Professional Documents
Culture Documents
Catalyst Switch
Management Console
Internet cloud
Aux 0
Remote computer
Modem
Modem
3
II. Network Connection
a. To cascade same type of device use Cross-Over cable.
b. For HUB/SWICH to PC/ROUTER straight through cable is used & Crossover cable is used between PC Router & Hub Switch.
Host
Switch
Cross Over cable
HUB
Well name our Session My_Lab. The next screen requires us to configure
the COM port to which we are going to connect our Cisco Device.
On clicking OK, well see the below screen & we are ready to talk to
our CISCO Switch/Router !
IOS BASICS
Pressing the RETURN key takes us to the USER EXEC mode.
Switch con0 is now available
Press RETURN to get started.
Switch>
The > prompt denotes user exec mode. To move into Privilege mode, we
use the enable command.
Switch>enable
Switch#
Privilege mode is identified with the # symbol. configure terminal
command takes us into the global configuration mode where we can
configure global parameters like hostname etc for the entire device.
Switch#configure terminal
Switch(config)#
To get into any specific interface mode we have use the interface
command with relevant interface number. To configure parameters
specific to interface 1 of module 0, we issue the command as shown
below.
7
Switch(config)#interface fastethernet 0/1
Switch(config-if)#
This is the sequence with which we change modes in the forward
direction. Lets now move backwards now.
Switch(config-if)#exit
Switch(config)#
To go one step backward we have to use the command exit
Switch(config)#exit
Switch#
However, we must use the command disable to move from privilege to
user exec mode. If we use exit, itll log us out (and well again see
the first message
Switch con0 is now available
Press RETURN to get started)
Switch#disable
Switch>
To logout, we use the exit command again.
Switch>exit
Switch con0 is now available
Press RETURN to get started
NOTE : We can use ^Z to directly move backward 2 steps from interface
mode to privilege mode.
Config-if# ^Z
Switch#
Also note that we can use ? whenever we want to see the various
commands available in a particular mode or want to find out what
commands begin with a certain letter etc. This can be easily observed
in the below case.
Router#?
Exec commands:
access-enable
access-profile
access-template
archive
cd
<output omitted>
8
If we typed a wrong spelling & try to use help the output will display
as Unrecognized command. The same message is displayed even if we try
to use help when no further arguments are possible (or wrong arguments
used). Look at the below examples...
Router#show router ?
% unrecognized command
Router#show ip a
% Ambiguous command:
Router#show ?
access-expression
access-lists
accounting
aliases
arp
<output omitted>
"show ip a"
List access expression
List access lists
Accounting data for active sessions
Display alias commands
ARP table
9
CTRL-W
CTRL-Z
TAB
10
Switching Labs
11
General Experiments with Basic Switch Commands
Assume we are on a Switch console and the switchs ready we see the
below message
Switch con0 is now available
Press RETURN to get started.
(press the return key)
Switch> this is our user exec mode
To get into privilege mode use the command enable
Switch>enable
Switch# The prompt has changed from > to #. if you see # after
the hostname you are in Privilege mode
To get back from privilege mode to user exec mode use the command
disable
Switch#disable
Switch>
To get into global configuration mode use the following commands
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# This prompt indicates global configuration mode
To get into specific interface mode use the following commands
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.
Switch(config)#interface Fastethernet 0/1
Switch(config-if)#
12
Current configuration : 130 bytes
!
interface FastEthernet0/1
description Host1
no ip address
end
(irrelevant output omitted)
Lets see some more basic show commands. (All show commands work only
in privilege mode)
To view details of interfaces/particular interface use
show interfaces (or) show interfaces <interface type interface id>
e.g.
Switch#show interfaces Fa 0/1
FastEthernet0/1 is down, line protocol is down
Hardware is FastEthernet,address is 000d.ed5b.49c1(bia 000d.ed5b.49c1)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
<output omitted>
We can also observe that its sufficient to use the first few letters
of the keyword Fastethernet once these letters identify the unique
command, the balance letters neednt be typed !
Switch#show interface vlan 1
Vlan1 is administratively down, line protocol is down
Hardware is CPUInterface,address is 000d.ed5b.49c0(bia 000d.ed5b.49c0)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
<output omitted>
Switch#Show spanning-tree
No spanning tree instances exist.
Following is the command to see the current device configuration which
is in the RAM.
Switch#show running-config
Building configuration...
Current configuration : 866 by
version 12.1
!
hostname Switch
!
interface FastEthernet0/1
description Host1
no ip address
<output omitted>
!
interface FastEthernet0/12
no ip address
!
interface Vlan1
no ip address
no ip route-cache
13
shutdown
!
line con 0
line vty 5 15
!
End
Switch#Show startup-config
Building configuration...
Current configuration : 866 bytes
!
version 12.1
!
hostname Switch
!
!
interface FastEthernet0/1
description Host1
no ip address
!
!
interface FastEthernet0/12
no ip address
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
line con 0
line vty 5 15
!
end
Another interesting command to view the connectivity status of various
interfaces is show interface status
Switch#show interface status
Port
Fa0/1
Fa0/2
Fa0/3
Fa0/4
Fa0/5
Fa0/6
Fa0/7
Fa0/8
Fa0/9
Fa0/10
Fa0/11
Fa0/12
Name
Host1
Status
connected
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
Vlan
1
1
1
1
1
1
1
1
1
1
1
1
Duplex
a-half
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
Speed
a-10
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
Type
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
Now, lets see the content of the mac-address-table of our switch after disconnecting all connected computers (no devices connected to
any interface of the switch) using the show mac-address-table
command
14
Switch#show mac-address-table
Mac Address Table
-----------------------------------------Vlan
Mac Address
Type
Ports
--------------------No entries are seen! Lets connect a host (computer) to port no. 1 and
generate some traffic from it.
As soon as we connect the host to the switch in the port 1 the
following message can be observed on the screen
02:18:06:%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
02:18:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/1, changed state to up
To generate traffic (for the switch to learn from source address of
frame) well ping from the host to some IP address & then execute the
show mac-address-table command again.
Switch2950#sh mac-address-table
Mac Address Table
-----------------------------------------Vlan
Mac Address
Type
Ports
--------------------1
0040.33a0.4bc7
Dynamic
Fa0/1
Total Mac Addresses for this criterion: 1
The above table reveals the mac address of the host connected to
interface fa0/1. It also reveals that this is a dynamically learnt
entry.
If 2 switches are interconnected directly to each other (cascading)
lets see what happens. We shall use this simple diagram for better
understanding.
F0/12
F0/12
Switch A
F0/1
0000.0000.0002
Switch B
F0/2
0000.0000.0001
F0/1
0000.0000.000A
F0/2
0000.0000.000B
15
Now we see Switch As mac address table as below
SwitchA#sh mac-address-table
Mac Address Table
-----------------------------------------Vlan
Mac Address
Type
Ports
--------------------1
0000.0000.0002
Dynamic
Fa0/1
1
0000.0000.0001
Dynamic
Fa0/2
1
0000.0000.000A
Dynamic
Fa0/12
1
0000.0000.000B
Dynamic
Fa0/12
1
0000.0000.00B1
Dynamic
Fa0/12
1
0000.0000.00B2
Dynamic
Fa0/12
Total Mac Addresses for this criterion: 6
We observe that this switch reveals the cascaded switch Bs connected
host mac addresses and switch Bs Base Mac address (0000.0000.00B1) &
switch Bs cascade interface Fa0/12 Mac address (0000.0000.00B2) also.
A similar output would be seen for switch Bs mac table (shown below).
The base Mac Address is common for the entire switch while every
interface of the switch has a unique Mac address of its own also.
SwitchB#sh mac-address-table
Mac Address Table
-----------------------------------------Vlan
Mac Address
Type
Ports
--------------------1
0000.0000.000A
Dynamic
Fa0/1
1
0000.0000.000B
Dynamic
Fa0/2
1
0000.0000.0001
Dynamic
Fa0/12
1
0000.0000.0002
Dynamic
Fa0/12
1
0000.0000.00A1
Dynamic
Fa0/12
1
0000.0000.00A2
Dynamic
Fa0/12
Total Mac Addresses for this criterion: 4
Lets see what show interface status command reveals
SwitchA#show interface status
Port
Name
Status
<output omitted>
Fa0/9
notconnect
Fa0/10
notconnect
Fa0/11
notconnect
Fa0/12
Trunk
SwitchB#show interface status
Port
Name
Status
<output omitted>
Fa0/9
notconnect
Fa0/10
notconnect
Fa0/11
notconnect
Fa0/12
Trunk
Vlan
1
1
1
1
Vlan
1
1
1
1
Duplex
auto
auto
auto
auto
Duplex
auto
auto
auto
auto
Speed Type
auto
auto
auto
auto
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
Speed Type
auto
auto
auto
auto
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
16
Switch#show version
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 24-Nov-02 23:31 by antonino
Image text-base: 0x80010000, data-base: 0x80562000
ROM: Bootstrap program is CALHOUN boot loader
Switch uptime is 4 hours, 33 minutes
System returned to ROM by power-on
System image file is "flash:/c2950-i6q4l2-mz.121-12c.EA1.bin"
cisco WS-C2950-12 (RC32300) processor (revision K0) with 21002K bytes
of memory.
Processor board ID FOC0739W1K0
Last reset from system-reset
Running Standard Image
12 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0D:ED:5B:49:C0
Motherboard assembly number: 73-5782-12
Power supply part number: 34-0965-01
Motherboard serial number: FOC07391MM3
Power supply serial number: PHI073402LD
Model revision number: K0
Motherboard revision number: A0
Model number: WS-C2950-12
System serial number: FOC0739W1K0
Configuration register is 0xF
To save our current configuration from RAM to NVRAM (startup
configuration) we use the command copy running-configuration startupconfiguration (Alternately the write command may also be used)
Switch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
If we want to restart the switch use the following command
Switch#Reload (used to warm boot the switch)
To clear all the contents of the mac table, use the below command (this
will remove only dynamic entries. Static/Permanent entries will not be
removed).
Switch#clear mac-address-table *
To delete the startup configuration, use
Switch#erase startup-config
To change our switch name to Switch2950
17
Switch(config)#hostname Switch2950
Switch2950(config)#
To configure secret (encrypted) password for privilege mode (password
is set as cisco1 in the below example)
Switch2950(config)#enable secret cisco1
After configuring the secret password let see the output in show
running-config command
Switch2950#show run
Building configuration...
Current configuration : 939 bytes
<output omitted>
hostname Switch2950
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/ (this is how the
encrypted password is seen)
!
<output omitted>
End
To configure enable password for privilege mode
Switch2950(config)#enable password cisco (to configure enable password
for privilege mode)
Switch2950#sh run
Building configuration...
Current configuration : 939 bytes
<output omitted>
hostname Switch2950
!
enable password cisco (our password is in clear text which is in
readable format)
!
<output omitted>
end
To configure the console password, the following is the sequence.
Switch2950(config)#line console 0
Switch2950(config-line)#login
% Login disabled on line 0, until 'password' is set
Switch2950(config-line)#password cisco
show running-config reveals
Switch#show running-config
!
line con 0
password cisco
login
!
<Out put omitted>
18
If we restart / relogin into the switch, it asks for the password in
the beginning itself
Switch2950 con0 is now available
Press RETURN to get started.
User Access Verification
Password: (here we have to supply the console 0 password to get into
user exec mode)
Lets observe the whole running-config output
Switch# show running-config
Building configuration...
Current configuration : 1154 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/
enable password cisco
!
ip subnet-zero
!
!
interface FastEthernet0/1
description Host1
no ip address
!
interface FastEthernet0/2
no ip address
!
interface FastEthernet0/3
no ip address
!
interface FastEthernet0/4
no ip address
!
interface FastEthernet0/5
no ip address
!
interface FastEthernet0/6
no ip address
!
interface FastEthernet0/7
no ip address
!
interface FastEthernet0/8
19
no ip address
!
interface FastEthernet0/9
no ip address
!
interface FastEthernet0/10
no ip address
!
interface FastEthernet0/11
no ip address
!
interface FastEthernet0/12
!
interface Vlan1
no ip address
shutdown
!
ip http server
!
!
line con 0
password cisco
login
line vty 0 4
line vty 5 15
!
End
Note: if both secret and enable passwords exist, only secret will be
used to get into privilege mode.
Lets say we have some remote administrators wholl logon into this
switch remotely. (They can do so because Cisco switches run terminal
services). However, setting the vty password is a must for telnet
access & this is how we do it.
Lets start configuring the VTY sessions
Switch2950(config)#line vty 0 15
Switch2950(config-line)#login
% Login disabled on line 1, until 'password' is set
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
% Login disabled on line 6, until 'password' is set
% Login disabled on line 7, until 'password' is set
% Login disabled on line 8, until 'password' is set
% Login disabled on line 9, until 'password' is set
% Login disabled on line 10, until 'password' is set
% Login disabled on line 11, until 'password' is set
% Login disabled on line 12, until 'password' is set
% Login disabled on line 13, until 'password' is set
% Login disabled on line 14, until 'password' is set
% Login disabled on line 15, until 'password' is set
% Login disabled on line 16, until 'password' is set
20
This reveals that 16 simultaneous telnet sessions are possible! we have
to configure the password to enable all these 16 sessions
Switch2950(config-line)#password cisco
Switch2950(config-line)#
This config alone is not sufficient for telnetting. We need to define
an IP address to the switch and only then telnet is possible. Where do
we configure an IP address in the switch ?
Switch2950>enable
Switch2950#configure terminal
Switch2950(config)#interface vlan 1
Switch2950(config-if)#ip address 1.1.1.1 255.0.0.0 (this is the command
to configure ip address for an interface).
So, we configure the IP address to VLAN1 (well learn more about vlan
later).
Switch2950(config-if)#no shutdown (after assigning the ip address we
have enable the interface using the NO SHUTDOWN command). We will be
able to see the below message.
01:33:27: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
01:33:29: %LINK-3-UPDOWN: Interface Vlan1, Line Protocol changed state
to up
Lets now see how we can control the speed & Duplex operation of the
switch
Switch2950(config)#interface fastethernet 0/1
Switch2950(config-if)#duplex half
Note : Duplex will not be set until speed is set to non-auto value
Switch2950(config-if)#speed 10
Switch2950(config-if)#duplex half
Now check the out put in show interface status command
Switch#show interface status
Port
Fa0/1
Fa0/2
Fa0/3
Fa0/4
Fa0/5
Fa0/6
Fa0/7
Fa0/8
Fa0/9
Fa0/10
Fa0/11
Fa0/12
Name
Host1
Status
connected
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
notconnect
Vlan
1
1
1
1
1
1
1
1
1
1
1
1
Duplex
half
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
Speed
10
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
Type
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
21
Had the switch auto negotiated, the output would have been
Port
Name
Status
Vlan
Duplex Speed
Fa0/1
Host1
connected
1
a-half
a-10
Fa0/2
notconnect
1
auto
auto
Fa0/3
notconnect
1
auto
auto
Fa0/4
notconnect
1
auto
auto
Fa0/5
notconnect
1
auto
auto
Fa0/6
notconnect
1
auto
auto
Fa0/7
notconnect
1
auto
auto
Fa0/8
notconnect
1
auto
auto
Fa0/9
notconnect
1
auto
auto
Fa0/10
notconnect
1
auto
auto
Fa0/11
notconnect
1
auto
auto
Fa0/12
notconnect
1
auto
auto
Type
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
a-half
a-10 means auto negotiated with connected device to half
duplex & 10 Mbps.
PORT SECURITY : Lets now learn how switch interfaces can be configured
to allow connectivity only for pre-defined hosts (based on their MacAddresses). This is done on a per interface basis.
Before configuring port security for the interfaces, lets see the
output of show port-security command
Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count)
(Count)
(Count)
--------------------------------------------------------------------------------------------------------------------------------------------Total Addresses in System : 0
Max Addresses limit in System : 1024
Now lets configure port security for interface Fa 0/1 only system
with mac id 0000.0000.a111 should be allowed connectivity any other
device connection to this interface should result in the interface
shutting down.
Manual port security
Switch2950(config)#interface fastethernet 0/1
Switch2950(config-if)#switchport mode access
Switch2950(config-if)#switchport port-security
Switch2950(config-if)#switchport port-security mac-address
0000.0000.A111
See the output in show running-config & show port-security
Switch2950#sh run
Building configuration...
Current configuration : 1089 bytes
!
hostname Switch2950
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/
enable password cisco
!
!
22
interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.A111
no ip address
duplex half
speed 10
<output omitted>
Switch2950#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count)
(Count)
(Count)
----------------------------------------------------------------------Fa0/1
1
1
0
Shutdown
----------------------------------------------------------------------Total Addresses in System : 0
Max Addresses limit in System : 1024
We can also ask the switch to auto-learn the mac address of the
connected host using the keyword sticky
Switch2950(config)#interface fastethernet 0/2
Switch2950(config-if)#switchport mode access
Switch2950(config-if)#switchport port-security
Switch2950(config-if)#switchport port-security mac-address sticky
After configuring sticky if any traffic comes to the interface
fastethernet 0/2 of the switch will learn the mac-address and secure
it.
Switch2950#show running-config
Building configuration...
Current configuration : 1089 bytes
!
hostname Switch2950
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/
enable password cisco
!
!
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address 0000.0000.A112
no ip address
<output ommitted>
Switch2950#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count)
(Count)
(Count)
----------------------------------------------------------------------Fa0/1
1
1
0
Shutdown
Fa0/2
1
1
0
Shutdown
----------------------------------------------------------------------Total Addresses in System : 0
Max Addresses limit in System : 1024
23
By default, only one mac-address will be locked to the interface this
can be changed as demonstrated below.
Increasing the maximum count of mac-address secured for the interface
Switch2950(config)#interface fastethernet 0/3
Switch2950(config-if)#switchport mode access
Switch2950(config-if)#switchport port-security
Switch2950(config-if)#switchport port-security maximum
4 <0-132>
Switch2950#sh run
Building configuration...
Current configuration : 1089 bytes
!
hostname Switch2950
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/
enable password cisco
!
interface FastEthernet0/3
switchport mode access
switchport port-security
switchport port-security maximum 4
no ip address
<output omitted>
Switch2950#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count)
(Count)
(Count)
----------------------------------------------------------------------Fa0/1
1
1
0
Shutdown
Fa0/2
1
1
0
Shutdown
Fa0/3
4
0
0
Shutdown
----------------------------------------------------------------------Total Addresses in System : 0
Max Addresses limit in System : 1024
The security action is shutdown by default & we can change this among
one of 3 modes.
Shutdown (default) - if violation happens interface will shutdown
automatically
Protect (dont log) - if violation happens interface wont shutdown,
wont allow for communication, wont log any error
Restrict (do log) - if violation happens interface wont shutdown but
no communication will be allowed & an alert would be sent / SNMP trap
sent.
The configuration may be done as shown below.
Switch2950(config)#interface fastethernet 0/4
Switch2950(config-if)#switchport mode access
Switch2950(config-if)#switchport port-security
Switch2950(config-if)#switchport port-security violation shutdown /
protect / restrict
If we chose protect
24
Switch2950#sh run
Building configuration...
Current configuration : 1089 bytes
!
hostname Switch2950
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/
enable password cisco
!
interface FastEthernet0/4
switchport mode access
switchport port-security
switchport port-security violation protect
switchport port-security mac-address 0000.0000.A131
no ip address
<output omitted>
Switch2950#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count)
(Count)
(Count)
----------------------------------------------------------------------Fa0/1
1
1
0
Shutdown
Fa0/2
1
1
0
Shutdown
Fa0/3
4
0
0
Shutdown
Fa0/4
1
0
0
Protect
----------------------------------------------------------------------Total Addresses in System : 0
Max Addresses limit in System : 1024
F0/11
Switch A
Switch B
1000.0000.000A
0000.0000.000A
Priority
32769 (priority 32768 sys-id-ext 1)
Address
0000.0000.000A
Hello Time
2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
25
Interface
Port ID
Designated
Port ID
Name
Prio.Nbr
Cost Sts
Cost Bridge ID
Prio.Nbr
------------ -------- --------- --- ------ -------------------------Fa0/11
128.1
100 FWD
0 32769 1000.0000.000A 128.1
SwitchA#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Priority
32769
Address
0000.0000.000A
This bridge is the root
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
32769 (priority 32768 sys-id-ext 1)
Address
1000.0000.000A
Hello Time
2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface
Port ID
Designated
Port ID
Name
Prio.Nbr
Cost Sts
Cost Bridge ID
Prio.Nbr
----------- -------- --------- --- --------- -------------------- ----Fa0/11
128.1
100 FWD
0 32769 0000.0000.000A 128.1
The next major topic we would like to see is VLAN.
The output of show vlan command when no vlans are configured is
Switch2950#show vlan
VLAN Name
Status
Ports
---- ------------------------ --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
1002 fddi-default
active
1003 token-ring-default
active
1004 fddinet-default
active
1005 trnet-default
active
VLAN
---1
1002
1003
1004
1005
Type
----enet
fddi
tr
fdnet
trnet
SAID
-----100001
101002
101003
101004
101005
26
Creating vlan using vlan database method
Switch2950#vlan database
Switch2950(vlan)#vlan 2 name CCNA creating VLAN with id 2 & name CCNA
VLAN 2 added:
Name: CCNA
Switch2950(vlan)#apply to save the configuration
APPLY completed.
Switch2950(vlan)#exit implicit save & exit
APPLY completed.
Exiting....
Using ^Z will not save the config & we will also exit from vlan
database.
After Vlan is created see the output of show vlan command
Switch2950#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
2
CCNA
active
1002 fddi-default
active
1003 token-ring-default
active
1004 fddinet-default
active
1005 trnet-default
active
<output omitted>
You are seeing the output from show run command after assigning the
membership for the interface 4
Switch2950#show run
Building configuration...
27
!
Current configuration : 98 bytes
!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
no ip address
end
Lets repeat the above using the second method - Creating vlan using
global configuration mode
Switch2950#configure terminal
Switch2950(config)#vlan 3
Switch2950(config-vlan)#name CCNP
Switch2950(config-vlan)#exit
Output of show vlan command after creating vlan 3 in global
configuration mode
Switch2950#sh vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12
2
CCNA
active
Fa0/4
3
CCNP
active
1002 fddi-default
active
1003 token-ring-default
active
1004 fddinet-default
active
1005 trnet-default
active
We can see that the outcome is the same wherever we create the VLAN
from.
If we wanted to know the VTP Domain name, version used, VTP switch
mode, we use the command show vtp status
Switch2950#show vtp status
VTP Version
Configuration Revision
Maximum VLANs supported locally
Number of existing VLANs
VTP Operating Mode
VTP Domain Name
VTP Pruning Mode
VTP V2 Mode
VTP Traps Generation
:
:
:
:
:
:
:
:
:
2
1
64
6
Server
Null
Disabled
Disabled
Disabled
28
Switch2950(config)#vtp mode Server / Client / Transparent
Switch2950#show vtp status
VTP Version
Configuration Revision
Maximum VLANs supported locally
Number of existing VLANs
VTP Operating Mode
VTP Domain Name
VTP Pruning Mode
VTP V2 Mode
VTP Traps Generation
:
:
:
:
:
:
:
:
:
2
1
64
6
Client
Null
Disabled
Disabled
Disabled
Now we are going to change vtp domain name from Null to Cisco using
vlan database method
Switch2950#vlan database
Switch2950(vlan)#vtp domain Cisco
Changing VTP domain name from Null to Cisco
Switch2950(vlan)#exit
APPLY completed.
Exiting....
Same task using global configuration mode
Switch2950#configure terminal
Switch(config)#vtp domain Cisco
Changing VTP domain name from Null to Cisco
Switch2950#show vtp status
VTP Version
Configuration Revision
Maximum VLANs supported locally
Number of existing VLANs
VTP Operating Mode
VTP Domain Name
VTP Pruning Mode
VTP V2 Mode
VTP Traps Generation
:
:
:
:
:
:
:
:
:
2
0
64
6
Server
Cisco
Disabled
Disabled
Disabled
29
Lets see how mac address table reflects the vlan configuration in the
below case.
F0/12
F0/12
Switch A
F0/1
0000.0000.0002
Switch B
F0/2
0000.0000.0001
F0/1
0000.0000.000A
F0/2
0000.0000.000B
Vlan 1
Vlan 2
Switch A & Bs mac address table & interface status reveal SwitchA#sh mac-address-table
Mac Address Table
-----------------------------------------Vlan
Mac Address
Type
Ports
--------------------1
0000.0000.0002
Dynamic
Fa0/1
2
0000.0000.0001
Dynamic
Fa0/2
1
0000.0000.000A
Dynamic
Fa0/12
2
0000.0000.000B
Dynamic
Fa0/12
<other entries omitted>
SwitchB#sh mac-address-table
Mac Address Table
-----------------------------------------Vlan
Mac Address
Type
Ports
--------------------1
0000.0000.000A
Dynamic
Fa0/1
2
0000.0000.000B
Dynamic
Fa0/2
1
0000.0000.0001
Dynamic
Fa0/12
1
0000.0000.0002
Dynamic
Fa0/12
<other entries omitted>
30
SwitchA#show interface status
Port
Name
Status
Fa0/1
connected
Fa0/2
connected
Fa0/3
notconnect
Fa0/4
notconnect
Fa0/5
notconnect
Fa0/6
notconnect
Fa0/7
notconnect
Fa0/8
notconnect
Fa0/9
notconnect
Fa0/10
notconnect
Fa0/11
notconnect
Fa0/12
Trunk
Vlan
1
2
1
1
1
1
1
1
1
1
1
1
Duplex
full
full
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
Speed
100
100
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
Type
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
Vlan
1
2
1
1
1
1
1
1
1
1
1
1
Duplex
full
full
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
Speed
100
100
auto
auto
auto
auto
auto
auto
auto
auto
auto
auto
Type
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
31
1
0000.0000.0002
Dynamic
Fa0/12
32
Routing
33
Static Routes
There are actually two ways that a router can learn a static route.
First, a router will look at its active interfaces, examine the
addresses configured on the interfaces and determine the corresponding
network numbers, and populate the routing table with this information.
This is commonly called a connected route.
The following example shows the routing table of a Router whose
Ethernet 0 interface has been configured with an IP Address 10.0.0.1 &
Serial 0 with 192.168.1.1. To view the Routing table, use the command
show ip route
Router_1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
C
C
34
192.168.1.2
S1
172.16.0.1
S0
172.16.0.2
S1
R2
E0
10.0.0.1
R3
E0
20.0.0.1
E0
30.0.0.1
or
(ii)The routers specific exit interface to reach a destination
network. (Use this method if it is a point-to-point link only). In this
instance, you must specify the name of the interface on the router,
like serial0.
Here below is the configuration
neighbors IP address.
R1#sh run
Building configuration...
Current configuration : 908 bytes
version 12.2
(irrelevant output omitted)
of
Router
R1
with
the
next
hop
35
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
!
interface Serial0
ip address 192.168.1.1 255.255.255.0
no fair-queue
clockrate 64000
!
ip route 20.0.0.0 255.0.0.0 192.168.1.2
ip route 30.0.0.0 255.0.0.0 192.168.1.2
ip route 172.16.0.0 255.255.0.0 192.168.1.2
ip http server
!
line con 0
transport input none
line aux 0
!
end
The following shows the routing table of a Router (R1 the leftmost
Router) with Static Routes configured.
R1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
S
S
C
C
S
36
Here below is the configuration of Router R2 with the exit interface
configuration.
R2#sh run
Building configuration...
Current configuration : 654 bytes
(irrelevant output omitted)
!
interface Ethernet0
ip address 20.0.0.1 255.0.0.0
!
interface Serial0
ip address 172.16.0.1 255.255.0.0
clockrate 64000
!
interface Serial1
ip address 192.168.1.2 255.255.255.0
!
no ip http server
ip classless
ip route 10.0.0.0 255.0.0.0 Serial1
ip route 30.0.0.0 255.0.0.0 172.16.0.2
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
!
end
The following table shows the routing table of R2
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2 ia - IS-IS inter area, * - candidate default, U - peruser static route o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C
C
S
C
S
In this example, there are three connected routes, and two static
routes. The static route (10.0.0.0) is treated as a directly connected
route, since it was created by specifying the interface to exit the
router SERIAL1.
37
BACKUP ROUTE
While configuring static route, optionally you can change the
administrative distance of a static route. If you omit this value, it
will have one of two defaults, depending on the configuration of the
previous parameter. If you specified the next hop neighbors IP
address, then the administrative distance defaults to 1. If you
specified the interface on the router it should use to reach the
destination, the router treats the route as a connected route and
assigns an administrative distance of 0 to it.
Please note that you can create multiple static routes to the same
destination. For instance, you might have primary and backup paths to
the destination. For the primary path, use the default administrative
distance value. For the backup path, use a number higher than this,
such as 2. Once you have configured a backup path, the router will use
the primary path, and if the interface on the router fails for the
primary path, the router will use the backup route.
The configuration of Router R3 with the interface the router should
exit to reach the destination network with a administrative distance
value of 2 and also with the next hop neighbors IP address pointing to
Router R2.
192.168.1.1
S0
R1
E0
10.0.0.1
192.168.1.2
S1
S0
172.16.0.1
R2
E0
20.0.0.1
R3#sh run
Building configuration...
Current configuration : 725 bytes
!
version 12.2
!
enable password cisco
(irrelevant output omitted)
!
interface Ethernet0
ip address 30.0.0.1 255.0.0.0
duplex auto
speed auto
!
interface Serial0
ip address 172.16.0.2 255.255.0.0
!
interface Serial1
ip address 200.0.0.2 255.255.255.0
S1
200.0.0.1
172.16.0.2
S1
R3
S0
200.0.0.2
E0
30.0.0.1
38
!
ip route 20.0.0.0 255.0.0.0 172.16.0.1
ip route 20.0.0.0 255.0.0.0 Serial0 2
ip http server
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
!
end
The following example shows the routing table of R3
R3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
S
C
C
C
Mark here that even though we have configured 20.0.0.0 network with the
outgoing interface Serial0 , it has not been populated in the routing
table because of higher Administrative Distance number.
172.16.0.1
S0
R2
E0
20.0.0.1
172.16.0.2
S1
R3
E0
30.0.0.1
39
how to reach the destination. Sometimes this is also referred to as a
gateway of last resort.
Note that if a router does not have any path in its routing table
telling it how to reach a destination, and the router receives a packet
destined for this network, the router will drop the packet. Therefore,
a default route can serve as a catch-all: if there is no specific path
to the destination, the router will use the default route to reach it.
To set up a default route, use the following syntax for a static route:
Router(config)#ip route 0.0.0.0 0.0.0.0 IP_address_of_next_hop_neighbor
-orRouter(config)# ip route 0.0.0.0 0.0.0.0 interface_to_exit
The network number of 0.0.0.0/0 represents all networks, and a mask of
all 0s in the bit position represents all hosts in the specified
network.
The configuration of Router R3 with a default route is shown below.
R3#sh run
Building configuration...
(irrelevant output omitted)
interface Ethernet0
ip address 30.0.0.1 255.0.0.0
duplex auto
speed auto
!
interface Serial1
ip address 172.16.0.2 255.255.0.0
!
ip route 0.0.0.0 0.0.0.0 Serial1
line con 0
!
end
The following table shows the routing table of R3
R3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is Serial0 to network 0.0.0.0
C
C
S*
40
RIP
We shall have a simple setup to learn how RIP routing is enabled and
also try to find out what happens dynamically when a network change
occurs.
In this exercise, to emulate connected networks, well create virtual
interfaces called loopback interfaces. Well identify and configure
clockrate on DCE interfaces. Well verify our IP configuration using
the show ip interface brief command & finally enable RIP routing
protocol.
1.1.1.1
L0
Router1
11.0.0.1
11
Serial 1
3.3.3.3
L0
11.0.0.2
2
Serial 0
Router3
41
buffer size 1524 HD unit 0, V.35 DCE cable
cpb = 0xE2, eda = 0x2940, cda = 0x2800
RX ring with 16 entries at 0xE22800
00 bd_ptr=0x2800 pak=0x2AD158 ds=0xE2C60C status=80
01 bd_ptr=0x2814 pak=0x2ACEA8 ds=0xE2BF50 status=80
02 bd_ptr=0x2828 pak=0x2ACBF8 ds=0xE2B894 status=80
03 bd_ptr=0x283C pak=0x2AC948 ds=0xE2B1D8 status=80
04 bd_ptr=0x2850 pak=0x2AC698 ds=0xE2AB1C status=80
pak_size=0
pak_size=0
pak_size=0
pak_size=0
pak_size=0
<output omitted>
The above reveals that Router3s serial interface is the DCE end &
implies that we need to configure the clockrate on Router3s S0
interface using the clock rate <value> command.
Router3(Config-if)#clock rate 64000
We can also view the enabled ROUTED PROTOCOL using show protocols
command.
(This reveals that IP is enabled).
Rotuer3#show protocols
Global values:
Internet Protocol routing is enabled
Ethernet0 is administratively down, line protocol is down
Ethernet1 is administratively down, line protocol is down
Loopback0 is up, line protocol is up
Internet address is 3.3.3.3/8
Serial0 is up, line protocol is up
Internet address is 11.0.0.2/8
Serial1 is administratively down, line protocol is down
When no routing protocol is configured, the Routing table displays
directly connected routes only (after configuring serial interface ip
address also).
Router3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area * - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C
C
IP-Address
Protocol
42
Ethernet0
Loopback0
Serial0
Serial1
unassigned
1.1.1.1
unassigned
11.0.0.1
YES
YES
YES
YES
NVRAM
manual
NVRAM
manual
43
no ip address
shutdown
!
interface Ethernet1
no ip address
shutdown
!
interface Serial0
ip address 11.0.0.2 255.0.0.0
clockrate 64000 <DCE interface>
!
interface Serial1
no ip address
shutdown
!
router rip
network 3.0.0.0
network 11.0.0.0
!
ip kerberos source-interface any
ip classless
ip http server
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end
similarly in Router1,
Router1(config)#router rip
Router1(config-router)#network 1.0.0.0
Router1(config-router)#network 11.0.0.0
Router1(config-router)#end
Router1#show running-config
Building configuration...
hostname Router1
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
no ip address
shutdown
!
interface Serial1
ip address 11.0.0.1 255.0.0.0
44
!
router rip
network 1.0.0.0
network 11.0.0.0
!
end
<output omitted>
We are clearly able to see the configuration changes in the runningconfig of both the routers. If we view Router1's routing table, well
be able to see what routes have been learnt through RIP.
Router1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP,
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
E1 - OSPF external type 1, E2 - OSPF external type 2, E
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia area* - candidate default, U - per-user static route, o
P - periodic downloaded static route
M - mobile, B
inter area
type 2
- EGP
IS-IS inter
- ODR
45
This will display routing protocol details along with certain
parameters like timers, default AD value, routed networks, RIP version
etc
Router3#sh ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 2 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface
Send Recv Triggered RIP Key-chain
Loopback0
1
1 2
Serial0
1
1 2
Automatic network summarization is in effect
Routing for Networks:
3.0.0.0
11.0.0.0
Routing Information Sources:
Gateway
Distance
Last Update
11.0.0.1
120
00:00:17
Distance: (default is 120)
Router1#sh ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 24 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
(Displays various timer values)
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
(Configured RIP Version is 1)
Interface
Send Recv Triggered RIP Key-chain
Loopback0
1
1 2
Serial1
1
1 2
Automatic network summarization is in effect
Routing for Networks: (Displays networks published)
1.0.0.0
11.0.0.0
Routing Information Sources:
Gateway
Distance
Last Update
11.0.0.2
120
00:00:16
Distance: (default is 120) (Displays default AD value)
To view what information is exchanged between routers running RIP,
let's debug the RIP's operation using debug ip rip command
Rotuer3#debug ip rip
RIP protocol debugging is on
Rotuer3#
01:05:49: RIP: received v1 update from 11.0.0.1 on Serial0
(V1 represents version 1)
01:05:49:
1.0.0.0 in 1 hops
(This is what is received from router1)
01:05:59: RIP: sending v1 update to 255.255.255.255 via Loopback0 (3.3.3.3)
(Broadcast update sent)
01:05:59: RIP: build update entries
46
01:05:59:
network 1.0.0.0 metric 2 (metric refers to hop count)
01:05:59:
network 11.0.0.0 metric 1
01:05:59: RIP: sending v1 update to 255.255.255.255 via Serial0 (11.0.0.2)
01:05:59: RIP: build update entries
01:05:59:
network 3.0.0.0 metric 1
01:06:18: RIP: received v1 update from 11.0.0.1 on Serial0
(30 sec periodic update)
01:06:18:
1.0.0.0 in 1 hops
01:06:27: RIP: sending v1 update to 255.255.255.255 via Loopback0 (3.3.3.3)
01:06:27: RIP: build update entries
01:06:27:
network 1.0.0.0 metric 2
01:06:27:
network 11.0.0.0 metric 1
01:06:27: RIP: sending v1 update to 255.255.255.255 via Serial0 (11.0.0.2)
01:06:27: RIP: build update entries
01:06:27:
network 3.0.0.0 metric 1
Rotuer3#undebug all (to switch off all debugging)
Observe that full routing table is not sent as updates in all directions
because of split horizon rule. Lets see how similar the debug output is in
router1
Router1#debug ip rip
RIP protocol debugging is on
Router1#
01:07:50: RIP: received v1 update from 11.0.0.2 on Serial1
01:07:50:
3.0.0.0 in 1 hops
01:08:05: RIP: sending v1 update to 255.255.255.255 via Loopback0 (1.1.1.1)
01:08:05: RIP: build update entries
01:08:05:
network 3.0.0.0 metric 2
01:08:05:
network 11.0.0.0 metric 1
01:08:05: RIP: sending v1 update to 255.255.255.255 via Serial1 (11.0.0.1)
01:08:05: RIP: build update entries
01:08:05:
network 1.0.0.0 metric 1
01:08:18: RIP: received v1 update from 11.0.0.2 on Serial1
01:08:18:
3.0.0.0 in 1 hops
01:08:33: RIP: sending v1 update to 255.255.255.255 via Loopback0 (1.1.1.1)
01:08:33: RIP: build update entries
01:08:33:
network 3.0.0.0 metric 2
01:08:33:
network 11.0.0.0 metric 1
01:08:33: RIP: sending v1 update to 255.255.255.255 via Serial1 (11.0.0.1)
01:08:33: RIP: build update entries
01:08:33:
network 1.0.0.0 metric 1
Rotuer1#undebug all
1.1.1.1
L0
3.3.3.3
11.0.0.1
Router1
Serial 1
Router1(config)#int loopback 0
Router1(config-if)#shut
L0
11.0.0.2
Serial 0
Router3
47
Router1(config-if)#
01:21:17: %LINK-5-CHANGED:
administratively down
Interface
Loopback0,
changed
state
to
Router1#debug ip rip
RIP protocol debugging is on
01:21:17: RIP: sending v1 flash update to 255.255.255.255 via Serial1
(11.0.0.1) (this indicates a Triggered Update)
01:21:17: RIP: build flash update entries
01:21:17:
network 1.0.0.0 metric 16
(metric 16 means infinity for RIP route poisoning)
01:21:19: RIP: received v1 update from 11.0.0.2 on Serial1
01:21:19:
1.0.0.0 in 16 hops (inaccessible)
(inaccessible implies that Poison-Reverse message is received from Router3)
01:21:22: RIP: sending v1 update to 255.255.255.255 via Serial1 (11.0.0.1)
01:21:22: RIP: build update entries
01:21:22:
network 1.0.0.0 metric 16
Router1(config-if)#^Z
that
the
routers
exchange
network
(i)
During Startup
(ii) Periodically (once in 30 secs)
(iii) Triggered (whenever network changes occur)
We are also able to observe how split horizon functions to ensure
routing updates are not sent in the direction from where they were
learnt.
Route poisoning & poison reverse were also observed.
48
IGRP
1.1.1.1
L0
Router1
100.0.0.1
11
Serial 1
3.3.3.3
L0
100.0.0.2
2
Serial 0
Router3
49
Router1(config-router)#network 100.0.0.0
(publish directly connected networks)
The running config
configuration too.
on
routers
&
now
display
the
protocol
Router1#sh run
Building configuration...
<output omitted>
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial1
ip address 100.0.0.1 255.0.0.0
!
router igrp 100
network 1.0.0.0
network 100.0.0.0
!
<output omitted>
!
End
Router3(Config)#router igrp 100 (This AS number must be similar on all
the routers)
Router3(Config-router)# network 3.0.0.0
Router3(Config-router)# network 100.0.0.0
Router3#sh run
Building configuration...
Current configuration : 776 bytes
!
<output omitted>
!
interface Loopback0
ip address 3.3.3.3 255.0.0.0
!
interface Serial0
ip address 100.0.0.2 255.0.0.0
clockrate 64000
!
router igrp 100
network 3.0.0.0
network 100.0.0.0
!
<output omitted>
!
end
After configuring IGRP lets see if the routing tables of Routers 1 & 3
have information about IGRP learnt routes.
Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
50
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
C
C
I
Router3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
I
C
C
51
Sending updates every 90 seconds, next due in 17 seconds
Invalid after 270 seconds, hold down 280, flushed after 630
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing: igrp 100
Routing for Networks:
3.0.0.0
100.0.0.0
Routing Information Sources:
Gateway
Distance
Last Update
100.0.0.1
100
00:00:13
Distance: (default is 100)
Debug ip igrp transactions command give us details reg the metric,
updates etc
Rotuer3#debug ip igrp transactions
IGRP protocol debugging is on
Rotuer3#
00:29:14:IGRP: received update from 100.0.0.1 on Serial0
00:29:14:
network 1.0.0.0, metric 8976 (neighbor 501)
00:29:19:IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)
00:29:19:
network 1.0.0.0, metric=8976
00:29:19:
network 100.0.0.0, metric=8476
00:29:19:IGRP: sending update to 255.255.255.255 via Serial0 (100.0.0.2)
00:29:19:
network 3.0.0.0, metric=501
00:30:32:IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)
00:30:32:
network 1.0.0.0, metric=8976
00:30:32:
network 100.0.0.0, metric=8476
00:30:32:IGRP: sending update to 255.255.255.255 via Serial0 (100.0.0.2)
00:30:32:
network 3.0.0.0, metric=501
00:30:38:IGRP: received update from 100.0.0.1 on Serial0
00:30:38:
network 1.0.0.0, metric 8976 (neighbor 501)
1.1.1.1
L0
3.3.3.3
100.0.0.1
Router1
Serial 1
Router1(config)#int loopback 0
Router1(config-if)#shutdown
L0
100.0.0.2
Serial 0
Router3
52
Router1#sh run
Building configuration...
Current configuration : 693 bytes
!
hostname Router1
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
Shutdown
Observe the debug output after shutting down the loopback 0 interface
of router1 the metric value for network 1.0.0.0 goes to 4294967295
representing infinity.
Router3#debug ip igrp transactions
IGRP protocol debugging is on
00:47:00: IGRP: received update from 100.0.0.1 on Serial0
00:47:00:
network 1.0.0.0, metric 4294967295 (inaccessible)
00:47:00: IGRP: edition is now 3
00:47:00: IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)
The routing table now reflects this change as possibly down doesnt
remove the entry immediately waits for hold-down timer to expire and
then decides to remove the entry/reinstate the entry if the network has
come up!
Rotuer3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
53
EIGRP
S0
25.0.0.1
1.1.1.1
L0
Router1
50.0.0.1
S1
S0
25.0.0.2
50.0.0.2
S1
3.3.3.3
Router3
L0
BASIC CONFIGURATION
In this case, well consider a slightly different scenario where we
have two paths to a destination. Well be able to understand redundancy
& load balancing also with this case study.
Lets first configure the Routers according to the above diagram &
observe the routing table without configuring the routing protocols.
Router1(config)#
Router1(config)#int loop 0
Router1(config-if)#ip add 1.1.1.1 255.0.0.0
Router1(config-if)#exit
Router1(config)#int s0
Router1(config-if)#ip add 25.0.0.1 255.0.0.0
Router1(config-if)#no shut
Router1(config-if)#exit
Router1(config)#int s1
Router1(config-if)#ip add 50.0.0.1 255.0.0.0
Router1(config-if)#no shut
Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
C
C
C
54
Router3(config-if)#exit
Router3(config)#int s1
Router3(config-if)#ip add 50.0.0.2 255.0.0.0
Router3(config-if)#clock rate 64000
Router3(config-if)#no shut
Router3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
C
C
C
55
no eigrp log-neighbor-changes
!
<output omitted>
End
Router3#sh run
Building configuration...
<output omitted>
interface Serial0
ip address 25.0.0.2 255.0.0.0
clockrate 64000
!
interface Serial1
ip address 50.0.0.2 255.0.0.0
clockrate 64000
!
router eigrp 200
network 3.0.0.0
network 25.0.0.0
network 50.0.0.0
auto-summary
(Automatically added indicating Auto-summarisation)
no eigrp log-neighbor-changes)
<output omitted>
End
The above indicates two paths to reach network 3.0.0.0 from Router1. A
similar table can be seen in Router3.
Router3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
56
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
D
C
C
C
The show ip route eigrp command displays only EIGRP learnt routes.
Router1#sh ip route eigrp
D
3.0.0.0/8 [90/2297856] via 25.0.0.2, 00:04:43, Serial0
[90/2297856] via 25.0.0.2, 00:04:43, Serial0
Router3#sh ip route eigrp
D
1.0.0.0/8 [90/2297856] via 25.0.0.1, 00:03:19, Serial0
[90/2297856] via 50.0.0.1, 00:03:19, Serial1
RTO
Q
Cnt
200 0
200 0
Seq Type
Num
6
5
RTO
Q
Cnt
200 0
4356 0
Seq Type
Num
6
7
57
THE TOPOLOGY TABLE
Lets now view the topology table entries using the sh ip eigrp
topology command. We should be able to see the successor & feasible
successor apart from Feasible & Advertised Distance values.
Router1#sh ip eigrp topology
IP-EIGRP Topology Table for AS(200)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 1.0.0.0/8, 1 successors, FD is 128256
via Connected, Loopback0
via Summary (128256/0), Null0
P 3.0.0.0/8, 2 successors, FD is 2297856
via 50.0.0.2 (2297856/128256), Serial1 (Both are equally good)
via 25.0.0.2 (2297856/128256), Serial0 (Hence two successors )
P 25.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial0
via Summary (2169856/0), Null0
P 50.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial1
via Summary (2169856/0), Null0
In the highlighted entry (2297856/128256) 2297856 is the feasible
distance & 128256 is the advertised distance.
If both paths were with different metrics, the one with the best metric
would have been the successor & the other feasible successor. Then it
would display 1 successor & not 2 successors as well see in the next
section.
Pin the first column indicates that its in the passive state.
Lets observe Router3s Topology Table much the same !
Router3#sh ip eigrp topology
IP-EIGRP Topology Table for AS(200)/ID(3.3.3.3)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 1.0.0.0/8, 2 successors, FD is 2297856
via 50.0.0.1 (2297856/128256), Serial1
via 25.0.0.1 (2297856/128256), Serial0
P 3.0.0.0/8, 1 successors, FD is 128256
via Connected, Loopback0
via Summary (128256/0), Null0
P 25.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial0
via Summary (2169856/0), Null0
P 50.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial1
via Summary (2169856/0), Null0
58
II) EIGRP REDUNDANCY BACKUP PATH
S0
25.0.0.1
1.1.1.1
L0
Router1
50.0.0.1
S1
S0
25.0.0.2
50.0.0.2
S1
3.3.3.3
Router3
L0
Well change the bandwidth of both the paths ensuring they have
different metrics.
Router1#conf t
Router1(config)#int s1
Router1(config-if)#bandwidth 128
Another useful command to view the running config of a specific
interface is sh run interface <type id>
Router1#sh run int s1
Building configuration...
Current configuration : 88 bytes
!
interface Serial1
bandwidth 128
ip address 50.0.0.2 255.0.0.0
end
Lets change on Router3 also
Router3#conf t
Router3(config)#int s1
Router3(config-if)#bandwidth 128
Router3#sh run int s1
Building configuration...
Current configuration : 88 bytes
!
interface Serial1
bandwidth 128
ip address 50.0.0.2 255.0.0.0
clockrate 64000
end
Having changed the metrics, we now have one path which is better than
the other. So well be able to see only the best path in the Routing
table.
Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
59
IS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
C
C
D
C
If we see the topology table, well be able to see both the best
(successor) & the next best (feasible successor) paths
Router1#sh ip eigrp topology
IP-EIGRP Topology Table for AS(200)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 1.0.0.0/8, 1 successors, FD is 128256
via Connected, Loopback0
via Summary (128256/0), Null0
P 3.0.0.0/8, 1 successors, FD is 2297856 (1 successor is displayed)
via 25.0.0.2 (2297856/128256), Serial0
(Successor)
via 50.0.0.2 (20640000/128256), Serial1 (Feasible Successor)
P 25.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial0
via Summary (2169856/0), Null0
P 50.0.0.0/8, 1 successors, FD is 20512000
via Connected, Serial1
via Summary (20512000/0), Null0
However, the neighbor table is still the same.
Router1#sh ip eigrp nei
IP-EIGRP neighbors for process 200
H
Address
Interface
Hold Uptime
SRTT
(sec)
(ms)
0
25.0.0.2
Se0
10 00:00:44
32
1
50.0.0.2
Se1
14 00:25:33
36
RTO
Q Seq Type
Cnt Num
200 0 25
1140 0 24
60
C
C
RTO
Q
Cnt
200 0
1140 0
Seq Type
Num
23
22
Back up path
If the best path goes down, the feasible successor immediately gets
installed in the routing table. This is how the feasible successor
works like a backup path.
To simulate this situation, lets bring down Router1s Serial 0.
S0
25.0.0.1
1.1.1.1
L0
Router1
50.0.0.1
S1
S0
25.0.0.2
50.0.0.2
S1
3.3.3.3
Router3
L0
Router1#conf t
Router1(config)#int s0
Router1(config-if)#shutdown
Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
61
IS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
C
C
D
RTO
Q Seq Type
Cnt Num
1140 0 15
RTO
Q Seq Type
Cnt Num
1140 0 15
1.1.1.1
L0
Router1
50.0.0.1
S1
S0
25.0.0.2
50.0.0.2
S1
3.3.3.3
Router3
L0
62
In the above case, the ratio between the successor metric & the
feasible successor metric is 20640000 /2297856 = 8.98. Round it to 9.
If we choose a variance of 9, it means that all paths within this ratio
(w.r.t successor) would be considered for load balancing (max 6 paths).
Hence well be able to see the second entry in the Routing Table even
though its metric is not the best.
Shall we check it out? To do so, we must configure variance on Router1
& Router3.
Router1(config)#router eigrp 200
Router1(config-router)#variance 10
Router3(config)#router eigrp 200
Router3(config-router)#variance 10
Lets see how it reflects in the routing table.
Router1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
C
C
D
C
Router3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
D
C
C
C
63
OSPF
I) OSPF ON POINT-TO-POINT WAN LINK
OSPF offers the widest features & its behavior is different in
different environments. The first case well take up is point to point
WAN and understand OSPF operation. Consider the below diagram.
25.0.0.1
1.1.1.1
L0 Router 1 S0
3.3.3.3
25.0.0.2
Router
3
L0
S0
IP ADDRESS CONFIGURATION
Router1(config)#int loopback 0
Router1(config-if)#ip add 1.1.1.1 255.0.0.0
Router1(config-if)#exit
Router1(config)#int serial 0
Router1(config-if)#ip add 25.0.0.1 255.0.0.0
Router1(config-if)#no shut
Router1(config-if)#exit
Router3(config)#int loopback 0
Router3(config-if)#ip add 3.3.3.3 255.0.0.0
Router3(config-if)#exit
Router3(config)#int serial0
Router3(config-if)#ip add 25.0.0.2 255.0.0.0
Router3(config-if)#clock rate 64000
Router3(config-if)#no shut
Router3(config-if)#exit
OSPF CONFIGURATION
To configure the OSPF Routing Protocol, we use router OSPF <process
id> syntax. A point to be noted is that the process id can be different
in different routers this does not refer to the Autonomous System
number like other protocols.
The command to publish Networks is
network <net id><wild card mask><area><area id>
Router1(config)#router ospf 1
Router1(config-router)#network 1.0.0.0 0.255.255.255 area 0
Router1(config-router)#network 25.0.0.0 0.255.255.255 area 0
Router3(config)#router ospf 3
Router3(config-router)#network 3.0.0.0 0.255.255.255 area 0
Router3(config-router)#network 25.0.0.0 0.255.255.255 area 0
64
VERIFICATION
Lets verify OSPF configuration & operation just like we did with other
protocols.
Router1#sh run
Building configuration...
Current configuration : 773 bytes
!
hostname Router1
!
enable password cisco
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial0
ip address 25.0.0.1 255.0.0.0
!
router ospf 1
log-adjacency-changes
network 1.0.0.0 0.255.255.255 area 0
network 25.0.0.0 0.255.255.255 area 0
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
End
Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
C
O
C
State
FULL/
Dead Time
00:00:33
Address
25.0.0.2
Interface
Serial0
65
ADV Router
1.1.1.1
3.3.3.3
Age
158
159
Seq#
Checksum Link count
0x80000003 0x9BAA
3
0x80000003 0xD163
3
66
!
interface Serial0
ip address 25.0.0.2 255.0.0.0
clockrate 64000
!
router ospf 3
log-adjacency-changes
network 3.0.0.0 0.255.255.255 area 0
network 25.0.0.0 0.255.255.255 area 0
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end
Router3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
O
C
C
Pri
1
State
FULL/ -
Dead Time
00:00:39
Address
25.0.0.1
Interface
Serial0
67
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1
Suppress hello for 0 neighbor(s)
Loopback0 is up, line protocol is up
Internet Address 3.3.3.3/8, Area 0
Process ID 3, Router ID 3.3.3.3, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
Router3#sh ip ospf database
OSPF Router with ID (3.3.3.3) (Process ID 3)
Router Link States (Area 0)
Link ID
1.1.1.1
3.3.3.3
ADV Router
1.1.1.1
3.3.3.3
Age
362
362
Seq#
Checksum Link count
0x80000003 0x9BAA
3
0x80000003 0xD163
3
2.2.2.2 L0
Router 2
25.0.0.2 F0/0
1.1.1.1
25.0.0.1
Router
1
L0
E0
25.0.0.3
3.3.3.3
E0 Router 3 L0
Well be able to observe the election of DR & BDR. Well see additional
entries in database table.
CONFIGURATION
Router1(config)#int loop 0
Router1(config-if)#ip add 1.1.1.1 255.0.0.0
Router1(config-if)#exit
Router1(config)#int e0
Router1(config-if)#ip add 25.0.0.1 255.0.0.0
Router1(config-if)#no shut
Router1(config-if)#exit
Router1(config)#router ospf 1
Router1(config-router)#network 1.0.0.0 0.255.255.255 area 0
Router1(config-router)#network 25.0.0.0 0.255.255.255 area 0
Router2(config)#int loop 0
68
Router2(config-if)#ip add 2.2.2.2 255.0.0.0
Router2(config-if)#exit
Router2(config)#int f0/0
Router2(config-if)#ip add 25.0.0.2 255.0.0.0
Router2(config-if)#no shut
Router2(config-if)#exit
Router2(config)#router ospf 2
Router2(config-router)#network 2.0.0.0 0.255.255.255 area 0
Router2(config-router)#network 25.0.0.0 0.255.255.255 area 0
Router3(config)#int loop 0
Router3(config-if)#ip add 3.3.3.3 255.0.0.0
Router3(config-if)#exit
Router3(config)#int e0
Router3(config-if)#ip add 25.0.0.3 255.0.0.0
Router3(config-if)#no shut
Router3(config-if)#exit
Router3(config)#router ospf 3
Router3(config-router)#network 3.0.0.0 0.255.255.255 area 0
Router3(config-router)#network 25.0.0.0 0.255.255.255 area 0
Router1# sh run
Building configuration...
Current configuration : 773 bytes
!
hostname Router1
!
enable password cisco
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Ethernet0
ip address 25.0.0.1 255.0.0.0
!
router ospf 1
log-adjacency-changes
network 1.0.0.0 0.255.255.255 area 0
network 25.0.0.0 0.255.255.255 area 0
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
End
Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
69
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
C
O
O
C
Dead Time
00:00:38
00:00:35
Address
25.0.0.3
25.0.0.2
Interface
Ethernet0
Ethernet0
70
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID
count
1.1.1.1
2.2.2.2
3.3.3.3
ADV Router
Age
Seq#
Checksum Link
1.1.1.1
2.2.2.2
3.3.3.3
1552
1553
1542
0x80000002 0xFBDB
0x80000003 0xEBB
0x80000002 0x2499
2
2
2
ADV Router
1.1.1.1
Age
1542
Seq#
Checksum
0x80000002 0x748A
71
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
O
C
O
C
Interface
FastEthernet0/0
FastEthernet0/0
Observe that the Router database tables of all the routers within the
same area have the same details under ROUTER LINK STATES.
Router2#sh ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 2)
Router Link States (Area 0)
72
Link ID
count
1.1.1.1
2.2.2.2
3.3.3.3
ADV Router
Age
Seq#
Checksum Link
1.1.1.1
2.2.2.2
3.3.3.3
1705
1705
1695
0x80000002 0x00FBDB 2
0x80000003 0x000EBB 2
0x80000002 0x002499 2
ADV Router
1.1.1.1
Age
1696
Seq#
Checksum
0x80000002 0x00748A
Router3#sh run
Building configuration...
Current configuration : 820 bytes
!
hostname Router3
!
enable password cisco
!
interface Loopback0
ip address 3.3.3.3 255.0.0.0
!
interface Ethernet0
ip address 25.0.0.3 255.0.0.0
!
router ospf 3
log-adjacency-changes
network 3.0.0.0 0.255.255.255 area 0
network 25.0.0.0 0.255.255.255 area 0
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end
Router3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
O
O
C
C
73
Router3#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O
1.1.1.1 [110/11] via 25.0.0.1, 00:30:21, Ethernet0
2.0.0.0/32 is subnetted, 1 subnets
O
2.2.2.2 [110/11] via 25.0.0.2, 00:30:21, Ethernet0
Router3#sh ip ospf neighbor
Neighbor ID Pri
State
2.2.2.2
1
FULL/BDR
1.1.1.1
1
FULL/DR
Dead Time
00:00:31
00:00:31
Address
25.0.0.2
25.0.0.1
Interface
Ethernet0
Ethernet0
ADV Router
Age
Seq#
Checksum Link
1.1.1.1
2.2.2.2
3.3.3.3
37
1866
1856
0x80000003 0xF9DC
0x80000003 0xEBB
0x80000002 0x2499
2
2
2
ADV Router
1.1.1.1
Age
38
Seq#
Checksum
0x80000003 0x728B
74
Area1
Area 0
3.3.3.3 L0
Area 2
25.0.0.1
1.1.1.1
50.0.0.1
25.0.0.2
Router
50.0.0.2 Router 2 2.2.2.2
Router
1
S1
L0
Router 3 S0
S1
L0
1
S0/0
CONFIGURATION :
Router1(config)#int loop 0
Router1(config-if)#ip add 1.1.1.1 255.0.0.0
Router1(config-if)#exit
Router1(config)#int s1
Router1(config-if)#ip add 25.0.0.1 255.0.0.0
Router1(config-if)#no shut
Router1(config-if)#exit
Router1(config)#router ospf 1
Router1(config-router)#network 1.0.0.0 0.255.255.255 area 1
Router1(config-router)#network 25.0.0.0 0.255.255.255 area 0
(Note that the area ids differ in the above syntax)
Router1#sh run
Building configuration...
Current configuration : 773 bytes
!
hostname Router1
!
enable password cisco
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial1
ip address 25.0.0.1 255.0.0.0
!
router ospf 1
log-adjacency-changes
network 1.0.0.0 0.255.255.255 area 1
network 25.0.0.0 0.255.255.255 area 0
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end
Router2#sh run
Building configuration...
75
Current configuration : 803 bytes
!
hostname "Router2"
!
enable password cisco
!
interface Loopback0
ip address 2.2.2.2 255.0.0.0
!
interface Serial0/0
ip address 50.0.0.2 255.0.0.0
no fair-queue
!
router ospf 2
log-adjacency-changes
network 2.0.0.0 0.255.255.255 area 2
network 50.0.0.0 0.255.255.255 area 2
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
Router3#sh run
Building configuration...
Current configuration : 899 bytes
!
enable password cisco
!
interface Loopback0
ip address 3.3.3.3 255.0.0.0
!
interface Serial0
ip address 50.0.0.1 255.0.0.0
clockrate 64000
!
interface Serial1
ip address 25.0.0.2 255.0.0.0
clockrate 64000
!
router ospf 3
log-adjacency-changes
network 3.0.0.0 0.255.255.255 area 0
network 25.0.0.0 0.255.255.255 area 0
network 50.0.0.0 0.255.255.255 area 2
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end
76
ROUTING TABLE :
Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
C
1.0.0.0/8 is directly connected, Loopback0
O IA 50.0.0.0/8 [110/192] via 25.0.0.2, 00:03:44, Serial1
2.0.0.0/32 is subnetted, 1 subnets
O IA
2.2.2.2 [110/129] via 25.0.0.2, 00:03:44, Serial1
3.0.0.0/32 is subnetted, 1 subnets
O
3.3.3.3 [110/65] via 25.0.0.2, 00:03:44, Serial1
C
25.0.0.0/8 is directly connected, Serial1
In the above output, O represents OSPF learnt routes within the same
area & O IA represents inter-area learnt OSPF routes.
Router1#sh ip route ospf
O IA 50.0.0.0/8
2.0.0.0/32
O IA
2.2.2.2
3.0.0.0/32
O
3.3.3.3
Router2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA
1.1.1.1 [110/129] via 50.0.0.1, 00:06:01, Serial0/0
C
50.0.0.0/8 is directly connected, Serial0/0
C
2.0.0.0/8 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O IA
3.3.3.3 [110/65] via 50.0.0.1, 00:06:03, Serial0/0
O IA 25.0.0.0/8 [110/192] via 50.0.0.1, 00:06:01, Serial0/0
Router2#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA
1.1.1.1 [110/129] via 50.0.0.1, 00:06:07, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA
3.3.3.3 [110/65] via 50.0.0.1, 00:06:09, Serial0/0
77
O IA 25.0.0.0/8 [110/192] via 50.0.0.1, 00:06:07, Serial0/0
Router3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA
1.1.1.1 [110/65] via 25.0.0.1, 00:08:15, Serial1
C
50.0.0.0/8 is directly connected, Serial0
2.0.0.0/32 is subnetted, 1 subnets
O
2.2.2.2 [110/65] via 50.0.0.2, 00:08:25, Serial0
C
3.0.0.0/8 is directly connected, Loopback0
C
25.0.0.0/8 is directly connected, Serial1
Router3#sh ip route ospf
O IA
O
1.0.0.0/32
1.1.1.1
2.0.0.0/32
2.2.2.2
is subnetted, 1 subnets
[110/65] via 25.0.0.1, 00:08:23, Serial1
is subnetted, 1 subnets
[110/65] via 50.0.0.2, 00:08:33, Serial0
Pri
State
1
FULL/ -
Dead Time
00:00:33
Address
25.0.0.2
Interface
Serial1
ADV Router
Age
Seq#
Checksum Link
1.1.1.1
3.3.3.3
256
255
0x80000003 0x5EFB
0x80000005 0xD061
ADV Router
1.1.1.1
Age
1487
Seq#
Checksum
0x80000001 0x47EC
2
3
78
2.2.2.2
50.0.0.0
3.3.3.3
3.3.3.3
256
256
0x80000001 0x5F88
0x80000002 0xA5D7
ADV Router
Age
Seq#
Checksum Link
1.1.1.1
1486
0x80000002 0xD152
ADV Router
1.1.1.1
1.1.1.1
1.1.1.1
1.1.1.1
Age
252
253
253
253
Seq#
0x80000001
0x80000001
0x80000002
0x80000001
Dead Time
00:00:31
Address
50.0.0.1
Checksum
0x1E91
0x6D7E
0x2876
0x66DF
Interface
Serial0/0
ADV Router
Age
Seq#
Checksum Link
2.2.2.2
3.3.3.3
406
400
0x80000003 0x00D036 3
0x80000004 0x009288 2
ADV Router
3.3.3.3
3.3.3.3
3.3.3.3
Age
390
1620
390
Seq#
0x80000001
0x80000001
0x80000002
Checksum
0x008D5E
0x00AE75
0x00EBAA
Pri
1
1
State
FULL/
FULL/
Dead Time
00:00:38
00:00:32
Address
25.0.0.1
50.0.0.2
Interface
Serial1
Serial0
ADV Router
Age
Seq#
Checksum Link
1.1.1.1
3.3.3.3
532
530
0x80000003 0x5EFB
0x80000005 0xD061
2
3
79
Summary Net Link States (Area 0)
Link ID
1.1.1.1
2.2.2.2
50.0.0.0
ADV Router
1.1.1.1
3.3.3.3
3.3.3.3
Age
1763
531
531
Seq#
0x80000001
0x80000001
0x80000002
Checksum
0x47EC
0x5F88
0xA5D7
Checksum Link
ADV Router
Age
Seq#
2.2.2.2
3.3.3.3
538
532
0x80000003 0xD036
0x80000004 0x9288
3
2
ADV Router
3.3.3.3
3.3.3.3
3.3.3.3
Age
521
1753
522
Seq#
0x80000001
0x80000001
0x80000002
Checksum
0x8D5E
0xAE75
0xEBAA
80
Loopback interface is treated as a stub Host
Router3#sh ip ospf interface
Serial1 is up, line protocol is up
Internet Address 25.0.0.2/8, Area 0
Process ID 3, Router ID 3.3.3.3,Network Type POINT_TO_POINT, Cost:
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit
Hello due in 00:00:00
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1
Suppress hello for 0 neighbor(s)
Loopback0 is up, line protocol is up
Internet Address 3.3.3.3/8, Area 0
Process ID 3, Router ID 3.3.3.3, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
Serial0 is up, line protocol is up
Internet Address 50.0.0.1/8, Area 2
Process ID 3, Router ID 3.3.3.3,Network Type POINT_TO_POINT, Cost:
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit
Hello due in 00:00:00
Index 2/3, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 2.2.2.2
Suppress hello for 0 neighbor(s)
64
5
64
5
81
CDP
Cisco Discovery Protocol (CDP) helps us to gather details regarding
Cisco Devices (All Devices) directly connected to the device on which
we are running the protocol. This is a Cisco Proprietory Protocol.
S0
100.0.0.245
Router1
S0
100.0.0.2
FRSW
Local Intrfce
Ser 0
Holdtme
167
Capability
R
Platform
2520
Port ID
Ser 0
82
Device ID
Local Intrfce
Holdtme
Capability
Port ID
Router1
Ser 0
137
R
0
FRSW#sh cdp neighbors detail
------------------------Device ID: Router1
Entry address(es):
IP address: 100.0.0.2
Platform: cisco 2500, Capabilities: Router
Interface: Serial0, Port ID (outgoing port): Serial0
Holdtime : 132 sec
Platform
2500
Ser
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
advertisement version: 2
83
cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of
memory.
Processor board ID 21580975, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
Router1#
To change the config register value and make it boot from ROM Monitor
mode, the below command is used.
Router1(config)#config-register 0x2100
Router1(config)#^Z
Router1# reload (warm boot)
System configuration has been modified. Save? [yes/no]: hit the key Y
Proceed with reload? [confirm]hit the return key
Cisco Internetwork Operating System Software
Copyright (c) 1986-2002 by cisco Systems, Inc.
>
This prompt indicates that the router has booted in ROMMON. This offers
only character based support, not command based support.
I
O
R
H
?
for
for
for
for
for
initialize
config mode
register
help
help
From ROMMON mode, to change the config register value to 0x2101 (to
make it boot from mini IOS), lets use the below syntax
84
IOS Backup
E0
10.0.0.100
TFTP SERVER
10.0.0.2
Consider the above scenario. Wed like to take a back up of our IOS
image from the router to the tftp server. The process is very simple as
demonstrated below.
First lets view our IOS file stored in the flash.
Router1#sh version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 03-Feb-02 22:01 by srani
Image text-base: 0x0307EEE0, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c),
RELEASE SOFTWARE (fc1)
AccessSrv uptime is 3 minutes
System returned to ROM by power-on
System image file is "flash:/c2500-jk8os-l.122-1d.bin"
cisco 2509 (68030) processor (revision M) with 14336K/2048K bytes of
memory.
Processor board ID 22068840, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
8 terminal line(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
Backing up is using the command copy flash tftp. Well be able to see
a series of exclamation marks on the console screen indicating that
back up is in progress.
85
86
A company - Madras Plastic & Co. has 2 offices one located in Chennai
and another in salem. Chennai office is the Head Office and salem a
branch office. They have some ftp and web servers at their Head Office
but restrictions are to be imposed (as listed below) for users from
Salem office. Certain other restrictions on Chennai LAN users are also
to be implemented as below.
1. Salems System Admin does not want to provide access (to his
Network) to the Chennai user 10.0.0.4.
2. Only 172.16.0.2 must be allowed to download from the companys FTP
server
3. 172.16.0.3 must not be allowed access to web server located in head
office.
4. Chennai Network users are not allowed to telnet Salem router.
So we are going to configure some Access-Control-list on these two
routers. This is done in two steps.
(i)Create Access Lists (ACL) in Global Configuration Mode.
(ii)Apply them to Router interfaces specifying direction.
Lets first understand how to create Standard and Extended access list
Standard (In global configuration mode)
Chennai(Config)# access-list < no. > permit / deny < sources network/ip
address> <wild card mask>
87
Extended (In global configuration mode)
Chennai(Config)# access-list < no.> permit / deny < protocol > <
sources network/ip address > < wild card mask> < destination network/ip
address > <wild card mask> eq < port no./ service name >
88
Our second task is to control access to FTP & Web Servers. Only Host
172.16.0.2 can download from FTP server(port 20)& Host 172.16.0.3
cannot access webserver (WWW port 80).
Chennai(config)#access-list 100 permit tcp host 172.16.0.2
host 10.0.0.2 eq ftp
Chennai(config)#access-list 100 deny tcp any
host 10.0.0.2 eq ftp
Chennai(config)#access-list 100 deny tcp host 172.16.0.3
host 10.0.0.3 eq 80
Chennai(config)#access-list 100 permit ip any any
Observe, we have used ftp in the first case & port no. 80 in the next.
Both forms are acceptable.
This access-list is applied on interface s0 as inbound access-list as
we are trying to control traffic entering the router.
Chennai(Config)#interface s0
Chennai(config-if)#ip access-group 100 in
Lets check running-config
Chennai# show running-config
!
interface Serial0
description connected to public network
ip address 200.0.0.5 255.255.255.252
ip access-group 100 in
!
<some output omitted>
!
Now lets see some ACL show commands
Salem#show ip access-list
Standard IP access list 10
deny
10.0.0.4
permit any
Salem#show ip int Ethernet0 (displays application & direction of ACL )
Ethernet0 is up, line protocol is up
Internet address is 172.16.0.1/16
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is 10
Inbound access list is not set
Proxy ARP is enabled
Security level is default
<output omitted>
Chennai#show ip access-list
Extended IP access list 100
deny tcp host 172.16.0.2 host 10.0.0.2 eq telnet
deny tcp host 172.16.0.3 host 10.0.0.3 eq www
89
deny tcp host 172.16.0.4 any
permit ip any any
Chennai#show ip int Serial0
Serial0 is up, line protocol is up
Internet address is 200.0.0.5/30
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 100
Proxy ARP is enabled
Security level is default
Split horizon is enabled
<output omitted>
The final task is Chennai network users should not telnet
router:
salem
90
91
e0
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
NAT
200.0.0.1
ISP
10.0.0.5
92
!
enable password cisco
!
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
ip nat inside
!
interface Serial0
ip address 200.0.0.1 255.0.0.0
ip nat outside
!
ip nat inside source static 10.0.0.2 200.0.0.10
ip route 0.0.0.0 0.0.0.0 200.0.0.2
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
To view the NAT table, use the command show ip nat translations
Router1#show ip nat translations
Pro Inside global Inside local
--- 200.0.0.10
10.0.0.2
Outside local
---
Outside global
---
To view inside & outside interfaces, use the command show ip nat
statistics
Router1#show ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Outside interfaces:
Serial1
Inside interfaces:
Ethernet0
Hits: 4 Misses: 0
Expired translations: 0
Dynamic mappings:
Router1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile,
B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type
2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area * - candidate default, U - per-user static route, o
ODR P - periodic downloaded static route
Gateway of last resort is not set
C
S
C
93
To observe the Static NAT function, well initiate a ping from host
10.0.0.2 to a remote host 20.0.0.10 and use debug ip nat to display
the details.
10.0.0.2 must translate to 200.0.0.10 as per our NAT table.
Router1#debug ip nat
01:54:09: NAT*: s=10.0.0.2->200.0.0.10, d=20.0.0.10 [63104]
ICMP echo request packet
01:54:09: NAT*: s=20.0.0.10, d=200.0.0.10->10.0.0.2 [274]
ICMP echo reply packet
s stands for source IP
-> means translated to
d stands for destination IP
As ping sends echo request 4 times & receives an equal no. of replies,
we see the above repeated 3 more times.
01:54:10:
01:54:10:
01:54:11:
01:54:11:
01:54:12:
01:54:12:
NAT*:
NAT*:
NAT*:
NAT*:
NAT*:
NAT*:
s=10.0.0.2->200.0.0.10, d=20.0.0.10
s=20.0.0.10, d=200.0.0.10->10.0.0.2
s=10.0.0.2->200.0.0.10, d=20.0.0.10
s=20.0.0.10, d=200.0.0.10->10.0.0.2
s=10.0.0.2->200.0.0.10, d=20.0.0.10
s=20.0.0.10, d=200.0.0.10->10.0.0.2
[63107]
[275]
[63111]
[276]
[63114]
[273]
94
II) DYNAMIC NAT : For Dynamic NAT too well use the same scenario.
Lets configure the inside & outside interface first.
Router1(config)#interface ethernet0
Router1(config-if)#ip add 10.0.0.1 255.0.0.0
Router1(config-if)#ip nat inside
Router1(config-if)#no shutdown
Router1(config)#interface serial 0
Router1(config-if)#ip add 200.0.0.1 255.0.0.0
Router1(config-if)#ip nat outside
Router1(config-if)#no shutdown
Router1(config)#ip route 0.0.0.0 0.0.0.0 serial 0
Well now configure the pool of Public IPs using the command
ip nat pool <pool name><start IP><end IP>netmask<subnet Mask>
Router1(config)#ip nat pool RJP 200.0.0.1 200.0.0.2 netmask 255.0.0.0
Well now have to define a list of our internal IP address using
accesslist (purely for the purpose of listing the IP addresses & not
for any Security configuration). Well define all 10.0.0.0 network IPs
in our list.
Router1(config)#Access-list 1 permit 10.0.0.0 0.255.255.255
Finally the list has to be mapped to the pool using the command
ip nat inside source list <list name> pool <pool name>
Router1(config)#ip nat inside source list 1 pool RJP
Here we have many internal IP addresses and only 2 valid public IP
addresses for NATing - this means only 2 internal hosts can dynamically
associate with the pool addresses simultaneously and communicate via
internet. Only when released after a timeout (default 24 hrs), the
others may be able to use the same pool IPs.
Router1#sh run
Building configuration...
Current configuration : 811 bytes
!
hostname Router1
!
enable password cisco
!
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
ip nat inside
!
interface Serial0
ip address 200.0.0.1 255.0.0.0
ip nat outside
!
ip nat pool RJP 200.0.0.1 200.0.0.2 netmask 255.0.0.0
ip nat inside source list 1 pool RJP
!
95
ip route 0.0.0.0 0.0.0.0 Serial0
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
End
Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile,
B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type
2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area * - candidate default, U - per-user static route, o
ODR P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
C
S*
C
96
01:31:50:
01:31:50:
01:31:51:
01:31:51:
01:31:52:
01:31:52:
NAT*:
NAT*:
NAT*:
NAT*:
NAT*:
NAT*:
s=10.0.0.2->200.0.0.1, d=20.0.0.1
s=20.0.0.1, d=200.0.0.1->10.0.0.2
s=10.0.0.2->200.0.0.1, d=20.0.0.1
s=20.0.0.1, d=200.0.0.1->10.0.0.2
s=10.0.0.2->200.0.0.1, d=20.0.0.1
s=20.0.0.1, d=200.0.0.1->10.0.0.2
[13427]
[13427]
[13432]
[13432]
[13437]
[13437]
01:32:10:
01:32:10:
01:32:11:
01:32:11:
01:32:12:
01:32:12:
01:32:13:
01:32:13:
01:34:42:NAT:translation failed(A),
dropping packet s=10.0.0.4 d=20.0.0.1
01:34:48: NAT: translation failed (A),
dropping packet s=10.0.0.4 d=20.0.0.1
01:34:49: NAT: translation failed (A),
dropping packet s=10.0.0.4 d=20.0.0.1
01:34:50: NAT: translation failed (A),
dropping packet s=10.0.0.4 d=20.0.0.1
The third translation fails as there are no free IPs in the pool as the
first 2 pings have exhausted the available pool IPs.
Router1#sh ip nat
Pro Inside global
--- 200.0.0.1
--- 200.0.0.2
translations
Inside local
10.0.0.2
10.0.0.3
Outside local
-----
Outside global
-----
97
III) NAT with PAT : This is for simultaneous use of single (or more
than one) Public IP by many internal hosts. Port numbers are used for
this purpose. Consider the same scenario as before - the only
difference in configuration would be the overload keyword used in the
list-pool mapping.
Router1(config)#ip nat pool RJP 200.0.0.1 200.0.0.1 netmask 255.0.0.0
Router1(config)#Access-list 1 permit 10.0.0.0 0.255.255.255
Router1(config)#ip nat inside source list 1 pool RJP overload
Router1#sh run
Building configuration...
Current configuration : 820 bytes
!
hostname Router1
!
enable password cisco
!
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
ip nat inside
!
interface Serial0
ip address 200.0.0.1 255.0.0.0
ip nat outside
!
ip nat pool RJP 200.0.0.1 200.0.0.1 netmask 255.0.0.0
ip nat inside source list 1 pool RJP overload
ip route 0.0.0.0 0.0.0.0 Serial0
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
End
Router1#sh ip nat translations
<The table is empty>
Router1#sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
Serial0
Inside interfaces:
Ethernet0
Hits: 28 Misses: 4
Expired translations: 0
Dynamic mappings:
-- Inside Source
access-list 1 pool RJP refcount 0
98
pool RJP: netmask 255.0.0.0
start 200.0.0.1 end 200.0.0.1
type generic, total addresses 1, allocated 0 (0%), misses 0
Allocated 0 implies unused pool addresses.
Initiating simultaneous ping from multiple hosts results in the below
debug output.
Router1#debug ip nat
IP NAT debugging is on
Router1#
01:31:49: NAT: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13426]
01:31:49: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13426]
01:31:50: NAT*: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13427]
01:31:50: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13427]
01:31:51: NAT*: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13432]
01:31:51: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13432]
01:31:52: NAT*: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13437]
01:31:52: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13437]
01:32:10:
01:32:10:
01:32:11:
01:32:11:
01:32:12:
01:32:12:
01:32:13:
01:32:13:
01:32:32:
01:32:32:
01:32:37:
01:32:37:
01:32:38:
01:32:38:
01:32:39:
01:32:39:
01:34:11:
01:34:11:
01:34:16:
01:34:16:
01:34:17:
01:34:17:
01:34:18:
01:34:18:
Lets see the clear difference in the NAT table - the last no. 512,513
etc is the port no. used to identify the internal host that originated
the traffic.
Router1#sh ip nat translations
Pro Inside global
Inside local
icmp 200.0.0.1:512
10.0.0.2:512
icmp 200.0.0.1:513
10.0.0.3:513
icmp 200.0.0.1:514
10.0.0.4:514
Outside local
20.0.0.1:512
20.0.0.1:513
20.0.0.1:514
Outside global
20.0.0.1:512
20.0.0.1:513
20.0.0.1:514
99
icmp 200.0.0.1:515
10.0.0.5:515
20.0.0.1:515
20.0.0.1:515
100
WAN
I) PPP & HDLC on Point to Point Link (Leased Line)
s0
L0
5.5.5.5
R1
R1
200.0.0.1
s0
200.0.0.2
R2
R3
L0
6.6.6.6
a. PAP Authentication
First, PAP Authentication has to be enabled in the interface config
mode.
Router1(config-if)#ppp authentication pap
Next is to configure the other routers name as the username and choose
a common password (This alone is a global config command).
Router1(config)#username Router2 password cisco
Router2 is the other routers hostname & cisco is the password
101
Verification :
sh run, sh ip route & sh interface commands are used
Router1#sh run
Building configuration...
Current configuration : 827 bytes
!
hostname Router1
!
enable password cisco
!
username Router2 password 0 cisco
!
interface Loopback0
ip address 5.5.5.5 255.0.0.0
!
interface Serial0
ip address 200.0.0.1 255.0.0.0
encapsulation ppp
ppp authentication pap
ppp pap sent-username Router1 password 7 0822455D0A16
!
ip route 6.0.0.0 255.0.0.0 200.0.0.2
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
End
Router2#sh run
Building configuration...
Current configuration : 891 bytes
!
102
hostname Router2
!
enable password cisco
!
username Router1 password 0 cisco
!
interface Loopback0
ip address 6.6.6.6 255.0.0.0
!
interface Serial0
ip address 200.0.0.2 255.0.0.0
clockrate 64000
encapsulation ppp
ppp authentication pap
ppp pap sent-username Router2 password 7 05080F1C2243
!
ip route 5.0.0.0 255.0.0.0 200.0.0.1
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end
Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
C
C
C
S
Router2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - ISIS inter area * - candidate default, U - per-user static route,
o ODR P - periodic downloaded static route
Gateway of last resort is not set
200.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
103
C
C
S
C
104
b. CHAP Authentication
The configuration is exactly like PAP only that sent username is not
required here. The below would show us the difference.
Router1(config)#username Router2 password cisco
Router1(config-if)#int s0
Router1(config-if)#ip add 200.0.0.1 255.0.0.0
Router1(config-if)#encapsulation ppp
Router1(config-if)#ppp authentication chap
Router1(config-if)#no shut
Router2(config)#username Router1 password cisco
Router2(config-if)#int s0
Router2(config-if)#ip add 200.0.0.2 255.0.0.0
Router2(config-if)#encapsulation ppp
Router2(config-if)#ppp authentication chap
Router2(config-if)#clock rate 64000
Router2(config-if)#no shut
Router1#sh run
Building configuration...
Current configuration : 828 bytes
!
hostname Router1
!
enable password cisco
!
username Router2 password 0 cisco
!
interface Loopback0
ip address 5.5.5.5 255.0.0.0
!
interface Serial0
ip address 200.0.0.1 255.0.0.0
encapsulation ppp
ppp authentication chap
<output omitted>
Router2#sh run
Building configuration...
Current configuration : 963 bytes
!
hostname Router2
!
enable password cisco
!
username Router1 password 0 cisco
!
105
interface Loopback0
ip address 6.6.6.6 255.0.0.0
!
interface Serial0
ip address 200.0.0.2 255.0.0.0
clockrate 64000
encapsulation ppp
ppp authentication chap
<output omitted>
Router1#sh ip route
Gateway of last resort is not set
C
C
C
S
Router2#sh ip route
Gateway of last resort is not set
C
C
S
C
106
II) ISDN
L0
1.1.1.1
200.0.0.2
BRI0
R4
R1
R4
ISDN
Cloud
BRI0
200.0.0.1
ISDN no:24731102
R3
R5
R5
L0
2.2.2.2
ISDN no:252912
Consider the above scenario where there are 2 offices of the same
organization connected over a dial-up ISDN. The requirement being the
ISDN connection should automatically come up whenever there is a
traffic flow between the offices. This is referred to as Dial on Demand
routing.
This is a 3 step process
(i)
Configure static route between the offices
(ii) Define Interesting Traffic
(iii) Configure Dialer
Step (i) Static route configuration
Router4(config)#ip route 2.0.0.0 255.0.0.0 200.0.0.2
Router5(config)#ip route 1.0.0.0 255.0.0.0 200.0.0.1
Step (ii) Interesting Traffic definition using dialer list
Router4(config)#dialer-list 1 protocol ip permit
Router5(config)#dialer-list 2 protocol ip permit
Note : If we want to selectively allow access for ISDN dial-up, well
then have to define the allowed IP addresses in an access-list and
invoke in a dialer list as shown below.
Config # dialer-list 1 protocol ip list <ACL no.>
e.g. Router4(config)#dialer-list 1 protocol ip list 10
Router4(config)#access-list 10 permit 1.1.1.1 0.0.0.0
Step (iii) Dialer configuration
We need to define the destination IP, number to be dialed & Interesting
traffic list to be used.
Router4(config-if)#dialer-group 1
Router4(config-if)#dialer map ip 200.0.0.2 252912
Router4(config-if)#no shut
Router5(config-if)#dialer-group 2
107
Router5(config-if)#dialer map ip 200.0.0.1 24731102
Router5(config-if)#no shut
As ISDN service providers use different types of ISDN switches, we need
to specify the appropriate switch type in our router. In our case well
specify basic-net3.
Router4(config)#isdn switch-type basic-net3
Router5(config)#isdn switch-type basic-net3
VERIFICATION
Running config of
routers 4 & 5
Router4#sh run
Building configuration...
Current configuration : 963 bytes
!
hostname Router4
!
enable password cisco
!
isdn switch-type basic-net3
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
!
interface BRI0
ip address 200.0.0.1 255.255.255.0
dialer map ip 200.0.0.2 252912
dialer-group 1
isdn switch-type basic-net3
!
ip route 2.0.0.0 255.0.0.0 200.0.0.2
!
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
End
Router5#sh run
Building configuration...
Current configuration : 965 bytes
!
hostname Router5
!
nable password cisco
!
isdn switch-type basic-net3
!
interface Loopback0
108
ip address 2.2.2.2 255.0.0.0
!
interface BRI0
ip address 200.0.0.2 255.255.255.0
dialer map ip 200.0.0.2 24731102
dialer-group 2
isdn switch-type basic-net3
!
ip route 1.0.0.0 255.0.0.0 200.0.0.1
!
dialer-list 2 protocol ip permit
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end
When there is no traffic between the 2 offices, lets find out the ISDN
call status using the below 2 commands.
Router4#sh isdn status
Global ISDN Switchtype = basic-net3
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask: 0x80000003
Total Allocated ISDN CCBs = 0
The above would be the typical output if the configuration is correct.
0 Active layer 3 calls mean that ISDN link is not yet up.
Router4#sh isdn active
----------------------------------------------------------------------ISDN ACTIVE CALLS
----------------------------------------------------------------------Call
Calling Called Remote Seconds Seconds Seconds Charges
Type
Number Number Name
Used
Left
Idle
Units/Currency
----------------------------------------------------------------------sh ISDN active output reveals that no ISDN call is in progress.
Router4#sh int bri 0
BRI0 is up, line protocol is up (spoofing)
Hardware is BRI
Internet address is 200.0.0.1/24
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
109
Encapsulation HDLC, loopback not set
Router4#sh int bri 0:1
BRI0:1 is down, line protocol is down
Hardware is BRI
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Look at the difference sh int bri 0 shows the line protocol as up
whereas sh int bri 0:1 shows line protocol is down. This implies that
BRI config is correct. Since there is no traffic, the BRI channel 1 is
still down (Recall each BRI interface has 2 B channels).
Similar outputs can be observed on Router5 as well.
Router5#sh isdn active
----------------------------------------------------------------------ISDN ACTIVE CALLS
----------------------------------------------------------------------Call
Calling Called Remote Seconds Seconds Seconds Charges
Type
Number
Number Name
Used
Left
Idle
Units/Currency
--------------------------------------------------------------------------------------------------------------------------------------------Router5#sh isdn status
Global ISDN Switchtype = basic-net3
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 65, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask: 0x80000003
Total Allocated ISDN CCBs = 0
Router5#sh int bri 0
BRI0 is up, line protocol is up (spoofing)
Hardware is BRI
Internet address is 200.0.0.2/24
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Router5#sh int bri 0:1
BRI0:1 is down, line protocol is down
Hardware is BRI
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
To check our DDR config, well initiate ping from router4s loopback &
checkout if the WAN link comes up automatically.
110
Router4#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
00:37:39: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 32/33/36 ms
00:37:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1,
changed state to up
Router4#sh isdn status
Global ISDN Switchtype = basic-net3
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
1 Active Layer 3 Call(s)
CCB:callid=8002, sapi=0, ces=1, B-chan=1, calltype=DATA
Active dsl 0 CCBs = 1
The Free Channel Mask: 0x80000002
Total Allocated ISDN CCBs = 1
Observe the above output shows 1 Active Layer 3 calls now which was not
the case earlier.
sh isdn active gives us details of currently active calls.
Router4#sh isdn active
----------------------------------------------------------------------ISDN ACTIVE CALLS
----------------------------------------------------------------------Call Calling
Called Remote Seconds Seconds Seconds Charges
Type Number
Number Name
Used
Left
Idle
Units/Currency
----------------------------------------------------------------------Out
252912
14
107
12
0
Router4#sh int bri 0
BRI0 is up, line protocol is up (spoofing)
Hardware is BRI
Internet address is 200.0.0.1/24
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
The BRI channel 1 protocol is also up now.
Router4#sh int bri 0:1
BRI0:1 is up, line protocol is up
Hardware is BRI
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Debug output gives us greater details.
111
Router4#debug dialer
Dial on demand events debugging is on
Router4#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
00:41:30: BR0 DDR: Dialing cause ip (s=200.0.0.1, d=2.2.2.2)
00:41:30: BR0 DDR: Attempting to dial 252912
00:41:31: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
00:41:31: BR0:1 DDR: dialer protocol up
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 32/32/32 ms
00:41:32: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1,
changed state to up
00:43:32: BR0:1 DDR: idle timeout
00:43:32: BR0:1 DDR: disconnecting call
00:43:32: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from
252912 , call lasted 121 seconds
00:43:32: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
00:43:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1,
changed state to down
112
III) Frame-Relay
Point-to-Point WAN configuration
L0
1.1.1.1
s0
R1
150.0.0.1
FR
Cloud
150.0.0.2
s0
R2
L0
2.2.2.2
113
line vty 0 4
password cisco
login
!
End
Router2#sh run
Building configuration...
Current configuration : 791 bytes
!
hostname "Router2"
!
enable password cisco
!
interface Loopback0
ip address 2.2.2.2 255.0.0.0
!
interface Serial0/0
ip address 150.0.0.2 255.255.0.0
encapsulation frame-relay
no fair-queue
!
route rip
network 2.0.0.0
network 150.0.0.0
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
End
Router1#sh ip route
Gateway of last resort is not set
C
R
R
C
Router2#sh ip route
Gateway of last resort is not set
R
C
R
C
If the frame-Relay link were up, we will be able to see the PVC status
as active & well also be able to view the DLCI number.
Router1#sh frame-relay pvc
PVC Statistics for interface Serial0 (Frame Relay DTE)
114
Local
Switched
Unused
Active
1
0
0
Inactive
0
0
0
Deleted
0
0
0
Static
0
0
0
Active
1
0
0
Inactive
0
0
0
Deleted
0
0
0
Static
0
0
0
115
broadcast,, status defined, active
Router2#sh frame-relay lmi
LMI Statistics for interface Serial0/0(Frame Relay DTE)LMI TYPE = CISCO
Invalid Unnumbered info 0
Invalid Prot Disc 0
Invalid dummy Call Ref 0
Invalid Msg Type 0
Invalid Status Message 0
Invalid Lock Shift 0
Invalid Information ID 0
Invalid Report IE Len 0
Invalid Report Request 0
Invalid Keep IE Len 0
Num Status Enq. Sent 256
Num Status msgs Rcvd 257
Num Update Status Rcvd 0
Num Status Timeouts 0
NOTE : The show frame-relay PVC command would show inactive entry
if the remote WAN link were down. If the local link were down, it would
have shown as deleted.
116
HUB & SPOKE configuration Diagram
L0
s0
R3
3.3.3.3
150.0.0.2
L0
1.1.1.1
S0.1 150.0.0.1
R1
S0.2 160.0.0.1
FR
Cloud
160.0.0.2
s0
R2
2.2.2.2
L0
Such a configuration would warrant configuring the HUB router with subinterfaces as shown below.
Router1(config)#int serial 0.1
This would be the normal sub-interface creation command.
However, in a Frame-Relay environment, the sub-interface type also has
to be specified during configuration.
Router1(config)#int serial 0
Router1(config-if)#encapsulation frame-relay
Router1(config)#int s0.1 ?
multipoint
Treat as a multipoint link
point-to-point Treat as a point-to-point link
Lets create 2 point-to-point sub-interfaces
Router1(config)#int s0.1 point-to-point
Router1(config-subif)#ip add 150.0.0.1 255.255.0.0
Router1(config-subif)#exit
Router1(config)#int s0.2 point-to-point
Router1(config-subif)#ip add 160.0.0.1 255.255.0.0
Router1(config-subif)#
Once created, we also need to associate appropriate DLCI to the subinterfaces on the HUB Router.
Router1(config)#int s0.1
Router1(config-subif)#frame-relay interface-dlci 100
Router1(config-fr-dlci)#exit
Router1(config-subif)#exit
Router1(config)#int s0.2
Router1(config-subif)#frame-relay interface-dlci 300
Router1(config-fr-dlci)#exit
Router1(config-subif)#exit
Router1#sh run
Building configuration...
Current configuration : 966 bytes
117
!
hostname Router1
!
enable password cisco
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial0
no ip address
encapsulation frame-relay
ip split-horizon
!
interface Serial0.1 point-to-point
ip address 150.0.0.1 255.255.0.0
frame-relay interface-dlci 100
!
interface Serial0.2 point-to-point
ip address 160.0.0.1 255.255.0.0
frame-relay interface-dlci 300
!
router rip
network 1.0.0.0
network 150.0.0.0
network 160.0.0.0
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end
Router1#sh ip route
Gateway of last resort is not set
C
R
R
C
C
Active
2
0
0
Inactive
0
0
0
Deleted
0
0
0
Static
0
0
0
118
input pkts 53
output pkts 59
in bytes 4998
out bytes 7384
dropped pkts 0
in FECN pkts 0
in BECN pkts 0
out FECN pkts 0
out BECN pkts 0
in DE pkts 0
out DE pkts 0
out bcast pkts 46
out bcast bytes 6156
pvc create time 00:18:45, last time pvc status changed 00:18:45
DLCI = 300, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =
Serial0.2
input pkts 20
output pkts 48
in bytes 1730
out bytes 7118
dropped pkts 0
in FECN pkts 0
in BECN pkts 0
out FECN pkts 0
out BECN pkts 0
in DE pkts 0
out DE pkts 0
out bcast pkts 33
out bcast bytes 5558
pvc create time 00:18:47, last time pvc status changed 00:18:47
Router1#sh frame-relay map
Serial0.2 (up): point-to-point dlci, dlci 300(0x12C,0x48C0), broadcast
status defined, active
Serial0.1 (up): point-to-point dlci, dlci 100(0x64,0x1840), broadcast
status defined, active
Router2#sh run
Building configuration...
Current configuration : 766 bytes
!
hostname "Router2"
!
enable password cisco
!
interface Loopback0
ip address 2.2.2.2 255.0.0.0
!
interface Serial0/0
ip address 150.0.0.2 255.255.0.0
encapsulation frame-relay
no fair-queue
!
router rip
network 2.0.0.0
network 150.0.0.0
!
<output omitted>
Other Routers display similar details
Router2#sh ip route
Gateway of last resort is not set
R
C
R
R
119
C
Active
1
0
0
Inactive
0
0
0
Deleted
0
0
0
Static
0
0
0
120
R
R
C
R
C
Active
1
0
0
Inactive
0
0
0
Deleted
0
0
0
Static
0
0
0