0.0 (Router, R2)
If you were the clock source, you have to set the speed of the link. Type:
Router(cong-if)#Clock rate 128000
This sets the speed of the line to 128 kbps.
Bring the Interface up by typing
Router(cong-if)#No shut.

29

Verifying the connection


Make sure both routers are congured before proceeding to the following section.
In Privilege exec mode, type
Router# show ip interface brief
What is the status of your Serial line?
Type Ping 10.0.0.Y where Y is your partner's IP address.
Router#ping 10.0.0.1
or
Router#ping 10.0.0.2
Are you successful?
Type
Router#show interface S0/0.
What is the encapsulation type?
Can you authenticate the routers with this type of encapsulation?

30

Lab 9 - Basic Serial Connection (PPP)


(Builds on Lab 9)

Using PPP as the Encapsulation


To change the encapsulation of the interface to PPP, type the following commands on
both routers:
Router>en
Router#cong t
Router(cong)#int S 0/0
Router(cong-if)#encapsulation ppp
Router(cong-if)#end
Type
Router#show inter S0/0
What is the encapsulation type?
Ping your Partner's router.
Are you successful?
What are the advantages of using PPP over the Cisco Proprietary HDLC?

31

Lab 10 - Establishing Telnet Session


with Partners Router
(Builds on Lab 10)

Testing the Telnet Password


Type Telnet 11.0.0.X (Where X is your partner's number)
What message do you get?

Setting the Telnet Password


Router>en
Router#cong t
Router(cong)#line vty 0 4
Router(cong-line)#login
Router(cong-line)#password remote

Testing the Telnet Password again


Type Router#Telnet 10.0.0.X (Where X is your partner's number)
Did you get a password prompt?
Type Router# remote.
Do you see your partner's Router prompt?
Type Router# en
Type kbits@123 for your partner's enable password.
Type Router#show run.
Do you see your partner's Running-cong?

Switching between your Console and Remote Console


Press CTRL-SHIFT-6 and X.
Do you see your own router prompt?
If you want to switch back to your partner's router, press enter twice
Do you see your partner's Router prompt?
To exit the remote session, type Route#quit.
On your own router, save your conguration by typing
Router#copy run startup-cong

32

Module 5 Basic Routing Protocols

33

Routing Protocols
Routing Tables
Routers build routing tables initially based on their directly connected networks.
If addition to directly connected networks, Routers can learn about destinations in one
of three ways:
Static Routes: Manually added to the routing tables by the administrator.
Default Routes: Manually added to the routing table by the administrator to dene a
Default Gateway for the router. If the routing table does not have an entry for a
destination network, send the packet to the Default Route.
Dynamically : Learned through a Routing Protocol.
Routing tables are used to send data along specic paths to reach a particular
destination.
Routers need to exchange routing tables so they can route data to networks that are not
directly connected to them.
Routers require a Routing Protocol in order to exchange routing tables with their
neighboring routers and advertise networks.

Static Routes
Static Routes are User-dened, manually created routes.
The administrator creates Static Routes in a Cisco Router using the ip route Command
Syntax : ip route destination-network subnet-mask Next-Hop-Router-IP-Address
{distance}
Example: ip route 11.0.0.0 255.0.0.0 10.0.0.2

Default Routes
Default Routes dene a router as the default router for your router. When there is no
entry for the destination network in a routing table, the router will forward the packet to
its default router. Default routes help in reducing the size of your routing table.
Syntax : ip route 0.0.0.0 0.0.0.0 next-hop-router
Example: ip route 0.0.0.0 0.0.0.0 10.0.0.2

34

Routable and Routing Protocols


A Routable Protocol is a network protocol that transports data across a network with a
structure, which allows it to be routed to the specied destination network.
A Routing Protocol is a method by which routers exchange information about the
networks they can reach. Exchange of information allows routing tables to be built and
exchanged. The process of updating routers is called convergence.
Routing Protocols determine the best path for the transport of data using some criteria,
such as distance or metric. Examples include bandwidth, delay, hops and reliability.
Routing Protocols are divided into two groups : Interior and Exterior
Exterior Routing Protocols include:
Border Gateway Protocol(BGP)
Exterior Gateway Protocol(EGP)
Interior Routing Protocols Include:
Routing Information Protocol(RIP)
Interior Gateway Routing Protocol(IGRP)
Open Shortest Path First(OSPF)
Enhanced Interior Gateway Routing Protocol(EIGRP)
Two main Types of Interior Routing Protocols are Distance Vector and Link State.
The Routing updates include the entire routing table.
It uses a periodic update.
Routing Update packets are sent as broadcast. Unicast packets can also be specied.
Examples of Distance Vector Routing Protocols are RIP 1, RIP 2, IGRP.

Link State Routing Protocols


The Routing updates include only new changes to the routing table which saves
bandwidth.
Handles larger networks and is more scalable than Distance Vector Routing Protocols.
Example OSPF, IS-IS.

Administrative Distance
Rating of the Trustworthiness of a routing information source.
The Number is between 0 and 255
The higher the value, the lower the trust. For example, 255 signify no trust and therefore
it is ignored.
Lowest administrative distance is always chosen as the routing protocol to use to
transport data.
Default administrative distances for common protocols are as follows :
Connected=0

Static Routes=1

EIGRP=90

35

OSPF=110

RIP=120

Distance Vector Routing Protocols


Common Characteristics of Distance Vector Routing Protocols
Neighbors: As far as the routers are concerned the neighboring router is the one that
shares a common data link. These routers have at least one interface on the same
network.
Periodic Updates: The interval that the routers wait for before they advertise their
routing table to neighboring routers.
RIP for IP 30 Seconds
RIP for IPX 60 Seconds
IGRP 90 Seconds
RTMP 10 Seconds

Broadcast Update: are used by routers to nd other routers when they come online.
They send their routing table to Broadcast address of 255.255.255.255, if the
neighboring router talks the same routing protocol, it will respond and routers now
know of each other.

Route Invalidation Timers: is the time that must pass before a Router considers a
route to be invalid. If network 5.0 is connected to Router A and it goes down, Router A
will notify its neighboring router, Router B of that fact. But what if Router A goes down?
This problem is handled by Route Invalidation Timer for each entry in the routing
table. When Router B rst hears about network 5.0 from Router A, it will set a route
invalidation timer for that route. Since Router A was the one that gave him the news it
expects Router A to keep updating that information on regular periodic updates,
however if Router A fail to do so and misses x number of periodic updates, Router B will
set that route in the routing table to unreachable.

Asynchronous Updates (Random Jitters or Time Jitters): Periodic Updates can


collide and cause further delays in convergence. A Random Jitter will attempt to
overcome this by introducing an offset value to the periodic update time, thus reducing
the probability of updates colliding.

36

Routing Loops and Solutions


Routing Loops
Routing Loops can occur if the network's slow convergence on a new conguration
causes inconsistent routing entries.
Solutions to Routing Loops
Counting to Innity: Distance Vector Routing Protocols dene a maximum value for
hops. The maximum Hop Count is 15 is commonly used.
Spilt Horizon: Spilt Horizon has two avors, Simple Split Horizon and Spilt Horizon
with Poison Reverse.
The logic behind Simple Spilt Horizon is that it is never useful to send information
about a route back in the direction from which the information originally came. So if
Router A learns about a Route through Router B, it will never send the same route back
to Router A. This is known as suppressing routes.
Split Horizon with Poison Reverse does not work based on suppression, and it will
include every route in its updates but it will tag them as unreachable. Let's say Router B
receives a corrupted update believing that it can reach network 1.0 through Router C,
Simple Split Horizon will not be able to avoid the loop, whereas Poison Reverse will
denitely x the problem. Router B will say 1.0 can be reached via Router C, but this time
Router C will poison that route eliminating the routing loop.
Triggered Updates: Also known as ash updates. Changes to the network topology are
sent instantaneously to neighboring routers.
Hold down Times: If the hop count to a given destination increases, the router sets a
hold down timer for that route. By implementing this renement we have reduced the
likelihood of a bad or corrupted information getting into the routing table, but once again
understand that nothing is free and in this case the trade off is convergence time.

37

Routing Information Protocol (RIP)


RIP Version 1 Features and Concepts
Distance Vector
Operating from UDP port 520
Metric used by Rip is hop count
Maximum hop count is 15, 16th hop is unreachable
Periodic Update = 30sec
Random Jitter (RIP_JITTER) = 15% (4.5 sec) so the Periodic Update can vary from
25.5 sec to 30 seconds.
Invalidation timer = 180 sec (6 times the update timer)
Holddown timer = 180 sec (6 times the update timer)
Split horizon with Poisoned reverse with triggered update is used for stability of
the operation.

RIP Version 2 Features and Concepts


Route updates include subnet masks
Authentication of Routing Updates
Multicast address used for Routing Updates

38

IP Routing Conguration Tasks


Interface Conguration
Task 1
Assign IP address and subnet mask
Task 2
Set Clock Rate on Serial Interface at the DCE
Task 3
Start the Interface

Example :
router>en
router#cong t
router(cong)#Interface serial 0/0
router(cong-if)#Ip address 110.0.0.1 255.0.0.0
router(cong-if)#Clock rate 1000000
router(cong-if)#no shutdown

Global Conguration
Task1
Select Routing Protocol
Task 2
Specify the Interface Network Addresses

Example for RIP:


router(cong)#router rip
router(cong-router)#network 10.0.0.0
router(cong-router)#network 11.0.0.0

Example for IGRP:


router(cong)#router eigrp 100
router(cong-router)#network 10.0.0.0
router(cong)#network 11.0.0.0

39

Module 5 Basic Routing Protocols


Labs

40

Lab 1 Basic Static Routes

S0/0

Loopback 0
10.0.0.0/8

R1

S0/0

11.0.0.0/8

Loopback 0
12.0.0.0/8

R2

Router 1
Would you like to enter initial conguration dialog (y/n)? N
Would you like to Terminate Auto-install (y/n)? Y (if Required)
Router>en
router#Cong t
Router(cong)#Hostname R1
R1(cong)#interface Loopback 0
R1(cong-if)#ip address 10.0.0.1 255.0.0.0
R1(cong-if)#interface S 0/0
R1(cong-if)#ip address 11.0.0.1 255.0.0.0
R1(cong-if)#clock rate 128000 (if required)
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong)#ip route 12.0.0.0 255.0.0.0 11.0.0.2

Router 2
Would you like to enter initial conguration dialog (y/n)? N
Would you like to Terminate Auto-install (y/n)? Y (if Required)
router>en
router#Cong t
router(cong)#Hostname R2
R2(cong)#interface Loopback 0
R2(cong-if)#ip address 12.0.0.1 255.0.0.0
R2(cong-if)#interface S 0/0
R2(cong-if)#ip address 11.0.0.2 255.0.0.0
R2(cong-if)#clock rate 128000 (if required)
R2(cong-if)#no shut
R2(cong-if)#exit
R2(cong)#ip route 10.0.0.0 255.0.0.0 11.0.0.1
On Both Routers
RX#show ip route (where X=1 or 2)
What networks do you see listed?
Ping your partner's Loopback Interface address.
R1#ping 11.0.0.2
Are you successful?

41

Lab 2 Load Balancing using Static


Routes
11.0.0.0/8

S0/0

Loopback 0
10.0.0.0/8

R1

S0/0

F0/0

F0/0
21.0.0.0/8

Router 1
Router>en
Router#Cong t
Router(cong)#Hostname R1
R1(cong)#interface Loopback 0
R1(cong-if)#ip address 10.0.0.1 255.0.0.0
R1(cong-if)#interface S 0/0
R1(cong-if)#ip address 11.0.0.1 255.0.0.0
R1(cong-if)#clock rate 128000 (if required)
R1(cong-if)#no shut
R1(cong-if)#interface F 0/0
R1(cong-if)#ip address 21.0.0.1 255.0.0.0
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong)#ip route 12.0.0.0 255.0.0.0 11.0.0.2
R1(cong)#ip route 12.0.0.0 255.0.0.0 21.0.0.2

Router 2
Router>en
Router#Cong t
Router(cong)#Hostname R2
R2(cong)#interface Loopback 0
R2(cong-if)#ip address 12.0.0.1 255.0.0.0
R2(cong-if)#interface S 0/0
R2(cong-if)#ip address 11.0.0.2 255.0.0.0
R2(cong-if)#clock rate 128000 (if required)
R2(cong-if)#no shut
R2(cong-if)#interface F 0/0
R2(cong-if)#ip address 21.0.0.2 255.0.0.0
R2(cong-if)#no shut
R2(cong-if)#exit
R2(cong)#ip route 10.0.0.0 255.0.0.0 11.0.0.1
R2(cong)#ip route 10.0.0.0 255.0.0.0 21.0.0.1

42

Loopback 0
12.0.0.0/8

R2

On R1
Type
R1#show ip route 12.0.0.0
Do you see an Asterisks (*) against one of the routes?
Note: The Asterisks represents the next path the router will take to get the packet to the
destination
R1#Ping 12.0.0.1.
Type
R1#show ip route 12.0.0.0
Note: The Asterisks is against the other route.

On R2
Type
R2#show ip route 10.0.0.0
Do you see an Asterisks (*) against one of the routes?
Note: The Asterisks represents the next path the router will take to get the packet to the
destination
Type
R2#Ping 10.0.0.1.
Type
R2#show ip route 10.0.0.0
Note: The Asterisks is against the other route.

43

Lab 3 Floating Static Routes


(Builds on Lab2)

On R1
R1(cong)#no ip route 12.0.0.0 255.0.0.0 11.0.0.2
R1(cong)#ip route 12.0.0.0 255.0.0.0 11.0.0.2 20

On R2
R2(cong)#no ip route 10.0.0.0 255.0.0.0 11.0.0.1
R2(cong)#ip route 10.0.0.0 255.0.0.0 11.0.0.1 20

On R1
Type
R1#show ip route 12.0.0.0
How many routes do you see for the 12.0.0.0 network?
What happened to the route through 11.0.0.2?

On R2
Type
R2#show ip route 10.0.0.0.
How many routes do you see for the 10.0.0.0 network?
What happened to the route through 11.0.0.1?

On Both R1 and R2
Rx(cong)#int F 0/0
Rx(cong-if)#shut
Type
RX#show ip route
Do you see the route through the 11.0.0.0 network appear in the routing table?
Can you still ping to your partner's loopback interface?

44

Lab 4 Default Route


(Builds on Lab 3)

On R1 Create additional loopbacks


R1(cong)#int loopback 1
R1(cong-if)#ip address 1.0.0.1
R1(cong-if)#int loopback 2
R1(cong-if)#ip address 2.0.0.1
R1(cong-if)#int loopback 3
R1(cong-if)#ip address 3.0.0.1
R1(cong-if)#int loopback 4
R1(cong-if)#ip address 4.0.0.1

255.0.0.0
255.0.0.0
255.0.0.0
255.0.0.0

On R2 Create a Default route towards R1


R2(cong)#ip route 0.0.0.0 0.0.0.0 11.0.0.1

On R2
Type
R1#Show ip route
Do you see routes for the new Loopback networks that were created on R1.
Do you see a route with an Asterisk?
What is the gateway of last resort?
Ping 1.0.0.1 or 2.0.0.1 or 3.0.0.1 or 4.0.0.1.
Are you successful?

45

Lab 5 Basic RIP Conguration

S0/0

Loopback 0
10.0.0.0/8

R1

S0/0

11.0.0.0/8

Loopback 0
12.0.0.0/8

R2

Router 1
Router>en
Router#Cong t
Router(cong)#Hostname R1
R1(cong)#interface Loopback 0
R1(cong-if)#ip address 10.0.0.1 255.0.0.0
R1(cong-if)#interface S 0/0
R1(cong-if)#ip address 11.0.0.1 255.0.0.0
R1(cong-if)#clock rate 128000 (if required)
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong)#router rip
R2(cong-router)#network 10.0.0.0
R2(cong-router)#network 11.0.0.0

Router 2
Router>en
Router#Cong t
Router(cong)#Hostname R2
R2(cong)#interface Loopback 0
R2(cong-if)#ip address 12.0.0.1 255.0.0.0
R2(cong-if)#interface S 0/0
R2(cong-if)#ip address 11.0.0.2 255.0.0.0
R2(cong-if)#clock rate 128000 (if required)
R2(cong-if)#no shut
R2(cong-if)#exit
R2(cong)#router rip
R2(cong-router)#network 11.0.0.0
R2(cong-router)#network 12.0.0.0
On Both Routers
Type
R2#show ip route
What networks do you see listed?
Ping your partner's Loopback Interface address. Are you successful?

46

Lab 6 RIP Operation


( Builds on Lab 5)

On Both Routers
Rx#debug ip rip (Where x is your Router number)
RIP:Sending V1 update to 255.255.255.255 via Serial 0/0 (11.0.0.1)
RIP:Build update entries
Network 10.0.0.0 metric 1
RIP:Sending V1 update to 255.255.255.255 via Loopback 0 (10.0.0.1)
RIP:Build update entries
Network 12.0.0.0
Network 11.0.0.0
RIP:received V1 update from 11.0.0.2 on serial 0/0
12.0.0.0 in 1 hop

Interesting Facts
Does not include the directly connected network (11.0.0.0) in its update
Does not include 12.0.0.0 network although it does exist in its routing table
The destination address is a Broadcast
It does not send periodic updates at constant intervals (Time Jitters.

On Router1
R1(cong)#int loopback 0
R1(cong-if)#shut
Rx#debug ip rip (Where x is your Router number)
RIP:build ash update entries
Network 10.0.0.0 metric 16
RIP:received v1 update from 11.0.0.0 on Serial0/0
2.0.0.0 in 16 hops (inaccessible)
RIP:sending v1 update to 255.255.255.255 via Serial0/0 (11.0.0.1)

Interesting Facts
When a route goes down, the router does not wait for Periodic Update. It sends a
Triggered update with a Poisoned route with a metric of 16
Notice R2 also sends an immediate Triggered Update back, indicating that you can't
reach 10.0.0.0 cannot be reached through it.

On Router1
R1(cong)#int loopback 0
R1(cong-if)#no shut

47

Passive Interfaces
On Both Routers
Rx(cong)#router rip
Rx(cong-router)#passive interface Loopback 0

Interesting Facts
The router stops advertising from the Loopback interface. The command is
useful for cutting down unnecessary broadcast over an interface that only has
hosts on it and no router.

48

Lab 7 Load Balancing Using RIP


S0/0

Loopback 0
10.0.0.0/8

R1

Loopback 0
12.0.0.0/8

S0/0

F0/0

F0/0

21.0.0.0/8

R2

(Builds on Lab 6)

Router 1
Router>en
Router#Cong t
R1(cong)#interface F 0/0
R1(cong-if)#ip address 21.0.0.1 255.0.0.0
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong)#Router rip
R1(cong-router)#network 21.0.0.0

Router 2
Router>en
Router#Cong t
R2(cong)#interface F 0/0
R2(cong-if)#ip address 21.0.0.2 255.0.0.0
R2(cong-if)#no shut
R2(cong-if)#exit
R2(cong)#Router Rip
R2(cong-router)#network 21.0.0.0

On R1
Type
R1#show ip route 12.0.0.0
Do you see an Asterisks (*) against one of the routes?
Note: The Asterisks represents the next path the router will take to get the packet to the
destination
Type
R1#ping 12.0.0.1.
Type
Show ip route 12.0.0.0
Note: The Asterisks is against the other route.

49

On R2
Type
R2#Show ip route 10.0.0.0
Do you see an Asterisks (*) against one of the routes?
Note: The Asterisks represents the next path the router will take to get the packet to the
destination
Type
R2#ping 10.0.0.1
Type
R2#show ip route 10.0.0.0
Note: The Asterisks is against the other route

50

Lab 8 - Basic RIP V2 Conguration

S0/0

Loopback 0
10.1.0.0/16

R1

S0/0

10.2.0.0/16

Router 1 Conguration
Router>en
Router#Cong t
Router(cong)#Hostname R1
R1(cong)#interface Loopback 0
R1(cong-if)#ip address 10.1.0.1 255.255.0.0
R1(cong-if)#interface s 0/0
R1(cong-if)#ip address 10.2.0.1 255.255.0.0
R1(cong-if)#clock rate 128000 (if required)
R1(cong-if)#no shut
R1(cong-if)#router rip
R1(cong-router)#version 2
R1(cong-router)#network 10.0.0.0

Router 2 Conguration
Router>en
Router#Cong t
Router(cong)#Hostname R2
R2(cong)#interface S 0/0
R2(cong-if)#ip address 10.2.0.2 255.255.0.0
R2(cong-if)#clock rate 128000 (if required)
R2(cong-if)#no shut
R2(cong-if)#interface Loopback 0
R2(cong-if)#ip address 10.3.0.1 255.255.0.0
R2(cong-if)#router rip
R2(cong-router)#version 2
R2(cong-router)#network 10.0.0.0

On Both Routers
Go to Privileged Exec Mode (en)
Type
R1#show ip route
What routes do you see?
Ping your partner's Loopback IP Address.
Are you successful?

51

Loopback 0
12.3.0.0/16

R2

Lab 10 RIP 2 Operations


(Builds on Lab 9)

On Both Routers
Rx#debug ip rip (Where x is your Router number)
RIP:Sending V2 update to 224.0.0.9 via Serial 0/0 (11.0.0.1)
RIP:Build update entries
Network 10.0.0.0/8 metric 1, External Tag 0
RIP:Sending V2 update to 224.0.0.9 via Loopback 0 (10.0.0.1)
RIP:Build update entries
Network 12.0.0.0/8 metric 2, External Tag 0
Network 11.0.0.0/8 metric 1, External Tag 0
RIP:received V2 update from 11.0.0.2 on serial 0/0
12.0.0.0/8 in 2 hop metric 1, External Tag 0

Interesting Facts
Update is a V2 Update
Includes the Subnet Mask
The destination address.

52

Module 6 Advanced Routing


Protocols

53

Enhanced IGRP (EIGRP)


Enhanced Interior Gateway Routing Protocol
Enhanced Interior Gateway Routing Protocol (EIGRP) is an interior gateway protocol
suited for many different topologies and media. In a well designed network, EIGRP scales
well and provides extremely quick convergence times with minimal network trafc.

EIGRP Theory of Operation


Introduction
Some of the many advantages of EIGRP are:
Very low usage of network resources during normal operation; only hello packets
are transmitted on a stable network.
When a change occurs, only routing table changes are propagated, not the entire
routing table; this reduces the load the routing protocol itself places on the
network.
Rapid convergence times for changes in the network topology (in some situations
convergence can be almost instantaneous).
EIGRP is an enhanced distance vector protocol, relying on the Diffused Update
Algorithm (DUAL) to calculate the shortest path to a destination within a network.

Basic Theory
A typical distance vector protocol saves the following information when computing the
best path to a destination: the distance (total metric or distance, such as hop count) and
the vector (the next hop). For instance, all the routers in the network in Figure 1 are
running Routing Information Protocol (RIP). Router Two chooses the path to Network A
by examining the hop count through each available path.

R4
R2

R3
R1
R5
Network A
54

Since the path through Router Three is three hops, and the path through Router One is
two hops, Router Two chooses the path through One and discards the information it
learned through Three. If the path between Router One and Network A goes down, Router
Two loses all connectivity with this destination until it times out the route of its routing
table (three update periods, or 90 seconds), and Router Three readvertises the route
(which occurs every 30 seconds in RIP). Not including any holddown time, it will take
between 90 and 120 seconds for Router Two to switch the path from Router One to
Router Three. EIGRP, instead of counting on full periodic updates to reconverge, builds
a topology table from each of its neighbor's advertisements (rather than discarding the
data), and converges by either looking for a likely loopfree route in the topology table,
or, if it knows of no other route, by querying its neighbors. Router Two saves the
information it received from both Routers One and Three. It chooses the path through
One as its best path (the successor) and the path through Three as a loopfree path (a
feasible successor). When the path through Router One becomes unavailable, Router
Two examines its topology table and, nding a feasible successor, begins using the path
through Three immediately.
From this brief explanation, it is apparent that EIGRP must provide:
a system where it sends only the updates needed at a given time; this is
accomplished through neighbor discovery and maintenance
a way of determining which paths a router has learned are loopfree
a process to clear bad routes from the topology tables of all routers on the
network
a process for querying neighbors to nd paths to lost destinations

Neighbor Discovery and Maintenance


To distribute routing information throughout a network, EIGRP uses nonperiodic
incremental routing updates. That is, EIGRP only sends routing updates about paths
that have changed when those paths change. The basic problem with sending only
routing updates is that you may not know when a path through a neighboring router is
no longer available. You cannot time out routes, expecting to receive a new routing table
from your neighbors. EIGRP relies on neighbor relationships to reliably propagate
routing table changes throughout the network; two routers become neighbors when they
see each other's hello packets on a common network. EIGRP sends hello packets every 5
seconds. The rate at which EIGRP sends hello packets is called the hello interval, and
you can adjust it per interface with the ip hellointerval eigrp command. The hold
time is the amount of time that a router will consider a neighbor alive without receiving a
hello packet. The hold time is typically three times the hello interval, by default, 15
seconds. You can adjust the hold time with the ip holdtime eigrp command.
Note that if you change the hello interval, the hold time is not automatically adjusted to
account for this change you must manually adjust the hold time to reect the
congured hello interval
It is possible for two routers to become EIGRP neighbors even though the hello and hold
timers do not match. The hold time is included in the hello packets so each neighbor should
stay alive even though the hello interval and hold timers do not match.

55

Building the Topology Table


Now that these routers are talking to each other, what are they talking about? Their
topology tables, of course! EIGRP, unlike RIP and IGRP, does not rely on the routing (or
forwarding) table in the router to hold all of the information it needs to operate. Instead,
it builds a second table, the topology table, from which it installs routes in the routing
table. To see the basic format of the topology table on a router running EIGRP, issue the
show ip eigrp topology

EIGRP Metrics
EIGRP uses the minimum bandwidth on the path to a destination network and the total
delay to compute routing metrics. Although you can congure other metrics, we do not
recommend it, as it can cause routing loops in your network. The bandwidth and delay
metrics are determined from values congured on the interfaces of routers in the path to
the destination network.
For instance, in Figure 2 below, Router One is computing the best path to Network A.

b:56
d:2000
R3
Network A

b:10000
d:100

R4
R1

R2

b:10000
d:100

b:128
d:2000

It starts with the two advertisements for this network: one through Router Four, with a
minimum bandwidth of 56 and a total delay of 2200; and the other through Router
Three, with a minimum bandwidth of 128 and a delay of 1200. Router One chooses the
path with the lowest metric.
Let us compute the metrics. EIGRP calculates the total metric by scaling the bandwidth
and delay metrics.
EIGRP uses the following formula to scale the bandwidth:
Bandwidth = (10000000/bandwidth (i)) * 256
Where bandwidth (i) is the least bandwidth of all outgoing interfaces on the route to
the destination network represented in kilobits.
EIGRP uses the following formula to scale the delay:
Delay = delay (i) * 256
Where delay (i) is the sum of the delays congured on the interfaces, on the route to
the destination network, in tens of microseconds so you must divide by 10 before you
use it in this formula.

56

You can simplify the formula as follows:

Metric ={[10000000/bandwidth(min)]+ [delay(sum)/10]}*256


In this example, the total cost through Router Four is:
Minimum bandwidth = 56k
Total delay = 100 + 100 + 2000 = 2200
[(10000000/56) + 2200] x 256 = (178571 + 2200) x 256 = 180771 x 256
= 46277376
And the total cost through Router Three is:
Minimum bandwidth = 128k
Total delay = 100 + 100 + 1000 = 1200
[(10000000/128) + 1200] x 256 = (78125 + 1200) x 256 = 79325 x 256 =
20307200
So to reach Network A, Router One chooses the route through Router Three.

Chapter at a Glance
1. Was Cisco proprietary routing protocol.
2. Became open standard in February 2013.
3. First released in 1994 with IOS version 9.21.
4. Advance Distance Vector/Hybrid routing protocol that has the behavior of
distance vector with several Link State features, such as dynamic neighbor
discovery.
Rapid Convergence: EIGRP uses DUAL to achieve rapid convergence. It stores a backup
route if one is available, so it can quickly re-converge incase a route goes down. If no
backup route exists, EIGRP will send a query to its neighbor/s to discover an alternate
path. These queries are propagated until an alternate route is found.
Reduced Bandwidth Usage/Incremental Updates: In EIGRP updates are still sent to
directly connected neighbors, much like distance vector protocols, but these updates
are:
Non-Periodic: The updates are not sent at regular intervals, rather when a metric or a
topology change occurs.
Partial: Updates will include the routes that are changed and not every route in the
routing table.
Bounded: Updates are sent to affected routers only.
Another issue regarding bandwidth usage is the fact that EIGRP by default will only
consume 50% of the bandwidth of the link during convergence. This parameter can be
adjusted to a higher or lower value enter the following command in interface sub-cong
mode:
ip bandwidth-percent eigrp <AS number> <number that represents the %age>

57

Classless Routing Protocol: This means that advertised routes will include their
subnet mask, this feature will eliminate the issue pertaining to discontiguous networks.
VLSM and Manual Summarization is also supported on any router within the enterprise.
Security: With IOS version 11.3 or better, EIGRP can authenticate using only MD5, the
reason EIGRP does not support clear text is because, EIGRP can only be used within
CISCO routers, and all Cisco routers support MD5 authentication. But the routes are
not encrypted, so a sniffer can easily see the password/s.
Multiple Network Layer Protocol Support: EIGRP can support IP, IPX, and AppleTalk,
whereas the other routing protocols support only one routed protocol. EIGRP will also
perform auto-redistribution with NLSP, IPXRIP, RTMP. EIGRP supports incremental
SAP and RIP updates, 224 HOPS, and it uses bandwidth + delay which is far more better
than just Ticks and Hops used by IPXRIP. For RTMP it supports event driven updates,
but it must run in a clientless networks(WAN), and also a better metric calculation.
Use of Multicast Instead Of Broadcast: EIGRP uses multicast address of 224.0.0.10
instead of broadcast.

58

Open Shortest Path First (OSPF)


Introduction
The Open Shortest Path First (OSPF) protocol, dened in RFC 2328 , is an Interior
Gateway Protocol used to distribute routing information within a single Autonomous
System

Background Information
OSPF protocol was developed due to a need in the internet community to introduce a
high functionality nonproprietary Internal Gateway Protocol (IGP) for the TCP/IP
protocol family. The OSPF protocol is based on linkstate technology, which is a
departure from the BellmanFord vector based algorithms used in traditional Internet
routing protocols such as RIP. OSPF has introduced new concepts such as
authentication of routing updates, Variable Length Subnet Masks (VLSM), route
summarization, and so forth.

OSPF versus RIP


The rapid growth and expansion of today's networks has pushed RIP to its limits. RIP has
certain limitations that can cause problems in large networks:
1. RIP has a limit of 15 hops. A RIP network that spans more than 15 hops (15
routers) is considered unreachable.
2. RIP cannot handle Variable Length Subnet Masks (VLSM). Given the shortage of
IP addresses and the exibility VLSM gives in the efcient assignment of IP
addresses, this is considered a major aw.
3. Periodic broadcasts of the full routing table consume a large amount of
bandwidth. This is a major problem with large networks especially on slow links
and WAN clouds.
4. RIP converges slower than OSPF. In large networks convergence gets to be in
the order of minutes.RIP routers go through a period of a holddown and
garbage collection and slowly timeout information that has not been received
recently. This is inappropriate in large environments and could cause routing
inconsistencies.
5. RIP has no concept of network delays and link costs. Routing decisions are
based on hop counts. The path with the lowest hop count to the destination is
always preferred even if the longer path has a better aggregate link bandwidth
and less delays.
6. RIP networks are at networks. There is no concept of areas or boundaries.
With the introduction of classless routing and the intelligent use of aggregation
and summarization, RIP networks seem to have fallen behind.

59

Some enhancements were introduced in a new version of RIP called RIP2. RIP2
addresses the issues of VLSM, authentication, and multicast routing updates. RIP2 is
not a big improvement over RIP (now called RIP 1) because it still has the limitations of
hop counts and slow convergence which are essential in today's large networks
OSPF, on the other hand, addresses most of the issues previously presented:
1. With OSPF, there is no limitation on the hop count.
2. The intelligent use of VLSM is very useful in IP address allocation.
3. OSPF uses IP multicast to send linkstate updates. This ensures less
processing on routers that are not listening to OSPF packets. Also, updates are
only sent in case routing changes occur instead of periodically. This ensures a
better use of bandwidth.
4. OSPF has better convergence than RIP. This is because routing changes are
propagated instantaneously and not periodically.
5. OSPF allows for better load balancing.
6. OSPF allows for a logical denition of networks where routers can be divided
into areas. This limits the explosion of link state updates over the whole
network. This also provides a mechanism for aggregating routes and cutting
down on the unnecessary propagation of subnet information.

What Do We Mean by LinkStates?


OSPF is a linkstate protocol. We could think of a link as being an interface on the router.
The state of the link is a description of that interface and of its relationship to its
neighboring routers. A description of the interface would include, for example, the IP
address of the interface, the mask, the type of network it is connected to, the routers
connected to that network and so on. The collection of all these linkstates would form a
linkstate database.

Shortest Path First Algorithm


OSPF uses a Dijkstras algorithm shorted path rst algorithm in order to build and
calculate the shortest path to all known destinations.
1. Upon initialization or due to any change in routing information, a router
generates a linkstate advertisement. This advertisement represents the
collection of all linkstates on that router.
2. All routers exchange linkstates by means of ooding. Each router that
receives a linkstate update should store a copy in its linkstate database and
then propagate the update to other routers.
3. After the database of each router is completed, the router calculates a
Shortest Path Tree to all destinations. The router uses the Dijkstras algorithm
in order to calculate the shortest path tree. The destinations, the associated cost
and the next hop to reach those destinations form the IP routing table.

60

Areas and Border Routers


As previously mentioned, OSPF uses ooding to exchange linkstate updates between
routers. Any change in routing information is ooded to all routers in the network. Areas
are introduced to put a boundary on the explosion of linkstate updates. Flooding and
calculation of the Dijkstra algorithm on a router is limited to changes within an area. All
routers within an area have the exact linkstate database. Routers that belong to
multiple areas, and connect these areas to the backbone area are called area border
routers (ABR). ABRs must therefore maintain information describing the backbone
areas and other attached areas.
An area is interface specic. A router that has all of its interfaces within the same area is
called an internal router (IR). A router that has interfaces in multiple areas is called an
area border router (ABR). Routers that act as gateways (redistribution)between OSPF
and other routing protocols (IGRP, EIGRP, ISIS, RIP, BGP, Static) or other instances of
the OSPF routing process are called autonomous system boundary router (ASBR).
Any router can be an ABR or an ASBR.

The Backbone and Area 0


OSPF has special restrictions when multiple areas are involved. If more than one area is
congured, one of these areas has be to be area 0. This is called the backbone. When
designing networks it is good practice to start with area 0 and then expand into other
areas later on.
The backbone has to be at the center of all other areas, i.e. all areas have to be physically
connected to the backbone. The reasoning behind this is that OSPF expects all areas to
inject routing information into the backbone and in turn the backbone will disseminate
that information into other areas.

Neighbors
Routers that share a common segment become neighbors on that segment. Neighbors
are elected via the Hello protocol. Hello packets are sent periodically out of each interface
using IP multicast . Routers become neighbors as soon as they see themselves listed in
the neighbor's Hello packet. This way, a two way communication is guaranteed. Two
routers will not become neighbors unless they agree on the following:
Areaid: Two routers having a common segment; their interfaces have to belong to the
same area on that segment. Of course, the interfaces should belong to the same subnet
and have a similar mask.
Authentication: OSPF allows for the conguration of a password for a specic area.
Routers that want to become neighbors have to exchange the same password on a
particular segment.
Hello and Dead Intervals: OSPF exchanges Hello packets on each segment. This is a
form of keepalive used by routers in order to acknowledge their existence on a segment
and in order to elect a designated router (DR) on multi-access segments. The Hello
interval species the length of time, in seconds, between the hello packets that a router
sends on an OSPF interface. The dead interval is the number of seconds that a router's

61

hello packets have not been seen before its neighbors declare the OSPF router down.
OSPF requires these intervals to be exactly the same between two neighbors. If any of
these intervals are different, these routers will not become neighbors on a particular
segment. The router interface commands used to set these timers are:
ip ospf hellointerval seconds
ip ospf deadinterval seconds.
Stub area ag: Two routers have to also agree on the stub area ag in the Hello packets
in order to become neighbors. Stub areas will be discussed in a later section. Keep in
mind for now that dening stub areas will affect the neighbor election process.

Adjacencies
Adjacency is the next step after the neighboring process. Adjacent routers are routers
that go beyond the simple Hello exchange and proceed into the database exchange
process. In order to minimize the amount of information exchange on a particular
segment, OSPF elects one router to be a designated router (DR), and one router to be a
backup designated router (BDR), on each multiaccess segment. The BDR is elected as a
backup mechanism in case the DR goes down. The idea behind this is that routers have a
central point of contact for information exchange. Instead of each router exchanging
updates with every other router on the segment, every router exchanges information
with the DR and BDR. The DR and BDR relay the information to everybody else.

DR Election
DR and BDR election is done via the Hello protocol. Hello packets are exchanged via IP
multicast packets on each segment. The router with the highest OSPF priority on a
segment will become the DR for that segment. The same process is repeated for the BDR.
In case there is a tie, the router with the highest RID will become a DR. The default for the
interface OSPF priority is one.

Enabling OSPF on the Router


Enabling OSPF on the router involves the following two steps in cong mode:
1. Enabling an OSPF process using the router ospf <processid> command.
2. Assigning areas to the interfaces using the network <network ID or IP address>
<wildcard mask> <areaid> command.
For example,
Router(cong)#router ospf 1
Router(cong-router)#network 192.168.12.0 0.0.0.255 area 0
The OSPF processid is a numeric value local to the router. It does not have to match
processids on other routers. It is possible to run multiple OSPF processes on the same
router, but is not recommended as it creates multiple database instances that add extra
overhead to the router.
The network command is a way of assigning an interface to a certain area. The mask is
used as a shortcut and it helps putting a list of interfaces in the same area with one line
conguration line. The mask contains wildcard bits where 0 is a match and 1 is a "do not
care" bit, e.g. 0.0.255.255 indicates a match in rst two bytes of the network number.

62

The areaid is the area number we want the interface to be in. The areaid can be an
integer between 0 and 4294967295 or can take a form similar to an IP address A.B.C.D.

Chapter at a Glance
1. OSPF Version 1 was specied in RFC 1131 in 1988. This protocol was nalized in
1989.
2. OSPF Version 2 (Current version). The most recent specications are specied in RFC
2328.
3. Scales better than Distance Vector Routing protocols. It virtually has no practical Hop
Count Limit.
4. Provides Load Balancing (Equal and Unequal).
5. Introduces the concept of Area's to ease management and control trafc.
6. Provides Authentication.
7. Uses Multicast versus Broadcasts.
8. Convergence is faster than in Distance Vector Routing protocols. The reason for that is
it oods the changes to all neighboring routers simultaneously rather than in a chain.
9. Supports Variable Length Subnet Masking (VLSM), FLSM and Supernetting.
10. Provides bit-based Route summarization.
11. There are no periodic updates. Updates are only sent when there are changes.
12. Router only sends changes in updates and not the entire full tables.
13. OSPF uses a Cost Value, instead of hop count. Cost is based on the speed of the link.
Cost = 108/Bandwidth.
14. Classless Routing Protocol.
15. It relies on IP to deliver the Packets. Use port 89.
16. Area is a logical grouping of OSPF routers.
17. Areas divide an OSPF domain into sub-domains.
18. Areas allow OSPF to be extremely scalable.
19. Areas reduce the Memory, CPU utilization and amount of trafc in a network.
20. Most of the trafc can be restricted to within the area.
21. Routers within an area will have no detailed knowledge of the topology outside of
their area.
22. Reduced size of the Database reduces Memory requirements for the routers.
23. Area's identied by a 32-bit Area ID. Can be denoted in Decimal format(0) or Dotted
format (0.0.0.0)
24. OSPF requires one area to be Area 0, known as the backbone area.
25. Backbone area or Area 0, connects all the other area to each other.
Three types of Trafc may be dened in relation to areas:
1. Intra-area trafc consists of packets that are passed between routers within a
single area.
2. Inter-area trafc consists of packets that are passed between routers in
different areas.
3. External trafc consists of packets that are passed between a router within
the OSPF domain and a router within another Autonomous system.

63

Module 6 Advanced Routing


Protocols Labs

64

Lab 1 - Basic EIGRP Operation

S0/0

Loopback 0
1.1.0.0/8

R1

S0/0

192.1.1.0/24

R1 Conguration
Interface
Loopback0
S0/0

IP Address
1.1.1.1
192.1.1.1

Subnet Mask
255.255.255.0
255.255.255.0

R2 Conguration
Interface
Loopback0
S0/0

IP Address
2.2.2.2
192.1.1.2

Subnet Mask
255.255.255.0
255.255.255.0

On R1
Router#conf t
Router(cong)#hostname R1
R1(cong)#router eigrp 1
R1 (cong-router)#net 1.0.0.0
R1 (cong-router)#net 192.1.1.0

On R2
Router#conf t
Router(cong)#hostname R2
R2(cong)#router eigrp 1
R2(cong-router)#net 2.0.0.0
R2(cong-router)#net 192.1.1.0

65

Loopback 0
2.0.0.0/8

R2

Test the Conguration


Type
RX#show ip route (where X= Router number)

What routes do you see?


Are the metrics advertised correct?
Breakdown the Calculation for the Metric.
Metric ={[10000000/bandwidth(min)]+ [delay(sum)/10]}*256
Type
RX#show ip eigrp neighbor (where X= Router number)
H

Address

Interface

192.1.1.2

Se0/0

Hold
(sec)
10

Uptime
00:06:21

SRTT
(ms)
12

RTO
Cnt
200

What is the Hello Time?


Type
Rx#show ip eigrp topology.
This shows the Topology table.
Type
Rx#show ip eigrp topology 2.0.0.0.
Notice the Vector and Composite Metric
Type
show ip eigrp trafc
See how the Hello# are changing and updates are not.
Bring the loopback interface down.
Note the Values in the output. See how the queries number increased
Bring the loopback interface up.
Note how the update # changes

Changing the Hello-interval and Hold-time timers


On Both Routers
R1(cong)#int S 0/0
R1(cong-if)#ip hello-interval eigrp 1 20
R1(cong-if)#ip hold-time eigrp 1 60
Type
R1#sh ip eigrp neighbor
What and whose time do you see?

66

Q
0

Seq
Num
2

Lab 2 Equal Cost Load Balancing

S0/0

Loopback 0
1.0.0.0/8

R1

F0/0

S0/0

192.1.12.0/24

F0/0

192.1.14.0/24

F0/0

S0/0

Loopback 0
4.0.0.0/8

R4

IP Address
1.1.1.1
192.1.12.1
192.1.14.1

192.1.34.0/24

Subnet Mask
255.255.255.0
255.255.255.0
255.255.255.0

R2 Conguration
IP Address
2.2.2.2
192.1.12.2
192.1.23.2

Subnet Mask
255.255.255.0
255.255.255.0
255.255.255.0

R3 Conguration
Interface
Loopback0
S0/0
F0/0

IP Address
3.3.3.3
192.1.34.3
192.1.23.3

Loopback 0
3.0.0.0/8

S0/0

R1 Conguration

Interface
Loopback0
S0/0
F0/0

R2

192.1.23.0/24

F0/0

Interface
Loopback0
S0/0
F0/0

Loopback 0
2.0.0.0/8

Subnet Mask
255.255.255.0
255.255.255.0
255.255.255.0

67

R3

R4 Conguration
Interface
Loopback0
S0/0
F0/0

IP Address
4.4.4.4
192.1.34.4
192.1.23.2

Subnet Mask
255.255.255.0
255.255.255.0
255.255.255.0

On R1
R1(cong)#Router eigrp 1
R1(cong-router)#net 1.0.0.0
R1(cong-router)#net 192.1.12.0
R1(cong-router #net 192.1.14.0

On R2
R2(cong)#Router eigrp 1
R2(cong-router)#net 2.0.0.0
R2(cong-router)#net 192.1.12.0
R2(cong-router)#net 192.1.23.0

On R3
R3(cong)#Router eigrp 1
R3(cong-router)#net 3.0.0.0
R3(cong-router)#net 192.1.23.0
R3(cong-router)#net 192.1.34.0

On R4
R4(cong)#Router eigrp 1
R4(cong-router)#net 4.0.0.0
R4(cong-router)#net 192.1.34.0
R4(cong-router)#net 192.1.14.0
Type
R1#sh ip route
Do you see all the routes?
Type
R1#sh ip eigrp neighbor
Who are your neighbors
Type
R1#sh ip eigrp topology

68

Lab 2 - OSPF Point-to-Point


Conguration
S0/0

Loopback 0
1.0.0.0/8

R1

S0/0

192.1.1.0/24

Loopback 0
2.0.0.0/8

R2

R1 Conguration
Interface
Loopback0
S0/0

IP Address
1.1.1.1
192.1.1.1

Subnet Mask
255.255.255.0
255.255.255.0

R2 Conguration
Interface
Loopback0
S0/0

IP Address
2.2.2.2
192.1.1.2

Subnet Mask
255.255.255.0
255.255.255.0

On R1
Router#conf t
Router(cong)#hostname R1
R1(cong)#Router ospf 1
R1(cong-router)#net 1.0.0.0 0.255.255.255 area 0
R1(cong-router)#net 192.1.1.0 0.0.0.255 area 0

On R2
Router#conf t
Router(cong)#hostname R2
R2(cong)#Router ospf 1
R2(cong-router)#net 2.0.0.0 0.255.255.255 area 0
R2(cong-router)#net 192.1.1.0 0.0.0.255 area 0
Test the Conguration
Type
R1#show ip route
What routes do you see?
Type
R1#show ip ospf neighbor
Notice the State (Full/-). There is no DR or BDR in a Point-to-point network.
Type
R1#show ip ospf int s 0/0
Notice the Network Type is POINT-TO-POINT and No DR or BDR information
is displayed.

69

Lab 3 - OSPF Over Ethernet


R2

R1
Loopback 0
1.0.0.0/8

Loopback 0
2.0.0.0/8

F0/0

Loopback 0
4.0.0.0/8

192.1.100.0/24

F0/0

F0/0

R4

R3

R1 Conguration
Interface
Loopback0
F0/0

IP Address Subnet Mask


1.1.1.1
255.0.0.0
192.1.100.1 255.255.255.0

R2 Conguration
Interface
Loopback0
F0/0

IP Address Subnet Mask


2.2.2.2
255.0.0.0
192.1.100.2 255.255.255.0

R3 Conguration
Interface
Loopback0
F0/0

IP Address Subnet Mask


3.3.3.3
255.0.0.0
192.1.100.3 255.255.255.0

R4 Conguration
Interface
Loopback0
F0/0

F0/0

IP Address Subnet Mask


4.4.4.4
255.0.0.0
192.1.100.4 255.255.255.0

70

Loopback 0
3.0.0.0/8

Objective: Conguring OSPF over an Ethernet network and getting used to different
Show commands

On R1
R1(cong)#Router ospf 1
R1(cong-router)#net 1.0.0.0 0.255.255.255 area 0
R1(cong-router)#net 192.1.100.0 0.0.0.255 area 0

On R2
R2(cong)#Router ospf 1
R2(cong-router)#net 2.0.0.0 0.255.255.255 area 0
R2(cong-router)#net 192.1.100.0 0.0.0.255 area 0

On R3
R3(cong)#Router ospf 1
R3(cong-router)#net 3.0.0.0 0.255.255.255 area 0
R3(cong-router)#net 192.1.100.0 0.0.0.255 area 0

On R4
R4(cong)#Router ospf 1
R4(cong-router)#net 4.0.0.0 0.255.255.255 area 0
R4(cong-router)#net 192.1.100.0 0.0.0.255 area 0

Test the Conguration


Type
R1#show ip ospf neighbor
Neighbor ID
2.2.2.2
3.3.3.3
4.4.4.4

Pri
1
1
1

State
FULL/DROTHER
FULL/DROTHER
FULL/BDR

Dead Time
00:00:39
00:00:39
00:00:39

Address
192.1.100.2
192.1.100.3
192.1.100.4

Interface
F0/0
Fa0/0
F0/0

The following sections describe the show ip ospf neighbor command output.
Priority
The Pri eld indicates the priority of the neighbor router. The router with the highest
priority becomes the designated router (DR). If the priorities are the same, then the
router with the highest router ID becomes the DR. By default, priorities are set to 1. A
router with a priority of 0 never becomes a DR or a backup designated router (BDR); it is
always a DROTHER, meaning a router that is neither the DR nor the BDR.

71

State
The State eld indicates the functional state of the neighbor router. Refer to OSPF
Neighbor States for more information about states. FULL means the router is fully
adjacent with its neighbor. The neighbor is the DR, so it is Router 1.
Dead Time
The Dead Time eld indicates the amount of time remaining that the router waits to
receive an OSPF hello packet from the neighbor before declaring the neighbor down. On
broadcast and pointtopoint media, the default dead interval is 40 seconds. On
nonbroadcast and pointtomultipoint links, the default dead interval is 120 seconds.
Address
The Address eld indicates the IP address of the interface to which this neighbor is
directly connected. In the case of unnumbered links, this eld shows the IP address of
the interface to which the neighbor is unnumbered. When OSPF packets are transferred
to the neighbor, this address will be the destination address.
Interface
The Interface eld indicates the interface on which the OSPF neighbor has formed
adjacency. In the above example the neighbor can be reached through FastEthernet0/0.

OSPF Neighbor State:


Init State: First Hello is sent
2-Way: Neighbor discovered, but adjacency not built
Exstart: Neighbor's form a Master/Slave Relationship. Based on the Highest IP
address. Initial: sequence number established
Exchange: The router's exchange Database Description packets to tell each other
about the routes it knows about. A request list is created.
Loading: Link State Request is sent to each other and based on the LSR's received; Link
State Update packets are sent back in both directions.
Full: All neighbors have a consistent Database.
DR: The neighbor is the DR
BDR: The neighbor is the BDR
DROTHER: The neighbor is neither a DR nor BDR

72

Module 7 Access Control Lists


(ACL)

73

Access Control List (ACL)


OVERVIEW
1. Used to dene the type of trafc that should be allowed or restricted from crossing a
router (entering or exiting a router interface).
2. Set of rules that help control ow of packets into or out of a router.
3. Statements that specify how the router will handle the trafc ow through specied
interfaces.

USES OF ACCESS LISTS


1. Filter packet ow in/out of router interfaces.
2. Restrict/reduce contents of routing updates, e.g. from RIP, IGRP.
3. Identify packets that will initiate dial-on-demand connections (interesting packets).

TYPES OF ACCESS LISTS


Standard Access Lists: Check source address of packets and permit or deny the
packets based on network, subnet or host address.
Extended Access Lists: Check both source and destination addresses for ltering.
Packets can be ltered based on protocols within a suite (e.g. TCP/IP) and port numbers.
Extended Access Lists add more granularity than Standard Access Lists.

Access Lists Operation and Application


1. Operate in sequential, logical order, following a top-down order of tests.
2. If no conditions, or tests, are met, a nal implicit deny will drop that particular packet.
3. Routers stop processing once the rst instance of a condition is met in the written
access list.
4. Only one access list per protocol per interface is permitted.
5. Access lists can be inbound or outbound, with reference to a router interface.
6. Location and sequential order can affect performance of router.
7. Written in global conguration mode (by the access-list command) and grouped, or
linked in interface mode for the appropriate router interface (by the access-group
command).

Verifying Access Lists


Router#show interface or show [ip|ipx] interface
Use to see if an interface is grouped to an access list. It returns IP addresses and all
conguration parameters.
Router#show access-lists
Shows details of all access lists congured.

74

Access Lists Types and Numbers


Protocol
IP

Type
Standard
Extended

Access-list Number Range


1-99 (Expended Range 1300-1999)
100-199 (Expanded Range 2000-2699)

Wildcard Mask Bits


1. 0 indicates that the corresponding bit should be checked.
2. 1 indicates that the corresponding bit should be ignored.
Examples
00000111 indicates that only the last three bits in the corresponding octet should be
ignored.
0.0.0.0 indicates any IP address check all bits in all four octets
255.255.255.255 indicates that all bits should be ignored use the any statement.
Match any IP address: 0.0.0.0 255.255.255.255 any address, ignore all bits.
Match a specic IP address: w.x.y.z 0.0.0.0 check all bits so they match use the host
command, as follows: host w.x.y.z.

Conguring Standard IP Access Lists


Creating the accessing list
Router(cong)#access-list [1-99] [permit|deny] [source_address]
[wildcard_mask]
Applying it to an interface
Router(cong-if)#ip access-group [1-99] [in|out]
Note the last statement in the access-group statement. In or out species incoming or
outgoing trafc. By default, all access lists are applied to outgoing trafc, i.e. if the in or
out statement is omitted, out will be applied.

Examples
Permitting only a specic network:
To allow only trafc from 172.16.0.0 to pass through the router
Router(cong)#ccess-list 1 permit 172.16.0.0 0.0.255.255
(Note: Implicit deny all not necessary to write)
Router(cong)#int f0/0
Router(cong-if)#ip access-group 1 out

75

Denying a specic host


To deny only the host 172.16.4.10 and permit everyone else to communicate with
172.16.3.0.
Router(cong)#access-list 1 deny host 172.16.4.10
Router(cong)#access-list 1 permit any
Router(cong)#int f0/0
Router(cong-if)#ip access-group 1 out

Overview
1. Extended IP Access Lists lter based on source and destination addresses, specic
protocols and even ports dened by TCP or UDP.
2. Extended IP Access Lists offer more granularity than Standard Access Lists and can be
used in a wider range of situations in providing access security to a network through a
router.

Conguration
Creating the access list
Router(cong)#access-list [100-199] [permit|deny] [ip|tcp|icmp]
[source_address] [source_mask] [destination_address]
[destination_mask] [eq|neq|lt|gt] [port_number]
Applying it to an interface
Router(cong-if)#ip access-group [100-199] [in|out]

Example
1. Blocking only FTP trafc from one network
S0/0

S0/0

172.16.3.0

R1

172.16.12.0/24

172.16.4.0

R2

The aim here is to block all FTP trafc from 172.16.3.0 entering 172.16.4.0 by creating
an extended access list at R1
Router(cong)#access-list 101 deny tcp 172.16.3.0 0.0.0.255 172.16.4.0
0.0.0.255 eq 20
Router(cong)#Access-list 101 deny tcp 172.16.3.0 0.0.0.255 172.16.4.0
0.0.0.255 eq 21
Access-list 101 permit ip any any
Router(cong)#int S 0/0
Router(cong-if)#ip access-group 101 out
Note the third line in the access list it permits all other IP-based trafc from
anywhere going anywhere.

76

2. Denying all web-based (www) trafc entering a network


The aim here is to block all networks from accessing the www service on the 172.16.4.0
network.
Router(cong)#access-list 101 deny tcp any any eq 80
Router(cong)#access-list 101 permit ip any any
Router(cong)#int S0/0
Router(cong-if)#ip access-group 101 out

3. Denying a host from executing a ping statement to a network


The aim here is to stop the host 172.16.3.5 from pinging other hosts on the 172.16.4.0
network.
Router(cong)#access-list 101 deny icmp host 172.16.3.5 any echo
Router(cong)#access-list 101 permit ip any any
Router(cong)#int S0/0
Router(cong-if)#ip access-group 101 out

Verifying Access Lists


Show Access-lists displays the denition of all access lists that are created on the router.
Show IP access-lists displays the denition of IP access lists on this router.
Show IP interface displays the interface that is using a given access-list.

77

Module 7 Access Control Lists


(ACL) Labs

78

Lab 1 Denying a Host Using


Standard Access Lists
S0/0

Loopback 0
10.0.0.0/8

R1

Loopback 0
12.0.0.0/8

S0/0

11.0.0.0/8

R2

R1 Conguration
Interface
Loopback0
S0/0

IP Address
10.0.0.1
11.0.0.1

Subnet Mask
255.0.0.0
255.0.0.0

R2 Conguration
Interface
Loopback0
S0/0

IP Address
12.0.0.1
11.0.0.2

Subnet Mask
255.0.0.0
255.0.0.0

Assign IP Address and congure RIP as Routing Protocol on respective routers.


R1(cong)#Router Rip
R1(cong-router)#network 10.0.0.0
R1(cong-router)#network 11.0.0.0
R2(cong)#Router Rip
R2(cong-router)#network 12.0.0.0
R2(cong-router)#network 11.0.0.0
Creating a Standard Access-list that blocks Host 12.0.0.1 from accessing R1.
R1(cong)#Access-list 10 deny 12.0.0.1 0.0.0.0
R1(cong)#Access-list 10 permit any
Applying the access-list to the Serial Interface
R1(cong)#int S 0/0
R1(cong-if)#ip access-group 10 in

79

On R2
Testing the Standard Access list
Ping your Partner's PC using Extended ping and using 12.0.0.1 as the source address by
doing the following:
1.Type Ping and press enter
2.Press Enter on the Protocol prompt to accept ip as the protocol.
3.Specify 11.0.0.1 as the Target IP Address.
4.Take the default for the Count, Datagram and Timeout values.
5.Press y for extended commands
6.Type 12.0.0.1 for the Source Address
7.Take the defaults for the rest of the prompts.
8.Are you successful?
9.Why or why not?

Deleting the Access-List


R1(cong)#no access-list 10
R1(cong)#int S 0/0
R1(cong-if)#no ip access-group 10 in

80

Lab 2 Denying a Network Using


Standard Access Lists
(Builds on Lab 1)

On R2
Creating a Standard Access-list that blocks Network 10.0.0.0 from
accessing R2
R2(cong)#Access-list 10 deny 10.0.0.0 0.255.255.255
R2(cong)#Access-list 10 permit any

Applying the access-list to the Serial Interface


R2(cong)#int S 0/0
R2(cong-if)#ip access-group 10 in

On R1
Testing the Standard Access list
Ping your Partner's PC using Extended ping and using 10.0.0.1 as the source address by
doing the following:
1.Type Ping and press enter
2.Press Enter on the Protocol prompt to accept ip as the protocol.
3.Specify 11.0.0.2 as the Target IP Address.
4.Take the default for the Count, Datagram and Timeout values.
5.Press y for extended commands
6.Type 10.0.0.1 for the Source Address
7.Take the defaults for the rest of the prompts.
Are you successful?
Why or why not?

Deleting the Access-List


R2(cong)#no access-list 10
R2(cong)#int S 0/0
R2(cong-if)#no ip access-group 10 in

81

Lab 3 Denying an Entire Network


from using Telnet
(Builds on Lab 2)

R1
Creating a Extended Access List that blocks anyone from Accessing the router via telnet
to the Router
R1(cong)#Access-list 101 deny tcp any any eq 23
R1(cong)#Access-list 101 permit ip any any

Applying the access-list to the Serial Interface


R1(cong)#int S 0/0
R1(cong-if)#ip access-group 101 in

R2
Testing the Extended Access list
Type
R2#telnet 11.0.0.1
Are you successful?

Deleting the Access-List


R1(cong)#no access-list 101
R1(cong)#int S 0/0
R1(cong-if)#no ip access-group 101 in

82

Lab 4 Denying an Entire Network


from Using HTTP
(Builds on Lab 3)

R1
Connecting the PC and conguring the Ethernet port on Router 1
Connect the PC to the Router's Ethernet port using a Crossover cable.
Congure the PC with the following conguration parameters:
1.IP Address : 20.0.0.2 255.0.0.0
2.Subnet Mask : 255.0.0.0
3.Default Gateway : 20.0.0.1
On the Router, do the following:
R1#Cong t
R1(cong-t)#int E 0/0
R1(cong-if)#IP address 20.0.0.1 255.0.0.0
R1(cong-if)#no shut
R1(cong-if)#Router rip
R1(cong-router)#network 20.0.0.0

R2
Enabling HTTP on the Router
R2(cong)#ip http server

PC 1
Testing the HTTP Server
Open IE, on the PC and type http://11.0.0.2
Do you see the Router Web Page?

R2
Creating a Extended Access List that blocks anyone from using HTTP
R2(cong)#Access-list 150 deny tcp any any eq 80
R2(cong)#Access-list 150 permit ip any any

Applying the access-list to the Serial Interface


R2(cong)#int S 0/0
R2(cong-if)#ip access-group 150 in

83

Testing the Extended Access List


Open IE, on the PC and type http://11.0.0.2.
Do you see the Router Web Page?
Deleting the Access-List
R2(cong)#no access-list 150
R2(cong)#int S 0/0
R2(cong-if)#no ip access-group 150 in

84

Lab 5 Denying a Host from Pinging


(Builds on Lab 4)

R2
Creating an Extended Access List that blocks a Host from
Pinging
R2(cong)#Access-list 101 deny icmp host 20.0.0.2 any echo
R2(cong)#Access-list 101 permit ip any any

Applying the access-list to the Serial Interface


R2(cong)#int S 0/0
R2(cong-if)#ip access-group 101 in

R1

Testing the Extended Access list


On the PC, Type Ping 11.0.0.2
Are you successful?

R2
On R2, Type Ping 20.0.0.2.
Are you successful?
Why or why not?
Deleting the Access-List
R2(cong)#no access-list 101
R2(cong)#int S 0/0
R2(cong-if)#no ip access-group 101 in

85

Lab 5 Denying a Host from Pinging


(Builds on Lab 5)

R1
Creating an Extended Access List that blocks a Network from
getting pinged
R1(cong)#Access-list 101 deny icmp any 20.0.0.0 0.255.255.255 echo
R1(cong)#Access-list 101 permit ip any any

Applying the access-list to the Serial Interface


R1(cong)#int S 0/0
R1(cong-if)#ip access-group 101 in

R2
On R2, Type Ping 20.0.0.2.
Are you successful?

R1
Testing the Extended Access list
On the PC, Type Ping 11.0.0.2.
Are you successful?
Why or why not?

Deleting the Access-List


R1(cong)#no access-list 101
R1(cong)#int S 0/0
R1(cong-if)#no ip access-group 101 in

86

Lab 6 Denying a Network from


Pinging
(Builds on Lab 5)

On R1
Creating an Extended Access List that blocks a Network from
getting pinged
R1(cong)#Access-list 101 deny icmp any 20.0.0.0 0.255.255.255 echo
R1(cong)#Access-list 101 permit ip any any

Applying the access-list to the Serial Interface


R1(cong)#int S 0/0
R1(cong-if)#ip access-group 101 in

On R2
On R2, Type Ping 20.0.0.2.
Are you successful?

On R1
Testing the Extended Access list
On the PC, Type Ping 11.0.0.2.
Are you successful?
Why or why not?

Deleting the Access-List


R1(cong)#no access-list 101
R1(cong)#int S 0/0
R1(cong-if)#no ip access-group 101 in

87

Lab 7 Named Access List


(Builds on Lab 6)

Creating a Named Standard Access-list on R1 that blocks


network 12.0.0.0 from coming into R1
R1(cong)#IP access-list standard DENY-12
R1(cong)#deny 12.0.0.0 0.255.255.255
R1(cong)#permit any

Applying the access-list to the Serial Interface


R1(cong)#int S 0/0
R1(cong-if)#ip access-group DENY-12 in

On R2
Creating a Named Extended Access-list that blocks network
10.0.0.0 from accessing the 12.0.0.0 Network
R2(cong)#IP access-list extended DENY-10-TO-12
R2(cong)#deny 10.0.0.0 0.255.255.255 12.0.0.0 0.255.255.255
R2(cong)#permit any

Applying the access-list to the Serial Interface


R2(cong)#int S 0/0
R2(cong-if)#ip access-group DENY-10-TO-12 in

Testing the Named Access list


Ping your Partner's Loopback.
Are you successful?

88

Module 8 Frame Relay

89

Frame Relay
Overview
1.Frame Relay denes the interconnection process between the Customer Premises
Equipment (CPE) device, such as a router, acting as a DTE and the service provider's
local access switching equipment, acting as a DCE.
2.Frame Relay is a Layer 2 packet-switched WAN protocol.
3.Frame Relay can be congured in a point-to-point or multipoint environment, through
the use of sub-interfaces.
4.Frames are encapsulated in one of two formats:
i) Cisco: default, proprietary
ii) IETF: used to connect to routers from different vendors (e.g. Lucent, Bay).

Frame Relay Terminology


Local Access Rate (AR)
Clock speed of connection to the Frame Relay cloud
Also known as local access loop, local loop.

Data Link Connection Identier (DLCI)


1.Number that identies the logical circuit between the CPE and FR switch (Layer 2).
2.DLCIs between each pair of routers are used to create a PVC.
3.DLCIs only have local signicance.
4.DLCI numbers:
i.0-15reserved for signaling
ii.16-991available for use
iii.992-1007reserved for layer 2 management
iv.1008-1023in-channel signaling
5. Inverse ARP maps DLCI number (Layer 2) to IP address (Layer 3).

Local Management Interface (LMI)


1.Protocol used for communication between Frame Relay switch and CPE
2.Signaling standard.
3.LMI is responsible for managing the connection and maintaining status between the 2
devices.
4.Keepalive packets verify that data is owing between the 2 devices
5.LMI provides congestion notication.
6 .3 LMI standards:
i.Cisco (default)
ii.ANSI
iii.ITU Q.933a
7. LMI sent every 10 seconds by default
8. For IOS 10.3 and later, LMI type is auto-sensed (Frame Relay switch will send this to
the router)

90

9. To set the LMI type,


Router(cong)#lmi-type [cisco|ansi|itu]
Committed Information Rate (CIR)
Minimum guaranteed bandwidth for data transfer, within the Frame Relay cloud.
Oversubscription
When the sum of CIRs on all virtual circuits coming into a device exceed the access line
speed. Once oversubscription occurs, packets are dropped.
Committed Burst (Bc)
Maximum number of bits the Frame Relay network agrees to transfer.
Excess Burst
Maximum number of uncommitted bits that the Frame Relay switch will attempt to
transfer beyond the CIR.
Dependent on the service provider.
Forward Explicit Congestion Notication (FECN)
When the Frame Relay switch recognizes congestion, it will set the DE bit to 1 in the
Frame Relay packet bound for the destination. The destination router may drop the
packet upon arrival.
Backward Explicit Congestion Notication (BECN)
When the router detects congestion, it sets the BECN bit to 1 and sends a packet to the
source router, so the source router can reduce its rate of transmission of packets
Discard Eligibility (DE)
When the router detects congestion, this bit is turned to 1 for oversubscribed trafc.
Packets with a DE bit equal to 1 will be discarded rst by receiving routers.

Subinterfaces
Provide a method of separating one physical network connection into multiple logical
connections, i.e. one local loop can support many PVCs.
A single physical interface (s 0/0) can simulate multiple logical interfaces (s 0/0.1, s
0/0.2, and so on), called subinterfaces.
Subinterfaces can be congured to support 2 connection types:
Point-to-point
1.Does not forward broadcasts or routing updates.
2.PVC connection is established from one subinterface to another Interfaces are on the
same subnet, each subinterface has its own local and unique DLCI number.
Multipoint
1.Forwards broadcasts and routing updates.
2.A single interface establishes multiple PVCs to multiple interfaces or subinterfaces on
remote routers.
3.All participating subinterfaces are on the same subnet, with unique local DLCIs.
4.Total number of subinterfaces = 1, , 4294967293.
5.Subinterfaces can be added at any time, even during normal operation.

91

Frame Relay - An Example

131.107.1.2

R2
BO 1

35
16
HO

131.107.1.1

131.107.1.3

16

17

R2

18
18

BO 2

R2

131.107.1.4

BO 3

Once the DLCIs have been assigned by the service provider, mappings are created as
follows (by Inverse ARP):

Router HO
Local DLCI
16
17
18

Destination Address
131.107.1.2
131.107.1.3
131.107.1.4

Router BO 1
Local DLCI
35

Destination Address
131.107.1.1

Router BO 2
Local DLCI
16

Destination Address
131.107.1.1

Router BO 3
Local DLCI
18

Destination Address
131.107.1.1

92

So, if router B1 wishes to forward a packet to router HO, it sends the packet through it's
local DLCI 35, as all packets sent on that DLCI will get to 131.107.1.1 (router HO).
Now B1, B2 and B3 can each ping HO and vice versa, as there is a mapping of the path to
get to the destination, butB1, B2 and B3 cannot ping each other.
For B1 to ping B2, for example, there must be a mapping from B1 to B2 via HO. This is
done by the following command done at each respective router
At router B1
Frame-relay map ip 131.107.1.3

35

At router B2
Frame-relay map ip 131.107.1.2

16

Similar mappings would need to be made for interconnecting B1 to B3 and B2 to B3.


Note:
Mappings must be two-way for two-way communication, for example, ping.
This set up of routers is called a hub and spoke topology.

Verifying Frame Relay Conguration Useful Commands


Router#show frame-relay pvc
Shows DLCIs used and their status
Router#show LMI type
Shows number of FECN and BECN bits received
Router#show ip route
Shows routing table
Router#show frame-relay map
Router#show IP address to DLCI mapping
Shows if link to remote site is up or down
Router#show frame-relay lmi
Shows lmi trafc status
Shows if link to Frame Relay switch from CPE is up or down

93

Module 8 Frame Relay Labs

94

Lab 1 Point to Point Connection


Using Frame-Relay
1.0.0.1/8

1.0.0.2/8

DLCI 102

DLCI 201
R2

R1
R2

R1 Conguration
Router(cong)#hostname R1
R1(cong)#int S 0/0
R1(cong-if)#encap frame-relay
R1(cong-if)#IP address 1.0.0.1 255.0.0.0
R1(cong-if)#no shut

R2 Conguration
Router(cong)#hostname R1
R2(cong)#int S 0/0
R2(cong-if)#encap frame-relay
R2(cong-if)#IP address 1.0.0.1 255.0.0.0
R2(cong-if)#no shut

On Both Routers
Type
Router#Show Frame-relay lmi.
Notice the Number Status Enq. Sent and Number Status Msgs Rcvd numbers are the
only ones that are changing. The Lmi's are sent every 10 seconds. These are also known
as Keepalives.
Type
Router#show Frame-relay PVC.
Notice your Local DLCI number and it's status.

95

Type
Router#show Frame-relay Map
Notice it automatically maps your local DLCI number to the remote routers IP
address.
What is the this process called?
Ping your partner's Router.
Are you successful?

96

Lab 2 Full Mesh Using Inverse ARP

R2
R2

201

1.0.0.2/8

102
R1

203

103

1.0.0.1/8

302
301

1.0.0.3/8

R2
R3

On R1
R1#conf t
R1(cong)#int S 0/0
R1(cong-if)#ip address 1.0.0.1 255.0.0.0
R1(cong-if)#encapsulation frame-relay
R1(cong-if)#no shut

On R2
R2#conf t
R2(cong)#int S 0/0
R2(cong-if)#ip address 1.0.0.2 255.0.0.0
R2(cong-if)#encapsulation frame-relay
R2(cong-if)#no shut

On R3
R3#conf t
R3(cong)#int S 0/0
R3(cong-if)#ip address 1.0.0.3 255.0.0.0
R3(cong-if)#encapsulation frame-relay
R3(cong-if)#no shut
On All Routers
Type
Router#show Frame-relay MAP
How many Frame-relay mappings do you see on all router?
Can each router ping the other 2 routers?

97

Lab 3 Hub-n-Spoke Using Inverse


ARP
R2
201

1.0.0.2/8

102
HUB

R2

103

1.0.0.1/8
301

1.0.0.3/8

R2
R3

On Hub
hub#conf t
hub(cong)#int S 0/0
hub(cong-if)#ip address 1.0.0.1 255.0.0.0
hub(cong-if)#encapsulation frame-relay
hub(cong-if)#no shut

On R2
R2#conf t
R2(cong)#int S 0/0
R2(cong-if)#ip address 1.0.0.2 255.0.0.0
R2(cong-if)#encapsulation frame-relay
R2(cong-if)#no shut

On R3
R3#conf t
R3(cong)#int S 0/0
R3(cong-if)#ip address 1.0.0.3 255.0.0.0
R3(cong-if)#encapsulation frame-relay
R3(cong-if)#no shut
On All Routers
Router#show Frame-relay Map
How many mappings do you have at the Hub?
How many mappings do you have at the two spokes?
Ping from one spoke to the other.
Are you successful?

98

On the Spokes put in the Frame-relay map statements

On R2
R2(cong)#int S 0/0
R2(cong-if)#frame-relay map ip 1.0.0.3 201

On R3
R2(cong)#int S 0/0
R2(cong-if)#frame-relay map ip 1.0.0.2 301
On the Spoke Routers
Ping from one spoke to the other.
Are you successful?

99

Lab 4 Hub-n-Spoke Using SubInterfaces


(Build on Lab 3 )

Frame-Relay Conguration Using Subinterfaces


On Hub
hub#conf t
hub(cong)#int S 0/0
hub(cong-if)#encapsulation frame-relay
hub(cong-if)#no shut
hub(cong-if)#exit
hub(cong)#int S 0/0.1 point-to-point
hub(cong-subif)#ip address 1.0.0.1 255.0.0.0
hub(cong-subif)#frame-relay interface-dlci 102
hub(cong-fr-dlci)#exit
hub(cong-Subif)#exit
hub(cong)#int S 0/0.2 point-to-point
hub(cong-subif)#ip address 2.0.0.1 255.0.0.0
hub(cong-subif)#frame-relay interface-dlci 103
hub(cong-fr-dlci)#exit
hub(cong-Subif)#exit
hub(cong)#router rip
hub(cong-router)#net 1.0.0.0
hub(cong-router)#net 2.0.0.0

On R2
R2#conf t
R2 (cong)#int S 0/0
R2 (cong-if)#encapsulation frame-relay
R2 (cong-if)#no shut
R2 (cong-if)#exit
R2 (cong)#int S 0/0.1 point-to-point
R2 (cong-subif)#ip address 1.0.0.2 255.0.0.0
R2 (cong-subif)#frame-relay interface-dlci 201
R2 (cong-fr-dlci)#exit
R2 (cong-Subif)#exit
R2(cong)#router rip
R2(cong-router)#net 1.0.0.0

On R3
R3#conf t
R3(cong)#int S 0/0R3(cong-if)#encapsulation frame-relay
R3(cong-if)#no shut
R3(cong-if)#exit
R3(cong)#int S 0/0.1 point-to-point
R3(cong-subif)#ip address 2.0.0.2 255.0.0.0
R3(cong-subif)#frame-relay interface-dlci 301

100

R3(cong-fr-dlci)#exit
R3(cong-Subif)#exit
R3(cong)#router rip
R3(cong-router)#net 2.0.0.0

On the Spoke Routers


Type
Router#show ip route
What routes do you see there?
Can the Spokes ping Other Spoke Routers?

101

Module 9 MPLS

102

Multiprotocol Label Switching


(MPLS)
Multiprotocol Label Switching (MPLS), originating in IPv4, was initially proposed to
improve forwarding speed. Its core technology can be extended to multiple network
protocols, such as IPv6, Internet Packet Exchange (IPX), and Connectionless Network
Protocol (CLNP). That is what the term multiprotocol means. MPLS integrates both Layer
2 fast switching and Layer 3 routing and forwarding, satisfying the networking
requirements of various new applications.

MPLS Overview
Basic Concepts of MPLS
1. FEC
As a forwarding technology based on classication, MPLS groups packets to be
forwarded in the same manner into a class called the forwarding equivalence class
(FEC). That is, packets of the same FEC are handled in the same way.
The classication of FECs is very exible. It can be based on any combination of source
address, destination address, source port, destination port, protocol type and VPN. For
example, in the traditional IP forwarding using longest match, all packets to the same
destination belongs to the same FEC.
2. Label
A label is a short xed length identier for identifying a FEC. A FEC may correspond to
multiple labels in scenarios where, for example, load sharing is required, while a label
can only represent a single FEC.
A label is carried in the header of a packet. It does not contain any topology information
and is local signicant.
A label is four octets, or 32 bits, in length. Figure 1 illustrates its format.

19
LABEL

22
EXP

23
S

31
TTL

Figure 1 MPLS Label Format


The MPLS label consists of four elds:
Label: Label value of 20 bits. Used as the pointer for forwarding.
Exp: For QoS, three bits in length.
S: Flag for indicating whether the label is at the bottom of the label stack, one bit in
length. 1 indicates that the label is at the bottom of the label stack. This eld is very
useful when there are multiple levels of MPLS labels.
TTL: Time to live (TTL) for the label. Eight bits in length. This eld has the same meaning
as that for an IP packet.

103

3. LSR
Label switching router (LSR) is a fundamental component on an MPLS network. All LSRs
support MPLS.

4. LSP
Label switched path (LSP) means the path along which a FEC travels through an MPLS
network. Along an LSP, two neighboring LSRs are called upstream LSR and downstream
LSR respectively. In Figure 2, R2 is the downstream LSR of R1, while R1 is the upstream
LSR of R2.

R2

R1

Figure 2 Diagram for an LSP


An LSP is a unidirectional path from the ingress of the MPLS network to the egress. It
functions like a virtual circuit in ATM or frame relay. Each node of an LSP is an LSR.

5. LDP
Label Distribution Protocol (LDP) means the protocol used by MPLS for control. An LDP
has the same functions as a signaling protocol on a traditional network. It classies
FECs, distributes labels, and establishes and maintains LSPs.
MPLS supports multiple label distribution protocols of either of the following two types:
Those dedicated for label distribution, such as LDP and Constraint-based Routing using
LDP (CR-LDP). The existing protocols that are extended to support label distribution,
such as Border Gateway Protocol (BGP) and Resource Reservation Protocol (RSVP).
In addition, you can congure static LSPs.

Structure of the MPLS network


As shown in Figure, the element of an MPLS network is LSR. LSRs in the same routing
or administrative domain form an MPLS domain.
In an MPLS domain, LSRs residing at the domain border to connect with other networks
are label edge routers (LERs), while those within the MPLS domain are core LSRs. All
core LSRs, which can be routers running MPLS or ATM-LSRs upgraded from
ATM switches, use MPLS to communicate, while LERs interact with devices outside the
domain that use traditional IP technologies.

104

Each packet entering an MPLS network is labeled on the ingress LER and then forwarded
along an LSP to the egress LER. All the intermediate LSRs are called transit LSRs.

LSP
Ingress

Egress

IP Network

IP Network

Transit

The following describes how MPLS operates:


1) First, the LDP protocol and the traditional routing protocol (such as OSPF and ISIS)
work together on each LSR to establish the routing table and the label information base
(LIB) for intended FECs.
2) Upon receiving a packet, the ingress LER completes the Layer 3 functions, determines
the FEC to which the packet belongs, labels the packet, and forwards the labeled packet
to the next hop along the LSP.
3) After receiving a packet, each transit LSR looks up its label forwarding table for the
next hop according to the label of the packet and forwards the packet to the next hop.
None of the transit LSRs performs Layer 3 processing.
4) When the egress LER receives the packet, it removes the label from the packet and
performs IP forwarding.
Obviously, MPLS is not a service or application, but actually a tunneling technology and
a routing and switching technology platform combining label switching with Layer 3
routing. This platform supports multiple upper layer protocols and services, as well as
secures transmission of information to a certain degree.

105

Lab 1 Conguring MPLS Unicast


Routing
R3

R2
Loopback 0
2.0.0.0/8

Loopback 0
3.0.0.0/8

192.1.23.0/24

F0/0

F0/0

192.1.12.0/24

192.1.34.0/24

F0/0

F0/0

Loopback 0
1.0.0.0/8

Loopback 0
4.0.0.0/8

R1

R4

R1
Interface
Loopback0
F0/0

IP Address
1.1.1.1
192.1.12.1

Subnet Mask
255.0.0.0
255.255.255.0

Interface
Loopback0
F0/0
F0/1

IP Address
2.2.2.2
192.1.12.2
192.1.23.2

Subnet Mask
255.0.0.0
255.255.255.0
255.255.255.0

Interface
Loopback0
F0/0
F0/1

IP Address
3.3.3.3
192.1.23.3
192.1.34.3

Subnet Mask
255.0.0.0
255.255.255.0
255.255.255.0

Interface
Loopback0
F0/0

IP Address
4..4.4
192.1.34.4

Subnet Mask
255.0.0.0
255.255.255.0

R2

R3

R4

106

Task 1
Congure OSPF between all the SP routers (R1, R2, R3, and R4). OSPF process should
use Loopback0 on each router as the router-id. Advertise all links in OSPF except
Loopback 1's on R1 and R4. Loopback 0's should appear with a /8 mask in the routing
table.

R1
Interface Loopback 0
Ip ospf network point-to-point
!
Router ospf 1
Router-id 1.1.1.1
Network 1.1.1.1 0.0.0.0 area 0
Network 192.1.12.1 0.0.0.0 area 0
Interface Loopback 0
Ip ospf network point-to-point
!

R2
Router ospf 1
Router-id 2.2.2.2
Network 2.2.2.2 0.0.0.0 area 0
Network 192.1.12.2 0.0.0.0 area 0
Network 192.1.23.2 0.0.0.0 area 0
Interface Loopback 0
Ip ospf network point-to-point
!

R3
Router ospf 1
Router-id 3.3.3.3
Network 3.3.3.3 0.0.0.0 area 0
Network 192.1.23.3 0.0.0.0 area 0
Network 192.1.34.3 0.0.0.0 area 0
Interface Loopback 0
Ip ospf network point-to-point
!

R4
Router ospf 1
Router-id 4.4.4.4
Network 4.4.4.4 0.0.0.0 area 0
Network 192.1.34.4 0.0.0.0 area 0

107

Task 2
Congure MPLS on all the physical links in the SP Network. Use LDP to distribute labels.
The LDP neighbour relationships should be formed based on the most reliable interface.
The Labels should be assigned from the range X00 X99, where X is the router number.

R1
Mpls ldp router-id Loopback0
Mpls label protocol LDP
Mpls label range 100 199
!
Interface F 0/0
Mpls ip
!

R2
Mpls ldp router-id Loopback0
Mpls label protocol LDP
Mpls label range 200 299
!
Interface F 0/0
Mpls ip
!
Interface F 0/1
Mpls ip
!

R3
Mpls ldp router-id Loopback0
Mpls label protocol LDP
Mpls label range 300 399
!
Interface F 0/0
Mpls ip
!
Interface F 0/1
Mpls ip
!

R4
Mpls ldp router-id Loopback0
Mpls label protocol LDP
Mpls label range 400 499
!
Interface F 0/0
Mpls ip
!

108

How to check?
R1#show mpls ldp bindings
tib entry: 1.0.0.0/8, rev 4
local binding: tag: imp-null
remote binding: tsr: 2.2.2.2:0,
tib entry: 2.0.0.0/8, rev 6
local binding: tag: 100
remote binding: tsr: 2.2.2.2:0,
tib entry: 3.0.0.0/8, rev 8
local binding: tag: 101
remote binding: tsr: 2.2.2.2:0,
tib entry: 4.0.0.0/8, rev 10
local binding: tag: 102
remote binding: tsr: 2.2.2.2:0,
tib entry: 192.1.12.0/24, rev 2
local binding: tag: imp-null
remote binding: tsr: 2.2.2.2:0,
tib entry: 192.1.23.0/24, rev 12
local binding: tag: 103
remote binding: tsr: 2.2.2.2:0,
tib entry: 192.1.34.0/24, rev 14
local binding: tag: 104
remote binding: tsr: 2.2.2.2:0,

109

tag: 200

tag: imp-null

tag: 201

tag: 202

tag: imp-null

tag: imp-null

tag: 203

Lab 2 Conditional Label


Advertising
(Builds on Lab 1)

Task 1
Make sure that labels are only exchanged for Loopback 0 networks throughout the MPLS
network.

R1
Access-list 1 permit 1.0.0.0
Access-list 1 permit 2.0.0.0
Access-list 1 permit 3.0.0.0
Access-list 1 permit 4.0.0.0
!
no tag-switching advertise-tags
tag-switching advertise-tags for 1

R2
Access-list 1 permit 1.0.0.0
Access-list 1 permit 2.0.0.0
Access-list 1 permit 3.0.0.0
Access-list 1 permit 4.0.0.0
!
no tag-switching advertise-tags
tag-switching advertise-tags for 1

R3
Access-list 1 permit 1.0.0.0
Access-list 1 permit 2.0.0.0
Access-list 1 permit 3.0.0.0
Access-list 1 permit 4.0.0.0
!
no tag-switching advertise-tags
tag-switching advertise-tags for 1

R4
Access-list 1 permit 1.0.0.0
Access-list 1 permit 2.0.0.0
Access-list 1 permit 3.0.0.0
Access-list 1 permit 4.0.0.0
!
no tag-switching advertise-tags
tag-switching advertise-tags for 1

110

Module 10 - Cisco Discovery Protocol


(CDP)

111

Cisco Discovery Protocol (CDP)


Overview
Provides details about directly connected Cisco devices, such as address, protocol used.
CDP starts automatically by default for IOS 10.3 and later.
CDP operates at Layer 2, so it is not necessary for the neighboring device to be in the
same domain, or share a common network address for communication.
Advertisements about neighbors are multicast to the address 0100.0ccc.cccc.
Routes are learned through hello type updates.

CDP Parameters
CDP Timer
How often updates are sent
Default = 60 seconds
To change default time
Router(cong)#cdp timer new_update_time
CDP Holdtime
The time the CDP packet sent should be kept by the receiving router before being
discarded
Default = 180 seconds
To change default time
Router(cong)#cdp holdtime new_holdtime

Disabling and Enabling CDP


To disable CDP
Router(cong)#no cdp enable
To disable CDP on an interface
Router(cong-if)#no cdp enable
To enable CDP
Router(cong)#cdp run

Showing CDP Neighbors


For each connected Cisco device, the following information can be displayed:
1. Device ID router hostname/domain name.
2. Local port type and # e.g. Ethernet 0/0
3. Holdtime

112

4. Device capabilitye.g. router, switch


5. Hardware platform e.g. 2600, 1900
6. IOS version
7. Neighbors remote port type and number

To Check Output
For a brief summary
Router#show cdp neighbors
For detailed information
Router#show cdp neighbors detail
To look at a single device
Router#show cdp entry router_name
To display information about your local router
Router#show cdp interface
To disable cdp
Router(cong)#no cdp run

113

Module 10 Network Address


Translation (NAT) Labs

114

Network Address Translation


The Internet has grown larger than anyone ever imagined it could be. Although the exact
size is unknown, the current estimate is that there are about 100 million hosts and over
350 million users actively on the Internet. That is more than the entire population of the
United States! In fact, the rate of growth has been such that the Internet is effectively
doubling in size each year. So what does the size of the Internet have to do with NAT?
Everything! For a computer to communicate with other computers and Web servers on
the Internet, it must have an IP address. An IP address (IP stands for Internet Protocol) is
a unique 32bit number that identies the location of your computer on a network.
Basically it works just like your street address: a way to nd out exactly where you are
and deliver information to you. When IP addressing rst came out, everyone thought
that there were plenty of addresses to cover any need.
Theoretically, you could have 4,294,967,296 unique addresses (232). The actual
number of available addresses is smaller (somewhere between 3.2 and 3.3 billion)
because of the way that the addresses are separated into Classes and the need to set
aside some of the addresses for Multicasting, testing or other specic uses. With the
explosion of the Internet and the increase in home networks and business networks, the
number of available IP addresses is simply not enough. The obvious solution was to
redesign the address format to allow for more possible addresses. This is being
developed (IPv6) but will take several years to implement because it requires
modication of the entire infrastructure of the Internet.
This is where NAT (RFC 1631) came to the rescue. Basically, Network Address
Translation allows a single device, such as a router, to act as agent between the Internet
(or "public network") and a local (or "private") network. This means that only a single
unique IP address is required to represent an entire group of computers to anything
outside their network.
The shortage of IP addresses is only one reason to use NAT. Two other good reasons are:
Security
Administration
NAT is like the receptionist in a large ofce. Let's say you have left instructions with the
receptionist not to forward any calls to you unless you request it. Later on, you call a
potential client and leave a message for them to call you back. You tell the receptionist
that you are expecting a call from this client and to put them through. The client calls the
main number to your ofce, which is the only number the client knows. When the client
tells the receptionist who they are looking for, the receptionist checks a lookup table that
matches up the person's name and extension. The receptionist knows that you
requested this call, therefore the receptionist forwards the caller to your extension.
Developed by Cisco, Network Address Translation is used by a device (rewall, router or
computer) that sits between an internal network and the rest of the world.

115

NAT has many forms and can work in several ways: Static NAT - Mapping an unregistered IP address to a registered IP address on a
onetoone basis. Particularly useful when a device needs to be accessible from outside
the network.
Dynamic NAT - Maps an unregistered IP address to a registered IP address from a group
of registered IP addresses. Dynamic NAT also establishes a onetoone mapping
between unregistered and registered IP address, but the mapping could vary depending
on the registered address available in the pool, at the time of communication.
Overloading - A form of dynamic NAT that maps multiple unregistered IP addresses to a
single registered IP address by using different ports. Known also as PAT (Port Address
Translation), single address NAT or portlevel multiplexed NAT.
NAT router is congured to translate unregistered IP addresses (inside local addresses)
that reside on the private (inside) network to registered IP addresses. This happens
whenever a device on the inside with an unregistered address needs to communicate
with the public (outside) network.
An ISP assigns a range of IP addresses to your company. The assigned block of addresses
are registered unique IP addresses and are called inside global addresses.
Unregistered private IP addresses are split into two groups, a small group (outside local
addresses) that will be used by the NAT routers and the majority that will be used on the
stub domain known as inside local addresses. The outside local addresses are used to
translate the unique IP addresses, known as outside global addresses, of devices on
the public network. NAT only translates trafc which travel between the inside and
outside network and is specied to be translated. Any trafc not matching the
translation criteria or those that are forwarded between other interfaces on a router are
never translated, and they are forwarded as such.

116

Lab -1 NAT
R2

R1
Loopback 0
10.0.0.1/8

Loopback 0
2.0.0.0/8

192.1.12.0/24

S0/0
F0/0

S0/0

192.1.23.0/24

F0/0
Loopback 0
192.168.1.0/24

R3
Objective: Congure NAT and PAT on R1 and R3 to route trafc from the private
networks to the Internet (R2 2.2.2.2).
ISP (R2) assigns R1 a public range of 195.1.1.0/24 network. Congure R2 to route all
packets destined for this network towards R1.

On R2
R2(cong)#ip route 195.1.1.0 255.255.255.0 192.1.12.1
Translate the 10.0.0.0 Network behind R1 into a range of Class C addresses assigned to
R1 by the ISP. Use the range 195.1.1.1 195.1.1.250 for the pool.

On R1
R1(cong)#access-list 121 permit ip 10.0.0.0 0.255.255.255 any
R1(cong)#ip nat pool DP 195.1.1.1 195.1.1.254
R1(cong)#ip nat inside source list 121 pool DP
R1(cong)#interface Loopback0
R1(cong-if)#ip nat inside
R1(cong-if)#interface S0/0
R1(cong-if)#ip nat outside
R1 should use 195.1.1.251 for its Web Server so that people on the outside can access it.
The internal web server is at 10.0.0.80. Congure a secondary address of 10.0.0.80 on
the loopback address to test this conguration.

On R1
R1(cong)#ip nat inside source static 10.0.0.80 195.1.1.251
R1(cong)#interface Loopback 0
R1(cong-if)#ip address 10.0.0.80 255.0.0.0 secondary

117

ISP (R2) assigns R3 a public range of 195.1.3.32/30 subnet. Congure R2 to route all
packets destined for this network towards R3

On R2
R2(cong)#ip route 195.1.3.32 255.255.255.252 192.1.23.3
Translate the 192.168.1.0 Network behind R3 using the 195.1.3.33 address (PAT). The
entire should be able to go out simultaneously using this address.

On R3
R3(cong)#access-list 121 permit ip 192.168.1.0 0.0.0.255 any
R3(cong)#ip nat pool DP 195.1.3.33 195.1.1.33
R3(cong)#ip nat inside source list 121 pool DP overload
R3(cong)#interface Loopback0
R3(cong-if)#ip nat inside
R3(cong-if)#interface E 0/0
R3(cong-if)#ip nat outside
There is a web server at 192.168.1.5 and a DNS server at 192.168.1.6. Translate these
servers to 192.168.1.34 on the outside. Use Static PAT to accomplish this task.

On R3
R3(cong)#ip nat inside source static tcp 192.168.1.5 80 195.1.1.34 80
R3(cong)#ip nat inside source static udp 192.168.1.6 80 195.1.1.34 53

Verication on R3
R3#show IP nat translations.
Do you see the static translation already present in the translation table.
On R3, Ping 2.2.2.2 with the source of 192.168.1.1.
Are you successful?
Type Show IP nat translations. Do you see the Dynamic translation done?

To Clear NAT Translations


R3#clear ip nat translations *

118

Module 11 - Additional Topics

119

Ipv6 Addressing
Internet Protocol (IP) version 6 is a new IP protocol designed to replace IP version 4, which
is deployed today and used throughout the world.
The current IP version, IPv4, has proven to be robust, easily implemented, interoperable,
and has stood the test of scaling an internetwork to a global utility the size of the Internet
today. However, the initial design of IPv4 did not anticipate the The rapid growth of the
Internet and the exhaustion of the IPv4 address
The lifetime of IPv4 has been extended with techniques such as private address space
with Network Address Translation (NAT). Although these techniques seem to increase
the address space and satisfy the traditional client-server setup, they fail to meet the
requirements of IP address growth.
The need to reach always-on environments (such as residential Internet through
broadband, cable modem, or DSL) precludes IP-address conversion, pooling, and
temporary allocation techniques. Also, the plug-and-play capabilities required by
consumer Internet appliances further increase the
address requirements.
The designers and users of the early Internet could not have anticipated the recent rapid
growth of the Internet and the impending exhaustion of the IPv4 address space. The IPv6
address protocol meets the current requirements of the new applications and the never
ending growth of the Internet.
The IPv6 address space makes more addresses available but it must be approached with
careful planning. Successful deployment of IPv6 can be achieved with existing IPv4
infrastructures. With proper planning and design, the transition between IP version 4
and 6 is possible today as well.
The Internet Engineering Task Force (IETF) designed the IPv6 addressing scheme to
provide interoperability with existing IPv4 network architecture and to allow the
coexistence of IPv6 networks with existing IPv4 networks.

IPv6 Address Format


IPv6 uses 16-byte hexadecimal number elds separated by colons (:) to represent the
128-bit addressing format that makes the address representation less cumbersome and
error-prone. Here is an example of a valid IPv6
address: 2001:db8:130F:0000:0000:09C0:876A:130B
Additionally, to shorten the IPv6 address and make the address easier to represent, IPv6
uses the following conventions:
Leading zeros in the address eld are optional and can be compressed. For example: The
following hexadecimal numbers can be represented as shown in a compressed format:
Example 1: 0000 = 0 (compressed form)
Example 2: 2001:db8:130F:0000:0000:09C0:876A:130B =2001:db8:130
F:0:0:9C0:876A:130B (compressed form)
A pair of colons (::) represents successive elds of 0. However, the pair of colons is
allowed just once in a valid IPv6 address.

120

Example 1: 2001:db8:130F:0:0:9C0:876A:130B =
2001:db8:130F::9C0:876A:130B (compressed form)
Example 2: FF01:0:0:0:0:0:1 =
FF01::1 (compressed form)
An address parser can easily identify the number of missing zeros in an IPv6
address by separating the two parts of the address and lling in the 0s until the
128-bit address is complete. However, if two ::s are placed in the same address,
then there is no way to identify the size of each block of zeros. The use of the ::
makes many IPv6 addresses very small.

Network Prex
In IPv6 there are references to prexes which, in IPv4 terms, loosely equate to
subnets. The IPv6 prex is made up of the left-most bits and acts as the network
identier. The IPv6 prex is represented using the IPv6-prex or prex-length
format just like an IPv4 address is represented in the classless interdomain
routing (CIDR) notation.
The /prex-length variable is a decimal value that indicates the number of highorder contiguous bits of the address that form the prex, which is the network
portion of the address. For example: 2001:db8:8086:6502::/64 is an acceptable
IPv6 prex. If the address ends in a double colon, the trailing double colon can
be omitted. So the same address can be written as 2001:db8:8086:6502/64. In
either case, the prex length is written as a decimal number 64 and represents
the left-most bits of the IPv6 address.

IPv6 Transition Technologies


Dual Stack
Dualstack is the basic strategy to use for large agencies that are adopting
Ipv6. It involves conguring devices to be able to run IPv4 and IPv6
simultaneously. IPv4 communication uses the IPv4 protocol stack, and IPv6
communication uses the IPv6 protocol stack
Tunneling
Tunnels encapsulate IPv6 trafc within IPv4 packets, and are primarily used for
communication between IPv6 (or dual-stack) sites or for connection to remote
IPv6 networks or hosts over an IPv4 backbone.

121

Lab 1 - Conguring IPv6 with RIPng


R1

2000:192:1:12::/64

R2

L0

L0
F0/0

F0/0
S0/0

2000:192:1:23::/64

S0/0
F0/0

F0/0
R2

L0
2000:192:1:34::/64
R4

L0

R3

Objective: Congure IPv6 on the Routers. Run RIPng to route


between the networks.
Enable IPv6 routing on R1,R2, R3 and R4. Assign IPv6 addresses to the E 0/0 interface of
the routers as follows:

R1
Interface
Loopback0
F0/0

IPV6 Address
2001:1:1:l::1
2000:192:1:12::1

Subnet Mask
/64
/64

Interface
Loopback0
F0/0
S0/0

IPV6 Address
2001:2:2:2::2
2000:192:1:12::2
2000:192:1:23::2

Subnet Mask
/64
/64
/64

R2

122

R3
Interface
Loopback0
F0/0
S0/0

IPV6 Address
2001:3:3:3::3
2000:192:1:34::4
2000:192:1:23::3

Subnet Mask
/64
/64
/64

Interface
Loopback0
F0/0

IPV6 Address
2001:4:4:4::4
2000:192:1:34::4

Subnet Mask
/64
/64

R4

On R1
R1(cong)#ipv6 unicast-routing
R1(cong)#Interface E 0/0
R1(cong-if)#ipv6 address 2001:1:1:12::1/64
R1(cong-if)#no shut
R1(cong)#Interface Loopback 0
R1(cong-if)#ipv6 address 2001:1:1:1::/64

On R2
R2(cong)#ipv6 unicast-routing
R2(cong)#Interface E 0/0
R2(cong-if)#ipv6 address 2001:1:1:12::2/64
R2(cong-if)#no shut
R2(cong)#Interface Loopback 0
R2(cong-if)#ipv6 address 2001:2:2:2::/64

On R3
R3(cong)#ipv6 unicast-routing
R3(cong)#Interface E 0/0
R3(cong-if)#ipv6 address 2001:1:1:34::3/64
R3(cong-if)#no shut
R3(cong)#Interface Loopback 0
R3(cong-if)#ipv6 address 2001:3:3:3::/64

On R4
R4(cong)#ipv6 unicast-routing
R4(cong)#Interface E 0/0
R4(cong-if)#ipv6 address 2001:1:1:34::4/64
R4(cong-if)#no shut
R4(cong)#Interface Loopback 0
R4(cong-if)#ipv6 address 2001:4:4:4::/64

123

Congure Frame-relay between R2 and R3 using the IPV6


addresses (see table)
Ensure that the routers can ping each other's serial interface. Also allow R2 and
R3 to ping their own IP addresses. Use a sun-interface on R2 and R3 for the
Frame relay conguration.

On R2
R2(cong)#Interface S 0/0
R2(cong-if)#encap frame-relay
R2(cong-if)#no shut
R2(cong-if)#interface S 0/0.1 point-to-point
R2(cong-subif)#ipv6 address 2001:1:1:23::2/64
R2(cong-subif)#frame-relay interface-dlci 203

On R3
R3(cong)#Interface S 0/0
R3(cong-if)#encap frame-relay
R3(cong-if)#no shut
R3(cong-if)#interface S 0/0.1 point-to-point
R3(cong-subif)#ipv6 address 2001:1:1:23::3/64
R3(cong-subif)#frame-relay interface-dlci 302

Congure RIPng on all routers to route all loopbacks. Enable


RIPng under the following interfaces:
R1
R2
R3
R4

E
E
E
E

0/0,
0/0,
0/0,
0/0,

Loopback
Loopback
Loopback
Loopback

0
0, S 0/0.1
0, S 0/0.1
0

On R1
R1(cong)#Interface Loopback0
R1(cong-if)#ipv6 rip 1234 enable
R1(cong-if)#Interface E 0/0
R1(cong-if)#ipv6 rip 1234 enable

On R2
R2(cong)#Interface Loopback0
R2(cong-if)#ipv6 rip 1234 enable
R2(cong-if)#Interface E 0/0
R2(cong-if)#ipv6 rip 1234 enable
R2(cong-if)#Interface S 0/0.1
R2(cong-if)#ipv6 rip 1234 enable

124

On R3
R3(cong)#Interface Loopback0
R3(cong-if)#ipv6 rip 1234 enable
R3(cong-if)#Interface E 0/0
R3(cong-if)#ipv6 rip 1234 enable
R3(cong-if)#Interface S 0/0.1
R3(cong-if)#ipv6 rip 1234 enable

On R4
R4(cong)#Interface Loopback0
R4(cong-if)#ipv6 rip 1234 enable
R4(cong-if)#Interface E 0/0
R4(cong-if)#ipv6 rip 1234 enable

On All Routers
Type
RX#show IPv6 Route rip
Do you see all the IPv6 routes learned thru RIPng?
Find out the interface IP addresses of the loopbacks by typing:
RX#show ipv6 interface brief
Ping these address from each router to ensure connectivity.
For example,
RX#ping ipv6 2001:2:2:2::2
Are you successful?

125

Lab 2 - Conguring OSPF V3


(Builds on Lab 1)

Objective: Congure OSPFv3 as the routing protocol to connect


the Loopback networks.
Disable RIP NG on all routers on all interfaces.

On R1
R1(cong)#Interface Loopback 0
R1(cong-if)#No ipv6 rip 1234 enable
R1(cong-if)#Interface E 0/0
R1(cong-if)#No ipv6 rip 1234 enable

On R2
R2(cong)#Interface Loopback 0
R2(cong-if)#No ipv6 rip 1234 enable
R2(cong-if)#Interface E 0/0
R2(cong-if)#No ipv6 rip 1234 enable
R2(cong-if)#Interface S 0/0.1
R2(cong-if)#No ipv6 rip 1234 enable

On R3
R3(cong)#Interface Loopback 0
R3(cong-if)#No ipv6 rip 1234 enable
R3(cong-if)#Interface E 0/0
R3(cong-if)#No ipv6 rip 1234 enable
R3(cong-if)#Interface S 0/0.1
R3(cong-if)#No ipv6 rip 1234 enable

On R4
R4(cong)#Interface Loopback 0
R4(cong-if)#No ipv6 rip 1234 enable
R4(cong-if)#Interface E 0/0
R4(cong-if)#No ipv6 rip 1234 enable

126

Congure the routers in OSPFv3 area 0 and advertise their directly connected
interfaces in this area

On R1
R1(cong)#IPv6 router ospf 1
R1(cong-router)#router-id 1.1.1.1
R1(cong-router)#Interface Loopback 0
R1(cong-if)#ipv6 ospf 1 area 0
R1(cong-if)# Interface E 0/0
R1(cong-if)#ipv6 ospf 1 area 0

On R2
R2(cong)#IPv6 router ospf 1
R2(cong-router)#router-id 2.2.2.2
R2(cong-router)#Interface Loopback 0
R2(cong-if)#ipv6 ospf 1 area 0
R2(cong-if)# Interface E 0/0
R2(cong-if)#ipv6 ospf 1 area 0
R2(cong-if)# Interface S 0/0.1
R2(cong-if)#ipv6 ospf 1 area 0

On R3
R3(cong)#IPv6 router ospf 1
R3(cong-router)#router-id 3.3.3.3
R3(cong-router)#Interface Loopback 0
R3(cong-if)#ipv6 ospf 1 area 0
R3(cong-if)# Interface E 0/0
R3(cong-if)#ipv6 ospf 1 area 0
R3(cong-if)# Interface S 0/0.1
R3(cong-if)#ipv6 ospf 1 area 0

On R4
R4(cong)#IPv6 router ospf 1
R4(cong-router)#router-id 4.4.4.4
R4(cong-router)#Interface Loopback 0
R4(cong-if)#ipv6 ospf 1 area 0
R4(cong-if)# Interface E 0/0
R4(cong-if)#ipv6 ospf 1 area 0
Ensure that the loopback interfaces are advertised with their correct mask.

On R1
R1(cong)#interface Loopback 0
R1(cong-if)# ipv6 ospf network point-to-point

On R2
R2(cong)#interface Loopback 0
R2(cong-if)# ipv6 ospf network point-to-point

On R3
R3(cong)#interface Loopback 0
R3(cong-if)# ipv6 ospf network point-to-point

127

On R4
R4(cong)#interface Loopback 0
R4(cong-if)# ipv6 ospf network point-to-point

On All Routers
Type
Rx#show ipv6 route ospf.
Do you see all the IPv6 routes learned thru OSPFv3?
Find out the Interface IP addresses of the Loopbacks by typing:
Rx#show ipv6 interface brief
Ping these address from each router to ensure connectivity

128

Lab 3- Conguring IPv6 through a


IPv4 Network using a Tunnel
R1

2000:192:1:12::/64

R2

L0

L0
F0/0

F0/0
S0/0

192.1.23.0/24

S0/0
F0/0

F0/0
R2

L0
2000:192:1:34::/64
R4

L0

R3

Note: This lab is build on lab1 with following modication:


Congure the Frame Relay link between R2 and R3 as an IPv4
Link on the 192.1.23.0/24 network.
On R2
R2(cong)#Interface S 0/0
R2(cong-if)#ip address 192.1.23.2 255.255.255.0
R2(cong-if)#encap frame-relay
R2(cong-if)#frame-relay map ip 192.1.23.3 203
R2(cong-if)#no shut

On R3
R3(cong)#Interface S 0/0
R3(cong-if)#ip address 192.1.23.3 255.255.255.0
R3(cong-if)#encap frame-relay
R3(cong-if)#frame-relay map ip 192.1.23.2 302
R3(cong-if)#no shut

Create a Tunnel between R2 and R3 Assign it an IPv6 address


of 2001:23:23:23::/64. Set the Tunnel Mode to IPv6. Enable
RIPng on the Tunnel Interface

129

On R2
R2(cong)#Interface Tunnel 23
R2(cong-if)#ipv6 address 2001:23:23:23::2/64
R2(cong-if)#tunnel source S 0/0
R2(cong-if)# tunnel destination 192.1.23.3
R2(cong-if)#ipv6 rip 1234 enable
R2(cong-if)#tunnel mode IPv6IP

On R3
R3(cong)#Interface Tunnel 23
R3(cong-if)#ipv6 address 2001:23:23:23::3/64
R3(cong-if)#tunnel source S 0/0
R3(cong-if)# tunnel destination 192.1.23.2
R3(cong-if)#ipv6 rip 1234 enable
R3(cong-if)#tunnel mode IPv6IP

On All Routers
Type
Rx#show ipv6 route rip
Do you see all the IPv6 routes learned through ripng?

130

Variable Length Subnet Mask (VLSM)


Denition:
Variable-Length Subnet Mask (VLSM): provides the ability to have more than one subnet
mask within your major network. It also allows you to further subnet your already
subnetted networks. Requires Classless Routing Protocols.

Advantages:
Efcient Use of IP addresses: Without VLSMs, networks would have to use the same
subnet mask throughout the network. But all your networks don't have the same
number of hosts.
For example: You have 2 LAN connected via a Serial Point-to-point connection. Each LAN
has 50 Hosts on it. When you assign the subnet mask, it has to be consistent across your
network. So you end up assign a sub-network address to the WAN connection with 62
hosts, whereas you only need 2.
Greater Capability for Route Summarization: Route Summarization is covered in
detail, later on in this module.

Calculating VLSMs

25 Hosts

25 Hosts

25 Hosts

25 Hosts

131

In this example, we want to connect the Main Site to the Branch Ofces. If we used a xed
length subnet mask, we would need 4 networks for the LANs and 3 Networks for WANs, a
total of 7 networks. Let us say we have a Class C address of 200.200.200.0 assigned to
us. If we need 7 networks, we have to borrow 4 bits, giving us 14 networks. But it will only
give us 14 hosts per network. In order to get around this problem, we will use VLSMs.
In VLSMs, we can get away with borrowing only 3 bits. 3 bits give us 6 usable networks
with 30 hosts per network. We will use the rst 4 networks for our LAN based networks,
and subnet the fth one further to give us additional networks with less hosts on each for
our WAN connections. Our WAN connections only require 2 hosts per network and we
need 3 Networks.

Subnetting the 200.200.200.0 network into 6 subnets


1. We borrow 3 bits, giving us a new mask of 255.255.255.224 or 27 bit Subnet Mask.
Our new networks are as follows:
200.200.200.32/27
200.200.200.64/27
200.200.200.96/27
200.200.200.128/27
200.200.200.160/27
200.200.200.192/27
2. We will assign the rst 4 networks to our LAN-Based Networks.
3. We can take either the 5th or 6th network and further subnet it. Let' use the 5th
network and further subnet it.

Decimal

Binary

Subnet ID

200.200.200.10100000 (200.200.200.160)

Mask

255.255.255.11100000 (255.255.255.224)

We only need 2 hosts per WAN connection. We will borrow a further 3 bits from this
network, leaving only 2 bits for hosts on each network.
The network numbers are as follows:
200.200.200.10100100
200.200.200.10101000
200.200.200.10101100
200.200.200.10110000
200.200.200.10110100
200.200.200.10111000

(200.200.200.164)
(200.200.200.168)
(200.200.200.172)
(200.200.200.176)
(200.200.200.180)
(200.200.200.184)

Valid
Valid
Valid
Valid
Valid
Valid

Host
Host
Host
Host
Host
Host

Range:
Range:
Range:
Range:
Range:
Range:

165-166
169-170
173-174
177-178
181-182
185-186

So you can choose any 3 of the above network addresses for the WAN connections

132

25 Hosts
200.200.200.164/30

25 Hosts

200.200.200.168/30

200.200.200.128/27

200.200.200.32/27

25 Hosts
200.200.200.64/27

200.200.200.172/30

25 Hosts
200.200.200.96/27

133

IOS DHCP Server


IOS DHCP Server
Allows a Cisco Router to Assign IP Conguration information
Command Syntax:
Router(cong)#IP dhcp pool pool <name>
Router(dhcp-cong)#network <network address /Prex mask>
Router(dhcp-cong)#default-router <Router's Address>
Router(dhcp-cong)#dns-server dns <Server Address>
Router(dhcp-cong)#lease <Days> <hours> <minutes>
Router(cong)#ip dhcp excluded-address <Low-address> <High-address>

Helper Addresses
If a client needs to reach a server and does not know the server's address the client uses a
broadcast to nd the server's address. By default, a router will drop the broadcast
packet. Helper addresses allow connectivity by forwarding these broadcasts as unicast
packets.
Command Syntax:
Router(cong-if)#ip helper-address <ip-address>

134

Lab 1 IOS DHCP Server and IP


Helper addresses
R1

R2

192.1.12.0/24
F0/0

F0/0

F0/1

192.1.11.0/24

F0/1

192.1.22.0/24

Objective:
Congure a Routers as a DHCP Server and assign IP Congurations to local and remote
subnets. Congure a Router to forward broadcast from remote subnets to a DHCP
Server.
Congure R1 as a DHCP Server. Create a pool for the 192.1.11.0/24 network. The
pool should start giving addresses from 192.1.11.11 192.1.11.254. It should
assign 192.1.11.1 as the default gateway and 192.1.11.5 as the DNS Server. Use
a lease time of 3 and a half days.

R1 Basic Conguration
R1(cong)#int S 0/0
R1(cong-if)#ip addr 192.1.12.1 255.255.255.0
R1(cong-if)#clock rate 128000
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong)#int E 0/0
R1(cong-if)#ip addr 192.1.11.1 255.255.255.0
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong-if)#Router RIP
R1(cong-router)#version 2
R1(cong-router)#no auto-summary
R1(cong-router)#network 192.1.11.0
R1(cong-router)#network 192.1.12.0

135

R2 Basic Conguration
R2(cong)#int S 0/0
R2(cong-if)#ip addr 192.1.12.2 255.255.255.0
R2(cong-if)#no shut
R2(cong-if)#int E 0/0
R2(cong-if)#ip addr 192.1.22.1 255.255.255.0
R2(cong-if)#no shut
R2(cong-if)#Router RIP
R2(cong-router)#version 2
R2(cong-router)#no auto-summary
R2(cong-router)#network 192.1.12.0
R2(cong-router)#network 192.1.22.0

R1 DHCP Conguration
R1(cong)#ip dhcp excluded-address 192.1.11.1 192.1.11.10
R1(cong)#IP dhcp pool ABC
R1(dhcp-cong)#network 192.1.11.0 /24
R1(dhcp-cong)#default-router 192.1.11.1
R1(dhcp-cong)#dns-server 192.1.11.5
R1(dhcp-cong)#lease 3 12
R1(dhcp-cong)#exit

Objective:
Also, congure R1 as a DHCP Server for the 192.1.22.0/24 network. The pool
should start giving addresses from 192.1.22.11 192.1.22.254. It should assign
192.1.22.1 as the default gateway and 192.1.22.5 as the DNS Server. Use a lease
time of 3 and a half days. Make sure R2 forwards the DHCP requests to R1 DHCP.

R1 DHCP Conguration
R1(cong)#ip dhcp excluded-address 192.1.22.1 192.1.22.10
R1(cong)#IP dhcp pool DEF
R1(dhcp-cong)#network 192.1.22.0 /24
R1(dhcp-cong)#default-router 192.1.22.1
R1(dhcp-cong)#dns-server 192.1.22.5
R1(dhcp-cong)#lease 3 12
R1(dhcp-cong)#exit

R2 Broadcast Forwarding conguration


R2(cong-if)#ip helper-address 192.1.12.1
R2(cong-if)#no shut
R2(cong-if)#exit

PC Conguration
Congure your PC to obtain an IP Address automatically in either Network
Neighborhood (Windows NT) or My Network Places (Windows 2000)

136

Open a Command prompt


Type IPCONFIG /ALL.
Check the Addresses against the addresses assigned by the IOS DHCP Server.
Type
R1#show ip dhcp binding
Make sure the addresses are not from the excluded range.

137

Module 12 Switching

138

Switching
Collision Domains
1. A group of network nodes on an Ethernet network that share the network media that
can experience collisions within a collision domain.
2. Networks can be segmented into multiple collision domains for optimization of
network functionality.

Network Segmentation Using Bridges


1. Bridges operate at layer 2 and therefore use MAC addresses to decide whether to
forward data
2. Cisco routers can act as bridges.
3. It increases the number of collision domains.
4. Bridges build Layer 2 address table also called forwarding tables by listening to hosts
communicate.
5. It looks at the frames destination in its address table and sends the frame towards the
destination host.
6. Bridges maintain one logical network, network is only physically segmented

Network Segmentation Using Routers


1. Routers create separate collision domains by creating separate layer 3 networks.
2. Layer 3 networks are referred to as Broadcast domains.
3. In large networks, routers need to be able to carry the excessive load placed by a large
number of hosts.

Network Segmentation Using Switches


1. A switch is essentially a bridge with multiple ports and intelligence
2. Switches forward data based on MAC addresses as they operate at layer 2
3. Switches will build forwarding tables the same way as bridges.
4. Switches increase the number of collision domains
5. Enables high speed data exchange
6. LAN switches can operate in three different modes:
A. Cut-through
Frames forwarded as soon as the destination address is read and the forwarding table is
consulted.
Produces the lowest amount of latency.
B. Fragment-free
Frames forwarded as soon as the rst 64 bytes are received.

139

C. Store and Forward


Frames forwarded once the entire frame is receive.
Ensures corrupt frames are not forwarded.
Latency through the switch varies with frame length.
The switch receives the complete frame before beginning to forward it.
Highest latency.

Switch Functions
Address learning
Initially MAC address table is empty switch will ood networks to forward data.
Hosts are added to the table as soon they start communicating.
Frame ltering
If the destination MAC address exists in the MAC address table, frame is not ooded, it is
sent out only on the appropriate port.
Broadcasts and multicasts are ooded to all ports, except the originating port.
Loop avoidance
Duplicate frames must be prevented from traveling over redundant paths that may exist
for backup or transmission redundancy.
Broadcasts will continually ood around a loop structure broadcast storm
Multiple copies of non-broadcast frames may be delivered to the same destination,
causing errors.
The same frame will be received on different ports of the same switch, causing instability
in the MAC address table.

Looping Solution Spanning Tree Protocol (STP)


Algorithm developed by DEC, revised by IEEE (Specication 802.1d)
STP is used to avoid switching loops.
STP recongures as the network topology changes to avoid the creation of new loops.
STP enabled by default on all Cisco Catalyst switches.

Virtual LANs (VLANs)


A VLAN is a broadcast domain, similar in concept to a domain.
Hosts in different VLANs cannot communicate with each other, unless their data is
routed through a router.

140

VLANs can exist on a single switch, or they can span 2 or more switches. If two or more
switches are used, they must be connected using the trunk port (fast Ethernet) and ISL
(Inter Switch Link) encapsulation.
ISL is Cisco proprietary for interconnecting multiple switches over the fast Ethernet (fa)
ports.
ISL operates at layer 2, it adds a new header section and a new FCS
Fast Ethernet ports on routers have ISL capability.
IEEE 802.1q is another encapsulation that can also be used to connect multiple
switches with multiple VLAN's.
By default, all ports have membership of VLAN 1.
VLAN membership can be statically congured or dynamically, through a server or
VMPS (VLAN Membership Policy Server).
Up to 64 VLANs supported on 1900 switches.

Frame Tagging
Frame tagging assigns a unique user-assigned ID to each frame.
A unique identier is placed in the header of each frame as it is forwarded between
switches.

141

Module 13 Switching Labs

142

Lab 1-Creating and Routing with


VLAN's
R1
F0/0 (.1)

192.1.10.0/24

VLAN 10

F0/0.1 (.2)
R2
F0/0.1 (.2)

192.1.20.0/24

VLAN 20
F0/0 (.3)

R3
F0/4 (.3)

192.1.30.0/24

VLAN 30

VLAN 30 (.15)
Sw1

192.1.40.0/24

VLAN 40

VLAN 40 (.15)

F0/0 (.4)
R4

143

Congure Switch1 as the VTP Server and the other Switch(s) as VTP Clients. Use
CISCO as the Domain name. Authenticate the relationship using CCNP as the
password.

Sw1
SW1(cong)#VTP domain CISCO
SW1(cong)#VTP mode server
SW1(cong)#VTP password CCNA

Sw2
SW2(cong)#VTP domain CISCO
SW2(cong)#VTP mode client
SW2(cong)#VTP password CCNA

Congure the Trunk ports on the Switches using Dot1q as the encapsulation

On Both Switches
SWX(cong)#Interface range F0/XX XX
SWX(cong)#Switchport trunk encapsulation dot1q
SWX(cong)#Switchport mode trunk
Create the VLANs based on the Diagram on the VTP Server (Sw1)

SW1
VLAN
VLAN
VLAN
VLAN

10
20
30
40

Assign the Switch Ports connected to Routers to the appropriate VLANs.


Congure the ports that connect to a router that has Sub-interfaces as a Trunk
using Dot1q as the encapsulation mechanism. Turn on IP Routing on SW1 to
make it act as Layer 3 switch. Congure SW1 with SVI ports based on the
Diagram:

SW1
Interface F
Switchport
Switchport
!
Interface F
Switchport
Switchport
!
Interface F
Switchport
Switchport
!

0/1
mode access
access vlan 10
0/2
trunk encapsulation dot1q
mode trunk
0/3
mode access
access vlan 20

144

Interface F 0/4
Switchport mode access
Switchport access vlan 40
!
Ip routing
!
Interface VLAN 30
Ip address 192.1.30.15 255.255.255.0
!
Interface VLAN 30
Ip address 192.1.40.15 255.255.255.0
!

SW2
Interface F 0/3
Switchport mode access
Switchport access vlan 30
!
Congure the Routers with the IP Addresses based on the Diagram. Congure
Loopback 0 on all routers and SW1. Use the format of X.X.X.X/8 for the IP
address of the loopback. Use 15 for Switch1.

R1
Interface F 0/0
Ip address 192.1.10.1 255.255.255.0
No shut
!
Interface Loopback 0
Ip address 1.1.1.1 255.0.0.0
!

R2
Interface F 0/0
No shut
!
Interface F 0/0.1
Encapsulation dot1q 10
Ip address 192.1.10.2 255.255.255.0
!
Interface F 0/0.2
Encapsulation dot1q 20
Ip address 192.1.20.2 255.255.255.0
!
Interface Loopback 0
Ip address 2.2.2.2 255.0.0.0
!

R3
Interface F 0/0
Ip address 192.1.20.3 255.255.255.0
No shut
!

145

Interface F 0/1
Ip address 192.1.30.3 255.255.255.0
No shut
!
Interface Loopback 0
Ip address 3.3.3.3 255.0.0.0
!

R4
Interface F 0/0
Ip address 192.1.40.4 255.255.255.0
No shut
!
Interface Loopback 0
Ip address 4.4.4.4 255.0.0.0
!

SW1
Interface Loopback 0
Ip address 15.15.15.15 255.0.0.0
!
Congure RIP v2 on all the Routers and the Layer 3 Switch. Advertise the
Loopback networks on the devices.

R1
Router Rip
Version 2
No auto-summary
Network 1.0.0.0
Network 192.1.10.0
!

R2
Router Rip
Version 2
No auto-summary
Network 2.0.0.0
Network 192.1.10.0
Network 192.1.20.0
!

R3
Router Rip
Version 2
No auto-summary
Network 3.0.0.0
Network 192.1.20.0
Network 192.1.30.0
!

146

R4
Router Rip
Version 2
No auto-summary
Network 4.0.0.0
Network 192.1.40.0
!

SW1
!
Router Rip
Version 2
No auto-summary
Network 15.0.0.0
Network 192.1.30.0
Network 192.1.40.0
!

147

Lab 2- Conguring Port Security


Task 1
Congure VLAN 50 on SW1. Congure Ports F 0/3 and F0/4 on SW2 in VLAN 50.
Congure SW2 such that only R3 F 0/1 and R4 F 0/1 can connect to ports F 0/3 and
F0/4 on SW2 respectively. If another port tries to connect to these ports, the ports
should be error disabled.

Sw1
VLAN 50
!

SW2
Interface F
Switchport
Switchport
Switchport
Switchport
!
Interface F
Switchport
Switchport
Switchport
Switchport
!

0/3
mode access
access vlan 50
port-security
port-security mac xxxx.xxxx.xxxx
0/4
mode access
access vlan 50
port-security
port-security mac xxxx.xxxx.xxxx

Task 2
Congure F 0/5 F 0/8 in VLAN 50 on SW2. Enable Port Security for these ports such
that only 1 MAC address can be connected to them. You would like to learn the MAC
address dynamically.

SW2
Int range F 0/5 F 0/8
Switchport mode access
Switchport access vlan 50
Switchport port-security
Switchport port-security mac-address sticky
!

Task 3
Congure F 0/15 also in VLAN 50 on SW2. Enable Port security for these ports such that
5 MAC addresses can be connected to this port. The rst 2 MAC addresses that are
allowed to connect are 0001.1010.AB12 and 0001.1010.AB13. The remaining 3 can be
learned dynamically.

148

SW2
Int F 0/15
Switchport mode access
Switchport access vlan 50
Switchport port-security
Switchport port-security max 5
Switcport port-security mac-address 0001.1010.AB12
Switcport port-security mac-address 0001.1010.AB13
Switcport port-security mac-address sticky
!

149

Lab 3- Conguring Port Fast


Task 1
Congure the port range from F0/1 6 on SW1 in a way that, the link will come up as
soon as someone plug in a network cable into some of these ports bypassing STP
learning/listening states.

Sw1
Interface range F0/1 - 6
Spanning-tree portfast
!

Output of command:
SW1
show spanning-tree interface F0/1 portfast
VLAN10 enabled
!

Explanation:
After a port on the switch has linked and joined the bridge group, STP runs on that port. A
port that runs STP can be in one of ve states:
blocking
listening
learning
forwarding
disabled
STP dictates that the port starts out blocking, and then immediately moves through the
listening and learning phases.
By default, the port spends approximately 15 seconds listening and 15 seconds learning.
During the listening state, the switch tries to determine where the port ts in the
spanning tree topology. The switch especially wants to know whether this port is part of a
physical loop. If the port is part of a loop, the port can be chosen to go into blocking mode.
The blocking state means that the port does not send or receive user data in order to
eliminate loops.
If the port is not part of a loop, the port proceeds to the learning state, in which the port
learns which MAC addresses live off this port. This entire STP initialization process takes
about 30 seconds.

150

If you connect a workstation or a server with a single NIC card or an IP phone to a switch
port, the connection cannot create a physical loop. These connections are considered
leaf nodes. There is no reason to make the workstation wait 30 seconds while the switch
checks for loops if the workstation cannot cause a loop.
Cisco added the PortFast or fast-start feature. With this feature, the STP for this port
assumes that the port is not part of a loop and immediately moves to the forwarding state
and does not go through the blocking, listening, or learning states. This command does
not turn STP off. This command makes STP skip a few initial steps (unnecessary steps, in
this circumstance) on the selected port.

NOTE:
Never use the PortFast feature on switch ports that connect to other switches, hubs, or
routers. These connections can cause physical loops, and spanning tree must go
through the full initialization procedure in these situations. A spanning tree loop can
bring your network down. If you turn on PortFast for a port that is part of a physical loop,
there can be a window of time when packets are continuously forwarded (and can even
multiply) in such a way that the network cannot recover.
At the global level, you enable BPDU guard on Port Fast-enabled NNIs by using the
spanning-tree portfast bpduguard default global conguration command. Spanning
tree shuts down NNIs that are in a Port Fast-operational state if any BPDU is received on
those NNIs.
In a valid conguration, Port Fast-enabled NNIs do not receive BPDUs. Receiving a BPDU
on a Port Fastenabled NNI signals an invalid conguration, such as the connection of an
unauthorized device,and the BPDU guard feature puts the interface in the errordisabled state.
At the interface level, you enable BPDU guard on any NNI by using the spanning-tree
bpduguard enable interface conguration command without also enabling the Port Fast
feature. When the NNI receives a BPDU, it is put in the error-disabled state.

151

Lab 4- Conguring BPDU Guard


Task 1
The IT department just found out that someone in the lobby area just plugged in a switch
into port F0/6 on SW1. Congure a command globally on SW1 that if someone connects
a hub or a switch to any of the access ports, the port will be disabled. Also make sure that
after 4 minutes the disabled port comes up automatically.

Sw1
Spanning-tree portfast bpduguard
!
Errdisable recovery cause bpduguard
Errdisable recovery interval 240
!

Output of command:SW1
show errdisable recovery
ErrDisable Reason Timer Status
----------------- -------------udld Disabled
bpduguard Enabled
rootguard Disabled
pagp-ap Disabled
dtp-ap Disabled
link-ap Disabled
Timer interval: 240 seconds
Interfaces that will be enabled at the next timeout:
!
show spanning-tree summary
!
Root bridge for: VLAN1, VLAN10, VLAN13, VLAN16, VLAN19, VLAN20, VLAN30
PortFast BPDU Guard is enabled
UplinkFast is disabled
BackboneFast is disabled
!

152

Explanation:
Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled
port signals an invalid conguration, such as the connection of an unauthorized device,
and the BPDU guard feature puts the port in the error-disabled state.
The BPDU guard feature provides a secure response to invalid congurations because
you must manually put the port back in service. Use the BPDU guard feature in a serviceprovider network to prevent an access port
from participating in the spanning tree.
Use the spanning-tree portfast default global conguration command to globally
enable the Port Fast feature on all nontrunking ports. Congure Port Fast only on ports
that connect to end stations; otherwise, an accidental topology loop could cause a data
packet loop and disrupt switch and network operation. A Port Fast-enabled port moves
directly to the spanning-tree
forwarding state when linkup occurs without waiting for the standard forward-delay
time.
You can also congure bpduguard under an interface using the command spanningtree bpduguard.

153

Module 14 Router Maintenance

154

Router Maintenance Commands


Command

Description

Copy startup-config tftp

Backs up the Startup-config file to a TFTP


server

Copy tftp startup-config

Restoring the Startup-config file from a TFTP


server

Show Flash

Displays the contents of Flash including the


IOS Operating System File.

Copy flash tftp

Backs up the IOS File to a TFTP Server

Copy tftp flash

Upgrades or restores the IOS From a TFTP


Server

Tftpdnld

A Rommon mode command used to recover


the IOS when it is lost. Requires the setting of
the following parameters. (Case-sensitive)
IP_ADDRESS=XX.XX.XX.XX
IP_SUBNET_MASK=XXX.XXX.XXX.XXX
DEFAULT_GATEWAY=XX.XX.XX.XX
TFTP_SERVER=XX.XX.XX.XX
TFTP_FILENAME=IOS Filename
Tftpdnld

155

Module 14 Router Maintenance


Labs

156

Lab 1 Backing up Startup-cong to


a TFTP Server
R1

10.0.0.0/8
F0/0

Conguring the Router and the PC


Router 1
Router>en
Router#Cong t
Router(cong)#Hostname R1
R1(cong)#interface Loopback 0
R1(cong-if)#ip address 1.0.0.1 255.0.0.0
R1(cong-if)#interface E 0/0
R1(cong-if)#ip address 10.0.0.1 255.0.0.0
R1(cong-if)#no shut
R1(cong-if)#line console 0
R1(cong-line)#login
R1(cong-line)#logging synch
R1(cong-line)#no ip domain-lookup
R1(cong-line)#end
R1#wr

PC
IP Address : 10.0.0.2
Subnet Mask : 255.0.0.0
Default Gateway : 10.0.0.1

157

Backing up Startup-cong to Tftp-Server


Double-click the Cisco TFTP Server Icon on your Desktop.
What is the IP address of the TFTP Server?
What is the default directory for the TFTP Server?
Switch to Hyper terminal.
In Privilege Exec, Ping the IP address of the TFTP Server (Ping 10.0.0.2)
Are you successful?
Type
Router#copy startup-cong tftp
Specify the IP address of the TFTP server as the Remote Server.
Specify Startup-cong as the destination lename for the le.

Verifying the creation of the le


Open Windows Explorer and browse to the Default TFTP Server folder.
Do you see the Startup-cong le?
Open it with notepad.

158

Lab 2 Restoring the Startup-cong


from a TFTP Server
Delete the startup-cong le
In Privilege Exec, type
Router#erases startup-cong

Restoring Startup-cong from the Tftp-Server


In Privilege Exec, Ping the IP address of the TFTP Server (Ping 10.0.0.2).
Type
Router#copy tftp startup-cong
Follow the prompts to restore the le.

Verifying the restoration of the Startup-cong le


In Privilege Exec, type
Router#show startup-cong
Check the conguration.
.

159

Lab 3 Backup IOS Using Cisco


TFTP Server
Finding the name of the IOS File
In Privilege Exec, type
Router#show ash
What is the name of the IOS File? _______________

Backing up your IOS to a TFTP Server


Double-click the Cisco TFTP Server icon on the Desktop, if not already open.
In Privilege Exec, type
Router#copy ash tftp
Follow the prompts using the lename of your IOS.
Switch to the Cisco TFTP Server program and notice the le being copied.
Once the copying is done, verify the creation of the le in the default folder for the Cisco
TFTP Server.

160

Lab 4 Upgrading the IOS from a


TFTP Server
Upgrading IOS from the Tftp-Server
In Privilege Exec, Ping the IP address of the TFTP Server (Ping 10.0.0.2)
Type
Router#copy tftp ash
Follow the prompts to restore the le.
Why does it ask you to erase ash before proceeding? _______________

161

Lab 5 Recovering IOS from a TFTP


Server
Simulating a lost or corrupted IOS
In Privilege Exec, type
Router#erase ash
To delete the ash and simulate a corruption of the IOS.
Type,
Router#reload
To restart the router.

Setting up the TFTP parameters in rommon Mode


When the router reloads, what mode does it go into and why?
As the router did not load the startup-cong, it does not have any IP conguration to
connect to the TFTP Server.
To set IP conguration parameters, use the following commands: (The commands are
case-sensitive)
IP ADDRESS=10.0.0.1
IP_SUBNET_MASK=255.0.0.0
DEFAULT_GATEWAY=10.0.0.1
TFTP_SERVER=10.0.0.2
TFTP_FILE=(IOS Filename)

Recovering the IOS


Type
rommon>tftpdnld
Verify the parameters and type y to start the download.
Once the download is done, reload the router.
Can you get in?
Is your old conguration le still valid?
Why was the conguration le still intact?

162

Notes:

163

Notes:

164

Notes:

165

Notes:

166

Notes:

167

Notes:

168

Notes:

169

Notes:

170

Notes:

171

Notes:

172

Notes:

173

Cisco Certied Network Associate (CCNA 200-120)


Lab Manual
Comprehensive Coverage of the Cisco Certied Network Associate Course Topics

Khawar Butt, CCIE # 12353 and CCDE # 20110020


Khawar Butt is a self-made man who has carved out a prestigious position in the IT Industry
as a Top-Notch Engineer. He has created history in the eld of Network Engineering. He is
currently the only person in the World who is endowed with 5 CCIE Certications along with
the prestigious CCDE certication.
He started his professional career in 1992 as a Network Consultant at a Networking rm in
Los Angeles, California. In 1996 he started his rst company for consulting and training
under the name of Trinet Networking & Training in Los Angeles. The company started by
designing Internetworks for varied big and small companies. Some of the Networks designed
by him and his company include Boeing, US Army, NASA, HBO, Verizon, Nestle and
Computer Sciences Corporation.
KBITS is an ICT services & solutions provider, System integrator and an IT training &
certication company that uses its technology expertise, In-depth Training methodology
and entrepreneurial spirit to accelerate the business ambitions of its clients and students.
With Khawar Butt worlds only Penta CCIE & CCDE resource, at the helm of operations,
KBITS is headed by one of the most respected names in the networking industry globally. He
is ably supported by a team of highly experienced and technology experts who allow it to
harness the latest technology which in turn helps customers to do business more effectively
and efciently. Our rich clientele list is ready to vouch for us. Our partners include
VMWARE, CISCO, MICROSOFT, CHECKPOINT, JUNIPER, LINUX etc. We at KBITS will take
care of all your hardware purchasing to deploying custom based solutions. For training
purposes, KBITS uses latest curriculum designed and developed by Khawar Butt. The
curriculum is imparted by an experienced faculty of multiple CCIEs with rich industrial
experience. To infuse energy and experience, all training is done on live devices and live
networks.

Copyright 2014-2016, KBITS Pvt. Ltd.


KBITS is the trademark of Khawar Butt Infotech Technologies Solution Pvt. Ltd.
*CCIE and CCDE logo are registered logo of Cisco Systems, San Jose, California, U.S.

You might also like