Professional Documents
Culture Documents
Authored By
Khawar Butt
Penta CCIE #12353
CCDE# 20110020
www.kbits.in
7
128
0
6
64
0
5
32
0
4
16
0
3
8
0
2
4
0
1
2
0
0
1
0
Decimal
Value =
0
7
128
1
6
64
1
5
32
1
4
16
1
3
8
1
2
4
1
1
2
1
0
1
1
Decimal
Value =
255
1
128
128+
1
64
64+
1
32
32+
1
16
16+
1
8
8+
1
4
4+
1
2
2+
1
1
1+
Decimal
Value =
255
Here is a sample octet conversion when not all of the bits are set to 1.
0
128
0
1
64
64+
0
32
0
0
16
0
0
8
0
0
4
0
0
2
0
1
1
1+
Decimal
Value =
65
And this is sample shows an IP address represented in both binary and decimal.
10.
1.
23.
19
(Decimal)
00001010.00000001.00010111.00010011 (Binary)
These octets are broken down to provide an addressing scheme that can accommodate
large and small networks. There are ve different classes of networks, A to E.
Given an IP address, its class can be determined from the three high-order bits.
The following gure shows the signicance in the three high order bits and the range of
addresses that fall into each class. For informational purposes, Class D and Class E
addresses are also shown.
Class A
0
1
2
3
4
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
0
<
24 bits (Host ID)
>
<
NET ID
>
1.0.0.0 - 127.255.255.255
Class B
0
1
2
3
4
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
1 0
<
16 bits (Host ID)
>
<
NET ID
>
182.0.0.0 - 191.255.255.255
Class C
0
1
2
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
1 1 0
<
NET ID
3
4
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
< 8 bits (Host ID) >
>
192.0.0.0 - 223.255.255.255
Class D
0
1
2
3
4
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
1 1 1 0
Multicast Group ID 28 bit
Multicast
224.0.0.0 - 239.255.255.255
Class E
0
1
2
3
4
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
1 1 1 1
0
27 bit (Future Use)
Experimental
240.0.0.0 - 254.255.255.255
2
In a Class A address, the rst octet is the network portion, Octets 2, 3, and 4 (the next 24
bits) are for the network manager to divide into subnets and hosts as he/she sees t.
Class A addresses are used for networks that have more than 65,536 hosts (actually, up
to 16777214 hosts!).
In a Class B address, the rst two octets are the network portion, Octets 3 and 4 (16 bits)
are for local subnets and hosts. Class B addresses is used for networks that have
between 256 and 65534 hosts.
In a Class C address, the rst three octets are the network portion, Octet 4 (8 bits) is for
local subnets and hosts perfect for networks with less than 254 hosts.
In class D, all four octets are network portion so leaving no host portion. All class D
addresses have been reserved for multicast.
Network Masks
A network mask helps you know which portion of the address identies the network and
which portion of the address identies the node. Class A, B, and C networks have default
masks, also known as natural masks, as shown here:
Class A : 255.0.0.0
Class B : 255.255.0.0
Class C : 255.255.255.0
An IP address on a Class A network that has not been subnetted would have an
address/mask pair similar to: 8.20.15.1 255.0.0.0. To see how the mask helps you
identify the network and node parts of the address, convert the address and mask to
binary numbers.
8.20.15.1 = 00001000.00010100.00001111.00000001
255.0.0.0 = 11111111.00000000.00000000.00000000
Once you have the address and the mask represented in binary, then identifying the
network and host ID is easier. Any address bits which have corresponding mask bits set
to 1 represent the network ID. Any address bits that have corresponding mask bits set to
0 represent the node ID.
8.20.15.1 = 00001000.00010100.00001111.00000001
255.0.0.0 = 11111111.00000000.00000000.00000000
NW ID = 00001000 = 8
HOST ID = 00010100.00001111.00000001 = 20.15.1
Understanding Subnetting:
Subnetting allows you to create multiple logical networks that exist within a single Class
A, B, or C network. If you do not subnet, you are only able to use one network from your
Class A, B, or C network, which is unrealistic. Each data link on a network must have a
unique network ID, with every node on that link being a member of the same network. If
you break a major network (Class A, B, or C) into smaller subnetworks, it allows you to
create a network of interconnecting subnetworks. Each data link on this network would
then have a unique network/subnetwork ID.
In order to subnet a network, extend the natural mask using some of the bits from the
host ID portion of the address to create a subnetwork ID. For example, given a Class C
network of 204.17.5.0 which has a natural mask of 255.255.255.0, you can create
subnets in this manner:
204.17.5.0
- 11001100.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
<--------------------------|SUB|---By extending the mask to be 255.255.255.224, you have taken three bits (indicated by
"sub") from the original host portion of the address and used them to make subnets. With
these three bits, it is possible to create eight subnets. With the remaining ve host ID
bits, each subnet can have up to 32 host addresses, 30 of which can actually be assigned
to a device since host ids of all zeros or all ones are not allowed (it is very important to
remember this). So, with this in mind, these subnets have been created.
For example,
204.17.5.32/27
denotes the network 204.17.5.32 with subnet mask of 255.255.255.224
Take a look at how a Class B network might be subnetted. If you have network
172.16.0.0, then you know that its natural mask is 255.255.0.0 or 172.16.0.0/16.
Extending the mask to anything beyond 255.255.0.0 means you are subnetting. You can
quickly see that you have the ability to create a lot more subnets than with the Class C
network. If you use a mask of 255.255.248.0 (/21), how many subnets and hosts per
subnet does this allow for?
172.16.0.0
10101100.00010000.00000000.00000000
255.255.248.0 11111111.11111111.11111000.00000000
-|sub|
You are using ve bits from the original host bits for subnets. This allows you to have 32
subnets. After using the ve bits for subnetting, you are left with 11 bits for host
addresses. This allows each subnet so have 2048 host addresses, 2046 of which could be
assigned to device.
Chapter at a Glance
1. IP addresses must be unique in a network.
2. IP addresses only have meaning when read in conjunction with a subnet mask
ANDing.
3. 32 bits (0 or 1) divided into 4 octets.
4. IP address has two portions network and host.
5. Each octet has a decimal value range of 0 to 255, except for the rst octet, which is
1 to 255.
6. The network portion can not be all 0's nor all 1's.
7. The rst octet can not be 127 (network), this is reserved for loopback and also to
check if protocol stack is correctly congured. Errors can easily be resolved by
reloading TCP/IP and rebooting.
8. The host portion can not be all 0's this denes the network address.
9. The host portion can not be all 1's this denes a broadcast in that particular
network.
10. The IP address 255.255.255.255 denes a general broadcast.
Useful Statistics
1st Octet
Range
(Decimal)
1st
octet
Struct.
(Binary)
1 127
0XXXXXXX
128 191
Total
No. of NW
Maximum
Number
of H/N
Address
Struct.
Default Mask
27-2
126
224-2
16,777,214
N.H.H.H
255.0.0.0
10XXXXXX
214
16,384
216-2
65,534
N.N.H.H
255.255.0.0
192 223
110XXXXX
221
2,097,152
28-2
254
N.N.N.H
255.255.255.0
224 239
1110XXXX
240 255
1111XXX0
Class
Subnetting
Steps of Subnetting
1. Find the number of networks required.
2. Find the number of bits to borrow (Use the chart below).
...
...
10
1024
9
512
8
256
7
128
6
64
5
32
4
16
3
8
2
4
1
2
0
1
...
...
10
1024
9
512
8
256
7
128
6
64
5
32
4
16
3
8
2
4
1
2
0
1
Increment No.
3. Find the Increment number on the chart.
In the above example, increment no. = 16
4. Write the New mask (256 Increment)
5. Write the new network numbers. Use the increment to write the numbers. First
network will be the increment and the last network will be one increment less than the
mask.
6. Write the range of valid hosts and the broadcast address for each network.
(Note to the instructor: Please explain the subnetting steps by solving examples
each from Class A, Class B and Class C)
Subnetting Exercises
1. You have a Class C address of 192.168.5.0. You would like to break it into 7 Subnets.
Write the new Subnet Mask, First, Last and Broadcast addresses for the new
Subnetworks.
2. You have a Class B address of 150.5.0.0. You would like to break it into 15 Subnets.
Write the new Subnet Mask, First, Last and Broadcast addresses for the First 5
Subnetworks.
3. You have a Class A address of 50.0.0.0. You would like to break it into 50 Subnets.
Write the new Subnet Mask, First, Last and Broadcast addresses for the First 5
Subnetworks.
4. If you have sub-netted a network 172.16.0.0 with a mask of /20. Which of the
following addresses are broadcast addresses? (Choose all that apply)
172.16.32.255
172.16.47.255
172.16.79.255
172.16.159.255
5. What would your subnet mask be if you want 5 networks with 20 hosts each?
6. You are required to break the 172.15.0.0 network into subnets having a capacity of
450 hosts with the maximum allowed subnets. What would your mask be?
7. Convert 1101 1001 into Decimal and Hex.
8. If your mask is 255.255.255.224, which of the following addresses are valid IP
Addresses? (Choose all that apply)
192.165.4.37
195.5.2.63
172.6.5.32
11.5.1.94
9. If your mask on a Class C network is /29, how many subnets and host per subnet do
you have?
10. What is the binary range of Class A, Class B and Class C addresses?
11. If you routers ID is 192.168.1.60/240, what is the range of valid addresses that you
can congure for a PC connected to the same Interface?
Layer
Layer
Layer
Layer
Layer
Layer
Layer
7
6
5
4
3
2
1
Application
Presentation
Session
Transport
Network
Data Link
Physical
Port
Application
20, 21
23
FTP
TELNET
69
70
TFTP
GOPHER
25
53
67
SMTP
DNS
DHCP Server
80
119
161
HTTP
NNTP
SNMP
68
DHCP Client
179
BGP
10
LAN
WAN
11
TCP Overview
1. TCP = Transmission Control Protocol
Connection-oriented protocol
Provides a reliable unicast end-to-end byte stream over an unreliable internetwork.
2. Before any data transfer, TCP establishes a connection:
One TCP entity is waiting for a connection (server)
The other TCP entity (client) contacts the server
3. The actual procedure for setting up connections is more complex.
4. Each connection is full duplex.
5. Byte stream is broken up into chunks which are called segments
6. Receiver sends acknowledgments (ACKs) for segments
7. TCP maintains a timer. If an ACK is not received in time, the segment is retransmitted.
8. Detecting errors:
TCP has checksums for header and data.
Segments with invalid checksums are discarded
Each byte that is transmitted has a sequence number.
9. To the lower layers, TCP handles data in blocks, the segments.
10. To the higher layers TCP handles data as a sequence of bytes and does not
identify boundaries between bytes
11. So: Higher layers do not know about the beginning and end of segments!
CLIENT
SERVER
12
13
Router Basics
Router Conguration Sources
Routers can be congured from:
1. Console terminal.
2. Auxiliary port externally, via modems.
3. Virtual terminals (Telnet) after installation.
Router Modes
1. User EXEC mode (look, but don't change)
Automatically enter this mode when router is turned on.
You can perform basic tasks, such as connect to remote devices, perform basic tests.
Prompt : Router>
14
15
Welcome Banner
1. Displayed when router is accessed
2. Displayed prior to prompting for a password
3. Syntax :
Router(cong)#banner motd #message#
Router#show ash
1. Shows information on Flash memory device includes all IOS images
16
Router Passwords
Setting Console Password
To set the Line Console Password
Router(cong)#line con 0
Router(cong)#login
Router(cong)#password xxxxxx
17
18
19
20
Type Router>enable.
Type Router#? followed by the spacebar key until you return back to the prompt.
Did you see more commands when Typed Router#? in Privileged Mode than in User
Mode?
Cisco Help is Context sensitive. It displays help based on where you typed ?
If you wanted to nd out about all the commands that start with a specic letter, you can
type that letter followed by ?. It will only display commands that start with that letter.
Type Router#s?. What does it show you?
To go to the Global Conguration mode, type Router# congure terminal from the
Privileged Mode. You can also type Router#cong t to have the same effect. Your
prompt should look like Router(cong)#. This is the prompt for Global Conguration
Mode.
Type Router#exit. To go down one level you could use exit.
Type Router#disable. This should take you to User Exec Mode. Can we get to
conguration mode from here?
Type Router#Cong t. What happens?
Type Router>en. Your prompt should look like Router#.
Type Router#cong t. Your Prompt should like Router (cong)#. Can we logout from
here?
Type Router# logout. What happens?
21
Terminal History
What happened when we pressed up arrow?
Type Router#show history. It shows the last set of commands you have typed. By
default, the router will keep track of the last 10 commands.
Type Router#terminal history size 100 to change the history size to 100.
Type Router#show terminal to see the change. (Towards the bottom of the output)
22
Editing Keys
Press CTRL P. It will show you the Previous Command.
Press CTRL-P. It will show you the command you typed before the previous command.
Press CTRL N. It will show you the Next Command.
Where is the cursor at? Let us say that you want to change something at the beginning of
the line. Rather than using the arrow keys to scroll to the beginning of the line, you can
accomplish the same by pressing CTRL A.
Press CTRL-A. The cursor should be at the beginning of the line.
Press CTRL E. CTRL-E takes the cursor to the end of the line.
Show Commands
All show commands are typed in Privilege Exec Mode (#).
Type router#show interface serial0/0.
What is the status of the line?
What is the Encapsulation type on the Serial interface?
Type router#show version.
What does this command display?
What is the name of the le that was used to boot the Router?
How many interfaces does your router have?
Type router#show ip interface brief.
What does this command display?
23
24
25
26
27
28
S0/0
R1
R2
29
30
31
32
33
Routing Protocols
Routing Tables
Routers build routing tables initially based on their directly connected networks.
If addition to directly connected networks, Routers can learn about destinations in one
of three ways:
Static Routes: Manually added to the routing tables by the administrator.
Default Routes: Manually added to the routing table by the administrator to dene a
Default Gateway for the router. If the routing table does not have an entry for a
destination network, send the packet to the Default Route.
Dynamically : Learned through a Routing Protocol.
Routing tables are used to send data along specic paths to reach a particular
destination.
Routers need to exchange routing tables so they can route data to networks that are not
directly connected to them.
Routers require a Routing Protocol in order to exchange routing tables with their
neighboring routers and advertise networks.
Static Routes
Static Routes are User-dened, manually created routes.
The administrator creates Static Routes in a Cisco Router using the ip route Command
Syntax : ip route destination-network subnet-mask Next-Hop-Router-IP-Address
{distance}
Example: ip route 11.0.0.0 255.0.0.0 10.0.0.2
Default Routes
Default Routes dene a router as the default router for your router. When there is no
entry for the destination network in a routing table, the router will forward the packet to
its default router. Default routes help in reducing the size of your routing table.
Syntax : ip route 0.0.0.0 0.0.0.0 next-hop-router
Example: ip route 0.0.0.0 0.0.0.0 10.0.0.2
34
Administrative Distance
Rating of the Trustworthiness of a routing information source.
The Number is between 0 and 255
The higher the value, the lower the trust. For example, 255 signify no trust and therefore
it is ignored.
Lowest administrative distance is always chosen as the routing protocol to use to
transport data.
Default administrative distances for common protocols are as follows :
Connected=0
Static Routes=1
EIGRP=90
35
OSPF=110
RIP=120
Broadcast Update: are used by routers to nd other routers when they come online.
They send their routing table to Broadcast address of 255.255.255.255, if the
neighboring router talks the same routing protocol, it will respond and routers now
know of each other.
Route Invalidation Timers: is the time that must pass before a Router considers a
route to be invalid. If network 5.0 is connected to Router A and it goes down, Router A
will notify its neighboring router, Router B of that fact. But what if Router A goes down?
This problem is handled by Route Invalidation Timer for each entry in the routing
table. When Router B rst hears about network 5.0 from Router A, it will set a route
invalidation timer for that route. Since Router A was the one that gave him the news it
expects Router A to keep updating that information on regular periodic updates,
however if Router A fail to do so and misses x number of periodic updates, Router B will
set that route in the routing table to unreachable.
36
37
38
Example :
router>en
router#cong t
router(cong)#Interface serial 0/0
router(cong-if)#Ip address 110.0.0.1 255.0.0.0
router(cong-if)#Clock rate 1000000
router(cong-if)#no shutdown
Global Conguration
Task1
Select Routing Protocol
Task 2
Specify the Interface Network Addresses
39
40
S0/0
Loopback 0
10.0.0.0/8
R1
S0/0
11.0.0.0/8
Loopback 0
12.0.0.0/8
R2
Router 1
Would you like to enter initial conguration dialog (y/n)? N
Would you like to Terminate Auto-install (y/n)? Y (if Required)
Router>en
router#Cong t
Router(cong)#Hostname R1
R1(cong)#interface Loopback 0
R1(cong-if)#ip address 10.0.0.1 255.0.0.0
R1(cong-if)#interface S 0/0
R1(cong-if)#ip address 11.0.0.1 255.0.0.0
R1(cong-if)#clock rate 128000 (if required)
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong)#ip route 12.0.0.0 255.0.0.0 11.0.0.2
Router 2
Would you like to enter initial conguration dialog (y/n)? N
Would you like to Terminate Auto-install (y/n)? Y (if Required)
router>en
router#Cong t
router(cong)#Hostname R2
R2(cong)#interface Loopback 0
R2(cong-if)#ip address 12.0.0.1 255.0.0.0
R2(cong-if)#interface S 0/0
R2(cong-if)#ip address 11.0.0.2 255.0.0.0
R2(cong-if)#clock rate 128000 (if required)
R2(cong-if)#no shut
R2(cong-if)#exit
R2(cong)#ip route 10.0.0.0 255.0.0.0 11.0.0.1
On Both Routers
RX#show ip route (where X=1 or 2)
What networks do you see listed?
Ping your partner's Loopback Interface address.
R1#ping 11.0.0.2
Are you successful?
41
S0/0
Loopback 0
10.0.0.0/8
R1
S0/0
F0/0
F0/0
21.0.0.0/8
Router 1
Router>en
Router#Cong t
Router(cong)#Hostname R1
R1(cong)#interface Loopback 0
R1(cong-if)#ip address 10.0.0.1 255.0.0.0
R1(cong-if)#interface S 0/0
R1(cong-if)#ip address 11.0.0.1 255.0.0.0
R1(cong-if)#clock rate 128000 (if required)
R1(cong-if)#no shut
R1(cong-if)#interface F 0/0
R1(cong-if)#ip address 21.0.0.1 255.0.0.0
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong)#ip route 12.0.0.0 255.0.0.0 11.0.0.2
R1(cong)#ip route 12.0.0.0 255.0.0.0 21.0.0.2
Router 2
Router>en
Router#Cong t
Router(cong)#Hostname R2
R2(cong)#interface Loopback 0
R2(cong-if)#ip address 12.0.0.1 255.0.0.0
R2(cong-if)#interface S 0/0
R2(cong-if)#ip address 11.0.0.2 255.0.0.0
R2(cong-if)#clock rate 128000 (if required)
R2(cong-if)#no shut
R2(cong-if)#interface F 0/0
R2(cong-if)#ip address 21.0.0.2 255.0.0.0
R2(cong-if)#no shut
R2(cong-if)#exit
R2(cong)#ip route 10.0.0.0 255.0.0.0 11.0.0.1
R2(cong)#ip route 10.0.0.0 255.0.0.0 21.0.0.1
42
Loopback 0
12.0.0.0/8
R2
On R1
Type
R1#show ip route 12.0.0.0
Do you see an Asterisks (*) against one of the routes?
Note: The Asterisks represents the next path the router will take to get the packet to the
destination
R1#Ping 12.0.0.1.
Type
R1#show ip route 12.0.0.0
Note: The Asterisks is against the other route.
On R2
Type
R2#show ip route 10.0.0.0
Do you see an Asterisks (*) against one of the routes?
Note: The Asterisks represents the next path the router will take to get the packet to the
destination
Type
R2#Ping 10.0.0.1.
Type
R2#show ip route 10.0.0.0
Note: The Asterisks is against the other route.
43
On R1
R1(cong)#no ip route 12.0.0.0 255.0.0.0 11.0.0.2
R1(cong)#ip route 12.0.0.0 255.0.0.0 11.0.0.2 20
On R2
R2(cong)#no ip route 10.0.0.0 255.0.0.0 11.0.0.1
R2(cong)#ip route 10.0.0.0 255.0.0.0 11.0.0.1 20
On R1
Type
R1#show ip route 12.0.0.0
How many routes do you see for the 12.0.0.0 network?
What happened to the route through 11.0.0.2?
On R2
Type
R2#show ip route 10.0.0.0.
How many routes do you see for the 10.0.0.0 network?
What happened to the route through 11.0.0.1?
On Both R1 and R2
Rx(cong)#int F 0/0
Rx(cong-if)#shut
Type
RX#show ip route
Do you see the route through the 11.0.0.0 network appear in the routing table?
Can you still ping to your partner's loopback interface?
44
255.0.0.0
255.0.0.0
255.0.0.0
255.0.0.0
On R2
Type
R1#Show ip route
Do you see routes for the new Loopback networks that were created on R1.
Do you see a route with an Asterisk?
What is the gateway of last resort?
Ping 1.0.0.1 or 2.0.0.1 or 3.0.0.1 or 4.0.0.1.
Are you successful?
45
S0/0
Loopback 0
10.0.0.0/8
R1
S0/0
11.0.0.0/8
Loopback 0
12.0.0.0/8
R2
Router 1
Router>en
Router#Cong t
Router(cong)#Hostname R1
R1(cong)#interface Loopback 0
R1(cong-if)#ip address 10.0.0.1 255.0.0.0
R1(cong-if)#interface S 0/0
R1(cong-if)#ip address 11.0.0.1 255.0.0.0
R1(cong-if)#clock rate 128000 (if required)
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong)#router rip
R2(cong-router)#network 10.0.0.0
R2(cong-router)#network 11.0.0.0
Router 2
Router>en
Router#Cong t
Router(cong)#Hostname R2
R2(cong)#interface Loopback 0
R2(cong-if)#ip address 12.0.0.1 255.0.0.0
R2(cong-if)#interface S 0/0
R2(cong-if)#ip address 11.0.0.2 255.0.0.0
R2(cong-if)#clock rate 128000 (if required)
R2(cong-if)#no shut
R2(cong-if)#exit
R2(cong)#router rip
R2(cong-router)#network 11.0.0.0
R2(cong-router)#network 12.0.0.0
On Both Routers
Type
R2#show ip route
What networks do you see listed?
Ping your partner's Loopback Interface address. Are you successful?
46
On Both Routers
Rx#debug ip rip (Where x is your Router number)
RIP:Sending V1 update to 255.255.255.255 via Serial 0/0 (11.0.0.1)
RIP:Build update entries
Network 10.0.0.0 metric 1
RIP:Sending V1 update to 255.255.255.255 via Loopback 0 (10.0.0.1)
RIP:Build update entries
Network 12.0.0.0
Network 11.0.0.0
RIP:received V1 update from 11.0.0.2 on serial 0/0
12.0.0.0 in 1 hop
Interesting Facts
Does not include the directly connected network (11.0.0.0) in its update
Does not include 12.0.0.0 network although it does exist in its routing table
The destination address is a Broadcast
It does not send periodic updates at constant intervals (Time Jitters.
On Router1
R1(cong)#int loopback 0
R1(cong-if)#shut
Rx#debug ip rip (Where x is your Router number)
RIP:build ash update entries
Network 10.0.0.0 metric 16
RIP:received v1 update from 11.0.0.0 on Serial0/0
2.0.0.0 in 16 hops (inaccessible)
RIP:sending v1 update to 255.255.255.255 via Serial0/0 (11.0.0.1)
Interesting Facts
When a route goes down, the router does not wait for Periodic Update. It sends a
Triggered update with a Poisoned route with a metric of 16
Notice R2 also sends an immediate Triggered Update back, indicating that you can't
reach 10.0.0.0 cannot be reached through it.
On Router1
R1(cong)#int loopback 0
R1(cong-if)#no shut
47
Passive Interfaces
On Both Routers
Rx(cong)#router rip
Rx(cong-router)#passive interface Loopback 0
Interesting Facts
The router stops advertising from the Loopback interface. The command is
useful for cutting down unnecessary broadcast over an interface that only has
hosts on it and no router.
48
Loopback 0
10.0.0.0/8
R1
Loopback 0
12.0.0.0/8
S0/0
F0/0
F0/0
21.0.0.0/8
R2
(Builds on Lab 6)
Router 1
Router>en
Router#Cong t
R1(cong)#interface F 0/0
R1(cong-if)#ip address 21.0.0.1 255.0.0.0
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong)#Router rip
R1(cong-router)#network 21.0.0.0
Router 2
Router>en
Router#Cong t
R2(cong)#interface F 0/0
R2(cong-if)#ip address 21.0.0.2 255.0.0.0
R2(cong-if)#no shut
R2(cong-if)#exit
R2(cong)#Router Rip
R2(cong-router)#network 21.0.0.0
On R1
Type
R1#show ip route 12.0.0.0
Do you see an Asterisks (*) against one of the routes?
Note: The Asterisks represents the next path the router will take to get the packet to the
destination
Type
R1#ping 12.0.0.1.
Type
Show ip route 12.0.0.0
Note: The Asterisks is against the other route.
49
On R2
Type
R2#Show ip route 10.0.0.0
Do you see an Asterisks (*) against one of the routes?
Note: The Asterisks represents the next path the router will take to get the packet to the
destination
Type
R2#ping 10.0.0.1
Type
R2#show ip route 10.0.0.0
Note: The Asterisks is against the other route
50
S0/0
Loopback 0
10.1.0.0/16
R1
S0/0
10.2.0.0/16
Router 1 Conguration
Router>en
Router#Cong t
Router(cong)#Hostname R1
R1(cong)#interface Loopback 0
R1(cong-if)#ip address 10.1.0.1 255.255.0.0
R1(cong-if)#interface s 0/0
R1(cong-if)#ip address 10.2.0.1 255.255.0.0
R1(cong-if)#clock rate 128000 (if required)
R1(cong-if)#no shut
R1(cong-if)#router rip
R1(cong-router)#version 2
R1(cong-router)#network 10.0.0.0
Router 2 Conguration
Router>en
Router#Cong t
Router(cong)#Hostname R2
R2(cong)#interface S 0/0
R2(cong-if)#ip address 10.2.0.2 255.255.0.0
R2(cong-if)#clock rate 128000 (if required)
R2(cong-if)#no shut
R2(cong-if)#interface Loopback 0
R2(cong-if)#ip address 10.3.0.1 255.255.0.0
R2(cong-if)#router rip
R2(cong-router)#version 2
R2(cong-router)#network 10.0.0.0
On Both Routers
Go to Privileged Exec Mode (en)
Type
R1#show ip route
What routes do you see?
Ping your partner's Loopback IP Address.
Are you successful?
51
Loopback 0
12.3.0.0/16
R2
On Both Routers
Rx#debug ip rip (Where x is your Router number)
RIP:Sending V2 update to 224.0.0.9 via Serial 0/0 (11.0.0.1)
RIP:Build update entries
Network 10.0.0.0/8 metric 1, External Tag 0
RIP:Sending V2 update to 224.0.0.9 via Loopback 0 (10.0.0.1)
RIP:Build update entries
Network 12.0.0.0/8 metric 2, External Tag 0
Network 11.0.0.0/8 metric 1, External Tag 0
RIP:received V2 update from 11.0.0.2 on serial 0/0
12.0.0.0/8 in 2 hop metric 1, External Tag 0
Interesting Facts
Update is a V2 Update
Includes the Subnet Mask
The destination address.
52
53
Basic Theory
A typical distance vector protocol saves the following information when computing the
best path to a destination: the distance (total metric or distance, such as hop count) and
the vector (the next hop). For instance, all the routers in the network in Figure 1 are
running Routing Information Protocol (RIP). Router Two chooses the path to Network A
by examining the hop count through each available path.
R4
R2
R3
R1
R5
Network A
54
Since the path through Router Three is three hops, and the path through Router One is
two hops, Router Two chooses the path through One and discards the information it
learned through Three. If the path between Router One and Network A goes down, Router
Two loses all connectivity with this destination until it times out the route of its routing
table (three update periods, or 90 seconds), and Router Three readvertises the route
(which occurs every 30 seconds in RIP). Not including any holddown time, it will take
between 90 and 120 seconds for Router Two to switch the path from Router One to
Router Three. EIGRP, instead of counting on full periodic updates to reconverge, builds
a topology table from each of its neighbor's advertisements (rather than discarding the
data), and converges by either looking for a likely loopfree route in the topology table,
or, if it knows of no other route, by querying its neighbors. Router Two saves the
information it received from both Routers One and Three. It chooses the path through
One as its best path (the successor) and the path through Three as a loopfree path (a
feasible successor). When the path through Router One becomes unavailable, Router
Two examines its topology table and, nding a feasible successor, begins using the path
through Three immediately.
From this brief explanation, it is apparent that EIGRP must provide:
a system where it sends only the updates needed at a given time; this is
accomplished through neighbor discovery and maintenance
a way of determining which paths a router has learned are loopfree
a process to clear bad routes from the topology tables of all routers on the
network
a process for querying neighbors to nd paths to lost destinations
55
EIGRP Metrics
EIGRP uses the minimum bandwidth on the path to a destination network and the total
delay to compute routing metrics. Although you can congure other metrics, we do not
recommend it, as it can cause routing loops in your network. The bandwidth and delay
metrics are determined from values congured on the interfaces of routers in the path to
the destination network.
For instance, in Figure 2 below, Router One is computing the best path to Network A.
b:56
d:2000
R3
Network A
b:10000
d:100
R4
R1
R2
b:10000
d:100
b:128
d:2000
It starts with the two advertisements for this network: one through Router Four, with a
minimum bandwidth of 56 and a total delay of 2200; and the other through Router
Three, with a minimum bandwidth of 128 and a delay of 1200. Router One chooses the
path with the lowest metric.
Let us compute the metrics. EIGRP calculates the total metric by scaling the bandwidth
and delay metrics.
EIGRP uses the following formula to scale the bandwidth:
Bandwidth = (10000000/bandwidth (i)) * 256
Where bandwidth (i) is the least bandwidth of all outgoing interfaces on the route to
the destination network represented in kilobits.
EIGRP uses the following formula to scale the delay:
Delay = delay (i) * 256
Where delay (i) is the sum of the delays congured on the interfaces, on the route to
the destination network, in tens of microseconds so you must divide by 10 before you
use it in this formula.
56
Chapter at a Glance
1. Was Cisco proprietary routing protocol.
2. Became open standard in February 2013.
3. First released in 1994 with IOS version 9.21.
4. Advance Distance Vector/Hybrid routing protocol that has the behavior of
distance vector with several Link State features, such as dynamic neighbor
discovery.
Rapid Convergence: EIGRP uses DUAL to achieve rapid convergence. It stores a backup
route if one is available, so it can quickly re-converge incase a route goes down. If no
backup route exists, EIGRP will send a query to its neighbor/s to discover an alternate
path. These queries are propagated until an alternate route is found.
Reduced Bandwidth Usage/Incremental Updates: In EIGRP updates are still sent to
directly connected neighbors, much like distance vector protocols, but these updates
are:
Non-Periodic: The updates are not sent at regular intervals, rather when a metric or a
topology change occurs.
Partial: Updates will include the routes that are changed and not every route in the
routing table.
Bounded: Updates are sent to affected routers only.
Another issue regarding bandwidth usage is the fact that EIGRP by default will only
consume 50% of the bandwidth of the link during convergence. This parameter can be
adjusted to a higher or lower value enter the following command in interface sub-cong
mode:
ip bandwidth-percent eigrp <AS number> <number that represents the %age>
57
Classless Routing Protocol: This means that advertised routes will include their
subnet mask, this feature will eliminate the issue pertaining to discontiguous networks.
VLSM and Manual Summarization is also supported on any router within the enterprise.
Security: With IOS version 11.3 or better, EIGRP can authenticate using only MD5, the
reason EIGRP does not support clear text is because, EIGRP can only be used within
CISCO routers, and all Cisco routers support MD5 authentication. But the routes are
not encrypted, so a sniffer can easily see the password/s.
Multiple Network Layer Protocol Support: EIGRP can support IP, IPX, and AppleTalk,
whereas the other routing protocols support only one routed protocol. EIGRP will also
perform auto-redistribution with NLSP, IPXRIP, RTMP. EIGRP supports incremental
SAP and RIP updates, 224 HOPS, and it uses bandwidth + delay which is far more better
than just Ticks and Hops used by IPXRIP. For RTMP it supports event driven updates,
but it must run in a clientless networks(WAN), and also a better metric calculation.
Use of Multicast Instead Of Broadcast: EIGRP uses multicast address of 224.0.0.10
instead of broadcast.
58
Background Information
OSPF protocol was developed due to a need in the internet community to introduce a
high functionality nonproprietary Internal Gateway Protocol (IGP) for the TCP/IP
protocol family. The OSPF protocol is based on linkstate technology, which is a
departure from the BellmanFord vector based algorithms used in traditional Internet
routing protocols such as RIP. OSPF has introduced new concepts such as
authentication of routing updates, Variable Length Subnet Masks (VLSM), route
summarization, and so forth.
59
Some enhancements were introduced in a new version of RIP called RIP2. RIP2
addresses the issues of VLSM, authentication, and multicast routing updates. RIP2 is
not a big improvement over RIP (now called RIP 1) because it still has the limitations of
hop counts and slow convergence which are essential in today's large networks
OSPF, on the other hand, addresses most of the issues previously presented:
1. With OSPF, there is no limitation on the hop count.
2. The intelligent use of VLSM is very useful in IP address allocation.
3. OSPF uses IP multicast to send linkstate updates. This ensures less
processing on routers that are not listening to OSPF packets. Also, updates are
only sent in case routing changes occur instead of periodically. This ensures a
better use of bandwidth.
4. OSPF has better convergence than RIP. This is because routing changes are
propagated instantaneously and not periodically.
5. OSPF allows for better load balancing.
6. OSPF allows for a logical denition of networks where routers can be divided
into areas. This limits the explosion of link state updates over the whole
network. This also provides a mechanism for aggregating routes and cutting
down on the unnecessary propagation of subnet information.
60
Neighbors
Routers that share a common segment become neighbors on that segment. Neighbors
are elected via the Hello protocol. Hello packets are sent periodically out of each interface
using IP multicast . Routers become neighbors as soon as they see themselves listed in
the neighbor's Hello packet. This way, a two way communication is guaranteed. Two
routers will not become neighbors unless they agree on the following:
Areaid: Two routers having a common segment; their interfaces have to belong to the
same area on that segment. Of course, the interfaces should belong to the same subnet
and have a similar mask.
Authentication: OSPF allows for the conguration of a password for a specic area.
Routers that want to become neighbors have to exchange the same password on a
particular segment.
Hello and Dead Intervals: OSPF exchanges Hello packets on each segment. This is a
form of keepalive used by routers in order to acknowledge their existence on a segment
and in order to elect a designated router (DR) on multi-access segments. The Hello
interval species the length of time, in seconds, between the hello packets that a router
sends on an OSPF interface. The dead interval is the number of seconds that a router's
61
hello packets have not been seen before its neighbors declare the OSPF router down.
OSPF requires these intervals to be exactly the same between two neighbors. If any of
these intervals are different, these routers will not become neighbors on a particular
segment. The router interface commands used to set these timers are:
ip ospf hellointerval seconds
ip ospf deadinterval seconds.
Stub area ag: Two routers have to also agree on the stub area ag in the Hello packets
in order to become neighbors. Stub areas will be discussed in a later section. Keep in
mind for now that dening stub areas will affect the neighbor election process.
Adjacencies
Adjacency is the next step after the neighboring process. Adjacent routers are routers
that go beyond the simple Hello exchange and proceed into the database exchange
process. In order to minimize the amount of information exchange on a particular
segment, OSPF elects one router to be a designated router (DR), and one router to be a
backup designated router (BDR), on each multiaccess segment. The BDR is elected as a
backup mechanism in case the DR goes down. The idea behind this is that routers have a
central point of contact for information exchange. Instead of each router exchanging
updates with every other router on the segment, every router exchanges information
with the DR and BDR. The DR and BDR relay the information to everybody else.
DR Election
DR and BDR election is done via the Hello protocol. Hello packets are exchanged via IP
multicast packets on each segment. The router with the highest OSPF priority on a
segment will become the DR for that segment. The same process is repeated for the BDR.
In case there is a tie, the router with the highest RID will become a DR. The default for the
interface OSPF priority is one.
62
The areaid is the area number we want the interface to be in. The areaid can be an
integer between 0 and 4294967295 or can take a form similar to an IP address A.B.C.D.
Chapter at a Glance
1. OSPF Version 1 was specied in RFC 1131 in 1988. This protocol was nalized in
1989.
2. OSPF Version 2 (Current version). The most recent specications are specied in RFC
2328.
3. Scales better than Distance Vector Routing protocols. It virtually has no practical Hop
Count Limit.
4. Provides Load Balancing (Equal and Unequal).
5. Introduces the concept of Area's to ease management and control trafc.
6. Provides Authentication.
7. Uses Multicast versus Broadcasts.
8. Convergence is faster than in Distance Vector Routing protocols. The reason for that is
it oods the changes to all neighboring routers simultaneously rather than in a chain.
9. Supports Variable Length Subnet Masking (VLSM), FLSM and Supernetting.
10. Provides bit-based Route summarization.
11. There are no periodic updates. Updates are only sent when there are changes.
12. Router only sends changes in updates and not the entire full tables.
13. OSPF uses a Cost Value, instead of hop count. Cost is based on the speed of the link.
Cost = 108/Bandwidth.
14. Classless Routing Protocol.
15. It relies on IP to deliver the Packets. Use port 89.
16. Area is a logical grouping of OSPF routers.
17. Areas divide an OSPF domain into sub-domains.
18. Areas allow OSPF to be extremely scalable.
19. Areas reduce the Memory, CPU utilization and amount of trafc in a network.
20. Most of the trafc can be restricted to within the area.
21. Routers within an area will have no detailed knowledge of the topology outside of
their area.
22. Reduced size of the Database reduces Memory requirements for the routers.
23. Area's identied by a 32-bit Area ID. Can be denoted in Decimal format(0) or Dotted
format (0.0.0.0)
24. OSPF requires one area to be Area 0, known as the backbone area.
25. Backbone area or Area 0, connects all the other area to each other.
Three types of Trafc may be dened in relation to areas:
1. Intra-area trafc consists of packets that are passed between routers within a
single area.
2. Inter-area trafc consists of packets that are passed between routers in
different areas.
3. External trafc consists of packets that are passed between a router within
the OSPF domain and a router within another Autonomous system.
63
64
S0/0
Loopback 0
1.1.0.0/8
R1
S0/0
192.1.1.0/24
R1 Conguration
Interface
Loopback0
S0/0
IP Address
1.1.1.1
192.1.1.1
Subnet Mask
255.255.255.0
255.255.255.0
R2 Conguration
Interface
Loopback0
S0/0
IP Address
2.2.2.2
192.1.1.2
Subnet Mask
255.255.255.0
255.255.255.0
On R1
Router#conf t
Router(cong)#hostname R1
R1(cong)#router eigrp 1
R1 (cong-router)#net 1.0.0.0
R1 (cong-router)#net 192.1.1.0
On R2
Router#conf t
Router(cong)#hostname R2
R2(cong)#router eigrp 1
R2(cong-router)#net 2.0.0.0
R2(cong-router)#net 192.1.1.0
65
Loopback 0
2.0.0.0/8
R2
Address
Interface
192.1.1.2
Se0/0
Hold
(sec)
10
Uptime
00:06:21
SRTT
(ms)
12
RTO
Cnt
200
66
Q
0
Seq
Num
2
S0/0
Loopback 0
1.0.0.0/8
R1
F0/0
S0/0
192.1.12.0/24
F0/0
192.1.14.0/24
F0/0
S0/0
Loopback 0
4.0.0.0/8
R4
IP Address
1.1.1.1
192.1.12.1
192.1.14.1
192.1.34.0/24
Subnet Mask
255.255.255.0
255.255.255.0
255.255.255.0
R2 Conguration
IP Address
2.2.2.2
192.1.12.2
192.1.23.2
Subnet Mask
255.255.255.0
255.255.255.0
255.255.255.0
R3 Conguration
Interface
Loopback0
S0/0
F0/0
IP Address
3.3.3.3
192.1.34.3
192.1.23.3
Loopback 0
3.0.0.0/8
S0/0
R1 Conguration
Interface
Loopback0
S0/0
F0/0
R2
192.1.23.0/24
F0/0
Interface
Loopback0
S0/0
F0/0
Loopback 0
2.0.0.0/8
Subnet Mask
255.255.255.0
255.255.255.0
255.255.255.0
67
R3
R4 Conguration
Interface
Loopback0
S0/0
F0/0
IP Address
4.4.4.4
192.1.34.4
192.1.23.2
Subnet Mask
255.255.255.0
255.255.255.0
255.255.255.0
On R1
R1(cong)#Router eigrp 1
R1(cong-router)#net 1.0.0.0
R1(cong-router)#net 192.1.12.0
R1(cong-router #net 192.1.14.0
On R2
R2(cong)#Router eigrp 1
R2(cong-router)#net 2.0.0.0
R2(cong-router)#net 192.1.12.0
R2(cong-router)#net 192.1.23.0
On R3
R3(cong)#Router eigrp 1
R3(cong-router)#net 3.0.0.0
R3(cong-router)#net 192.1.23.0
R3(cong-router)#net 192.1.34.0
On R4
R4(cong)#Router eigrp 1
R4(cong-router)#net 4.0.0.0
R4(cong-router)#net 192.1.34.0
R4(cong-router)#net 192.1.14.0
Type
R1#sh ip route
Do you see all the routes?
Type
R1#sh ip eigrp neighbor
Who are your neighbors
Type
R1#sh ip eigrp topology
68
Loopback 0
1.0.0.0/8
R1
S0/0
192.1.1.0/24
Loopback 0
2.0.0.0/8
R2
R1 Conguration
Interface
Loopback0
S0/0
IP Address
1.1.1.1
192.1.1.1
Subnet Mask
255.255.255.0
255.255.255.0
R2 Conguration
Interface
Loopback0
S0/0
IP Address
2.2.2.2
192.1.1.2
Subnet Mask
255.255.255.0
255.255.255.0
On R1
Router#conf t
Router(cong)#hostname R1
R1(cong)#Router ospf 1
R1(cong-router)#net 1.0.0.0 0.255.255.255 area 0
R1(cong-router)#net 192.1.1.0 0.0.0.255 area 0
On R2
Router#conf t
Router(cong)#hostname R2
R2(cong)#Router ospf 1
R2(cong-router)#net 2.0.0.0 0.255.255.255 area 0
R2(cong-router)#net 192.1.1.0 0.0.0.255 area 0
Test the Conguration
Type
R1#show ip route
What routes do you see?
Type
R1#show ip ospf neighbor
Notice the State (Full/-). There is no DR or BDR in a Point-to-point network.
Type
R1#show ip ospf int s 0/0
Notice the Network Type is POINT-TO-POINT and No DR or BDR information
is displayed.
69
R1
Loopback 0
1.0.0.0/8
Loopback 0
2.0.0.0/8
F0/0
Loopback 0
4.0.0.0/8
192.1.100.0/24
F0/0
F0/0
R4
R3
R1 Conguration
Interface
Loopback0
F0/0
R2 Conguration
Interface
Loopback0
F0/0
R3 Conguration
Interface
Loopback0
F0/0
R4 Conguration
Interface
Loopback0
F0/0
F0/0
70
Loopback 0
3.0.0.0/8
Objective: Conguring OSPF over an Ethernet network and getting used to different
Show commands
On R1
R1(cong)#Router ospf 1
R1(cong-router)#net 1.0.0.0 0.255.255.255 area 0
R1(cong-router)#net 192.1.100.0 0.0.0.255 area 0
On R2
R2(cong)#Router ospf 1
R2(cong-router)#net 2.0.0.0 0.255.255.255 area 0
R2(cong-router)#net 192.1.100.0 0.0.0.255 area 0
On R3
R3(cong)#Router ospf 1
R3(cong-router)#net 3.0.0.0 0.255.255.255 area 0
R3(cong-router)#net 192.1.100.0 0.0.0.255 area 0
On R4
R4(cong)#Router ospf 1
R4(cong-router)#net 4.0.0.0 0.255.255.255 area 0
R4(cong-router)#net 192.1.100.0 0.0.0.255 area 0
Pri
1
1
1
State
FULL/DROTHER
FULL/DROTHER
FULL/BDR
Dead Time
00:00:39
00:00:39
00:00:39
Address
192.1.100.2
192.1.100.3
192.1.100.4
Interface
F0/0
Fa0/0
F0/0
The following sections describe the show ip ospf neighbor command output.
Priority
The Pri eld indicates the priority of the neighbor router. The router with the highest
priority becomes the designated router (DR). If the priorities are the same, then the
router with the highest router ID becomes the DR. By default, priorities are set to 1. A
router with a priority of 0 never becomes a DR or a backup designated router (BDR); it is
always a DROTHER, meaning a router that is neither the DR nor the BDR.
71
State
The State eld indicates the functional state of the neighbor router. Refer to OSPF
Neighbor States for more information about states. FULL means the router is fully
adjacent with its neighbor. The neighbor is the DR, so it is Router 1.
Dead Time
The Dead Time eld indicates the amount of time remaining that the router waits to
receive an OSPF hello packet from the neighbor before declaring the neighbor down. On
broadcast and pointtopoint media, the default dead interval is 40 seconds. On
nonbroadcast and pointtomultipoint links, the default dead interval is 120 seconds.
Address
The Address eld indicates the IP address of the interface to which this neighbor is
directly connected. In the case of unnumbered links, this eld shows the IP address of
the interface to which the neighbor is unnumbered. When OSPF packets are transferred
to the neighbor, this address will be the destination address.
Interface
The Interface eld indicates the interface on which the OSPF neighbor has formed
adjacency. In the above example the neighbor can be reached through FastEthernet0/0.
72
73
74
Type
Standard
Extended
Examples
Permitting only a specic network:
To allow only trafc from 172.16.0.0 to pass through the router
Router(cong)#ccess-list 1 permit 172.16.0.0 0.0.255.255
(Note: Implicit deny all not necessary to write)
Router(cong)#int f0/0
Router(cong-if)#ip access-group 1 out
75
Overview
1. Extended IP Access Lists lter based on source and destination addresses, specic
protocols and even ports dened by TCP or UDP.
2. Extended IP Access Lists offer more granularity than Standard Access Lists and can be
used in a wider range of situations in providing access security to a network through a
router.
Conguration
Creating the access list
Router(cong)#access-list [100-199] [permit|deny] [ip|tcp|icmp]
[source_address] [source_mask] [destination_address]
[destination_mask] [eq|neq|lt|gt] [port_number]
Applying it to an interface
Router(cong-if)#ip access-group [100-199] [in|out]
Example
1. Blocking only FTP trafc from one network
S0/0
S0/0
172.16.3.0
R1
172.16.12.0/24
172.16.4.0
R2
The aim here is to block all FTP trafc from 172.16.3.0 entering 172.16.4.0 by creating
an extended access list at R1
Router(cong)#access-list 101 deny tcp 172.16.3.0 0.0.0.255 172.16.4.0
0.0.0.255 eq 20
Router(cong)#Access-list 101 deny tcp 172.16.3.0 0.0.0.255 172.16.4.0
0.0.0.255 eq 21
Access-list 101 permit ip any any
Router(cong)#int S 0/0
Router(cong-if)#ip access-group 101 out
Note the third line in the access list it permits all other IP-based trafc from
anywhere going anywhere.
76
77
78
Loopback 0
10.0.0.0/8
R1
Loopback 0
12.0.0.0/8
S0/0
11.0.0.0/8
R2
R1 Conguration
Interface
Loopback0
S0/0
IP Address
10.0.0.1
11.0.0.1
Subnet Mask
255.0.0.0
255.0.0.0
R2 Conguration
Interface
Loopback0
S0/0
IP Address
12.0.0.1
11.0.0.2
Subnet Mask
255.0.0.0
255.0.0.0
79
On R2
Testing the Standard Access list
Ping your Partner's PC using Extended ping and using 12.0.0.1 as the source address by
doing the following:
1.Type Ping and press enter
2.Press Enter on the Protocol prompt to accept ip as the protocol.
3.Specify 11.0.0.1 as the Target IP Address.
4.Take the default for the Count, Datagram and Timeout values.
5.Press y for extended commands
6.Type 12.0.0.1 for the Source Address
7.Take the defaults for the rest of the prompts.
8.Are you successful?
9.Why or why not?
80
On R2
Creating a Standard Access-list that blocks Network 10.0.0.0 from
accessing R2
R2(cong)#Access-list 10 deny 10.0.0.0 0.255.255.255
R2(cong)#Access-list 10 permit any
On R1
Testing the Standard Access list
Ping your Partner's PC using Extended ping and using 10.0.0.1 as the source address by
doing the following:
1.Type Ping and press enter
2.Press Enter on the Protocol prompt to accept ip as the protocol.
3.Specify 11.0.0.2 as the Target IP Address.
4.Take the default for the Count, Datagram and Timeout values.
5.Press y for extended commands
6.Type 10.0.0.1 for the Source Address
7.Take the defaults for the rest of the prompts.
Are you successful?
Why or why not?
81
R1
Creating a Extended Access List that blocks anyone from Accessing the router via telnet
to the Router
R1(cong)#Access-list 101 deny tcp any any eq 23
R1(cong)#Access-list 101 permit ip any any
R2
Testing the Extended Access list
Type
R2#telnet 11.0.0.1
Are you successful?
82
R1
Connecting the PC and conguring the Ethernet port on Router 1
Connect the PC to the Router's Ethernet port using a Crossover cable.
Congure the PC with the following conguration parameters:
1.IP Address : 20.0.0.2 255.0.0.0
2.Subnet Mask : 255.0.0.0
3.Default Gateway : 20.0.0.1
On the Router, do the following:
R1#Cong t
R1(cong-t)#int E 0/0
R1(cong-if)#IP address 20.0.0.1 255.0.0.0
R1(cong-if)#no shut
R1(cong-if)#Router rip
R1(cong-router)#network 20.0.0.0
R2
Enabling HTTP on the Router
R2(cong)#ip http server
PC 1
Testing the HTTP Server
Open IE, on the PC and type http://11.0.0.2
Do you see the Router Web Page?
R2
Creating a Extended Access List that blocks anyone from using HTTP
R2(cong)#Access-list 150 deny tcp any any eq 80
R2(cong)#Access-list 150 permit ip any any
83
84
R2
Creating an Extended Access List that blocks a Host from
Pinging
R2(cong)#Access-list 101 deny icmp host 20.0.0.2 any echo
R2(cong)#Access-list 101 permit ip any any
R1
R2
On R2, Type Ping 20.0.0.2.
Are you successful?
Why or why not?
Deleting the Access-List
R2(cong)#no access-list 101
R2(cong)#int S 0/0
R2(cong-if)#no ip access-group 101 in
85
R1
Creating an Extended Access List that blocks a Network from
getting pinged
R1(cong)#Access-list 101 deny icmp any 20.0.0.0 0.255.255.255 echo
R1(cong)#Access-list 101 permit ip any any
R2
On R2, Type Ping 20.0.0.2.
Are you successful?
R1
Testing the Extended Access list
On the PC, Type Ping 11.0.0.2.
Are you successful?
Why or why not?
86
On R1
Creating an Extended Access List that blocks a Network from
getting pinged
R1(cong)#Access-list 101 deny icmp any 20.0.0.0 0.255.255.255 echo
R1(cong)#Access-list 101 permit ip any any
On R2
On R2, Type Ping 20.0.0.2.
Are you successful?
On R1
Testing the Extended Access list
On the PC, Type Ping 11.0.0.2.
Are you successful?
Why or why not?
87
On R2
Creating a Named Extended Access-list that blocks network
10.0.0.0 from accessing the 12.0.0.0 Network
R2(cong)#IP access-list extended DENY-10-TO-12
R2(cong)#deny 10.0.0.0 0.255.255.255 12.0.0.0 0.255.255.255
R2(cong)#permit any
88
89
Frame Relay
Overview
1.Frame Relay denes the interconnection process between the Customer Premises
Equipment (CPE) device, such as a router, acting as a DTE and the service provider's
local access switching equipment, acting as a DCE.
2.Frame Relay is a Layer 2 packet-switched WAN protocol.
3.Frame Relay can be congured in a point-to-point or multipoint environment, through
the use of sub-interfaces.
4.Frames are encapsulated in one of two formats:
i) Cisco: default, proprietary
ii) IETF: used to connect to routers from different vendors (e.g. Lucent, Bay).
90
Subinterfaces
Provide a method of separating one physical network connection into multiple logical
connections, i.e. one local loop can support many PVCs.
A single physical interface (s 0/0) can simulate multiple logical interfaces (s 0/0.1, s
0/0.2, and so on), called subinterfaces.
Subinterfaces can be congured to support 2 connection types:
Point-to-point
1.Does not forward broadcasts or routing updates.
2.PVC connection is established from one subinterface to another Interfaces are on the
same subnet, each subinterface has its own local and unique DLCI number.
Multipoint
1.Forwards broadcasts and routing updates.
2.A single interface establishes multiple PVCs to multiple interfaces or subinterfaces on
remote routers.
3.All participating subinterfaces are on the same subnet, with unique local DLCIs.
4.Total number of subinterfaces = 1, , 4294967293.
5.Subinterfaces can be added at any time, even during normal operation.
91
131.107.1.2
R2
BO 1
35
16
HO
131.107.1.1
131.107.1.3
16
17
R2
18
18
BO 2
R2
131.107.1.4
BO 3
Once the DLCIs have been assigned by the service provider, mappings are created as
follows (by Inverse ARP):
Router HO
Local DLCI
16
17
18
Destination Address
131.107.1.2
131.107.1.3
131.107.1.4
Router BO 1
Local DLCI
35
Destination Address
131.107.1.1
Router BO 2
Local DLCI
16
Destination Address
131.107.1.1
Router BO 3
Local DLCI
18
Destination Address
131.107.1.1
92
So, if router B1 wishes to forward a packet to router HO, it sends the packet through it's
local DLCI 35, as all packets sent on that DLCI will get to 131.107.1.1 (router HO).
Now B1, B2 and B3 can each ping HO and vice versa, as there is a mapping of the path to
get to the destination, butB1, B2 and B3 cannot ping each other.
For B1 to ping B2, for example, there must be a mapping from B1 to B2 via HO. This is
done by the following command done at each respective router
At router B1
Frame-relay map ip 131.107.1.3
35
At router B2
Frame-relay map ip 131.107.1.2
16
93
94
1.0.0.2/8
DLCI 102
DLCI 201
R2
R1
R2
R1 Conguration
Router(cong)#hostname R1
R1(cong)#int S 0/0
R1(cong-if)#encap frame-relay
R1(cong-if)#IP address 1.0.0.1 255.0.0.0
R1(cong-if)#no shut
R2 Conguration
Router(cong)#hostname R1
R2(cong)#int S 0/0
R2(cong-if)#encap frame-relay
R2(cong-if)#IP address 1.0.0.1 255.0.0.0
R2(cong-if)#no shut
On Both Routers
Type
Router#Show Frame-relay lmi.
Notice the Number Status Enq. Sent and Number Status Msgs Rcvd numbers are the
only ones that are changing. The Lmi's are sent every 10 seconds. These are also known
as Keepalives.
Type
Router#show Frame-relay PVC.
Notice your Local DLCI number and it's status.
95
Type
Router#show Frame-relay Map
Notice it automatically maps your local DLCI number to the remote routers IP
address.
What is the this process called?
Ping your partner's Router.
Are you successful?
96
R2
R2
201
1.0.0.2/8
102
R1
203
103
1.0.0.1/8
302
301
1.0.0.3/8
R2
R3
On R1
R1#conf t
R1(cong)#int S 0/0
R1(cong-if)#ip address 1.0.0.1 255.0.0.0
R1(cong-if)#encapsulation frame-relay
R1(cong-if)#no shut
On R2
R2#conf t
R2(cong)#int S 0/0
R2(cong-if)#ip address 1.0.0.2 255.0.0.0
R2(cong-if)#encapsulation frame-relay
R2(cong-if)#no shut
On R3
R3#conf t
R3(cong)#int S 0/0
R3(cong-if)#ip address 1.0.0.3 255.0.0.0
R3(cong-if)#encapsulation frame-relay
R3(cong-if)#no shut
On All Routers
Type
Router#show Frame-relay MAP
How many Frame-relay mappings do you see on all router?
Can each router ping the other 2 routers?
97
1.0.0.2/8
102
HUB
R2
103
1.0.0.1/8
301
1.0.0.3/8
R2
R3
On Hub
hub#conf t
hub(cong)#int S 0/0
hub(cong-if)#ip address 1.0.0.1 255.0.0.0
hub(cong-if)#encapsulation frame-relay
hub(cong-if)#no shut
On R2
R2#conf t
R2(cong)#int S 0/0
R2(cong-if)#ip address 1.0.0.2 255.0.0.0
R2(cong-if)#encapsulation frame-relay
R2(cong-if)#no shut
On R3
R3#conf t
R3(cong)#int S 0/0
R3(cong-if)#ip address 1.0.0.3 255.0.0.0
R3(cong-if)#encapsulation frame-relay
R3(cong-if)#no shut
On All Routers
Router#show Frame-relay Map
How many mappings do you have at the Hub?
How many mappings do you have at the two spokes?
Ping from one spoke to the other.
Are you successful?
98
On R2
R2(cong)#int S 0/0
R2(cong-if)#frame-relay map ip 1.0.0.3 201
On R3
R2(cong)#int S 0/0
R2(cong-if)#frame-relay map ip 1.0.0.2 301
On the Spoke Routers
Ping from one spoke to the other.
Are you successful?
99
On R2
R2#conf t
R2 (cong)#int S 0/0
R2 (cong-if)#encapsulation frame-relay
R2 (cong-if)#no shut
R2 (cong-if)#exit
R2 (cong)#int S 0/0.1 point-to-point
R2 (cong-subif)#ip address 1.0.0.2 255.0.0.0
R2 (cong-subif)#frame-relay interface-dlci 201
R2 (cong-fr-dlci)#exit
R2 (cong-Subif)#exit
R2(cong)#router rip
R2(cong-router)#net 1.0.0.0
On R3
R3#conf t
R3(cong)#int S 0/0R3(cong-if)#encapsulation frame-relay
R3(cong-if)#no shut
R3(cong-if)#exit
R3(cong)#int S 0/0.1 point-to-point
R3(cong-subif)#ip address 2.0.0.2 255.0.0.0
R3(cong-subif)#frame-relay interface-dlci 301
100
R3(cong-fr-dlci)#exit
R3(cong-Subif)#exit
R3(cong)#router rip
R3(cong-router)#net 2.0.0.0
101
Module 9 MPLS
102
MPLS Overview
Basic Concepts of MPLS
1. FEC
As a forwarding technology based on classication, MPLS groups packets to be
forwarded in the same manner into a class called the forwarding equivalence class
(FEC). That is, packets of the same FEC are handled in the same way.
The classication of FECs is very exible. It can be based on any combination of source
address, destination address, source port, destination port, protocol type and VPN. For
example, in the traditional IP forwarding using longest match, all packets to the same
destination belongs to the same FEC.
2. Label
A label is a short xed length identier for identifying a FEC. A FEC may correspond to
multiple labels in scenarios where, for example, load sharing is required, while a label
can only represent a single FEC.
A label is carried in the header of a packet. It does not contain any topology information
and is local signicant.
A label is four octets, or 32 bits, in length. Figure 1 illustrates its format.
19
LABEL
22
EXP
23
S
31
TTL
103
3. LSR
Label switching router (LSR) is a fundamental component on an MPLS network. All LSRs
support MPLS.
4. LSP
Label switched path (LSP) means the path along which a FEC travels through an MPLS
network. Along an LSP, two neighboring LSRs are called upstream LSR and downstream
LSR respectively. In Figure 2, R2 is the downstream LSR of R1, while R1 is the upstream
LSR of R2.
R2
R1
5. LDP
Label Distribution Protocol (LDP) means the protocol used by MPLS for control. An LDP
has the same functions as a signaling protocol on a traditional network. It classies
FECs, distributes labels, and establishes and maintains LSPs.
MPLS supports multiple label distribution protocols of either of the following two types:
Those dedicated for label distribution, such as LDP and Constraint-based Routing using
LDP (CR-LDP). The existing protocols that are extended to support label distribution,
such as Border Gateway Protocol (BGP) and Resource Reservation Protocol (RSVP).
In addition, you can congure static LSPs.
104
Each packet entering an MPLS network is labeled on the ingress LER and then forwarded
along an LSP to the egress LER. All the intermediate LSRs are called transit LSRs.
LSP
Ingress
Egress
IP Network
IP Network
Transit
105
R2
Loopback 0
2.0.0.0/8
Loopback 0
3.0.0.0/8
192.1.23.0/24
F0/0
F0/0
192.1.12.0/24
192.1.34.0/24
F0/0
F0/0
Loopback 0
1.0.0.0/8
Loopback 0
4.0.0.0/8
R1
R4
R1
Interface
Loopback0
F0/0
IP Address
1.1.1.1
192.1.12.1
Subnet Mask
255.0.0.0
255.255.255.0
Interface
Loopback0
F0/0
F0/1
IP Address
2.2.2.2
192.1.12.2
192.1.23.2
Subnet Mask
255.0.0.0
255.255.255.0
255.255.255.0
Interface
Loopback0
F0/0
F0/1
IP Address
3.3.3.3
192.1.23.3
192.1.34.3
Subnet Mask
255.0.0.0
255.255.255.0
255.255.255.0
Interface
Loopback0
F0/0
IP Address
4..4.4
192.1.34.4
Subnet Mask
255.0.0.0
255.255.255.0
R2
R3
R4
106
Task 1
Congure OSPF between all the SP routers (R1, R2, R3, and R4). OSPF process should
use Loopback0 on each router as the router-id. Advertise all links in OSPF except
Loopback 1's on R1 and R4. Loopback 0's should appear with a /8 mask in the routing
table.
R1
Interface Loopback 0
Ip ospf network point-to-point
!
Router ospf 1
Router-id 1.1.1.1
Network 1.1.1.1 0.0.0.0 area 0
Network 192.1.12.1 0.0.0.0 area 0
Interface Loopback 0
Ip ospf network point-to-point
!
R2
Router ospf 1
Router-id 2.2.2.2
Network 2.2.2.2 0.0.0.0 area 0
Network 192.1.12.2 0.0.0.0 area 0
Network 192.1.23.2 0.0.0.0 area 0
Interface Loopback 0
Ip ospf network point-to-point
!
R3
Router ospf 1
Router-id 3.3.3.3
Network 3.3.3.3 0.0.0.0 area 0
Network 192.1.23.3 0.0.0.0 area 0
Network 192.1.34.3 0.0.0.0 area 0
Interface Loopback 0
Ip ospf network point-to-point
!
R4
Router ospf 1
Router-id 4.4.4.4
Network 4.4.4.4 0.0.0.0 area 0
Network 192.1.34.4 0.0.0.0 area 0
107
Task 2
Congure MPLS on all the physical links in the SP Network. Use LDP to distribute labels.
The LDP neighbour relationships should be formed based on the most reliable interface.
The Labels should be assigned from the range X00 X99, where X is the router number.
R1
Mpls ldp router-id Loopback0
Mpls label protocol LDP
Mpls label range 100 199
!
Interface F 0/0
Mpls ip
!
R2
Mpls ldp router-id Loopback0
Mpls label protocol LDP
Mpls label range 200 299
!
Interface F 0/0
Mpls ip
!
Interface F 0/1
Mpls ip
!
R3
Mpls ldp router-id Loopback0
Mpls label protocol LDP
Mpls label range 300 399
!
Interface F 0/0
Mpls ip
!
Interface F 0/1
Mpls ip
!
R4
Mpls ldp router-id Loopback0
Mpls label protocol LDP
Mpls label range 400 499
!
Interface F 0/0
Mpls ip
!
108
How to check?
R1#show mpls ldp bindings
tib entry: 1.0.0.0/8, rev 4
local binding: tag: imp-null
remote binding: tsr: 2.2.2.2:0,
tib entry: 2.0.0.0/8, rev 6
local binding: tag: 100
remote binding: tsr: 2.2.2.2:0,
tib entry: 3.0.0.0/8, rev 8
local binding: tag: 101
remote binding: tsr: 2.2.2.2:0,
tib entry: 4.0.0.0/8, rev 10
local binding: tag: 102
remote binding: tsr: 2.2.2.2:0,
tib entry: 192.1.12.0/24, rev 2
local binding: tag: imp-null
remote binding: tsr: 2.2.2.2:0,
tib entry: 192.1.23.0/24, rev 12
local binding: tag: 103
remote binding: tsr: 2.2.2.2:0,
tib entry: 192.1.34.0/24, rev 14
local binding: tag: 104
remote binding: tsr: 2.2.2.2:0,
109
tag: 200
tag: imp-null
tag: 201
tag: 202
tag: imp-null
tag: imp-null
tag: 203
Task 1
Make sure that labels are only exchanged for Loopback 0 networks throughout the MPLS
network.
R1
Access-list 1 permit 1.0.0.0
Access-list 1 permit 2.0.0.0
Access-list 1 permit 3.0.0.0
Access-list 1 permit 4.0.0.0
!
no tag-switching advertise-tags
tag-switching advertise-tags for 1
R2
Access-list 1 permit 1.0.0.0
Access-list 1 permit 2.0.0.0
Access-list 1 permit 3.0.0.0
Access-list 1 permit 4.0.0.0
!
no tag-switching advertise-tags
tag-switching advertise-tags for 1
R3
Access-list 1 permit 1.0.0.0
Access-list 1 permit 2.0.0.0
Access-list 1 permit 3.0.0.0
Access-list 1 permit 4.0.0.0
!
no tag-switching advertise-tags
tag-switching advertise-tags for 1
R4
Access-list 1 permit 1.0.0.0
Access-list 1 permit 2.0.0.0
Access-list 1 permit 3.0.0.0
Access-list 1 permit 4.0.0.0
!
no tag-switching advertise-tags
tag-switching advertise-tags for 1
110
111
CDP Parameters
CDP Timer
How often updates are sent
Default = 60 seconds
To change default time
Router(cong)#cdp timer new_update_time
CDP Holdtime
The time the CDP packet sent should be kept by the receiving router before being
discarded
Default = 180 seconds
To change default time
Router(cong)#cdp holdtime new_holdtime
112
To Check Output
For a brief summary
Router#show cdp neighbors
For detailed information
Router#show cdp neighbors detail
To look at a single device
Router#show cdp entry router_name
To display information about your local router
Router#show cdp interface
To disable cdp
Router(cong)#no cdp run
113
114
115
NAT has many forms and can work in several ways: Static NAT - Mapping an unregistered IP address to a registered IP address on a
onetoone basis. Particularly useful when a device needs to be accessible from outside
the network.
Dynamic NAT - Maps an unregistered IP address to a registered IP address from a group
of registered IP addresses. Dynamic NAT also establishes a onetoone mapping
between unregistered and registered IP address, but the mapping could vary depending
on the registered address available in the pool, at the time of communication.
Overloading - A form of dynamic NAT that maps multiple unregistered IP addresses to a
single registered IP address by using different ports. Known also as PAT (Port Address
Translation), single address NAT or portlevel multiplexed NAT.
NAT router is congured to translate unregistered IP addresses (inside local addresses)
that reside on the private (inside) network to registered IP addresses. This happens
whenever a device on the inside with an unregistered address needs to communicate
with the public (outside) network.
An ISP assigns a range of IP addresses to your company. The assigned block of addresses
are registered unique IP addresses and are called inside global addresses.
Unregistered private IP addresses are split into two groups, a small group (outside local
addresses) that will be used by the NAT routers and the majority that will be used on the
stub domain known as inside local addresses. The outside local addresses are used to
translate the unique IP addresses, known as outside global addresses, of devices on
the public network. NAT only translates trafc which travel between the inside and
outside network and is specied to be translated. Any trafc not matching the
translation criteria or those that are forwarded between other interfaces on a router are
never translated, and they are forwarded as such.
116
Lab -1 NAT
R2
R1
Loopback 0
10.0.0.1/8
Loopback 0
2.0.0.0/8
192.1.12.0/24
S0/0
F0/0
S0/0
192.1.23.0/24
F0/0
Loopback 0
192.168.1.0/24
R3
Objective: Congure NAT and PAT on R1 and R3 to route trafc from the private
networks to the Internet (R2 2.2.2.2).
ISP (R2) assigns R1 a public range of 195.1.1.0/24 network. Congure R2 to route all
packets destined for this network towards R1.
On R2
R2(cong)#ip route 195.1.1.0 255.255.255.0 192.1.12.1
Translate the 10.0.0.0 Network behind R1 into a range of Class C addresses assigned to
R1 by the ISP. Use the range 195.1.1.1 195.1.1.250 for the pool.
On R1
R1(cong)#access-list 121 permit ip 10.0.0.0 0.255.255.255 any
R1(cong)#ip nat pool DP 195.1.1.1 195.1.1.254
R1(cong)#ip nat inside source list 121 pool DP
R1(cong)#interface Loopback0
R1(cong-if)#ip nat inside
R1(cong-if)#interface S0/0
R1(cong-if)#ip nat outside
R1 should use 195.1.1.251 for its Web Server so that people on the outside can access it.
The internal web server is at 10.0.0.80. Congure a secondary address of 10.0.0.80 on
the loopback address to test this conguration.
On R1
R1(cong)#ip nat inside source static 10.0.0.80 195.1.1.251
R1(cong)#interface Loopback 0
R1(cong-if)#ip address 10.0.0.80 255.0.0.0 secondary
117
ISP (R2) assigns R3 a public range of 195.1.3.32/30 subnet. Congure R2 to route all
packets destined for this network towards R3
On R2
R2(cong)#ip route 195.1.3.32 255.255.255.252 192.1.23.3
Translate the 192.168.1.0 Network behind R3 using the 195.1.3.33 address (PAT). The
entire should be able to go out simultaneously using this address.
On R3
R3(cong)#access-list 121 permit ip 192.168.1.0 0.0.0.255 any
R3(cong)#ip nat pool DP 195.1.3.33 195.1.1.33
R3(cong)#ip nat inside source list 121 pool DP overload
R3(cong)#interface Loopback0
R3(cong-if)#ip nat inside
R3(cong-if)#interface E 0/0
R3(cong-if)#ip nat outside
There is a web server at 192.168.1.5 and a DNS server at 192.168.1.6. Translate these
servers to 192.168.1.34 on the outside. Use Static PAT to accomplish this task.
On R3
R3(cong)#ip nat inside source static tcp 192.168.1.5 80 195.1.1.34 80
R3(cong)#ip nat inside source static udp 192.168.1.6 80 195.1.1.34 53
Verication on R3
R3#show IP nat translations.
Do you see the static translation already present in the translation table.
On R3, Ping 2.2.2.2 with the source of 192.168.1.1.
Are you successful?
Type Show IP nat translations. Do you see the Dynamic translation done?
118
119
Ipv6 Addressing
Internet Protocol (IP) version 6 is a new IP protocol designed to replace IP version 4, which
is deployed today and used throughout the world.
The current IP version, IPv4, has proven to be robust, easily implemented, interoperable,
and has stood the test of scaling an internetwork to a global utility the size of the Internet
today. However, the initial design of IPv4 did not anticipate the The rapid growth of the
Internet and the exhaustion of the IPv4 address
The lifetime of IPv4 has been extended with techniques such as private address space
with Network Address Translation (NAT). Although these techniques seem to increase
the address space and satisfy the traditional client-server setup, they fail to meet the
requirements of IP address growth.
The need to reach always-on environments (such as residential Internet through
broadband, cable modem, or DSL) precludes IP-address conversion, pooling, and
temporary allocation techniques. Also, the plug-and-play capabilities required by
consumer Internet appliances further increase the
address requirements.
The designers and users of the early Internet could not have anticipated the recent rapid
growth of the Internet and the impending exhaustion of the IPv4 address space. The IPv6
address protocol meets the current requirements of the new applications and the never
ending growth of the Internet.
The IPv6 address space makes more addresses available but it must be approached with
careful planning. Successful deployment of IPv6 can be achieved with existing IPv4
infrastructures. With proper planning and design, the transition between IP version 4
and 6 is possible today as well.
The Internet Engineering Task Force (IETF) designed the IPv6 addressing scheme to
provide interoperability with existing IPv4 network architecture and to allow the
coexistence of IPv6 networks with existing IPv4 networks.
120
Example 1: 2001:db8:130F:0:0:9C0:876A:130B =
2001:db8:130F::9C0:876A:130B (compressed form)
Example 2: FF01:0:0:0:0:0:1 =
FF01::1 (compressed form)
An address parser can easily identify the number of missing zeros in an IPv6
address by separating the two parts of the address and lling in the 0s until the
128-bit address is complete. However, if two ::s are placed in the same address,
then there is no way to identify the size of each block of zeros. The use of the ::
makes many IPv6 addresses very small.
Network Prex
In IPv6 there are references to prexes which, in IPv4 terms, loosely equate to
subnets. The IPv6 prex is made up of the left-most bits and acts as the network
identier. The IPv6 prex is represented using the IPv6-prex or prex-length
format just like an IPv4 address is represented in the classless interdomain
routing (CIDR) notation.
The /prex-length variable is a decimal value that indicates the number of highorder contiguous bits of the address that form the prex, which is the network
portion of the address. For example: 2001:db8:8086:6502::/64 is an acceptable
IPv6 prex. If the address ends in a double colon, the trailing double colon can
be omitted. So the same address can be written as 2001:db8:8086:6502/64. In
either case, the prex length is written as a decimal number 64 and represents
the left-most bits of the IPv6 address.
121
2000:192:1:12::/64
R2
L0
L0
F0/0
F0/0
S0/0
2000:192:1:23::/64
S0/0
F0/0
F0/0
R2
L0
2000:192:1:34::/64
R4
L0
R3
R1
Interface
Loopback0
F0/0
IPV6 Address
2001:1:1:l::1
2000:192:1:12::1
Subnet Mask
/64
/64
Interface
Loopback0
F0/0
S0/0
IPV6 Address
2001:2:2:2::2
2000:192:1:12::2
2000:192:1:23::2
Subnet Mask
/64
/64
/64
R2
122
R3
Interface
Loopback0
F0/0
S0/0
IPV6 Address
2001:3:3:3::3
2000:192:1:34::4
2000:192:1:23::3
Subnet Mask
/64
/64
/64
Interface
Loopback0
F0/0
IPV6 Address
2001:4:4:4::4
2000:192:1:34::4
Subnet Mask
/64
/64
R4
On R1
R1(cong)#ipv6 unicast-routing
R1(cong)#Interface E 0/0
R1(cong-if)#ipv6 address 2001:1:1:12::1/64
R1(cong-if)#no shut
R1(cong)#Interface Loopback 0
R1(cong-if)#ipv6 address 2001:1:1:1::/64
On R2
R2(cong)#ipv6 unicast-routing
R2(cong)#Interface E 0/0
R2(cong-if)#ipv6 address 2001:1:1:12::2/64
R2(cong-if)#no shut
R2(cong)#Interface Loopback 0
R2(cong-if)#ipv6 address 2001:2:2:2::/64
On R3
R3(cong)#ipv6 unicast-routing
R3(cong)#Interface E 0/0
R3(cong-if)#ipv6 address 2001:1:1:34::3/64
R3(cong-if)#no shut
R3(cong)#Interface Loopback 0
R3(cong-if)#ipv6 address 2001:3:3:3::/64
On R4
R4(cong)#ipv6 unicast-routing
R4(cong)#Interface E 0/0
R4(cong-if)#ipv6 address 2001:1:1:34::4/64
R4(cong-if)#no shut
R4(cong)#Interface Loopback 0
R4(cong-if)#ipv6 address 2001:4:4:4::/64
123
On R2
R2(cong)#Interface S 0/0
R2(cong-if)#encap frame-relay
R2(cong-if)#no shut
R2(cong-if)#interface S 0/0.1 point-to-point
R2(cong-subif)#ipv6 address 2001:1:1:23::2/64
R2(cong-subif)#frame-relay interface-dlci 203
On R3
R3(cong)#Interface S 0/0
R3(cong-if)#encap frame-relay
R3(cong-if)#no shut
R3(cong-if)#interface S 0/0.1 point-to-point
R3(cong-subif)#ipv6 address 2001:1:1:23::3/64
R3(cong-subif)#frame-relay interface-dlci 302
E
E
E
E
0/0,
0/0,
0/0,
0/0,
Loopback
Loopback
Loopback
Loopback
0
0, S 0/0.1
0, S 0/0.1
0
On R1
R1(cong)#Interface Loopback0
R1(cong-if)#ipv6 rip 1234 enable
R1(cong-if)#Interface E 0/0
R1(cong-if)#ipv6 rip 1234 enable
On R2
R2(cong)#Interface Loopback0
R2(cong-if)#ipv6 rip 1234 enable
R2(cong-if)#Interface E 0/0
R2(cong-if)#ipv6 rip 1234 enable
R2(cong-if)#Interface S 0/0.1
R2(cong-if)#ipv6 rip 1234 enable
124
On R3
R3(cong)#Interface Loopback0
R3(cong-if)#ipv6 rip 1234 enable
R3(cong-if)#Interface E 0/0
R3(cong-if)#ipv6 rip 1234 enable
R3(cong-if)#Interface S 0/0.1
R3(cong-if)#ipv6 rip 1234 enable
On R4
R4(cong)#Interface Loopback0
R4(cong-if)#ipv6 rip 1234 enable
R4(cong-if)#Interface E 0/0
R4(cong-if)#ipv6 rip 1234 enable
On All Routers
Type
RX#show IPv6 Route rip
Do you see all the IPv6 routes learned thru RIPng?
Find out the interface IP addresses of the loopbacks by typing:
RX#show ipv6 interface brief
Ping these address from each router to ensure connectivity.
For example,
RX#ping ipv6 2001:2:2:2::2
Are you successful?
125
On R1
R1(cong)#Interface Loopback 0
R1(cong-if)#No ipv6 rip 1234 enable
R1(cong-if)#Interface E 0/0
R1(cong-if)#No ipv6 rip 1234 enable
On R2
R2(cong)#Interface Loopback 0
R2(cong-if)#No ipv6 rip 1234 enable
R2(cong-if)#Interface E 0/0
R2(cong-if)#No ipv6 rip 1234 enable
R2(cong-if)#Interface S 0/0.1
R2(cong-if)#No ipv6 rip 1234 enable
On R3
R3(cong)#Interface Loopback 0
R3(cong-if)#No ipv6 rip 1234 enable
R3(cong-if)#Interface E 0/0
R3(cong-if)#No ipv6 rip 1234 enable
R3(cong-if)#Interface S 0/0.1
R3(cong-if)#No ipv6 rip 1234 enable
On R4
R4(cong)#Interface Loopback 0
R4(cong-if)#No ipv6 rip 1234 enable
R4(cong-if)#Interface E 0/0
R4(cong-if)#No ipv6 rip 1234 enable
126
Congure the routers in OSPFv3 area 0 and advertise their directly connected
interfaces in this area
On R1
R1(cong)#IPv6 router ospf 1
R1(cong-router)#router-id 1.1.1.1
R1(cong-router)#Interface Loopback 0
R1(cong-if)#ipv6 ospf 1 area 0
R1(cong-if)# Interface E 0/0
R1(cong-if)#ipv6 ospf 1 area 0
On R2
R2(cong)#IPv6 router ospf 1
R2(cong-router)#router-id 2.2.2.2
R2(cong-router)#Interface Loopback 0
R2(cong-if)#ipv6 ospf 1 area 0
R2(cong-if)# Interface E 0/0
R2(cong-if)#ipv6 ospf 1 area 0
R2(cong-if)# Interface S 0/0.1
R2(cong-if)#ipv6 ospf 1 area 0
On R3
R3(cong)#IPv6 router ospf 1
R3(cong-router)#router-id 3.3.3.3
R3(cong-router)#Interface Loopback 0
R3(cong-if)#ipv6 ospf 1 area 0
R3(cong-if)# Interface E 0/0
R3(cong-if)#ipv6 ospf 1 area 0
R3(cong-if)# Interface S 0/0.1
R3(cong-if)#ipv6 ospf 1 area 0
On R4
R4(cong)#IPv6 router ospf 1
R4(cong-router)#router-id 4.4.4.4
R4(cong-router)#Interface Loopback 0
R4(cong-if)#ipv6 ospf 1 area 0
R4(cong-if)# Interface E 0/0
R4(cong-if)#ipv6 ospf 1 area 0
Ensure that the loopback interfaces are advertised with their correct mask.
On R1
R1(cong)#interface Loopback 0
R1(cong-if)# ipv6 ospf network point-to-point
On R2
R2(cong)#interface Loopback 0
R2(cong-if)# ipv6 ospf network point-to-point
On R3
R3(cong)#interface Loopback 0
R3(cong-if)# ipv6 ospf network point-to-point
127
On R4
R4(cong)#interface Loopback 0
R4(cong-if)# ipv6 ospf network point-to-point
On All Routers
Type
Rx#show ipv6 route ospf.
Do you see all the IPv6 routes learned thru OSPFv3?
Find out the Interface IP addresses of the Loopbacks by typing:
Rx#show ipv6 interface brief
Ping these address from each router to ensure connectivity
128
2000:192:1:12::/64
R2
L0
L0
F0/0
F0/0
S0/0
192.1.23.0/24
S0/0
F0/0
F0/0
R2
L0
2000:192:1:34::/64
R4
L0
R3
On R3
R3(cong)#Interface S 0/0
R3(cong-if)#ip address 192.1.23.3 255.255.255.0
R3(cong-if)#encap frame-relay
R3(cong-if)#frame-relay map ip 192.1.23.2 302
R3(cong-if)#no shut
129
On R2
R2(cong)#Interface Tunnel 23
R2(cong-if)#ipv6 address 2001:23:23:23::2/64
R2(cong-if)#tunnel source S 0/0
R2(cong-if)# tunnel destination 192.1.23.3
R2(cong-if)#ipv6 rip 1234 enable
R2(cong-if)#tunnel mode IPv6IP
On R3
R3(cong)#Interface Tunnel 23
R3(cong-if)#ipv6 address 2001:23:23:23::3/64
R3(cong-if)#tunnel source S 0/0
R3(cong-if)# tunnel destination 192.1.23.2
R3(cong-if)#ipv6 rip 1234 enable
R3(cong-if)#tunnel mode IPv6IP
On All Routers
Type
Rx#show ipv6 route rip
Do you see all the IPv6 routes learned through ripng?
130
Advantages:
Efcient Use of IP addresses: Without VLSMs, networks would have to use the same
subnet mask throughout the network. But all your networks don't have the same
number of hosts.
For example: You have 2 LAN connected via a Serial Point-to-point connection. Each LAN
has 50 Hosts on it. When you assign the subnet mask, it has to be consistent across your
network. So you end up assign a sub-network address to the WAN connection with 62
hosts, whereas you only need 2.
Greater Capability for Route Summarization: Route Summarization is covered in
detail, later on in this module.
Calculating VLSMs
25 Hosts
25 Hosts
25 Hosts
25 Hosts
131
In this example, we want to connect the Main Site to the Branch Ofces. If we used a xed
length subnet mask, we would need 4 networks for the LANs and 3 Networks for WANs, a
total of 7 networks. Let us say we have a Class C address of 200.200.200.0 assigned to
us. If we need 7 networks, we have to borrow 4 bits, giving us 14 networks. But it will only
give us 14 hosts per network. In order to get around this problem, we will use VLSMs.
In VLSMs, we can get away with borrowing only 3 bits. 3 bits give us 6 usable networks
with 30 hosts per network. We will use the rst 4 networks for our LAN based networks,
and subnet the fth one further to give us additional networks with less hosts on each for
our WAN connections. Our WAN connections only require 2 hosts per network and we
need 3 Networks.
Decimal
Binary
Subnet ID
200.200.200.10100000 (200.200.200.160)
Mask
255.255.255.11100000 (255.255.255.224)
We only need 2 hosts per WAN connection. We will borrow a further 3 bits from this
network, leaving only 2 bits for hosts on each network.
The network numbers are as follows:
200.200.200.10100100
200.200.200.10101000
200.200.200.10101100
200.200.200.10110000
200.200.200.10110100
200.200.200.10111000
(200.200.200.164)
(200.200.200.168)
(200.200.200.172)
(200.200.200.176)
(200.200.200.180)
(200.200.200.184)
Valid
Valid
Valid
Valid
Valid
Valid
Host
Host
Host
Host
Host
Host
Range:
Range:
Range:
Range:
Range:
Range:
165-166
169-170
173-174
177-178
181-182
185-186
So you can choose any 3 of the above network addresses for the WAN connections
132
25 Hosts
200.200.200.164/30
25 Hosts
200.200.200.168/30
200.200.200.128/27
200.200.200.32/27
25 Hosts
200.200.200.64/27
200.200.200.172/30
25 Hosts
200.200.200.96/27
133
Helper Addresses
If a client needs to reach a server and does not know the server's address the client uses a
broadcast to nd the server's address. By default, a router will drop the broadcast
packet. Helper addresses allow connectivity by forwarding these broadcasts as unicast
packets.
Command Syntax:
Router(cong-if)#ip helper-address <ip-address>
134
R2
192.1.12.0/24
F0/0
F0/0
F0/1
192.1.11.0/24
F0/1
192.1.22.0/24
Objective:
Congure a Routers as a DHCP Server and assign IP Congurations to local and remote
subnets. Congure a Router to forward broadcast from remote subnets to a DHCP
Server.
Congure R1 as a DHCP Server. Create a pool for the 192.1.11.0/24 network. The
pool should start giving addresses from 192.1.11.11 192.1.11.254. It should
assign 192.1.11.1 as the default gateway and 192.1.11.5 as the DNS Server. Use
a lease time of 3 and a half days.
R1 Basic Conguration
R1(cong)#int S 0/0
R1(cong-if)#ip addr 192.1.12.1 255.255.255.0
R1(cong-if)#clock rate 128000
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong)#int E 0/0
R1(cong-if)#ip addr 192.1.11.1 255.255.255.0
R1(cong-if)#no shut
R1(cong-if)#exit
R1(cong-if)#Router RIP
R1(cong-router)#version 2
R1(cong-router)#no auto-summary
R1(cong-router)#network 192.1.11.0
R1(cong-router)#network 192.1.12.0
135
R2 Basic Conguration
R2(cong)#int S 0/0
R2(cong-if)#ip addr 192.1.12.2 255.255.255.0
R2(cong-if)#no shut
R2(cong-if)#int E 0/0
R2(cong-if)#ip addr 192.1.22.1 255.255.255.0
R2(cong-if)#no shut
R2(cong-if)#Router RIP
R2(cong-router)#version 2
R2(cong-router)#no auto-summary
R2(cong-router)#network 192.1.12.0
R2(cong-router)#network 192.1.22.0
R1 DHCP Conguration
R1(cong)#ip dhcp excluded-address 192.1.11.1 192.1.11.10
R1(cong)#IP dhcp pool ABC
R1(dhcp-cong)#network 192.1.11.0 /24
R1(dhcp-cong)#default-router 192.1.11.1
R1(dhcp-cong)#dns-server 192.1.11.5
R1(dhcp-cong)#lease 3 12
R1(dhcp-cong)#exit
Objective:
Also, congure R1 as a DHCP Server for the 192.1.22.0/24 network. The pool
should start giving addresses from 192.1.22.11 192.1.22.254. It should assign
192.1.22.1 as the default gateway and 192.1.22.5 as the DNS Server. Use a lease
time of 3 and a half days. Make sure R2 forwards the DHCP requests to R1 DHCP.
R1 DHCP Conguration
R1(cong)#ip dhcp excluded-address 192.1.22.1 192.1.22.10
R1(cong)#IP dhcp pool DEF
R1(dhcp-cong)#network 192.1.22.0 /24
R1(dhcp-cong)#default-router 192.1.22.1
R1(dhcp-cong)#dns-server 192.1.22.5
R1(dhcp-cong)#lease 3 12
R1(dhcp-cong)#exit
PC Conguration
Congure your PC to obtain an IP Address automatically in either Network
Neighborhood (Windows NT) or My Network Places (Windows 2000)
136
137
Module 12 Switching
138
Switching
Collision Domains
1. A group of network nodes on an Ethernet network that share the network media that
can experience collisions within a collision domain.
2. Networks can be segmented into multiple collision domains for optimization of
network functionality.
139
Switch Functions
Address learning
Initially MAC address table is empty switch will ood networks to forward data.
Hosts are added to the table as soon they start communicating.
Frame ltering
If the destination MAC address exists in the MAC address table, frame is not ooded, it is
sent out only on the appropriate port.
Broadcasts and multicasts are ooded to all ports, except the originating port.
Loop avoidance
Duplicate frames must be prevented from traveling over redundant paths that may exist
for backup or transmission redundancy.
Broadcasts will continually ood around a loop structure broadcast storm
Multiple copies of non-broadcast frames may be delivered to the same destination,
causing errors.
The same frame will be received on different ports of the same switch, causing instability
in the MAC address table.
140
VLANs can exist on a single switch, or they can span 2 or more switches. If two or more
switches are used, they must be connected using the trunk port (fast Ethernet) and ISL
(Inter Switch Link) encapsulation.
ISL is Cisco proprietary for interconnecting multiple switches over the fast Ethernet (fa)
ports.
ISL operates at layer 2, it adds a new header section and a new FCS
Fast Ethernet ports on routers have ISL capability.
IEEE 802.1q is another encapsulation that can also be used to connect multiple
switches with multiple VLAN's.
By default, all ports have membership of VLAN 1.
VLAN membership can be statically congured or dynamically, through a server or
VMPS (VLAN Membership Policy Server).
Up to 64 VLANs supported on 1900 switches.
Frame Tagging
Frame tagging assigns a unique user-assigned ID to each frame.
A unique identier is placed in the header of each frame as it is forwarded between
switches.
141
142
192.1.10.0/24
VLAN 10
F0/0.1 (.2)
R2
F0/0.1 (.2)
192.1.20.0/24
VLAN 20
F0/0 (.3)
R3
F0/4 (.3)
192.1.30.0/24
VLAN 30
VLAN 30 (.15)
Sw1
192.1.40.0/24
VLAN 40
VLAN 40 (.15)
F0/0 (.4)
R4
143
Congure Switch1 as the VTP Server and the other Switch(s) as VTP Clients. Use
CISCO as the Domain name. Authenticate the relationship using CCNP as the
password.
Sw1
SW1(cong)#VTP domain CISCO
SW1(cong)#VTP mode server
SW1(cong)#VTP password CCNA
Sw2
SW2(cong)#VTP domain CISCO
SW2(cong)#VTP mode client
SW2(cong)#VTP password CCNA
Congure the Trunk ports on the Switches using Dot1q as the encapsulation
On Both Switches
SWX(cong)#Interface range F0/XX XX
SWX(cong)#Switchport trunk encapsulation dot1q
SWX(cong)#Switchport mode trunk
Create the VLANs based on the Diagram on the VTP Server (Sw1)
SW1
VLAN
VLAN
VLAN
VLAN
10
20
30
40
SW1
Interface F
Switchport
Switchport
!
Interface F
Switchport
Switchport
!
Interface F
Switchport
Switchport
!
0/1
mode access
access vlan 10
0/2
trunk encapsulation dot1q
mode trunk
0/3
mode access
access vlan 20
144
Interface F 0/4
Switchport mode access
Switchport access vlan 40
!
Ip routing
!
Interface VLAN 30
Ip address 192.1.30.15 255.255.255.0
!
Interface VLAN 30
Ip address 192.1.40.15 255.255.255.0
!
SW2
Interface F 0/3
Switchport mode access
Switchport access vlan 30
!
Congure the Routers with the IP Addresses based on the Diagram. Congure
Loopback 0 on all routers and SW1. Use the format of X.X.X.X/8 for the IP
address of the loopback. Use 15 for Switch1.
R1
Interface F 0/0
Ip address 192.1.10.1 255.255.255.0
No shut
!
Interface Loopback 0
Ip address 1.1.1.1 255.0.0.0
!
R2
Interface F 0/0
No shut
!
Interface F 0/0.1
Encapsulation dot1q 10
Ip address 192.1.10.2 255.255.255.0
!
Interface F 0/0.2
Encapsulation dot1q 20
Ip address 192.1.20.2 255.255.255.0
!
Interface Loopback 0
Ip address 2.2.2.2 255.0.0.0
!
R3
Interface F 0/0
Ip address 192.1.20.3 255.255.255.0
No shut
!
145
Interface F 0/1
Ip address 192.1.30.3 255.255.255.0
No shut
!
Interface Loopback 0
Ip address 3.3.3.3 255.0.0.0
!
R4
Interface F 0/0
Ip address 192.1.40.4 255.255.255.0
No shut
!
Interface Loopback 0
Ip address 4.4.4.4 255.0.0.0
!
SW1
Interface Loopback 0
Ip address 15.15.15.15 255.0.0.0
!
Congure RIP v2 on all the Routers and the Layer 3 Switch. Advertise the
Loopback networks on the devices.
R1
Router Rip
Version 2
No auto-summary
Network 1.0.0.0
Network 192.1.10.0
!
R2
Router Rip
Version 2
No auto-summary
Network 2.0.0.0
Network 192.1.10.0
Network 192.1.20.0
!
R3
Router Rip
Version 2
No auto-summary
Network 3.0.0.0
Network 192.1.20.0
Network 192.1.30.0
!
146
R4
Router Rip
Version 2
No auto-summary
Network 4.0.0.0
Network 192.1.40.0
!
SW1
!
Router Rip
Version 2
No auto-summary
Network 15.0.0.0
Network 192.1.30.0
Network 192.1.40.0
!
147
Sw1
VLAN 50
!
SW2
Interface F
Switchport
Switchport
Switchport
Switchport
!
Interface F
Switchport
Switchport
Switchport
Switchport
!
0/3
mode access
access vlan 50
port-security
port-security mac xxxx.xxxx.xxxx
0/4
mode access
access vlan 50
port-security
port-security mac xxxx.xxxx.xxxx
Task 2
Congure F 0/5 F 0/8 in VLAN 50 on SW2. Enable Port Security for these ports such
that only 1 MAC address can be connected to them. You would like to learn the MAC
address dynamically.
SW2
Int range F 0/5 F 0/8
Switchport mode access
Switchport access vlan 50
Switchport port-security
Switchport port-security mac-address sticky
!
Task 3
Congure F 0/15 also in VLAN 50 on SW2. Enable Port security for these ports such that
5 MAC addresses can be connected to this port. The rst 2 MAC addresses that are
allowed to connect are 0001.1010.AB12 and 0001.1010.AB13. The remaining 3 can be
learned dynamically.
148
SW2
Int F 0/15
Switchport mode access
Switchport access vlan 50
Switchport port-security
Switchport port-security max 5
Switcport port-security mac-address 0001.1010.AB12
Switcport port-security mac-address 0001.1010.AB13
Switcport port-security mac-address sticky
!
149
Sw1
Interface range F0/1 - 6
Spanning-tree portfast
!
Output of command:
SW1
show spanning-tree interface F0/1 portfast
VLAN10 enabled
!
Explanation:
After a port on the switch has linked and joined the bridge group, STP runs on that port. A
port that runs STP can be in one of ve states:
blocking
listening
learning
forwarding
disabled
STP dictates that the port starts out blocking, and then immediately moves through the
listening and learning phases.
By default, the port spends approximately 15 seconds listening and 15 seconds learning.
During the listening state, the switch tries to determine where the port ts in the
spanning tree topology. The switch especially wants to know whether this port is part of a
physical loop. If the port is part of a loop, the port can be chosen to go into blocking mode.
The blocking state means that the port does not send or receive user data in order to
eliminate loops.
If the port is not part of a loop, the port proceeds to the learning state, in which the port
learns which MAC addresses live off this port. This entire STP initialization process takes
about 30 seconds.
150
If you connect a workstation or a server with a single NIC card or an IP phone to a switch
port, the connection cannot create a physical loop. These connections are considered
leaf nodes. There is no reason to make the workstation wait 30 seconds while the switch
checks for loops if the workstation cannot cause a loop.
Cisco added the PortFast or fast-start feature. With this feature, the STP for this port
assumes that the port is not part of a loop and immediately moves to the forwarding state
and does not go through the blocking, listening, or learning states. This command does
not turn STP off. This command makes STP skip a few initial steps (unnecessary steps, in
this circumstance) on the selected port.
NOTE:
Never use the PortFast feature on switch ports that connect to other switches, hubs, or
routers. These connections can cause physical loops, and spanning tree must go
through the full initialization procedure in these situations. A spanning tree loop can
bring your network down. If you turn on PortFast for a port that is part of a physical loop,
there can be a window of time when packets are continuously forwarded (and can even
multiply) in such a way that the network cannot recover.
At the global level, you enable BPDU guard on Port Fast-enabled NNIs by using the
spanning-tree portfast bpduguard default global conguration command. Spanning
tree shuts down NNIs that are in a Port Fast-operational state if any BPDU is received on
those NNIs.
In a valid conguration, Port Fast-enabled NNIs do not receive BPDUs. Receiving a BPDU
on a Port Fastenabled NNI signals an invalid conguration, such as the connection of an
unauthorized device,and the BPDU guard feature puts the interface in the errordisabled state.
At the interface level, you enable BPDU guard on any NNI by using the spanning-tree
bpduguard enable interface conguration command without also enabling the Port Fast
feature. When the NNI receives a BPDU, it is put in the error-disabled state.
151
Sw1
Spanning-tree portfast bpduguard
!
Errdisable recovery cause bpduguard
Errdisable recovery interval 240
!
Output of command:SW1
show errdisable recovery
ErrDisable Reason Timer Status
----------------- -------------udld Disabled
bpduguard Enabled
rootguard Disabled
pagp-ap Disabled
dtp-ap Disabled
link-ap Disabled
Timer interval: 240 seconds
Interfaces that will be enabled at the next timeout:
!
show spanning-tree summary
!
Root bridge for: VLAN1, VLAN10, VLAN13, VLAN16, VLAN19, VLAN20, VLAN30
PortFast BPDU Guard is enabled
UplinkFast is disabled
BackboneFast is disabled
!
152
Explanation:
Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled
port signals an invalid conguration, such as the connection of an unauthorized device,
and the BPDU guard feature puts the port in the error-disabled state.
The BPDU guard feature provides a secure response to invalid congurations because
you must manually put the port back in service. Use the BPDU guard feature in a serviceprovider network to prevent an access port
from participating in the spanning tree.
Use the spanning-tree portfast default global conguration command to globally
enable the Port Fast feature on all nontrunking ports. Congure Port Fast only on ports
that connect to end stations; otherwise, an accidental topology loop could cause a data
packet loop and disrupt switch and network operation. A Port Fast-enabled port moves
directly to the spanning-tree
forwarding state when linkup occurs without waiting for the standard forward-delay
time.
You can also congure bpduguard under an interface using the command spanningtree bpduguard.
153
154
Description
Show Flash
Tftpdnld
155
156
10.0.0.0/8
F0/0
PC
IP Address : 10.0.0.2
Subnet Mask : 255.0.0.0
Default Gateway : 10.0.0.1
157
158
159
160
161
162
Notes:
163
Notes:
164
Notes:
165
Notes:
166
Notes:
167
Notes:
168
Notes:
169
Notes:
170
Notes:
171
Notes:
172
Notes:
173