Connectionless You should know the following facts about connection-oriented communication:
y y y
Connection-oriented protocols are reliable. They perform session initiation, error detection, and error correction. They identify and retransmit lost packets. A connection-oriented protocol is a good choice where reliable, error-free communications are more important than speed. The three phases of connection-oriented communication are: 1. Session initialization (connection establishment), 2. Session maintenance (data transfer), and 3. Session termination (connection release).
You should also know the following facts about connectionless communication:
y y y y
Connectionless services assume an existing link between devices and allow transmission without extensive session establishment. Connectionless communications include no error checking or acknowledgement mechanisms. Connectionless communications use no error checking, session establishment, or acknowledgements. Connectionless protocols allow quick, efficient communication. However, data errors and packet loss might occur.
Cisco routers and switches do not have monitors, and they do not directly support keyboards or mouse commands. Therefore, you need to connect the router to either a dedicated terminal or a PC to configure it. There are several options you can use to gain access the console. These include: y y y Connecting through the Console port Connecting through the LAN or WAN with a virtual terminal connection Connecting through the Auxiliary port (available on some routers)
You can connect to routers and switches using the following cable types:
Pinouts 1 --> 8 2 --> 7 3 --> 6 4 --> 5 5 --> 4 6 --> 3 7 --> 2 8 --> 1
Connect a rollover cable to a serial connector. Connect the RJ-45 end to the console port, connect the serial end to the serial port of a PC. Use HyperTerminal to make the console connection.
1 --> 1 2 --> 2 3 --> 3 6 --> 6 Straight-through Ethernet Cable
Connect an Ethernet port on a router to an Ethernet port on a hub or switch. If the router has an AUI port, connect one end to an AUI transceiver before connecting to the router.
1 --> 3 2 --> 6 3 --> 1 6 --> 2 Crossover Ethernet Cable
Connect an Ethernet port on a router to the NIC in a PC. Connect two switches (or hubs) together. If the router has an AUI port, connect one end to an AUI transceiver before connecting to the router.
When connecting routers through a serial port, use the appropriate serial cable. When connecting to a Cisco device through the console port, you can use the HyperTerminal program included with Windows to make a console connection with the router. Default console port settings are: y y 9600 baud (or a rate supported by your router) Data bits = 8 (default)
y y y y Mode
Parity = None (default) Stop bits = 1 (default) Flow control = None
Command Mode Prompts and Commands
Prompt Router> Router# To Enter Press <enter>, log in enable To Exit exit, logout, or disconnect disable (exit disconnects) exit, ^Z* exit, ^Z* exit, ^Z* exit, ^Z* exit, ^Z* ^C
User EXEC Privileged EXEC
Global Router(config)# config terminal Configuration Line Interface Subinterface Router Setup Router(configline)# Router(configif)# Router(configsubif)# Router(configrouter)# None, interactive dialog line <type> <number> interface <type> <number> interface <type> <number>.<subnumber> router <type> setup or erase startup-config + reload ROM Monitor mode lets you configure your router if the router can't find a valid system image, or if the boot sequence is interrupted when you start the router. It is an emergency command-line access to the router. To go to EXEC mode from this mode, type continue at the prompt. RXBoot mode lets a router boot with a limited version of the IOS when it cannot find a valid IOS image in Flash. You enter RXBoot mode by modifying the configuration register before rebooting the router.
ROM Monitor rommon>
y y y
*^Z (<ctrl> + Z) exits all configuration modes to privileged EXEC mode. exit "backs up" one
Command Help Facts
Help is available in all router modes. It is context sensitive, so the information you see depends on what you are doing. Cisco bases this on the mode you are in and the words or partial words you type with the ?. Use... ? xx? (no space between the letter and ?) command ? (space between command and ?) partial command + <tab> (no space)
To... Show list of all commands available in the current mode Show commands that begin with specific letter(s) Show keywords for a command Get the full command from a partial command
. You do not need to retype the command after you ask for help on it.B.C. . Use . . the $ indicator appears after the prompt. and repeats the last command you entered after the Help information displays.D
Editing Features Facts
This feature uses the same keystrokes as UNIX emacs editing. <Ctrl> + A <Ctrl> + E <Ctrl> + Z <Ctrl> + B To . As you type.. <Ctrl> + A <Ctrl> + E <Ctrl> + B Left arrow <Ctrl> + F Right arrow <Esc> + B <Esc> + F terminal editing terminal no editing To . you will see the following types of items. . The command history is specific to the configuration mode you are in.. Supply.y y
Note: Typing ? acts as a return. Move cursor to beginning of line Move cursor to the end of line Quit a configuration mode Move cursor back one character
. WORD (in caps) LINE (in caps) keyword <0-4567> <0-FFFFFF> <cr> A. Type a one-word response Type a multiple-word response Identifies a specific keyword that must be typed as shown Enter a number within the range in brackets Enter a hexadecimal number within the range in brackets The command is complete as typed... When you use Help to display the possible keywords for a command. Use this .
Command History Command List
By default.. Move to the beginning of the line Move to the end of the line Go back one character Go forward one character Go back one word Move forward one word Turn advanced editing on Turn advanced editing off
When you are in advanced editing mode. the IOS automatically saves the last 10 commands in the command history buffer. The following lists summarize the router advanced editing features. commands longer than the command line appear to scroll under the prompt. press Enter to execute the command Enter an IP address
When you see.. ..
The information you've entered to that point will not be saved. Use the setup command from privileged mode.
Setup Mode Facts
If the router is brand new. There are two ways to enter setup mode: y y Boot the router without the startup-config file.
When viewing debug information. Problem When making configuration changes. response messages are often displayed on the screen. Therefore. it has no startup-config file.<Esc> + B <Esc> + F <Ctrl> + P or Up arrow <Ctrl> + N or Down arrow terminal history terminal no history terminal history size <number> show history
Move cursor back one word Move the cursor ahead one word Show the previous command Show the next command Turn the command history on Turn the command history off Set the size of the history buffer Show all the commands in the history buffer
Controlling Screen Output
As you work with the router at the console and make configuration changes. output will not be shown. This happens when you erase the current startupconfig file. Solution Use: no logging console to turn these messages off. when it boots. The following table describes various ways to control the response messages shown. Setup mode is a special. Use: logging buffered to send logging information to RAM. you want to review previous information. then use: show log to view information one screen at a time. when you use a debug command. or debug information is shown too quickly for you to examine it. the following message is constantly displayed (sometimes as you are typing): %SYS-5-CONFIG_1: Configured from console by console When working with the router through a Telnet session.
. it immediately enters Setup mode.
You can exit setup mode without answering all the questions by pressing <Ctrl> + C. Use: terminal monitor to send debug output to the telnet session. or when you boot a new router. guided routine that asks you a series of questions and uses your responses to make basic configuration entries.
and to load different versions of the configuration files from various locations. and all interfaces are in shutdown mode until they're enabled.
Router Memory Be sure you understand the difference between the following types of router storage. Copy Command List The router can load a configuration file from:
NVRAM (startup-configuration file by default value 0x2102) TFTP server
Changes to the configuration are stored in RAM in the running-config file. you must modify the configuration registry and NVRAM during password recovery). . an older. . use the copy command in privileged EXEC mode. Memory Type Characteristics
Preprogrammed. flash. To save your configuration changes permanently. smaller-scale version of the operating system (IOS) memory) software. The contents of volatile memory (RAM) are lost when the router is powered down. . Use . and the Power-on Self-Test (POST) program Flash Non-volatile but programmable memory containing the proprietary Cisco operating system (IOS) images
RAM (random Volatile memory containing the running operating system and current access memory) (unsaved) configuration information NVRAM (nonvolatile RAM) Non-volatile but persistent memory that contains the backup copy of the startup configuration (startup-config) file and virtual configuration register
The contents of non-volatile memory (such as ROM. Save the contents of the running-config file to NVRAM Copy the startup-config file into RAM Save the contents of the running-config file to a TFTP server Save the contents of the startup-config file to a TFTP server Copy a configuration file from the TFTP server into NVRAM
. non-writable memory containing the bootstrap startup ROM (read-only program. . new Cisco routers have no passwords set.Note: By default. and NVRAM) remain when the router is powered off (however. Router#copy run start Router#copy start run Router#copy run tftp Router#copy start tftp Router#copy tftp start To .
. You can also use the erase command to delete the configuration files--but be very careful not to erase files you need! Use .Router#copy tftp run
Copy a configuration file from the TFTP server into RAM
Configure a Cisco router as a TFTP server. . To . you must specific the location (flash or flash <filename> rom) of the IOS image file as well as the IOS image file name. . . . . . or replace an IOS image. . . Display information about hardware and firmware including the configuration register value Copy configuration information from another source (like NVRAM) Configure information into the RAM of a router
IOS Boot and Upgrade Location Command List The router can load an IOS image from the following locations:
y y y
Flash TFTP server ROM (limited version of the IOS software)
Use the boot system command in global configuration mode to identify alternate locations for the IOS image. Use the copy command to archive. Use .
. Identify an IOS image file in flash to use at boot. . . show version configure memory or copy startup-config running-config configure terminal To . Router#erase flash Delete the contents of Flash memory (deletes the IOS image) Router#erase start Erase the contents of the startup-config file Router#erase nvram Delete the contents of NVRAM (which also erases startup-config) Router#reload Restarts the router You can also use the following commands to manage system files: Use . When using Router(config)#tftp-server this command. Router(config)#boot system flash <IOSfilename> To . . upgrade.
Router(config)#boot system rom (IOS versions 11.... it returns to the default load sequence. Use this command. Restore the IOS image from backup on the TFTP server to Flash. You are directing the router where to look for the IOS image on boot-up. and RAM and processor information View the currently running configuration file View the startup configuration file stored in NVRAM (the saved copy of the configuration file) View the size of the configuration files and the available flash memory View information for all IOS image files stored on the router View the commands in the command history list
show protocols or show interfaces View the IP addresses assigned to a specific interface or show ip interfaces show protocols View the status of all interfaces or
. View hardware configuration. until it finds a valid IOS image. It tries each location in turn. running IOS version. bootflash: (IOS versions 12. If one is not found.. show version show runningconfig show startupconfig or show config show flash* show history To.Router(config)#boot system tftp <IOSfilename> <tftp_address>
Identify an IOS image file on a TFTP server to use at boot. Show Command List (Basic) The following list summarizes common information you can display using common show commands.2 and below) Specify to use the limited IOS Router(config)#boot system flash version stored in ROM at boot.0 and above Router#copy flash tftp Router#copy tftp flash Back up (copy) the IOS image from Flash to the TFTP server.
Note: When you use the boot system command. you are not making backup copies of the IOS image. nor are you replacing the default IOS search order. ROM bootstrap version.
For example. the router interfaces do not have specific names that change the prompt. use the following command: Router(config-if)#no description Notice that in many cases you can leave off additional parameters when using the no command. . Set a description for a specific interface
Router(config-if)#description <description text>
Examples The following set of commands sets the hostname of the router to ATL1: Router#config t Router(config)#hostname ATL1 ATL1(config)# The following set of commands adds a description of "ATL to NYC" for the first serial interface on the router: Router(config)#int ser 0 Router(config-if)#description ATL to NYC Note: To undo any configuration change. Router(config)#hostname <name> Router(config)#int Router(config)#int Router(config)#int Router(config)#int serial 0 ser 0 ser0 s0 To . you can add a description to the configuration file that helps you identify the interface.
Router and Interface Identification Command List
During initial setup.show interfaces *The show flash command is not enabled in the simulations.
Router Password Facts
The following table list three of the most common passwords that you can configure on your router: Password Type Console Description Controls the ability to log on to the router through a console connection
. to remove a description from an interface. eth) keywords to switch to Ethernet interface mode. . . However. you can configure a host name for your router. Unlike the router itself. Change the host name of the router Go to interface configuration mode for the first serial interface. use the same command preceded by the no keyword followed by the command. Use . This is the name that appears in the EXEC prompt. . Use the Ethernet (e.
Router(config)#enable secret <password> Router(config)#enable password <password> Router(config)#line con 0 Router(config)#line vty <0-197> <1-197> Router(configline)#password Router(configline)#login To . you should not use the same password for both your enable and enable secret passwords. . .
Password Command List
Use . Be aware of the following recommendations for configuring router passwords: y y y y Passwords are case-sensitive. Specify one line number or a range of line numbers (line vty 0 4). login Router(config-line)#no password Router(config)#service Encrypt all passwords.
The router always uses the enable secret password if it exists. and line passwords in setup mode.
Router(config)#no enable secret Router(config)#no enable password Remove the password. password-encryption Note: If you do not use the login command in line mode. Require the password for line access. There are two different passwords that might be used:
The enable password is stored in clear text in the configuration file. a password will not be required for access. Cisco routers support Terminal Access Controller Access Control System (TACACS) and Remote Authentication Dial-In User Service (RADIUS) to centrally validate users attempting to gain access to the router. . Set the line password (for either console or VTY access). there are other passwords that you cannot set in setup mode. enable secret. You can set the enable. The no login command disables password Router(config-line)#no checking. This password is used if the enable secret is not set. Switch to the line configuration mode for the console.
. . The enable secret password is stored encrypted in the configuration file. even though one is set. For security reasons. However. Set the encrypted password used for privileged mode access. Set the unencrypted password for privileged mode access. Switch to the line configuration mode for the virtual terminal.Line
Controls the ability to log on to the router using a virtual terminal (VTY) or Telnet connection Controls the ability to switch to configuration modes. The enable secret is always used if it exists.
(On some routers. List below are the general steps you would take for the 2500 series routers: 1. 2. Enter configuration mode to change the passwords. At this point you can: o Use Setup mode to configure the router (including the passwords).
Banner Command List
Banners display messages that anyone logging into the router can see.) 6. Type config-register 0x2102 to change the configuration register back to the default. In the recovery process. Shift + 4. password = access is allowed only with correct password
Password recovery is the process of discovering or resetting forgotten router passwords. Use . The following four types of banners display at various times during the login or startup sequence. no password = access is denied (the error message indicates that a password is required but none is set) no login. Shift + b) 4. At the prompt. 8. To prevent VTY access. Type o/r 0x2142 to change the configuration register setting. there must be a login entry without a password set. . The router will automatically enter Setup mode. Use the reload command to restart the router normally. Establish a console connection to the router. You can then load the existing startup-config file and view or modify the current password settings. . Access is allowed based on the following conditions: y y y y no login. For a Windows system. you modify the configuration register to bypass the startup-config file and boot the router with a limited IOS version. Record the value for the configuration register (usually 0x2102). 7.Access to the router console through a telnet session is controlled by the login and the password entries. . 3. use the confreg command followed by the appropriate register value to make the change. use the keyboard to send a break sequence to the router. Type copy start run to load the startup-config file. Within 60 seconds. Turn the router off and on. the router reboots bypassing the startup-config file. The MOTD banner displays immediately after a connection is made. 4. the break sequence is typically one of the following: o Break + F5 o Shift + F5 o ^$B (Shift + 6. type o. Type i to reboot. Set the Message-of-the-day (MOTD) banner. 3. The exact process you use to recover lost passwords depends on the router model.
. Exit configuration mode and use copy run start to save the changes to the passwords. 2. . 5. o Quit Setup mode (using Ctrl + C) and change only the existing passwords. no password = access is allowed without a password login. Router(config)#banner Router(config)#banner motd To . password = access is allowed without a password login. With the configuration register changed. 1.
line protocol is down up. Removes the specified banner
Note: The banner command without a keyword defaults to set the MOTD banner. line protocol is down The interface is shut down (with the shutdown command) down. The exec banner displays after a successful login. The interface status indicates whether Data Link layer communications are enabled.. Follow the banner command with a delimiting character.
Back-to-Back Configuration Facts
When you configure a router to connect to a network through a serial interface.. login. A status of. the router must be connected to a device (such as a CSU/DSU or another router) that provides clocking signals. Hardware or network connection problem (Physical layer) No carrier detect signal Connection or communication problem (Data Link layer) No keepalives The link is functional
administratively down. line protocol is up
Even though the interface status shows "up. and helps the router identify the beginning and ending of the banner.. line protocol is up. Example The following commands set the MOTD.. Indicates. However. The login banner displays after the MOTD banner and before the login prompt.Router(config)#banner login Router(config)#banner exec Router(config)#banner incoming Router(config)#no banner <type>
Set the login banner. and EXEC banners. The delimiter encloses the banner text. line protocol down up. using # as the delimiting character and inserting a hard return between each banner: Router(config)#banner motd # This is the Message-of-the-day banner! # Router(config)#banner login # This is the Login banner! # Router(config)#banner exec # This is the Exec banner! #
You can use the interface status to troubleshoot connectivity problems and quickly see whether the link between the router and the network is operational. Set the incoming banner. Set the EXEC banner." you might need to perform additional tasks for router-to-router communication to take place (such as assigning an IP address). When you
. most networking tasks occur at higher layers (Network through Application layers). The incoming banner displays for a reverse telnet session. The following table summarizes some possible conditions indicated by the interface status. This allows you to construct multipleline banners.
encapsulation. CDP works when there is a valid Data Link layer connection. Connect the DCE end of the cable to the interface you want to be the DCE device. one router interface must be configured to provide the clocking signals for the connection. such as routers and switches.
The DCE interface is identified in two ways: y y The cable connecting the two routers has both a DCE and a DTE end. y y The router providing clocking is known as the DCE (data circuit-terminating equipment). . and other network architectures.
Use the following commands to customize and view CDP information. . . CDP works regardless of the Network layer and other protocols used. can discover neighboring Cisco devices through CDP. y y y y By default. The DCE interface is configured to provide a clocking signal with the clock rate command. clocking is not provided. Cisco devices. CDP only shares information with directly connected (neighboring) devices. CDP is enabled on all interfaces. Router(config)#cdp holdtime <10-255> Router(config)#cdp timer <5-900> Router(config)#cdp run Router(config)#no cdp run Router(config-if)#cdp enable Router(config-if)#no cdp enable Router#show cdp Router#show cdp interface To . If the clock rate command is not issued. Use . and CDP exchange interval Show information about all neighboring Cisco devices including: Router#show cdp neighbors y y y Device ID Local interface Holdtime
. It can discover information on LANs.configure two routers in a back-to-back configuration through their serial ports.
CDP Command List
The Cisco Discovery Protocol (CDP) is a protocol that Cisco devices use to learn and share information about each other. . Specify the amount of time that information in a packet is still valid (default = 180 seconds) Specify how often CDP packets are exchanged (default = 60 seconds) Enable CDP on the router Disable CDP on a router. to prevent the router from exchanging CDP packets Turns CDP for an interface on Turns CDP for an interface off View CDP information Show information about neighbors accessed through an interface Show CDP configuration information for the router including the holdtime. and the line between the two routers will not change to up. The router not providing clocking is known as the DTE (data terminal equipment). Frame Relay.
you can connect the switch to the network. In this course. the higher the utilization. The switch comes preconfigured to work out-of-the-box without configuration. Mode Meaning Stat Util Duplex Speed Solid green = Operational Flashing green = Link activity Off = Non-functional All switch port lights act as a meter to indicate overall utilization. Router(config)#int eth 0 Router(config-if)#no cdp enable
Switches connect multiple segments or devices and forward packets to only one specific port. Router(config)#cdp run Router(config)#cdp timer 90 The following commands turns off CDP on the router's first Ethernet interface. Solid green = Full duplex Off = Half duplex Solid green = 100 Mbps Off = 10 Mbps
On a simple LAN. connect devices. An important characteristic of a switch is multiple ports. Each switch port has a single LED. you will learn how to configure the Catalyst 2950 series switch. Port LEDs mean different things based on the mode selected with the Mode button. The more lights that are lit. The color of the LEDs change to give you information about how the switch is working. To customize the switch configuration.y y y
Capability Platform Port ID
Shows all information for the show cdp neighbors command and adds: Router#show cdp neighbors detail y y y Network address Enabled protocols Software version
Examples The following commands turns on CDP for the router and configures it to send CDP packets every 90 seconds. and it will automatically begin switching traffic to the correct ports. all of which are part of the same network segment. Modern switches can also be used to create virtual LANs (VLANs) and perform some tasks previously performed only by routers (Layer 3 switches). connect to the switch in one of the following ways:
Configuration tasks that you can perform in this mode overlap configuration tasks you can complete in the vlan configuration mode. Changes made in the vlan database configuration mode do not take effect until you save the changes. In other words. You will learn more about using each of the configuration modes throughout this section. there will be some configuration tasks that you cannot perform in vlan database mode. changes made in vlan mode take place immediately. Ports are numbered beginning with 1 (not 0). Enter vlan mode from the global configuration prompt.
Note: Do not confuse the vlan configuration mode with the interface vlan configuration mode. the switch has multiple interface modes depending on the physical (or logical) interface type. The following graphic illustrates some of the configuration modes of the switch.
Like a router. follow the interface type and number (FastEthernet0) with the port number (/14). with some differences to account for switch functionality not included in routers. either before or while exiting the configuration mode. you should be familiar with the following switch interface modes: y y y FastEthernet (100 Mbps Ethernet) GigabitEthernet (1 GB Ethernet) VLAN (Logical management interface)
Note: When switching to interface configuration mode.y y y
Console connection Telnet session Web management software (connect through the LAN through a Web browser)
Note: You must configure an IP address for the switch to manage it through a Telnet or Web session
Switch Configuration Modes
Like a router. For this course. On the other hand.
. The vlan database mode allows you to configure a subset of features supported by the vlan configuration mode. Changes made in the vlan database configuration mode are not stored in the regular switch configuration file. the switch has similar configuration modes. In addition to the special interface modes. Catalyst switches include a vlan database configuration mode. You should understand the following about these two modes: y y Enter the vlan database configuration mode from the privileged user prompt. You can always use the vlan configuration mode to perform all VLAN configuration tasks.
0. Task Move to privileged mode from user mode Move to user mode from privileged mode Move to global configuration mode Command switch>enable switch#disable switch#configure terminal switch(config)#interface fastethernet0/14 switch(config)#interface gigabitethernet 0/17 switch(config)#interface con 0 switch(config)#interface vty 0 4 switch(config)#interface vlan 1 switch(config-if)#exit switch(config)#^Z switch#show running-config switch#show version
Move to interface configuration mode
Leave the current configuration mode. If you are familiar with router configuration.0. to move between configuration modes. and to save and load configuration files.0/my_config.cfg switch(config)#enable password cisco switch(config)#enable secret cisco switch(config)#ip default-gateway 1. or exit the system Exit all configuration modes Show the current switch configuration Show switch information such as software version and hardware components
switch#show interfaces Show interface status and configuration information switch#show interfaces fastethernet 0/14 Save the current switch configuration Load a configuration file from another location Set the enable password (to cisco) Set the secret password (to cisco) Set the default gateway Set the switch hostname Set a description for a port Enable CDP on the switch Enable CDP on a port Set CDP parameters Set the port speed switch#copy running-config startupconfig switch#copy tftp://1. The following table lists common switch configuration commands.1. you will probably be able to guess how to complete many switch configuration tasks. Use the same options to get help.1 switch(config)#hostname ATL switch(config-if)#description IS_VLAN switch(config)#cdp run switch(config-if)#cdp enable switch(config)#cdp holdtime 181 switch(config)#cdp timer 66 switch(config-if)#speed 10 switch(config-if)#speed 100 switch(config-if)#speed auto
.Switch Configuration Command List
Using the switch command line interface is similar to using the router command line interface.1. to set the hostname.
255. Remember the following facts regarding switch frame tagging (or coloring). Only VLAN-capable devices understand the frame tag. each switch must be able to identify the destination virtual LAN.1 255. Keep in mind the following facts about IP addresses configured on switches: y y y Basic switches operate at Layer 2. this VLAN is VLAN 1 on the switch. and therefore do not need an IP address to function. and removed by the last. As a frame moves from switch to switch within the switch fabric. The switch itself has only a single (active) IP address. Tags are appended by the first switch in the path. By default. One way to identify the VLAN is for the switch to use a filtering table that maps VLANs to MAC addresses. a switch performs switching functions just fine without an IP address set. This is a logical interface defined on the switch to allow management functions. For large networks. The IP address identifies the switch as a host on the network but is not required for switching functions.Set the duplex mode
switch(config-if)#duplex half switch(config-if)#duplex full switch(config-if)#duplex auto
Switch IP Address Facts
One task that is different for switches than for routers is configuring the IP address. this solution does not scale well.255. Use the following commands to configure the switch IP address: switch#config terminal switch(config)#interface vlan 1 switch(config-if)#ip address 1. In fact.1. switches append a VLAN ID to each frame. most networks involve connecting multiple switches. The area between switches is called the switch fabric. Tags must be removed before a frame is forwarded to a non-VLAN-capable device.1.
To configure the switch IP address. This process. called frame tagging or frame coloring. You only need to configure a switch IP address if you want to perform in-band management of the switch from a Telnet or Web session.254
Frame Tagging Facts
Although you can create VLANs with only one switch. you will also need to configure the default gateway on the switch using the following command (notice that the default gateway is set in global configuration mode): switch(config)#ip default-gateway 1. you set the address on the management VLAN logical interface. However.0 switch(config-if)#no shutdown Note: To enable management from a remote network.1.
. Each switch port does not have an IP address (unless the switch is performing Layer 3 switching.1. a function which is not supported on 2950 switches). identifies the VLAN of the destination device. y y y y VLAN IDs identify the VLAN of the destination device.
all ports are members of VLAN 1. switches come configured with several default VLANs: o VLAN 1 o VLAN 1002 o VLAN 1003 o VLAN 1004 o VLAN 1005 By default. y y y y y You can create virtual LANs based on criteria other than physical location (such as workgroup. The above example has two broadcast domains. each of which corresponds to one of the VLANs.1q-capable switches to ensure a consistent tagging protocol. FastEthernet ports 0/1 and 0/2 are members of VLAN 1. protocol. you might need to stick with one switch vendor.
. even though they are connected to the same physical switch.
Be aware of the following facts about VLANs: y y y y In the graphic above. protocol. When designing VLANs. In the graphic above. Use 802. workstations in VLAN 1 will not be able to communicate with workstations in VLAN 2.
Creating VLANs with switches offers the following administrative benefits. Defining VLANs creates additional broadcast domains.y
Tag formats and specifications can vary from vendor to vendor. Cisco's proprietary protocol is called the Inter-Switch Link (ISL) protocol. or service) You can simplify device moves (devices are moved to new VLANs by modifying the port assignment) You can control broadcast traffic and create collision domains based on logical criteria You can control security (isolate traffic within a VLAN) You can load-balance network traffic (divide traffic logically rather than physically)
Creating VLANs with switches offers the following benefits over using routers to create distinct networks. each switch port can be assigned to only one VLAN at a time.
A virtual LAN (VLAN) can be defined as: y y Broadcast domains defined by switch port rather than network address A grouping of devices based on service need. FastEthernet ports 0/3 and 0/4 are members of VLAN 2. The following graphic shows a single-switch VLAN configuration. or other criteria rather than physical proximity
Using VLANs lets you assign devices on different switch ports to different logical (or virtual) LANs. Although each switch can be connected to multiple VLANs. By default.
each switch port can be assigned to only one VLAN at a time. Despite advances in switch technology.y y y
Switches are easier to administer than routers Switches are less expensive than routers Switches offer higher performance (introduce less latency)
A disadvantage of using switches to create VLANs is that you might be tied to a specific vendor. even though they are connected to the same physical switch. Defining VLANs creates additional broadcast domains. FastEthernet ports 0/1 and 0/2 are members of VLAN 1. By default. be sure each switch supports the 802. The following graphic shows a single-switch VLAN configuration. protocol. The above example has two broadcast domains.
Creating VLANs with switches offers the following administrative benefits. routers are still needed to: y y y Filter WAN traffic Route traffic between separate networks Route packets between VLANs
A virtual LAN (VLAN) can be defined as: y y Broadcast domains defined by switch port rather than network address A grouping of devices based on service need. Details of how VLANs are created and identified can vary from vendor to vendor. When using multiple vendors in a switched network. all ports are members of VLAN 1. Creating a VLAN might mean you must use only that vendor's switches throughout the network. Although each switch can be connected to multiple VLANs. In the graphic above. workstations in VLAN 1 will not be able to communicate with workstations in VLAN 2.
Be aware of the following facts about VLANs: y y y y In the graphic above.1q standards if you want to implement VLANs. or other criteria rather than physical proximity
Using VLANs lets you assign devices on different switch ports to different logical (or virtual) LANs.
. switches come configured with several default VLANs: o VLAN 1 o VLAN 1002 o VLAN 1003 o VLAN 1004 o VLAN 1005 By default. each of which corresponds to one of the VLANs. FastEthernet ports 0/3 and 0/4 are members of VLAN 2.
**Giving the VLAN a name is optional. y y y Switches are easier to administer than routers Switches are less expensive than routers Switches offer higher performance (introduce less latency)
A disadvantage of using switches to create VLANs is that you might be tied to a specific vendor. be sure each switch supports the 802. Command(s) switch#vlan database* switch(vlan)#vlan 2 name name** switch(vlan)#exit OR apply switch(config)#vlan 2 switch(config-vlan)#name name** switch(config-if)#switchport access vlan number*** switch#show vlan switch#show vlan id number
Task Define a VLAN (You can create VLANs in either vlan database mode or by using the vlan command in global configuration mode. and assigns the port to VLAN 12. ***If you have not yet defined the VLAN. When using multiple vendors in a switched network. Creating a VLAN might mean you must use only that vendor's switches throughout the network. and then assign ports to that VLAN.) Assign ports to the VLAN Show a list of VLANs on the system Show information for a specific VLAN y
*Notice that the vlan database command is issued in privileged EXEC mode. Details of how VLANs are created and identified can vary from vendor to vendor. it will be created automatically when you assign the port to the VLAN.1q standards if you want to implement VLANs. switch#config t switch(config)#vlan 12 switch(config-vlan)#name IS_VLAN switch(config-vlan)#interface fast 0/12 switch(config-if)#switchport access vlan 12
.y y y y y
You can create virtual LANs based on criteria other than physical location (such as workgroup. first create the VLAN. The following table shows common VLAN configuration commands. identifies port 0/12 as having only workstations attached to it. Despite advances in switch technology. routers are still needed to: y y y y y Filter WAN traffic Route traffic between separate networks Route packets between VLANs
VLAN Command List
To configure a simple VLAN. Example The following commands create VLAN 12 named IS_VLAN. protocol. or service) You can simplify device moves (devices are moved to new VLANs by modifying the port assignment) You can control broadcast traffic and create collision domains based on logical criteria You can control security (isolate traffic within a VLAN) You can load-balance network traffic (divide traffic logically rather than physically)
Creating VLANs with switches offers the following benefits over using routers to create distinct networks.
when you connect two switches together. Catalyst 2950 switches do not support ISL.
Be aware of the following facts regarding trunking and VLANs: y y In the above graphic. frames from the default VLAN 1 are not tagged. Trunking Protocol Inter-Switch Link (ISL) Characteristics A Cisco-proprietary trunking protocol. Command Switch(config-if)#switchport mode trunk Function y y Enables trunking on the interface. frames that are sent over a trunk port are tagged with the VLAN ID number so that the receiving switch knows to which VLAN the frame belongs. and to negotiate the trunking protocol used between devices. Trunk ports are automatically members of all VLANs defined on the switch. Frames from all other VLANs are tagged. One port on each switch has been assigned to each VLAN. Communications within the VLAN must pass through the trunk link to the other switch. Workstations in VLAN 1 can only communicate with workstations in VLAN 1.
. This means that the two workstations connected to the same switch cannot communicate with each other.
Trunking Command List
The following table lists important commands for configuring and monitoring trunking on a switch. Gigabit Ethernet ports are used for trunk ports. An IEEE standard for trunking and therefore supported by a wide range of devices. ISL tags each frame with the VLAN ID. For example. each switch has two VLANs. Switches use the Dynamic Trunking Protocol (DTP) to detect and configure trunk ports. The port will not use DTP on the interface. With 802. Trunking is important when you configure VLANs that span multiple switches as shown in the diagram. Typically. Trunk ports identify which ports are connected to other switches.1Q trunking.
y y y
When trunking is used. Cisco supports two trunking protocols that are used for tagging frames.Trunking
Trunking is a term used to describe connecting two switches together. ISL can only be used between Cisco devices. they will automatically recognize each other and select the trunking protocol to use.1Q
Cisco switches have the ability to automatically detect ports that are trunk ports.
A switch in client mode receives changes from a VTP server and passes VTP information to other switches.1Q for 2950 switches).
. The switch uses DTP to configure trunking.
y y y y Switch(config-if)#switchport mode dynamic desirable y
Switch(config-if)#switchport mode access
Shows interface trunking information with the following: Switch#show interface trunk Switch#show interface fa0/1 trunk y y y y Mode Encapsulation Trunking status VLAN assignments
The VLAN Trunking Protocol (VTP) simplifies VLAN configuration on a multi-switch network by propagating configuration changes to other switches.
A switch in transparent mode does not receive VTP configuration information from other switches. It passes VTP information to other switches as it receives the information. but the changes apply only to the local switch (changes are not sent to other devices). Enables dynamic trunking configuration. Configuration information is then broadcast to other VTP devices. If a switch is connected. However. it will attempt to use the desired trunking protocol (802. If a switch is not connected.1Q and therefore you will not use this command on 2950 switches Enables automatic trunking discovery and configuration.Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk encapsulation isl Switch(config-if)#switchport mode dynamic auto
Sets the trunking protocol to use 2950 switches only support 802. Disables trunking configuration on the port. Mode Server Client Characteristics A switch in server mode is used to modify the VLAN configuration. Keep in mind the following facts about VTP: y To make VLAN changes on a switch. it will communicate as a normal port. you cannot modify the VLAN configuration from a switch in client mode. With the VTP. You must disable trunking before you can assign a port to a VLAN. the switch must be in either server or transparent mode. You can Transparent modify VLAN configuration information from a switch in transparent mode. switches are placed in one of the following three configuration modes.
At startup. By default. These messages are used to select routes and reconfigure the roles of other bridges if necessary. However. Use the vtp mode command to configure the VTP mode of the switch. This condition is known as a bridging loop. They are selected automatically by exchanging bridge configuration packets.1d committee defined a standard called the spanning tree algorithm (STA). However.
Spanning Tree Facts
To provide for fault tolerance. Role Characteristics The root bridge is the master or controlling bridge. and whether the device forwards traffic to other segments. and recover from network topology changes. There is only one root bridge per network. It should be assigned by the network administrator. Use the show vtp status command to view the current vtp mode of the switch. switches send BPDUs (Bridge Protocol Data Units) out each port. optimum path through a network by assigning one of the following roles to each bridge or switch. switches are configured in server mode. or spanning tree protocol (STP).
. All redundant devices are classified as backup bridges. verify that neighbor devices are still functioning. Switches use information in the BPDUs to elect a root bridge. Only the designated bridge can forward packets.
Designated Bridge Backup Bridge
Devices send special packets called Bridge Protocol Data Units (BPDUs) out each port. Redundant bridges (and switches) are assigned as backups. BPDUs sent and received from other bridges are used to determine the bridge roles.y y y y
If you cannot modify the VLAN configuration. To prevent bridging loops. the switch is in client mode. The spanning tree algorithm provides the following benefits: y y y y y Eliminates bridging loops Provides redundant paths between devices Enables dynamic role configuration Recovers automatically from a topology change or device failure Identifies the optimal path between any two network devices
The spanning tree algorithm automatically discovers the network topology. The root bridge periodically broadcasts configuration messages. select the bridge that is closest to the physical center of the network. there is only one designated bridge per segment. one bridge (or switch) for each route is assigned as the designated bridge. A backup bridge can take over if the root bridge or a designated bridge fails. and creates a single. they will not forward packets. A designated bridge is any other device that participates in forwarding packets through the network. With this protocol. Backup bridges listen to network traffic and build the bridge database. 2. providing redundant paths between segments causes packets to be passed between the redundant paths endlessly. To prevent bridging loops. The bridge role determines how the device functions in relation to other devices. When selecting the root bridge. many networks implement redundant paths between devices using multiple switches. the IEEE 802. Devices participating in the spanning tree algorithm use the following process to configure themselves: 1.
As you know. As the switch participates in the configuration process.
Spanning Tree Command List
You can configure multiple paths with switches to provide fault-tolerance. By default. the spanning tree protocol is enabled on all Cisco switches. switches periodically send BPDUs to ensure connectivity and discover topology changes. After configuration. backup bridges are always in a blocking state. it is in the blocking state. Switch port configuration is automatic when the switch is connected to the network and powered on. The port goes to the forwarding state after the timer expires. verify that the first line of the output is: VLAN1 is executing the IEEE compatible spanning tree protocol. The root bridge and designated bridges are in the forwarding state when they can receive and forward packets. all other bridges go to the listening state for a period of time. The port remains in listening state for a specific period of time. having multiple paths means that the network is susceptible to data transmission (bridging) loops. if a bridge goes down. For example. Forces the switch to be the root of the spanning tree. A port in the learning state is receiving packets and building the bridge database (associating MAC addresses with ports). This time period allows network traffic to settle down after a change has occurred. each VLAN runs a separate instance of the spanning tree protocol. A timer is also associated with this state. 4. switches can run the spanning tree algorithm to prevent such loops from forming.
Note: When you use spanning tree on a switch with multiple VLANs. each of its ports is placed into one of five states. The port state determines whether the port receives and forwards normal network messages. Port State Description Disabled Blocking A device in the disabled state is powered on but does not participate in listening to network messages or forwarding them. Command Switch(config)#no spanning-tree vlan number Switch(config)#spanning-tree vlan number root primary Function Disables spanning tree on the selected VLAN. but will not process any other packets. Like bridges.3. Use the following commands to customize the spanning tree protocol. A port in the forwarding state can both learn and forward. To determine if the VLAN is functioning properly. The bridge receives packets and BPDUs sent to all bridges. In addition. During this time the bridges redefine their roles. and while it operates. Show spanning tree configuration information.
. A bridge must be manually placed in the disabled state. Switches on redundant paths are configured as either designated (active) or backup (inactive) switches. When a device is first powered on. The listening state is a transitionary state between blocking and learning.
Switch(config)#no spanning-tree vlan 12 Switch(config)#spanning-tree vlan 1 root primary
EtherChannel combines multiple switch ports into a single.
Port Security Facts
The basic function of a switch is to pass packets from one host to another.
. communication will still occur over the other links in the group. logical link between two switches.Example The following commands disable spanning tree for VLAN 12 and force the switch to be the root of the spanning tree for VLAN 1. If one link fails. Use EtherChannel to establish automatic-redundant paths between switches.
Use the channel-group command for a port to enable EtherChannel as follows: Switch(config)#interface fast 0/12 Switch(config-if)#channel-group 1 mode on Each channel group has its own number. Use EtherChannel to increase the bandwidth between switches. there are no restrictions on the devices that can be attached to a switch port. All links in the channel group are used for communication between the switches. the switch learns the MAC address of the device(s) connected to each of its ports. Under normal operations. All ports assigned to the same channel group will be viewed as a single logical link. Note: If you do not use the channel-group command. When a device is connected to the switch port. Under normal circumstances. the spanning tree algorithm will identify each link as a redundant path to the other bridge and will put one of the ports in blocking state. With EtherChannel: y y y y y You can combine 2-8 ports into a single link. Use EtherChannel to reduce spanning tree convergence times. the MAC address of the frame from the connected device is place in a forwarding table.
To configure port security. security mac-address h.
The following commands list the switch port configuration commands: Command Function
switch(configif)#switchport mode access Identifies the port as an access port. Enable switch port security.02af to use Fast Ethernet port 0/12: switch(config)#interface fast 0/12 switch(config-if)#switchport mode access switch(config-if)#switchport port-security switch(config-if)#switchport port-security mac-address 5ab9. Configures the switch to dynamically identify the allowed MAC address.h. you configure the switch to allow only specific devices to use a given port.h is a hexadecimal if)#switchport portnumber). Identifies the action the switch will take when an unauthorized device attempts to use the port. Identify the MAC addresses that can use the switch.
switch(configIdentifies the allowed MAC address (h.02af
. not with an attached switch). Action keywords are: switch(configif)#switchport portsecurity violation action y y y switch#show port-security interface interfacetype and number protect drops the frames from the unauthorized device restrict does the same as protect and also generates an SNMP trap shutdown disables the port
Shows port security information for the specified port.0012. switch(configif)#switchport portsecurity Enables port security. The address in the first frame received by the switch port is the allowed MAC address for the port. You identify the MAC address of allowed devices.h.0012.h switch(configif)#switchport portsecurity maximum number switch(configif)#switchport portsecurity mac-address sticky Configures the maximum number of MAC addresses that can be allowed for a port.With switch port security. The default allows only a single MAC address per port. Use this command to increase the number allowed. take the following general actions on the port: y y y Explicitly configure the port as an access port (a port with attached hosts.
Examples The following commands configure switch port security to allow only host 5ab9. Any devices not explicitly identified will not be allowed to send frames through the switch. Note: The Catalyst switch can sticky learn a maximum of 132 MAC addresses.
VTP mode is set to transparent. workstations in one VLAN will not be able to communicate with workstations in other VLANs. Default VLANs of 1.
Classless Interdomain Routing (CIDR)
. Each interface or subinterface requires an IP address.1Q trunkingInter-VLAN Routing In a typical configuration with multiple VLANs and a single or multiple switches. All ports will automatically detect the port speed. you will need to use a router (or a Layer 3 switch) as shown in the following graphic. To enable inter-VLAN communication. All ports will automatically detect the duplex mode. In each case. the router interfaces are connected to switch trunk ports.The following commands configures Fast Ethernet port 0/15 to accept the first MAC address it receives as the allowed MAC address for the port: switch(config)#interface fast 0/15 switch(config-if)#switchport mode access switch(config-if)#switchport port-security switch(config-if)#switchport port-security mac-address sticky
Default Switch Configuration
802. The router interfaces or subinterfaces must be running a trunking protocol (either ISL or 802. the physical interface is divided into two logical interfaces called subinterfaces. The switch uses fragment-free switching.
Be aware of the following conditions with inter-VLAN routing: y y The top example uses two physical interfaces on the router. 1002. a Catalyst 2950 switch comes configured as follows: y y y y y y y y y All ports are enabled (no shutdown).1Q trunking is used (2950 switches only support 802. All ports are members of VLAN 1. 1003. Spanning tree is enabled. The bottom example uses a single physical interface on the router. All ports will perform automatic trunking negotiation. and 1005 exist. This configuration is also called a router on a stick. 1004. In this configuration.
The following table shows the decimal value for various binary values with a single 1 bit.
y y The beginning network address in the range The number of bits used in the subnet mask
For example. For example.70. where multiple routes are combined in a routing table as a single route. hosts are assigned an unregistered address in a predefined range. Route aggregation (also called route summarization).0/21. In the early days of the Internet. As such.
CIDR routers use the following information to identify networks. it became apparent that the number of hosts would quickly exceed the number of possible IP addresses. every device would receive a registered IP address. simply add the decimal value of the bits together. 10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001 128 64 32 16 8 4 2 1
Binary Value Decimal Value
To find the decimal value of a number with multiple 1 bits. where 21 is the number of bits in the custom subnet mask. combining multiple network addresses into a single larger subnet. this allows a single Class B or Class C addresses to be divided and used by multiple organizations. this allows multiple Class C addresses to be combined into a single network. When working with IP addresses. All hosts on the private network use a single registered IP address to connect to the Internet. you will need to be proficient at converting decimal and binary numbers. the following other solutions were put into place to make efficient use of available IP addresses:
y y IP version 6. Supernetting. A special router (called a network address translation or NAT router) translates the multiple private addresses into the single registered IP address. In addition to CIDR. the routing table represents the address as 199. They are classfull because the default subnet mask is used to identify the network and host portions of the address. however. For example.0. For example. As the Internet grew. One solution to the problem is Classless Interdomain Routing (CIDR). Classless addresses are those that use a custom mask value to separate network and host portions of the IP address. CIDR allows for variable length subnet masking (VLSM) and enables the following features:
y y y Subnetting. IPv6 is not yet used on the Internet.
To perform subnetting operations. the decimal value of the binary number 10010101 is:
. dividing a network address into multiple smaller subnets. Classfull addresses are IP addresses that use the default subnet mask. With private addressing. IPv6 uses 128-bit addresses instead of the 32-bit addresses used with IPv4. Private addressing with address translation. each device on the network needs its own unique IP address. work with each octet separately.You can think of the Internet as one big network.
divide or multiply the exponent value
Use the following chart to identify the solutions to common subnetting tasks. 1 2 2 4 2 3 8 6 4 5 6 7 8 9 10 11 12
# of bits Exponent Exponent value
2^1 2^2 2^3 2^4 2^5 2^6 2^7 2^8 2^9 2^10 2^11 2^12 16 32 64 128 256 512 1024 2048 4096 14 30 62 128 254 510 1022 2046 4094
Total number (-2) 0 y
Tip: Memorize the shaded values. draw a line y Subnet address 2. To find the broadcast address. how many subnets can you have and how To find the number of valid subnets. Then use the formula to find the number of subnets and Given a network address and subnet mask.
Trust the line Given an IP address and subnet mask. Use the following chart to identify the exponent values and the final possible number (after subtracting 2 from each exponent). To find the subnet address. hosts. The magic number identifies: y y The first valid subnet address The increment value to find additional subnet addresses
Given a network address and a subnet mask. Identify the subnet and host portions of the mask. you will need to know how to find the exponential values of 2. what subnet mask should you bits and use the formula to find the number that gives you use? enough subnets and hosts. n = the number of many hosts per subnet? additional bits borrowed from the default mask. set all host bits to 1
. Scenario Solution
2^n-2 Begin by converting the subnet mask to a binary number. Magic number The magic number is the decimal value of the last one bit in the subnet mask.y
10000000 = 128 00010000 = 16 00000100 = 4 00000001 = 1 Total = 128 + 8 + 4 + 2 = 149 To calculate the number of valid subnets or the number of hosts per subnet. 2^n-2 Given a network address and customer Write out the default subnet mask in binary. To find smaller or larger values. Then borrow requirements. set all host bits to 0 y Broadcast address 3. To find the number of valid hosts. identify the valid subnet addresses. n = the number of unmasked bits by the custom mask. find Use the following process to find the information you need: the: 1.
1. Be sure to include an IP address for each router interface. 5.
You can modify how the router displays the subnet mask. You will need one IP address for each device. the host address range). Example 255. Identify the valid subnet addresses. Method Dotted decimal Bit count Description Four octets with set incremental values between 0 and 255. use the secondary parameter with the ip address command as follows: ip address 10. use the following command: terminal ip netmask-format <format keyword> Format keywords are bit-count. Identify the number of network addresses.0
/24 (identifies 24 bits in the mask) 0xFFFFFF00 (the 0x indicates a hexadecimal number follows)
Hexadecimal Eight hexadecimal numbers (each number ranges from 0 to F). Identify valid IP addresses on each subnet (i.10. The valid host range is: o First address = Subnet address + 1 o Last address = Broadcast address . you have the following three choices for viewing the subnet mask. Assign IP addresses to hosts. You can also assign multiple IP addresses to a single interface.
. Identify the number of hosts for each subnet. In privileged EXEC mode.0. The bit count is a number that follows the IP address and indicates the total number of masked bits.255. Use the following process to identify and assign IP addresses throughout your network.255. Calculate the subnet mask that will subdivide your network. decimal. you will have to make various decisions about the addresses used on the network.0. This is the most common form used and recognized by network administrators. 3. The bit count is typically found in routing tables.e. 4. or hexadecimal. In addition.2 255. each WAN connection must have its own network address (typically assigned by the WAN service provider). 2.0 secondary
Managing Host Names
Host names allow you to identify network devices using logical names instead of IP addresses. To do this. or plan on using DHCP to dynamically assign IP addresses.y
Valid host address range
4. and assign them to network segments.1
Assigning IP Addresses
With Cisco routers.10. Use the following commands to configure static host names or enable DNS on a router. When setting up a network for IP. Each network segment will require its own network (subnet) address.
Private addresses are translated to the public address of the NAT router.
.Command ip host <name> <address> ip domain-name <name> ip name-server <address> ip domain-lookup
Function Identifies hostnames. DHCP is used to dynamically assign IP address and other TCP/IP configuration parameters.
As you work with NAT. Protocol (ARP) Reverse Address Resolution Protocol Used by a host to discover the IP address of a computer from its MAC address. A BootP server has a static list of MAC addresses and their corresponding IP addresses. creating static DNS entries Identifies the router default domain (for DNS) Sets the default DNS name server Enables the router to use DNS to identify IP addresses from host names
Use the show hosts command to display a list of known IP hosts. (RARP) Bootstrap Protocol (BootP) Dynamic Host Configuration Protocol (DHCP) Used by a host (such as a diskless workstation) to query a bootstrap computer and receive an IP address assignment. it's important to understand the following terminology.
Address Resolution Protocols
You should know the following protocols that perform address resolution. the DHCP server automatically assigns an IP address from a preset range of possible addresses. More commonly.
Network Address Translation (NAT) allows you to connect a private network to the Internet without obtaining registered addresses for every host. An improvement on BootP. A DHCP server can use a static list to assign a specific IP address to a specific host. NAT can be used to provide a measure of security for your private network. however. Protocol Description
Address Resolution Used by hosts to discover the MAC address of a computer from its IP address. or to provide Internet connectivity with a limited number of registered IP addresses.
The term global refers to the registered IP address that identifies the inside host on the Internet. you have the following options on a Cisco router. be sure to use an IP address in the private IP address ranges for the inside local IP addresses. Configuration Process Command Examples
Method Static NAT
Configure static mappings (mapping Router(config)#ip nat inside source
.255 172.255. except that the address mappings are done automatically.255. Port numbers are used to identify specific inside local hosts. In other words. For example.0 to 10. the internal computer will use the translated address instead. The following table lists the configuration steps and commands for each method.0. your computer will use the global outside address to contact the Web server. In other words.16. the NAT router translates an Internet host IP address into a private IP address.
When you configure NAT. A Cisco router can be configured to overcome this problem. hosts on your network might not be able to access outside hosts with the same IP address. when you visit a Web site.0.0.255 192. Implementation Static NAT Characteristics With static NAT.255
NAT Command List
The exact method and commands you use to configure NAT on a Cisco router depends on the NAT method you use. The outside global address is an IP address of an Internet host.0 to 172. A router interface that connects to the public network is also called the outside interface.
Dynamic NAT Overload with Port Address Translation (PAT)
Note: When you configure NAT.31.0 to 192. each inside host IP address is manually associated with a registered IP address.255.0.
Inside local The inside local address is the IP address of the host on the inside network.Term Inside Outside
Definition The inside network is the private network. Otherwise. The NAT router has a pool of inside global IP addresses that it uses to map to inside local addresses. An outside local address is an outside global address that has been translated for inside (or private) use. Dynamic NAT is just like static NAT. The outside network is the public network (the Internet).255. Overloading is the process of assigning multiple inside local addresses to a single inside global address. and fall within the following ranges: y y y y y 10. address Inside global address Outside global address Outside local address The inside global address is the IP address of the host after it has been translated for use on the Internet.168. but the configuration is difficult. you manually map an inside local address to an inside global address. Instead of using the Web server address. Private IP addresses do not need to be registered. A router interface that connects to the private network is also called the inside interface. The port number is appended to the inside global IP address.168.
1. the outside global address that is used is the IP address of the outside router interface.1 Router(config)#interface ethernet0 Router(config-if)#ip nat inside Router(config-if)#interface serial0 Router(config-if)#ip nat outside Router(config)#ip nat pool mary 203.168. intermediary.254 netmask 255.0. Tool Description Tests Reports Success (destination responded) or failure (no response) Round trip time to destination IP address of each hop to destination Host name of each hop (if configured)
Uses ICMP echo packets The physical path to the Operates at the Network destination layer Network layer configuration of source.0.55.255 Router(config)#ip nat inside source list 1 pool mary Router(config)#interface ethernet0 Router(config-if)#ip nat inside Router(config-if)#interface serial0 Router(config-if)#ip nat outside Router(config)#access-list 1 permit 192.inside local addresses to outside local addresses) Identify inside and outside interfaces Define an inside global address pool Identify allowed translated inside local addresses** Dynamic NAT Associate the allowed list with the pool Identify inside and outside interfaces Identify allowed translated inside local addresses** Overloaded with PAT Associate the allowed list with the inside interface and identify the translation type as overloaded Identify inside and outside interfaces
static 192.1 0.44.1 0. traceroute.44.
IP Troubleshooting Tools Three tools you can use to help troubleshoot are ping.44.250 Router(config)#access-list 1 permit 192.255.255 Router(config)#ip nat inside source list 1 interface ethernet0 overload Router(config)#interface ethernet0 Router(config-if)#ip nat inside Router(config-if)#interface serial0 Router(config-if)#ip nat outside
**These examples use access lists to identify a range of inside addresses that will be translated.55.55.1 203.168.
Uses ICMP echo packets and TTL traceroute Operates at the Network layer
. You will learn about access lists in Module 7.1 203. Note: When you use the overloaded method.1.168. and Telnet.0.255. and destination devices The physical path to the destination Network layer configuration of source.1.0.
intermediate, and destination devices
Round trip time to destination and each intermediary device Success (destination responded) or failure (no response) No report generated. An open connection indicates a valid connection.
Uses upper-layer protocols Operates above the Network layer (relies on lower-layer protocols)
The physical path to the destination Network layer configuration of source, intermediate, and destination devices Upper-layer configuration of source and destination devices
The following table describes special conventions that you should be aware of when working with these utilities. Utility Considerations
y y y y
By default, the ping command performs five tests to the destination. It waits 2 seconds for a response from the target router. An exclamation mark indicates a successful ping. A period indicates a failure. Ping includes an extended mode (available only in privileged EXEC mode). Extended ping lets you modify the number of tests, the timeout, and even the protocol tested. With extended ping, you can test non-IP protocols (such as AppleTalk or Novell IPX). Traceroute sends successive ICMP messages to a destination with increasing TTL values. For example, the first test pings the destination using a TTL of 1, the second pings with a TTL of 2, and so on. By default, traceroute sends three ping tests for each TTL value. It waits three seconds for a response. Responses to each test within the traceroute command are as follows: o A time exceeded message indicates that a router has received the packet but the TTL has expired. For example, if the TTL is set to 3, the third router in the path responds with the time exceeded message. o A destination unreachable message indicates that the router in the path does not have a route to the destination network or device. o An asterisk ( * ) indicates that the timer has expired without a response. Traceroute includes an extended version that lets you modify the number of packets sent, the timeout, and the protocol. With extended traceroute, you can
test non-IP protocols.
y y y
To suspend a Telnet session, press Ctrl + Shift + 6, then X. To resume a Telnet session, use the resume command. By default, debug information shows only on the console, not in the Telnet session window. Use the terminal monitor command to show debug information in a Telnet session.
IP Troubleshooting Tips One important step in troubleshooting network communications is to verify the IP address, subnet mask, and default gateway settings of each host. Keep in mind the following as you troubleshoot IP:
y y y y y y
All computers must be assigned a unique IP address. Hosts on the same physical network should have IP addresses in the same address range. The subnet mask value for all computers on the same physical network must be the same. Configure the default gateway value to enable internetwork communication. The default gateway address must be on the same subnet as the host's IP address. You do not need to configure an IP address on a switch for frames to be switched through the switch. To ping to and from a switch or to remotely manage the switch, configure an IP address on the switch.
Listed below are several common symptoms and things to try to correct communication problems. Problem A single host cannot communicate with any other host. Symptoms Ping to any other host fails. Solution Because the problem exists with only one host, troubleshoot the configuration of the host with the problem.
A single host can communicate with all hosts on the same network, but can't communicate with any host on any other network. All hosts can communicate within the same network, but cannot communicate with any host outside of the local network.
Ping to hosts on the same network succeed, ping to hosts on other networks Verify the default gateway setting fails. of the host with the problem. Traceroute on the host times out with only a single entry. Ping to hosts on the same network succeed, ping to hosts on other networks fails. If DHCP is used to assign IP information to hosts, verify the default gateway setting delivered by the DHCP server.
Traceroute on the host times out with only a single entry. The routing table on the router shows only directly-connected networks. Verify the routing configuration of the default gateway router.
All hosts cannot communicate with hosts on a specific outside network. Communication with other networks is fine.
Ping to the remote network fails, traceroute on the host times out with only a single entry. Add a route to the routing table, or The routing table on the configure the gateway of last resort router does not show the (default route) on the router. destination network, or the gateway of last resort is not set. The routing table has a route to the destination network. Traceroute on the router times out. Troubleshoot other routers in the path to the destination network. Use traceroute to identify the last responding router and begin troubleshooting there.
All hosts cannot communicate with a specific remote host. Communication with other remote hosts in the same remote network is fine.
Ping to the remote host fails. Traceroute to the remote host indicates no response from the host. Troubleshoot the configuration of The routing table shows a the remote host. route to the destination network (or the gateway of last resort is used).
Access List Facts Routers use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list.
y y y y y y y
Access lists describe the traffic type that will be controlled. Access list entries describe the traffic characteristics. Access list entries identify either permitted or denied traffic. Access list entries can describe a specific traffic type, or allow or restrict all traffic. When created, an access list contains an implicit "deny all" entry at the end of the access list. Each access list applies only to a specific protocol. Each router interface can have up to two access lists for each protocol, one for incoming traffic and one for outgoing traffic.
..0. each interface can only have one incoming and one outgoing list. . it identifies whether the list restricts incoming or outgoing traffic.0 0.e. Use a standard list to filter on. but filter traffic only for the interfaces to which they have been applied.0. etc. Create an access list entry.y y y y
When an access list is applied to an interface. it must have at least one permit statement. Source IP protocol (i.
Router(config)#access-list 1 deny 10.. IP.
When you create an access list. Router(config)#access-list <number> Router(config-if)#ip accessgroup <number> To . TCP. UDP. . Create the list and list entries with the access-list command 2. For a list to allow any traffic. Use the following number ranges to define the access list: 1-99 = Standard IP access lists 100-199 = Extended IP access lists Apply the standard or extended IP access list to a specific interface. Access lists exist globally on the router.. However.0.0. Access lists can be used to log traffic that matches the list statements.) Source hostname or host IP address Source hostname or host IP address Source or destination socket number Destination hostname or host IP address Precedence or TOS values IP Access List Command List Configuring access lists involves two general steps: 1. Use an extended list to filter on.255 Router(config)#access-list 1 permit any Router(config)#int e0 Router(config-if)#ip access-group 1 out
. although this statement does not appear in the list itself.255. it automatically contains a "deny any" statement. Each access list can be applied to more than one interface. either permitting a specific traffic type or permitting all traffic not specifically restricted. .255.. Apply the list to a specific interface with the ip access-group command Use .0.
Examples The following commands create a standard IP access list that permits all outgoing traffic except the traffic from network 10. There are two general types of access lists: basic and extended. and applies the list to the Ethernet0 interface.
0 0.1.0.0.16 Router(config)#int s0 Router(config-if)#ip access-group 2 in
Note: Remember that each access list contains an explicit deny any entry. When created.0.0 2. A mask that covers 21 bits converts to 255.0 15.12. and applies the list to the first serial interface.255 Router(config)#access-list 111 permit ip any any Router(config)#int s0 Router(config-if)#ip access-group 111 in
Calculating Wildcard Masks
The wildcard mask is used with access list statements to identify a range of IP addresses (such as all addresses on a specific network).12.
Router(config)#access-list 111 deny tcp 10.0.1 sent to host 15.0.255. wildcard masks operate at the bit level.12.0. Identify the decimal value of the subnet mask.0. Subtract each octet in the subnet mask from 255.12.248 = 7 o Fourth octet: 255 . A bit with a 1 value means that the bit
.0 = 255 This gives you the mask of: 0. suppose you wanted to allow all traffic on network 10.16. the access list denies all traffic except traffic explicitly permitted by permit statements in the list. When used to identify network addresses in access list statements.22.214.171.124 0.12.0/126.96.36.199.1.0.0. To calculate the wildcard mask: 188.8.131.52 Router(config)#access-list 101 permit ip any any Router(config)#int s1 Router(config-if)#ip access-group 101 in
The following commands create an extended IP access list that does not forward TCP packets from any host on network 10. wildcard masks are the exact opposite of a subnet mask.0.1. For example.
Router(config)#access-list 101 deny ip 10.255.255 Like subnet masks.
Router(config)#access-list 2 permit 10.0 to network 11.1.255 = 0 o Second octet: 255 . Any bit in the wildcard mask with a 0 value means that the bit must match to match the access list statement.1. and applies the list to the second serial interface. and applies the list to the Serial0 interface.0.255 = 0 o Third octet: 255 .184.108.40.206 0. The wildcard mask would be: o First octet: 255 .0.0.255 11. 2.1 0.The following commands create a standard IP access list that rejects all traffic except traffic from host 10. The following commands create an extended IP access list that rejects packets from host 10. To find the wildcard mask: 1.
How the router applies the mask to the address m=match mmmmmmmm.15 Binary Values 00001010. and wildcard mask in binary form for the preceding example. Address Type Subnet address Wildcard mask Target address #1 Decimal Values 10.11111111
Wildcard mask 0.16.17. For example.00010000.11111000.248.mmmmmiii.0 0.00001111
How the router applies the mask to the address y y y m=match i=ignored x=doesn't match mmmmmmmm.00000000 00000000.00000000 00000000.12.255 Suppose that a packet addressed to 10.iiiiiiii i=ignored x=doesn't match In this example. Address Type Decimal Values Binary Values Subnet address 10.0 Subnet mask 255.16.0.13.255
Notice how the bits in the wildcard mask are exactly opposite of the bits in the subnet mask.00000000.00000000.15 matches the access list statement and the traffic is denied.15 was received. The router uses the wildcard mask to compare the bits in the address to the bits in the subnet address.7.12. let's examine the subnet address.12.0 0.255 10.0 0.00001100. Any bit identified with a 1 is ignored.00001100.mmmmmmmx.11111111 00001010.12.255.0.12.00000000 11111111.00000111. 10.does not have to match.255 10.mmmmmmmm.00001101.00000000 00000000. subnet mask.00010000.16.16.15 was received. In this example.0 00001010.00000000.iiiiiiii
.12.12.16.mmmmmiii. Now suppose that a packet addressed to 10.0.7.00010001.17.7.15 Binary Values 00001010.11111111 00001010.00000111.00010000. The router uses the wildcard mask to compare the bits in the address to the bits in the subnet address.00000111.00001220.127.116.1111111. Address Type Subnet address Wildcard mask Target address #1 Decimal Values 10.16.00010000.0. all bits identified with a 0 in the wildcard mask must match between the address and the network address.16.00001100. Suppose an access list were created with a statement as follows: access-list 12 deny 10.
. subsequent statements will not be applied to the traffic. Keep in mind the following: y Each interface can only have one inbound and one outbound access list for each protocol. This means that an interface can have either a standard inbound or an extended inbound IP access list. As a general rule. If traffic matches a statement high in the list. as well as the direction that traffic will be traveling. Each access list has an implicit deny any statement at the end of the access list. This keeps the packets from being sent throughout the rest of the network.
y y y y
Monitoring Access Lists The following list summarizes the commands to use for viewing specific access list information on the router. All access lists that exist on the router Use.
If you want to view. Access lists applied to outbound traffic filter packets after the routing decision is made. or no traffic will be allowed. place the most restrictive statements at the top. this means you will need to decide which router. apply standard access lists as close to the destination router as possible.. As a general rule.
Designing Access Lists
After you have created an access list. You can have two access lists for the same direction applied to an interface if the lists restrict different networking protocols. carefully read all access lists statements and requirements. you can have one outbound IP access list and one outbound IPX access list. with port. traffic would be permitted. For example. apply extended access lists as close to the source router as possible. When making placement decisions. Traffic is matched to access list statements in the order they appear in the list. and which direction to apply the access list to. In this case. Place the access list on the interface where a single list will block (or allow) all necessary traffic.Notice that this address does not match the access list statement as identified with the wildcard mask. Your access list must contain at least one allow statement.. Access lists applied to inbound traffic filter packets before the routing decision is made.. Identify blocked and allowed traffic. Placing the list too close to the source will prevent any traffic from the source from getting to any other parts of the network. In many cases. When constructing access lists. but not both. you must apply it to an interface. show run show access-lists show ip int show run show log show run show ip access-lists
All access lists applied to an interface Rejected traffic information IP access lists configured on the router
. This is because standard access lists can only filter on source address.
a routing loop occurs when two routers share different information. Routing protocols can be classified based on whether they are routing traffic within or between autonomous systems.A specific access list
show access-lists <number>
Routing Protocol Facts
Each organization that has been assigned a network address from an ISP is considered an autonomous system (AS). Routers are used within an AS to segment (subnet) the network. y y y y Routers send updates only to their neighbor routers Routers send their entire routing table Tables are sent at regular intervals (each router is configured to specify its own update interval) Routers modify their tables based on information received from their neighbors
Because routers using the distance vector method send their entire routing table at specified intervals. This number can be locally administered. they are used to connect multiple ASs together. you will learn about the following Interior Gateway Protocols: y y y y Routing Information Protocol (RIP) Interior Gateway Routing Protocol (IGRP) Open Shortest Path First (OSPF) Enhanced Interior Gateway Routing Protocol (EIGRP)
Distance Vector Routing Facts
Keep in mind the following principles about the distance vector method. Routers use a routing protocol to dynamically discover routes. routers continue to send information about routes back to the next hop router. routers keep track of where the information about a route came from. and make decisions about how to send packets through the internetwork. In other words. The following methods can be used to minimize the effects of a routing loop. routers do not report information back to the router from which their information originated. or registered if the AS is connected to the Internet. In addition. Like a bridging loop. Each autonomous system is identified by an AS number.
. or divide the network into subnets. build routing tables. they are susceptible to a condition known as a routing loop (also called a count-to-infinity condition). That organization is free to create one large network. Routers do not report route information to the routers on that path. y y y Interior Gateway Protocol (IGP)--protocol that routes traffic within the AS Exterior Gateway Protocol (EGP)--protocol that routes traffic outside of or between ASs Border Gateway Protocol (BGP)--enhancement of EGP that routes traffic between ASs
In this course. Method Split horizon Split horizon with poison Characteristics Using the split horizon method (also called best information). Using the split horizon with poison reverse method (also called poison reverse or route poisoning).
the route is immediately set to unreachable (16 hops for RIP). y y y y Routers broadcast LSPs to all routers (this process is known as flooding). The hold down timer is reset when the timer runs out or when a network change occurs. If. for a period of time. With this method. With the triggered update method (also known as a flash updates). "hold" an update that reinstates an expired link. Network administrators have greater flexibility in setting the metrics used to calculate routes. o The cost to a neighbor has changed. LSPs are sent at regular intervals and when any of the following conditions occur. Neighboring routers exchange LSAs (link-state advertisements) to construct a topological database. However. it ignores the information. Routers send information about only their own links. routers will. Convergence happens faster with poison reverse than with simple split horizon. however. If the next hop router notices that the route is still reachable. Link-state protocols send hello packets to discover new neighbors. it results in greater network traffic because the entire table is broadcast each time an update is sent. the path timeout has been reached. The time period typically reflects the time required to attain convergence on the network.
. routers broadcast their routing tables periodically. This method reduces the convergence time. o A neighbor has gone down. o There is a new neighbor. The SPF algorithm is applied to the topological database to create an SPF tree from which a table of routing paths and associated ports is built.
y y y y y
The link state method has the following advantages over the distance vector method. Routers select routes based on the shortest route using an algorithm known as Shortest Path First (SPF). With the hold down method. Routers use LSPs to build their tables and calculate the best route. routers that receive updated (changed) information broadcast those changes immediately rather than waiting for the next reporting interval.reverse
but advertise the path as unreachable.
The distance vector method has the following advantages: y y y y Stable and proven method (distance vector was the original routing algorithm) Easy to implement and administer Bandwidth requirements negligible for a typical LAN environment Requires less hardware and processing power than other routing methods
Distance vector has the following disadvantages: y y y y Relatively long time to reach convergence (updates sent at specified intervals) Routers must recalculate their routing tables before forwarding changes Susceptible to routing loops (count-to-infinity) Bandwidth requirements can be too great for WAN or complex
Link State Routing Facts
Keep in mind the following information about the link state method. punctuated by special broadcasts if conditions have changed.
e. sequence or ID number. the traffic from the link state method is smaller than that from the distance vector method. When your router cannot find a packet's address in its routing table. . Routers can be grouped into areas. y y Slowing the LSP update rate keeps information more consistent. LSPs travel faster through parts of the network than through others). To turn off all routing protocols and reduce traffic or improve security. resulting in an inconsistent view of the network.
y y y y To configure a default route or a route out of a stub network (a stub network is one that has a single route into and out of the network). (Areas logically subdivide an Autonomous System (AS).
. Listed below are several situations when you might want to configure static routes. It is possible for LSPs to get delayed or lost. Each area router receives updates from the designated router.
In particular. For small networks that do not change very often and that have only a few networks.) One router in each area is designated as the authoritative source of routing information (called a designated router). after the initial configuration occurs. and for small networks or networks that have only one possible path. . the link state method has the following problems: y The link state algorithm requires greater CPU and memory capability to calculate the network topology and select the route because the algorithm re-creates the exact topology of the network for route computation. Configuring static routes is useful for increasing security.
Static Route Facts Most networks will use one (or more) routing protocols to automatically share and learn routes. Use . To configure routes that are lost due to route summarization. . or aging timer to ensure proper synchronization. the last problem is of greatest concern.
Static Route Command List
Static routes lock a router into using the route you specify for all packets. Router(config)#ip route <destination> <next_hop> To . Routers share information within the area.y y y y
Less convergence time (because updates are forwarded immediately) Not susceptible to routing loops Less susceptible to erroneous information (because only firsthand information is broadcast) Bandwidth requirements negligible for a typical LAN environment
Although more stable than the distance vector method. and routers on area borders share information between areas. The following solutions are often implemented to overcome some of the effects of inconsistent LSP information. This is particularly a problem for larger networks. It generates a high amount of traffic when LSPs are initially flooded through the network or when the topology changes. Identify a next hop router to receive packets sent to the specified destination network. or if the bandwidth between links vary (i. You can also configure a default router. . if parts of the network come on line at different times. a collection of areas under common administration. LSPs can be identified with a time stamp. it sends the packet to the default router. However.
0 through the router's second serial interface.0 through the router with the IP address 192.0 255.0 0. Router(config)#ip classless Enables the router to match routes based on the number of bits in the mask and not the default subnet mask. For example.0.0.1. y y y y y y y y RIP uses hop and tick counts to calculate optimal routes.0 255. RIP uses only classful routing. One route uses a 56 Kbps link with a single hop. It has the following characteristics when running on a Cisco router. RIP routing is limited to 15 hops to any location (16 hops indicates the network is unreachable).168. Router(config)#ip default-network 10.0.0. and the flush timer default is 240. effective routing protocol for small. LAX(config)#ip route 13.0. RIP uses the split horizon with poison reverse method to prevent the count-to-infinity problem.0.
Router(config)#ip default-network Identify a default network on which all packets sent to <network> unknown networks are forwarded.1.255.Router(config)#ip route <destination> <interface>
Identify the interface used to forward packets to the specified destination network. Router(config)#ip route 0.
RIP Command List
To configure any routing protocol.
Note: Because RIP uses the hop count in determining the best route to a remote network.168. it might end up selecting a less than optimal route. so it uses full address classes. while the other route uses a Gigabit link that has two hops.0.255.1.0. but only if the cost is the same.1.1.168. use the following three steps: 1.1. Enable IP routing if it is not already enabled (use the ip routing command).1.168. the following command configures a static route on router LAX to the 13.35 and gives it a value of 25. The update interval default is 30.255. For example. Router(config)#ip route 192.35 25 The following command creates a permanent static route to network 192.168.168.to medium-sized networks.2.2
Use the ip route command to configure static routes on each router. Router(config)#ip route 192. RIP broadcasts updates to the entire network.
. RIP supports load balancing over same-cost paths.0.0 as the default network for the local router.0.1.1.255.1.0 10. not subnets. the invalid timer default is 180. suppose that two routes exist between two networks.1
The Routing Information Protocol (RIP) is a simple.0 255.0 serial 1 30 permanent The following command designates network 10. RIP can maintain up to six multiple paths to each network.0 network.18.104.22.168 The following command identifies a default route through an interface with address 10.1. Because the first route has fewer hops.1. the holddown timer default is 180.0 192.0 s1 11. RIP will select this route as the optimal route.
y y y y y y y
Examples The following command creates a static route to network 192.1.
Router(config)#no ip routing Disable IP routing on the router. followed by the address of a network to which the router is directly connected).0. Switch to router configuration mode (use the router command. This identifies the interfaces that will share and process received routing updates. When you use the network command to identify the networks that will participate in RIP routing. . Router(config-router)#no network Remove a specific RIP network. Router(config)#ip routing Router(config)#router rip Router(config-router)#network <address> To . one or more routers have been misconfigured.10.
. Identify the networks that will participate in dynamic routing (use the network command.
Example The following commands enable IP routing and identify two networks that will participate in the RIP routing protocol. .0
RIP Troubleshooting Introduction The next set of simulations gives you a chance to troubleshoot RIP routing. Use the classful network address.
For each scenario. followed by the routing protocol you want to configure). Your job is to diagnose and fix the problem. Enable IP routing for the entire router. Notice that you identify networks. . Use .2. IP routing is enabled by default. and not interfaces. All simulations use the same network layout as shown.0. Identify networks that will participate in the router protocol. . y y Identify only networks to which the router is directly connected.168. Router(config)#ip routing Router(config)#router rip Router(config-router)#network 10. <network> Router(config)#passive-interface Prevent routing update messages from behind sent through <interface> a router interface. follow these rules. not a subnetted network address.0 Router(config-router)#network 192. 3. Router(config)#no router rip Disable RIP and remove all RIP networks. Enter router RIP configuration mode (also referred to as "enabling RIP"). Use this command only if it has been disabled.
metric 1 network 192.168.201) network 10.1 on Ethernet0 10.168.255. metric 1 network 22.214.171.124. Listed below is sample output from the debug ip rip command.168.255.168. metric 2 network 126.96.36.199.0.0.0 in 1 hops 192.2.
y y y y ping or traceroute show ip route sh int/sh ip int sh run
For example.0.255 via Serial0 (192.1. ping the SFO Ethernet0 interface. one way to use the sh ip route command in troubleshooting is to view the routing table for each router. you can then examine the configuration of specific routers RIP Debugging If you are having problems with routers not sharing or learning routes.1. 8 Meaning
This line identifies the router and the interface where RIP updates are received. Based on the missing networks.2.202 on Serial0 192.1.168. begin by verifying the problem. From the LAX router. metric 3
The following table interprets each line in the sample output.255 via Ethernet0 (192. The following commands may be useful in identifying the problem.0 in 16 hops (inaccessible) RIP: received v1 update from 192.168.0.4. metric 2 network 192.0. you can use the following commands to help identify the problem:
y y y show ip route show ip protocols debug ip rip
You should be familiar with the RIP routing update sequences and messages. identifying which networks are missing from the routing table.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 RIP: received v1 update from 188.8.131.52) network 192.0.0 in 15 hops RIP: sending v1 update to 255.
Line Number(s) 1.In each case.5.168. From the output of a debug ip rip command. you should be able to identify the consequences of the various messages.2.0 in 1 hops 192.168.4.168. In this
.0 in 2 hops RIP: sending v1 update to 255.0.5.255.
4.168.201 Ethernet0 with an IP address of 192.5.168. 16 hops is the maximum hop count for RIP.0 from router 192.168.1. Serial0 192.168. Serial0 with an IP address of 192. Ethernet0 184.108.40.206 from router 192.0/24 [120/15] via 192.202 on Serial0
The hop count shown in the received route will be the metric used when the route is placed in the routing table of the local router.168.3.168. 00:00:04.168.0.2.0 Indented below the RIP line are the entries that are shared with other routers. the following interfaces have been enabled to share RIP information: y y 4. 00:00:05.0 and 192.1
.0/24 [120/2] via 192. To identify the hop count in the local routing table. This example shows the following routes received: 2-3.example.202.1 on Etherent0 192.5. In this example.0.168. Serial0 192. Serial0 192.5. 11 This means that the following commands have been entered on the router: router rip network 220.127.116.11.2. here's how the routing table of the local router would appear:
R C C R R R 10. the router is connected to two other routers: y y Router 18.104.22.168.201
For comparison.168. 00:00:04.0) is advertised as inaccessible (16 hops).2.1.1. Line 7 (network 192.168.0/24 [120/1] via 192. Ethernet0 192. 12-14 y y Before sending the information.3.0/8 [120/1] via 192.168.2.0 and 192.0/24 is directly connected.1.0. 9-10 y y 10.202. Be aware of the following items: 5-7.168.0/24 is directly connected. subtract 1 from the sent hop count.0 network 192.2.1 on Ethernet0 Router 192.168. the router increments the hop count.4.1.168. This is because the local router has a hop count of 15 for that network.168.202 on Serial0
Indented below each RIP line are the specific routing entries that are received. This line identifies the interface on which RIP updates are sent.22.214.171.124.
It will keep track of same-cost and different-cost routes. It can keep track of up to six different paths. Router(config)#router igrp 25 Router(config-router)#network 10. IGRP supports multiple-path connections. and not interfaces. IGRP uses flash updates (sending changed information immediately) for faster convergence. . loading. which Cisco recommends that you use instead of RIP.168. use the classful network address (the network specified with the default subnet mask). You should remember the following characteristics of link state protocols that apply to OSPF: y Is a public (non-proprietary) routing protocol. reliability.
Use . When identifying networks.0 Router(config-router)#network 192.0. however.
Example The following commands identify two networks that will participate in the IGRP routing protocol for AS number 25 (assuming IP routing is already enabled). with a hop count limit of 255 (rather than 16). To . You can also configure the hop count limit. . . Router(configrouter)#network <address> Identify networks that will participate in the router protocol. IGRP uses an autonomous system (AS) number as part of the configuration. IGRP has the following characteristics: y y y y y y y y IGRP can handle much larger networks. Notice that you identify networks.
. Defaults are: o Update interval = 90 seconds o Invalid route = 270 seconds (3 times the update) o Holddown = 280 seconds (3 times the update + 10) o Flush = 630 seconds (7 times the update)
IGRP Command List
Configuring IGRP is very similar to configuring RIP. Enable IP routing for the entire router. the AS number must match on all routers.0.0. . IGRP uses a composite metric (a 24-bit number assigned to each path that can include such factors as bandwidth. When using the router command. Router(config)#ip routing
Enter router IGRP configuration mode for the specified Autonomous Router(config)#router igrp System. This AS number must be the same on each router that will share information. It is Cisco's proprietary routing protocol. IGRP uses split horizon with poison reverse. and MTU). The default update interval is higher for IGRP than RIP because it uses flash updates.Interior Gateway Routing Protocol (IGRP) is a dynamic routing protocol that sends neighboring routers updates of its routing table. you must include the AS number. Note: When configuring multiple routers to share <ASnumber> information with IGRP. IP routing is enabled by default.0
The Open Shortest Path First (OSPF) routing protocol is a robust link state routing protocol well-suited for large networks. delay. Use this command only if it has been disabled.
Router(config)#r The process ID identifies a separate routing process on the router. process-id Process IDs do not need to match between routers (in other words. or poison reverse are not needed.y
y y y y
y y y y y
Is considered a classless routing protocol because it does not assume the default subnet masks are used. You can think of the backbone as the "master" or "root" area. Good design can minimize this impact.0.
As part of the OSPF process. Its address is always 0. the process ID number is not the same thing as outer ospf the AS number used in IGRP/EIGRP routing. Can require additional processing power (and therefore increased system requirements). Shares routing information through Link State Advertisements (LSAs). The following table lists the commands and details for configuring OSPF. Command Purpose
Use to enter configuration mode for OSPF. Routers on the edge of areas (called Area Border Routers (ABR)) share summarized information between areas. Mechanisms such as holddown timers. o A stub area is an area with a single path in to and out of the area. Is not susceptible to routing loops. Uses hello packets to discover neighbor routers.) Under normal conditions.
Because the loopback interface takes precedence over the physical interfaces in determining the router ID. and then identifying the networks that will participate in OSPF routing. the highest IP address of the router's physical interfaces. All OSPF networks must have a backbone area.0. Note: Although similar. Uses areas to subdivide large networks.0. The router ID is: y y The highest IP address assigned to a loopback (logical) interface. Routers within an area share information about the area. Uses link costs as a metric for determining best routes. (Unadvertised links save on IP space. LSAs contain small bits of information about routes. It sends the subnet mask in the routing update and supports route summarization and VLSM. Instead. and distributes routing information between areas. Is scalable and does not have the 16 hop limitation of RIP. but they cannot be pinged because they won't appear in an OSPF routing table. Maintains a logical topographical map of the network in addition to maintaining routes to various networks. The Shortest Path First (SPF) algorithm (also called the Dijkstra SPF algorithm) is used to identify and select the optimal route. Converges faster than a distance vector protocol. o The backbone is a specialized area connected to all other areas. Configuration is as simple as defining the OSPF process using the router ospf command. each router is assigned a router ID (RID). with only a few variations from the RIP and IGRP configuration steps you have previously use. It contains networks not held within another area. two routers configured with different process IDs might still share OSPF
. If a loopback interface is not defined. OSPF uses built-in loop avoidance techniques. you can force a specific router ID by defining a loopback interface and assigning it an IP address
OSPF Command List OSPF is fairly simple. OSPF only sends out updated information rather than exchanging the entire routing table. split horizon.
.0.0.n.1. Identifies networks that participate in OSPF routing. A subnet can only be in one area.32. not the process ID.n m.0 0.255 area 1 network 10.0 area 1 network 10. The network command identifies the subnet. or you can use the IP address of the router interface with a mask of 0.16.255).m wildcard mask identifies the subnet address.0 area 1 router ospf 1 network 10.0.n.n. You can use the subnet address with the appropriate wildcard mask (as in 10. Shows the neighbor router ID numbers. router)#network m.0. Command show ip route show ip ospf neighbor Function View the routing table and OSPF entries.16.255 area 0 network 10.0.255 area 1
Notice the following in the configuration: The process ID on each router does not match.0 0.0 0.0.1. OSPF uses areas to identify sharing of routes. classless Router(confignetwork. Use the following commands to configure OSPF on each router: Router Configuration router ospf 1 network 10.0.m.16.3. Example The following graphic shows a sample network with two OSPF areas.0 0.n is the network address.0. n.15.0. area number number is the area number in the OSPF topology.0 0.0.m. The n.0. The area number must match between routers.2.m.0 0. and the OSPF area of the subnet.255. wildcard mask.126.96.36.199.n.1 0.15.0.15.255 area 1 network 10.1. This can be a subnetted.1.255 area 1 router ospf 2 network 10.32.0. View neighbor OSPF routers.information).m is a wildcard mask (not the normal subnet mask).1 0.m.0.
The following table lists some commands that are useful in monitoring and troubleshooting OSPF.1.0.
Unlike IGRP and RIP. Requires less processing and memory than link state protocols. Keeps multiple paths to a single network.
Command Router(config)#router eigrp number Router(config-router)#network n. In this manner. Uses hello packets to discover neighbor routers. Is scalable and does not have the 16 hop limitation of RIP. If no appropriate route or backup exists in the routing table. EIGRP can quickly adapt to alternate routes when changes occur. Exchanges the full routing table at startup.View interfaces that are running OSPF.n
. The following table lists the applicable commands. EIGRP: y y Sends the subnet mask in the routing update. EIGRP can exchange routes for IP.n. Uses the DUAL link-state algorithm for calculating routes. AppleTalk and IPX/SPX networks. Instead. Includes information such as: y y y y y Area number Process ID Router ID Timer settings Adjacent routers
show ip ospf interface
Enhanced IGRP is a Cisco-proprietary balanced hybrid routing protocol that combines the best features of distance vector and link state routing. split horizon. manual route summarization can also be configured on arbitrary network boundaries to reduce the routing table size. Supports automatic classful route summarization at major network boundaries (this is the default in EIGRP). Function Defines an EIGRP process. and then partial routing updates thereafter. only routing table changes are propagated in EIGRP not the entire table.n. Supports multiple protocols. EIGRP does not send periodic routing updates like RIP and IGRP. Minimizes network bandwidth usage for routing updates. During normal operation EIGRP transmits only hello packets across the network. The number must match between routers for information to be shared. Maintains partial network topology information in addition to routes. Mechanisms such as holddown timers. EIGRP will query neighbor routers to discover an alternate route. It supports route summarization and VLSM.
y y y y y y y y
y y y y
EIGRP Command List
You configure EIGRP just the same as you would configure IGRP. In some cases. Identifies a network that participates in the routing process. When change occurs. Uses bandwidth and delay for the route metric (similar to IGRP). Is not susceptible to routing loops. Converges more quickly than distance vector protocols. convergence can be almost instantaneous because an EIGRP router stores backup routes for destinations. or poison reverse are not needed. EIGRP uses built-in loop avoidance techniques.
0 Router(config-network)#network 192. View neighboring routers from which EIGRP routes can be learned.1.168.168.
Command show ip route show eigrp neighbors show eigrp interfaces
Routing Protocol Comparison
The following table compares various features of the routing protocols you will need to know for this course. View the interfaces that are running EIGRP and the number of connected routers. also sends triggered updates of changed routes
Yes Fast Yes No
Discovers neighbors before No sending routing information Sends full routing table at each update Loop avoidance Memory and CPU requirements Uses areas in network design Uses wildcards to define participating networks Yes Hold down timers. poison reverse topology topology Low No No Can be high Yes Yes Lower than OSPF No No
. Router(config)#router eigrp 2 Router(config-network)#network 192.168. Lists the IP address of the connected router. poison reverse Low No No
Hold down timers. split horizon. Characteristic Routing method Public standard Metric VLSM support Classless routing Route summarization Sends mask in updates Convergence time RIP Distance vector Yes Hop count IGRP Distance vector No Bandwidth and delay OSPF Link state Yes Link cost EIGRP Balanced hybrid No Bandwidth and delay Yes Fast Yes No
Version 2 only Slow
No Slow (faster than RIP) No Yes. split Full network Partial network horizon.2.0 Router(config-network)#network 192.3.y
Example The following commands enable EIGRP on a router and defines three networks that participate in the routing process.0 Use the following commands to manage and monitor EIGRP. Features View EIGRP-learned routes.
The wiring typically includes UTP cable
3. A smaller number indicates a more trusted route. 2. it will choose the route with the lowest administrative distance (OSPF in this example). If a router has learned of two routes through the same protocol (for example two routes through EIGRP). WAN Structure
4. In addition. The router uses these values to select the source of information to use when multiple routes to a destination exist. modem.
5. Component Consumer premises equipment (CPE) Description Devices physically located on the subscriber's premises. Route Source Connected interface Static route EIGRP summary route EIGRP internal route IGRP OSPF RIP EIGRP external route Administrative Distance 0 1 5 90 100 110 120 170
Note: You can modify how routes are selected by modifying the administrative distance associated with a source. the router uses the following criteria for choosing between multiple routes: 1. both the devices the subscriber owns and the ones leased from the WAN provider. there might be multiple paths between any two points. and other equipment. A typical WAN structure includes the following components. the router will choose the route that has the best cost as defined by the routing metric (for EIGRP the link with the highest bandwidth and least delay will be used).Routing Administrative Distances
The administrative distance is a number assigned to a source of routing information (such as a static route or a specific routing protocol). Routers can learn about routes to other networks using multiple routing protocols. The following table shows the default administrative values for a Cisco router. If a router has learned of two routes to a single network through different routing protocols (such as RIP and OSPF). When making routing decisions. CPE includes the telephone wire. telephone.
and different networks with common connection points may overlap. but computers and multiplexers can also act as DTEs. Line Type Characteristics POTS service has the following characteristics: Plain Old Telephone Service (POTS) y y y y Existing wires use only one twisted pair Analog signals are used through the local loop A modem is required to convert digital signals to analog The line has an effective limit of 56 Kbps
. DTEs are any equipment at the customer's site. The phone company is responsible for all equipment on the other side of the demarc. and the nearest point of presence for the WAN provider. DCEs may be devices similar to DTEs (such as routers). In a strict sense. A CO provides services such as switching incoming telephone signals to outgoing trunk lines. Thus. or toll. (demarc) Typically. and marks the point of entry between the LAN and the WAN. Few people thoroughly understand where data goes as it is switched through the "cloud. The DTE resides on the subscriber's premises. The demarc media is owned and maintained by the telephone company. and acts as a switching point to forward data to other central offices. fiber optic. It provides WAN-cloud entry and exit points for incoming and outgoing calls. DCEs are typically routers at the service provider that relay messages between the customer and the WAN cloud. except that each device plays a different role. the DTE is the device that communicates with the DCE at the other end. it is UTP. DTEs are usually routers. switches.
Data terminal equipment (DTE)
The point where the telephone company's telephone wiring connects to the subscriber's wiring. In a narrow sense. A switch on a carrier's packet-switched network." What is important is that data goes in. The switching facility closest to the subscriber. and central offices that make up the network of telephone lines.
Central office (CO)
Data circuitterminating equipment (DCE)
Packet-switching exchange (PSE)
WAN Services Facts
Listed below are the most common WAN transmission media.with RJ-11 or RJ-45 connectors. or other media. a DCE is any device that supplies clocking signals to DTEs. Broadly. and arrives at its destination. CPE is sometimes used synonymously with DTE. but it can also be one or a combination of UTP. It is represented as a cloud because the physical structure varies. A device on the network side of a WAN link that sends and receives data. It also provides reliable DC power to the local loop to establish an electric circuit. a modem or CSU/DSU at the customer site is often classified as a DCE. A device that communicates with both DTEs and the WAN cloud. The demarc can also be called the network interface or point of Demarcation point presence. Cable that extends from the demarc to the central telephone office. carriers to provide connections to almost anywhere in the world. and can include all computers. Long-distance carriers are usually owned and operated by companies such as AT&T or MCI. the customer is responsible for all equipment on one side of the demarc. Typically. The hierarchy of trunks. PSEs are the intermediary points in the WAN cloud. COs use long-distance. Fiber optic cable to the demarc is rare. travels through the line.
Once a device connects to the WAN cloud. internal protocols can convert data traffic into the necessary formats.) 672 64-Kbps channels 31 64-Kbps channels (used in Europe)
Note: WAN services also use fiber optic.54 Mbps
1. Data Link layer protocols control some or all of the following functions:
. then convert the data again at the other end. and other transmission media.1 Mbps (1. DS-1) T-3 (a. you can choose from the following service options: Service Public Switched Telephone Network (PSTN) Leased lines X.S.a.k. fiber-optic POTS T-1 Signaling Method Analog Analog Analog Characteristics Dialup over regular telephone lines Dedicated line with consistent line quality Dedicated line Variable packet sizes (frames) Ideal for low-quality lines Variable packet sizes (frames) Fixed-size cells (53-byte) High-quality.a. satellite.) 56 Kbps 56 Kbps 64 Kbps Line Type POTS POTS POTS POTS T-1 T-3 Coaxial. For example. If your organization needs WAN connectivity.544 or lower is POTS more common)
There is no clear distinction between WAN services such as Frame Relay and ISDN. T-1 (a.25 Bandwidth (Max.k.2 Gbps
Integrated Services 144 Kbps (BRI) Digital Network (ISDN) 4 Mbps (PRI)
6. Multiple digital channels are sent over the same physical wires.You can also use the same physical wires for digital signaling. However. the use of these media to the local loop is not common at this time. twisted pair.
WAN Encapsulation Facts
WAN Physical layer protocols specify the hardware and bit signaling methods. high-speed lines Basic rate operates over regular telephone lines and is a dialup service Primary rate operates over Tcarriers Operates using digital signals over regular telephone lines DSL comes in many different flavors (such as ADSL and HDSL)
Frame Relay Asynchronous Transfer Mode (ATM)
1. wireless. DS-3) E-1 24 64-Kbps channels (used in the U. you can use Frame Relay protocol over ISDN lines.
PPP uses two main protocols to establish and maintain the link. If a router receives a packet with its own magic number. synchronous serial (dial up). LCPs are exchanged to detect and correct errors or to control the use of multiple links (multilink). you will select one of the following encapsulation methods. and ISDN. LAPD in combination with another protocol for the B channels in ISDN networks. LCPs also indicate whether authentication should be used. Optional authentication is provided through PAP (2-way authentication) or CHAP (3-way authentication).y y y y
Error checking and correction Link establishment Frame-field composition Point-to-point flow control
Data Link layer protocols also describe the encapsulation method or the frame format. and numerous others. It includes looped link detection that can identify when messages sent from a router are looped back to that router.
. load-balancing traffic over multiple physical links. LAPB for X. This is done through routers sending magic numbers in communications. PPP is nonproprietary. This is the default encapsulation method for synchronous serial links on Cisco routers. packet size. and tearing down the PPP link. IPX. Depending on the WAN service and connection method. PPP for dial-up LAN access. so it works in implementations that use products from multiple vendors. It supports multilink connections.
The following list represents some of the key features of the Point-to-Point Protocol (PPP): y y y y y y It can be used on a wide variety of physical interfaces including asynchronous serial. It includes Link Quality Monitoring (LQM) which can detect link errors and automatically terminate links with excessive errors. and compression settings. circuit-switched WAN networks. Cisco/IETF for Frame Relay networks. and ISDN networks. AppleTalk. It supports multiple Network layer protocols. Protocol Description The Link Control Protocol (LCP) is responsible for establishing. the link is looped. point-to-point connections with other Cisco routers (Cisco HDLC does not communicate with other vendors' implementations of HDLC).
y y y y
Note: Routers on each side of a WAN link must use the same encapsulation method to be able to communicate. WAN encapsulation methods are typically called HDLC (high-level data link control). LCP packets are exchanged periodically to do the following: Link Control Protocol (LCP) y During link establishment. including IP. This term is both a generic name for Data Link protocols and the name of a specific protocol within a WAN protocol suite or service.25 networks. LCPs are used to agree upon encapsulation. Throughout the session. LAPD is a Layer 2 ISDN protocol that manages flow and signaling. maintaining. y Cisco HDLC for synchronous.
Each Network layer protocol has a corresponding control protocol packet. To configure PPP on the router. Examples of control protocols include: Network Control Protocol (NCP) y y y y IP Control Protocol (IPCP) CDP Control Protocol (CDPCP) IPX Control Protocol (IPXCP) AppleTalk Control Protocol (ATCP)
A single PPP link can run multiple control protocols. LCPs might also be exchanged during this phase to maintain the link. The Network Control Protocol (NCP) is used to agree upon and configure Network layer protocols to use (such as IP. packet size. 3. the first method will be tried first Set compression options Set the password used with CHAP or PAP for
PPP options are configured in interface mode for a specific interface. . one for each Network-layer protocol supported on the link. you complete the following tasks:
1. 1. authentication-specific packets are exchanged to configure authentication parameters and authenticate the devices. Set the encapsulation type to PPP Set the authentication method(s) When multiple methods are specified. Router(config-if)#encapsulation ppp Router(config-if)#ppp authentication <chap|pap> Router(config-if)#ppp authentication chap pap Router(config-if)#ppp compression Router(config-if)#ppp chap|pap password To . configure username/password combinations. PPP establishes communication in three phases. LCPs are responsible for tearing down the link. NCP phase. Authenticate phase (optional). During this phase.
A single Link Control Protocol runs for each physical connection. and whether authentication will be used. . routers might exchange IPCP and CDPCP packets to agree upon using IP and CDP for Network-layer communications.y
When the session is terminated. 3. During this phase. For example. NCPs are exchanged to agree on upper-layer protocols to use. 2. Set PPP encapsulation on the interface. You must set the encapsulation method to PPP before you can configure authentication or compression. 2. If authentication is used. IPX. LCPs might continue to
PPP Command List PPP configuration is often done in connection with configuring other services. Select CHAP and/or PAP as the authentication method (optional). .
Use . or AppleTalk). LCPs are exchanged to open the link and agree upon link settings such as encapsulation. LCP phase. .
Frame Relay Facts
Frame relay is a standard for packet switching WAN communications over high-quality.
SFO(config)#hostname LAX password cisco5 SFO(config)#int s0 SFO(config-if)#encap ppp SFO(config-if)#ppp auth pap 1. and LAX and PDX can now share routing information." PDX and SFO cannot communicate (ping fails).
. The interface status changes to up. the interface status on PDX Serial1 changes to "up. while PDX and SFO are using HDLC. 3. LAX can still communicate with SFO even though LAX and SFO are not using the same encapsulation types. The status of the interface is up. When you change PDX Serial0 to PPP. Frame-relay networks: y y y y Provide error detection but not error recovery." Ping does not work because the Serial1 interface is not up. LAX and PDX are using PPP to communicate. line protocol down. Can provide data transfer up to 1. Ping succeeds. Setting the encapsulation on SFO restores communication between PDX and SFO. Have a variable packet size (called a frame) . use the service password-encryption command from the global configuration mode. It is up to end devices to request a retransmission of lost packets. 5. line protocol down. it no longer matches the connected device. 4. Because the encapsulation between PDX and SFO no longer match. Can be used as a backbone connection to LANs. Note: At this point in the configuration. the encapsulation used between LAX and PDX matches.<password> Router(config)#username <hostname> password <password> Router(config)#bandwidth <value>
an unknown host Set the username and password for the local router Set a bandwidth value for an interface View encapsulation and PPP information on an interface
To hide the CHAP password from view in the configuration file. 2. LAX can again ping SFO. digital lines. Example The following commands configure the SFO router to use PPP and enable it to connect to the LAX router using PAP authentication.54 Mbps. When you change the encapsulation. Therefore. the interface status changes to "up. LAX can ping SFO.
In any case. The CIR is the maximum guaranteed data transmission rate you will receive on the Frame Relay network. The DLCI represents the connection between two frame relay devices. y y y y The DLCI ranges between 16 and 1007.
Frame Relay Protocols
Most Frame Relay installations involve connecting to a Frame Relay network through a T-1 line. DLCIs identify each virtual circuit. Packets travel through the Frame Relay cloud without acknowledgments. Each DLCI is unique for the local network. LMI is responsible for managing the connection and reporting connection status. In other words. LMI can: y y Maintain the link between the router and the switch. Operate at the Physical and Data Link layers of the OSI model.y y
Can be implemented over a variety of connection lines (56K. The router connects to a CSU/DSU. When network traffic is low. you are guaranteed to have at least the amount of bandwidth specified by the CIR. The Frame Relay service provider assigns the DLCI when the virtual circuit is set up. You should be aware of the following Frame Relay protocols: Protocol Characteristics Like an Ethernet MAC address. priority is given to data coming from customers with a higher CIR.
When you sign up for Frame Relay service. Packets are discarded based on information in the Discard Eligible (DE) bit. Error correction is performed by sending and receiving devices. Gather status information about other routers and connections on the network. but not for the entire WAN. T-3). As network traffic increases. T-1. Congestion is the most common cause of packet loss on a Frame Relay network. and the effective rate may drop. Frame Relay switches begin dropping packets when congestion occurs. Frame relay networks simulate an "always on" connection with PVCs. You should be familiar with the following concepts about how Frame Relay networks send data. Frame Relay switches perform error checking but not correction. Sending routers send data immediately without establishing a session. you will likely be able to send data faster than the CIR. The Frame Relay network is made up of multiple switches for moving packets. Corrupted packets are simply dropped without notification.
. the same DLCI number can be used multiple times in the entire network to identify different devices. Frame Relay switches send Backward Explicit Congestion Notification (BECN) messages to slow data transfer rates. y y y y y y y y y y y Routers connect to a Frame Relay switch either directly or through a CSU/DSU.
Data-Link Connection Identifiers (DLCIs)
Local Management Interface (LMI)
Local Management Interface (LMI) is a set of management protocol extensions that automates many Frame Relay management tasks. which is connected to the Frame Relay network. you are assigned a level of service called a Committed Information Rate (CIR).
results are less prone to errors than when using inverse ARP. The administrator identifies the address of each destination device.
Frame Relay Command List
When configuring a router for Frame Relay. Cisco routers autosense the LMI type and configure themselves accordingly. Although DLCI numbers are only locally significant. and DECnet).e. A multipoint link configures each circuit to communicate with more than one destination device. ANSI. IPX. you will need to associate logical. and Q933a. . you have the following options: y y Point-to-Point. you have the following configuration options. assign a DLCI to the subinterface Configure the LMI settings (optional). Turn on inverse ARP (it is on by default)
. . This is the default. complete the following tasks: y y y y y Enable Frame Relay on the interface by setting the encapsulation type Assign a Network layer address to the interface (such as an IP address) Configure dynamic (inverse ARP) or static (mapped) addresses For a point-to-point subinterface. and associates each address with a DLCI. Multipoint. With a point-to-point connection. The same circuit is used for multiple conversations.
Note: You must set the encapsulation method on the interface before you can issue any other Frame Relay commands. Because Frame Relay supports multiple upper-layer protocols (such as IP. the same number is used throughout the entire network to identify a specific link). Although more work.y y
Enable dynamic DLCI assignment through multicasting support. Make DLCIs globally significant for the entire network. By default.
Cisco routers support three LMI types: Cisco. y y Dynamically associate DLCIs with inverse ARP. . A point-to-point link simulates a direct connection with a destination device. through LMI these numbers can be globally significant (i. You only need to set the LMI type if autosensing does not work or if you want to manually assign it. Cisco is the default frame relay encapsulation. Router(config-if)#encap frame-relay Router(config-if)#frameTo . Network layer destination addresses with the DLCI number used to reach that address. Set the encapsulation method You can following this command by various keywords to set a specific frame relay encapsulation protocol. Frame Relay supports multiple virtual circuits. . Although there is only one physical path between the router and the switch. When you connect a router to the Frame Relay network. Manually map addresses to DLCIs. the circuit is configured to talk to only one other device. The router uses the inverse ARP protocol to dynamically discover destination addresses associated with a specific DLCI.
To configure Frame Relay on an interface. or a multipoint subinterface with dynamic addressing. the router interface has a direct line to the Frame Relay switch at the service provider. the DLCI number acts like a Data Link or physical device address. For multipoint connections. Use . When configuring a Frame Relay connection or circuit.
Router(config)#int s0 Router(config-if)#encap frame-relay Router(config-if)#no frame inverse Router(config-if)#frame-relay map ip 10. and rediscovered when the interface comes up. The discovered information goes into the frame relay map cache. y If a destination IP address is changed. Configure LMI on the Cisco router
Examples The following commands enable Frame Relay on serial interface 1 using IETF as the encapsulation method and dynamic addressing.
Router#clear frame-relayClear the dynamic entries from the frame-relay map cache. With subinterfaces. y Inverse arp entries in the cache are cleared when an interface goes down. Frame Relay supports multiple virtual circuits. disable inverse ARP.1.1.55 to DLCI 25.
Cisco uses the term interface to describe the physical component that connects the router to a network.55 25 This scenario illustrated the following principles about inverse ARP and the frame relay map cache: y Inverse arp discovers IP address and DLCI information for routers connected to the cloud. you have the following options:
. Clear the cache to rebuild it and rediscover the changed information. inarp Router#show frame pvc Router#frame lmi-type <LMI type> Show DLCI statistics and information.1. you can expand your router's capability without adding modules containing physical interfaces. A subinterface is a virtual interface that you configure on a Cisco router's physical interface. the change may not be communicated through inverse arp.relay inverse-arp Router(config-if)#framerelay map Router#show frame map Map protocol addresses to DLCIs Note: Add the broadcast parameter to the command to configure the router to forward broadcast traffic over the link. and map IP address 10. y Use the clear frame-relay command to manually clear dynamic entries. Although there is only one physical path between the router and the switch. the router interface has a direct line to the Frame Relay switch at the service provider. using subinterfaces lets you subdivide a single physical interface into several separate virtual channels. When configuring a Frame Relay connection or circuit. Instead of adding physical interfaces. y Disabling inverse arp does not clear the cached entries.1. Router(config)#int s1 Router(config-if)#encap frame-relay ietf The following commands enable Frame Relay on serial interface 0 using Cisco as the encapsulation method. They make it possible to support multiple connections and/or networks through a single physical port. When you connect a router to the Frame Relay network. Display the contents of the frame-relay map cache (showing IP address to DLCI number mappings).
12. complete the following tasks: y y y y Enable Frame Relay on the interface and set the encapsulation method Create the subinterface. Router(config)#int s0 Router(config-if)#encap frame Router(config-if)#int s0. .12.16
Frame Relay Troubleshooting Introduction
The next set of simulations gives you a chance to troubleshoot Frame Relay. The subinterface is configured to use inverse ARP. All simulations use the same network layout as shown.
. . and configure it with a static IP mapping of device 199. Multipoint.y y
Point-to-Point. .16. Use . the circuit is configured to talk to only one other device. Router(config)#int s1 Router(config-if)#encap frame Router(config-if)#int s1. you will need to assign a Network layer address to the subinterface.103 mult Router(config-subif)#frame map ip 199. map DLCIs to protocol addresses
In addition. specifying either point-to-point or multipoint For a point-to-point connection or a multipoint connection using inverse ARP. assign the DLCI number to the subinterface For a multipoint connection using static assignments. Create the subinterface Map protocol addresses to DLCIs
Router(config-subif)#frame-relay interface-dlci Assign the DLCI to the interface
Examples The following commands create a point-to-point subinterface on the first serial interface and assign it to DLCI 44. The same circuit is used for multiple conversations. Router(config-if)#int sX.55 point Router(config-subif)#frame interface-dlci 44 The following commands create a multipoint subinterface on the second serial interface. With a point-to-point connection. Using subinterfaces in this manner overcomes the split horizon problem that can occur when sending updates out the same interface.
Frame Relay Subinterface Command List
To configure Frame Relay on a subinterface. A multipoint link configures each circuit to communicate with more than one destination device. Do not assign an IP address to the main interface.X <type> Router(config-subif)#frame-relay map To .
Using subinterfaces also lets you send routing updates out the same physical interface on which they were received.155 to DLCI 111. . A point-to-point link simulates a direct connection with a destination device.
DLCI numbers Use .The scenario description for each exercise identifies whether the routers should be configured using inverse-arp or static mappings. The following commands may be useful in identifying the problem. . . y y y y y y y y ping sh frame map sh frame pvc sh int/sh ip int sh run no ip sh frame-relay sh frame-relay traffic
Monitoring Frame Relay The following list summarizes the commands to use for viewing specific Frame Relay information on the router.
. . show run show frame pvc show int show run show frame lmi show int show frame pvc show int show frame traffic show frame map
Frame Relay encapsulation method
LMI information and traffic statistics
Interface configuration (DCE or DTE) Global traffic statistics Addresses and associated DLCIs
Note: Output for the show interfaces command shows an entry for DLCI followed by a number. This information is not the DLCI number associated with the interface.
If you want to view . . Each scenario has some misconfiguration that prevents communication.
video. terminology. such as call setup. The physical cable of an ISDN connection is divided into logical channels. Standard Standards for ISDN on the existing phone network. Data Link. flow control. digital transmission of both voice and data (including graphics. It allows fast. and services. D channels are used to carry control and signaling information. and so on) over existing telephone lines. you have the choice between the following services. and Network layers. Channels are classified as one of two types: y y B channels are used to carry data. such as international addressing Standards for ISDN concepts. It supports the majority of upper-level protocols and encapsulation protocols. ISDN BRI is a relatively low-cost WAN service that is ideal for the following situations: y y Home office or telecommuters who need a relatively fast connection Businesses that need to periodically send data between sites (bursty traffic patterns)
ISDN BRI offers the following benefits over dial-up modems and other WAN connection options. ISDN uses T-carrier technology to quickly and efficiently send digital data streams. y y y y y Faster data transfer rates (128 Kbps) than dial-up modems (56 Kbps maximum) Faster call establishment (dial-up) than modems Lower cost than other WAN solutions (users pay a monthly fee plus connection charges)
ISDN Protocol Standards
ISDN standards are grouped according to function. such as network services Standards for switching and signaling. Service B channels D channel Characteristics One 16 Kbps One 64 Kbps Uses existing phone lines (but may not be available where existing copper wires don't support it) The connection is "demand-dial" (established only when data needs to be sent) Uses an entire T-1 line Sometimes called 23B+D The connection is "always on"
Basic Rate ISDN Two 64 Kbps (BRI) Primary Rate ISDN (PRI) Twenty-three 64 Kbps
Note: The total bandwidth of an ISDN BRI line is 144 Kbps (two B channels and one D channel). The protocol groupings and descriptions follow a lettering standard. and error correction
Protocol Designation E I Q
Integrated Services Digital Network (ISDN) is a set of standards covering the Physical. The total data transfer rate is 128 Kbps (data is sent only on the two B channels).
When you order ISDN service.
or ISDN telephone.
ISDN Device Function Designation NT1 An NT1 (Network Terminator) is the connection point between the local loop and ISDN network. the customer is responsible for the NT1.y y
In practice. Outside of North America. ISDN uses the following addresses: Address Terminal Endpoint Identifier (TEI) Characteristics Data Link layer address (similar to an Ethernet MAC address). NT2s are optional. The TA is often called an ISDN modem. A TE2 (Terminal Endpoint Device type 2) is a non-ISDN-compatible device such as a computer without an ISDN adapter. E for Existing networks I for Identifying concepts Q for Quality switching signals
ISDN Components and Reference Points
ISDN devices are classified based on whether they are ISDN-capable and the role they can play on the network. A Cisco router might be classified as an NT1. it converts ISDN signals to nonISDN signals. a TA (Terminal Adapter) is any device that generates traffic on an ISDN line. Rather. the term is usually used to describes a device that converts non-ISDN signals to ISDN signals. TEIs are dynamically assigned to the router by the ISDN switch when the connection is made.
NT2 TE1 TE2
ISDN is a Network layer protocol that operates over a specific hardware interface configuration. In North America.
. An NT2 (Network Switching Equipment) connects with an NT1. It lets you connect multiple devices. More specifically. A TE1 (Terminal Endpoint Device type 1) is an ISDN-compatible device such as a router. but you will need to memorize them for the certification exam. For this reason. Each ISDN device is assigned one TEI. ISDN has its own Network and Data Link layer addressing. Use the following to help remember the classifications. you will probably not need to know these standards. and/or split the signal into data and voice transmissions. NT1 functionality is the responsibility of the service provider. although it does not convert digital signals to analog signals. Generically speaking. computer.
Cisco routers support over 10 switch types. As its name implies. 1. The B channel is used to transmit data. TEIs are dynamically assigned to identify the router. The receiving device answers and the link is established. 2. In North America. 4. Assigning TEIs.
ISDN Command List
To configure an ISDN connection.
Link Access Protocol for the D-Channel (LAPD) is the Data Link encapsulation protocol used on an ISDN network. you need to complete the following configuration processes: y y y Configure the ISDN switch type Assign SPIDs (if required) Configure encapsulation
. it operates on the D channel of an ISDN connection and is used for: y y y y Initializing Layer 2 and Layer 3 communications. Terminating the link. each device can have one or more SPIDs. The sending device requests a connection through the D channel. When a router needs to communicate with another ISDN device. After the transmission is over. The D channel is used for session maintenance. 1. Your router must be configured to communicate with the switch type used by your WAN service provider. the most common types are: y y y AT&T 5ESS Northern DMS-100 National ISDN-1
ISDN Communication Facts
The following process is used to initialize an ISDN router. Depending on the specific ISDN implementation. The router uses the D channel to perform Network (layer 3) initialization. The router uses the D channel to perform Data Link (layer 2) initialization. 3. 2. Your ISDN router will be connected to an ISDN switch at the WAN service provider. Maintaining the session. the D channel is used to tear down the link. Service Protocol Identifier (SPID) y y y One SPID is assigned to the entire device Each B channel has its own SPID Each B channel can have more than one assigned SPID
The WAN service provide assigns the SPIDs for you to configure on the router.Network layer address (similar to a telephone number that that allows each channel to make and receive calls). It uses its preconfigured SPIDs (if required) to set up the B channels. the following process is used. The following are common SPID assignments.
Identify SPIDs for an interface. and assigns two SPIDs for an ISDN interface: Router(config)#isdn switch-type basic-5ess Router(config)#int bri0 Router(config-if)#encap ppp Router(config-if)#isdn spid1 0835866201 8358662 Router(config-if)#isdn spid2 0835866401 8358664
About ISDN Simulations
The following commands have been enabled in the simulations for configuring and testing an ISDN connection: y y y y y y y interface bri0 isdn switch-type isdn spid1. encapsulation method. Set the encapsulation method for the interface (PPP is the most common). Enables multilink on the interface. Use .3 and above. . . For IOS 11. Show all past and current ISDN phone calls.
Router(config)#interface bri0 Switch to ISDN interface configuration mode. use this command in interface mode or global configuration mode.2 and below. To use multiple channels at the same time. For IOS 11. The exact commands you will use depend on the equipment used at the central office. Set the ISDN switch type to match that used by the service provider. Router(config)#isdn switchtype <type> Router(config-if)#isdn spid<#> <number> <number> Router(config-if)#encap ppp Router#show isdn status Router#show isdn active Router#show isdn history Router(config-if)#ppp multilink Router(config)#dialer loadthreshold
Example The following commands set the switch type. Use only if SPID numbers are not dynamically assigned. isdn spid2 show isdn status show isdn active show isdn history show interface bri0. this is a global configuration command. To . enable multilink PPP (MLP). View the status of the ISDN connection. Identifies the utilization percentage that must exist for the additional channels to be used. An ISDN connection consists of multiple logical B channels on a single physical connection. . bri0:2
You should be aware of the following conditions regarding configuring ISDN connections on a live system:
. bri0:1. .Use the following commands to configure an ISDN connection. Show active ISDN phone calls.
When you remove the shutdown from BRI0.2 and below. But the interface cannot dial until IP traffic is sent out the interface. o For IOS versions 12. the switch type must be defined for the interface. y Spoofing is required to place routing entries in the table when the interface is really down. you should set the ISDN switch type and SPIDs with the interface shut down. How the switch type is set.3 and above. Spoofing allows the router to place entries in the routing table for dial-on-demand interfaces. these statuses may not update. BRI1. For dialer interfaces. Each physical BRI interface has three separate channels (1 D channel and 2 B channels). On a live system.
4. the interface status is "spoofing. A dialer interface will spoof being up. etc. keep in mind the following: Each BRI interface represents a single connection to an ISDN network. line protocol up (spoofing).
BRI Interface Facts
y y y y As you work with ISDN BRI interfaces.0. and what is required. In addition. the connection cannot be made. and traffic cannot be directed out the interface unless there is a routing table entry for the network. The following principles are illustrated in this simulation: y If a BRI interface is connected to a network and not shut down. even if one is not defined for the interface. the interface status changes to spoofing. BRI interfaces are up only when a call is successfully placed to another router. o For IOS versions 11. there is an entry in the routing table for the directly-connected network. while the channels reveal the true interface status. Think of spoofing as "pretending" to be up. routes that correspond to an interface are not placed in the routing table until the interface status is up. 5. You will then need to contact your service provider to reset the switch. o For IOS versions 11." Spoofing is a way for an interface that is really down to pretend to be up. there will be an entry for that network in the routing table. If you misconfigure the interface and connect to the ISDN switch. BRI interfaces are identified as BRI0. interfaces do not come up until dialed. To overcome this problem. you can only set the switch type globally. Because the BRI0 interface is spoofing (pretending to be up). the interface pretends to be up so a routing entry gets made." Think of spoofing as "pretending" to be up. The status reported with the show isdn status command in the simulations updates automatically and immediately after making configuration changes. Setting it globally automatically adds it to the interface.0 and above. differs depending on the IOS version: o For IOS versions 11. y Channels do not come up until traffic must be sent (such as a ping) and a call is placed and answered. Normally. data cannot be routed out to an interface unless it is up.x method of setting the switch type. The two B channels for the first BRI interface are identified as BRI0:1 and BRI0:2. the switch at the service provider may report excessive errors and disable itself. BRI0:1 and BRI0:2 are both down.
. If it is up. When you remove the shutdown for a BRI interface. On a Cisco router. Verify that the configuration settings are correct before bringing the interface up.3 up to (but not including) 12. Generally. the router can still make a connection if the switch type is defined globally. you can set the switch type globally or on an interface basis. its status changes to "up. you may need to use the clear interface bri0 command or restart the router on a live system before some configuration changes take place. but if it is removed from the interface. or take several minutes to change. This product simulates the IOS version 12.y
As best practice.
dialer map. all traffic. such as: o Configuring the ISDN connection o Configuring IP addresses for applicable interfaces Define interesting traffic Apply the interesting traffic definition to the dial-on-demand interface
y y y
Interesting traffic is identified and applied to an interface using the following three items:
Access List Contains multiple entries that define interesting traffic Each list applies only to one protocol in type Access lists are optional
Dialer List Identifies all traffic of a specific protocol. The link is brought up (or dialed) when traffic needs to cross the link. Identify the host called by the router using one of the following commands in interface mode: y y dialer string. or identifies an access list Contains multiple entries. to identify a single number to dial for all connections. The list of interesting traffic only defines which traffic brings the link up. only interesting traffic will bring it up. This process is much like placing a telephone call. the connection is terminated. Keep in mind the following points about dial-on-demand routing (DDR): Access lists define interesting traffic (traffic that will bring the link up). If a DDR link is down.y
Channels are up when a call is initiated that uses that specific channel. Non-interesting traffic that needs to be sent will not keep the link up if the time limit has expired. It is possible to have one channel active and the other channel inactive
A dial-on-demand link is one that is non-persistent (not always on). will be sent over the link. The DDR link will be brought down if no interesting traffic has crossed the link in a specified period of time. If a DDR link is up. not which traffic can cross the link once it is established. Non-interesting traffic is ignored (never sent). to identify a specific destination and the
DDR Command List
Configuring dial-on-demand routing involves completing the following general steps: y Configure the interface to connect to the network. The link between two devices is established when one device calls another and the answering device answers the request. a maximum of one per protocol
Dialer Group Applies a dialer list to an interface Maximum of one group per interface
Dialer interfaces (such as ISDN BRI) are non-persistent and might be used to connect to multiple devices. both interesting and non-interesting. Use access lists to identify the type of traffic that will bring the link up (called interesting traffic). When the link is idle.
0. Router(config)#access-list 101 permit tcp any host 10.1 eq 21 Router(config)#dialer-list 9 protocol ip list 101 Router(config)#int bri0 Router(config-if)#dialer-group 9 Router(config-if)#dialer map ip 1. Use this command if the router contacts only one other router.1 Note: You can also configure serial or asynchronous interfaces to support dial-on-demand routing.1 name LAX 5552345 Router(config-if)#exit Router(config)#ip route 10. Identify the number to dial to contact the destination router. . Use this command if the router contacts multiple routers over the same physical interface.1.
Router(config)#access-list Router(config)#dialer-list <#> protocol <type> permit/deny Router(config-if)#dialer-group <#> Router(config-if)#dialer string <number> Router(config-if)#dialer map ip <address> <number> Router(config)#ip route
Examples The following commands define all IP traffic as interesting traffic for BRI0 and identifies two numbers of a single destination router to dial when traffic must be sent.
. apply it to an interface.0.0. defines a called device. . .1. Router(config)#dialer-list 7 protocol ip permit Router(config)#int bri0 Router(config-if)#dialer-group 7 Router(config-if)#dialer string 5551111 Router(config-if)#dialer string 5552222 The following commands create an access list and dialer list.1 eq 80 Router(config)#access-list 101 permit tcp any host 10. Configure access list statements that define interesting traffic Identify the traffic type or access list that defines interesting traffic.0. use the following command: Router(config-if)#dialer in-band y Both dialer strings and dialer maps identify the LDN of the destination device.0.0 bri0 1. Apply the dialer-list to an interface.0. This allows hosts on the local network to access hosts on the remote network(s). .0. To enable DDR on a serial interface.0 255. and configures a static route to the remote device.
Configure the numbers to call when interesting traffic is received Configure static routes to remote networks accessible through the ISDN link Configure the DDR timers (optional) To . y You can only use either dialer string or dialer map statements (not both at the same time). Identify the number to dial to contact the destination router.1.1. The link will be brought up for HTTP or FTP traffic. Configure static routes to remote networks accessible through the ISDN link.y y y Use .0.
DDR timers identify the amount of time that passes without interesting traffic before the link is brought down. y Use dialer maps to identify multiple destination devices. Use dialer profiles to pool all physical interfaces into a single logical interface. traffic to any of the four sites could be sent out either of the two interfaces. if you have two interfaces and four sites. or if you want to use different B channels to reach multiple sites. Configure the dialer interface as you would a physical interface with dialer-group commands and dialer map statements. Assign each physical interface to the dialer pool. If no interesting traffic has crossed the link during the specified time interval. but involves the following general process.y Use dialer strings to communicate with a single device.
Configuring dialer profiles is beyond the scope of this course. Associate a dialer pool number with the logical dialer interface. y Dialer maps that match the destination IP address are tried in order. Think of a dialer string indicating "any" destination address. the next one is tried. the next one is tried.
In a typical ISDN BRI connection. The fast-idle timer is a special timer that allows the DDR link to be brought down before the idle-timeout timer has expired. Create a special dialer interface. If your router has multiple BRI (or PRI) interfaces. one interface could connect to half of the sites. If the first one fails. Create a dialer-list statement pointing to the access list. and the other interface could connect to the other half. y Dialer strings are tried in order. the router has a single BRI interface that is used to connect to all other sites. y Dialer string and map statements go in the configuration file in the order they are typed. you have the following choices: y Use dialer lists to configure specific interfaces to connect with specific sites. the DDR link is closed. y y y y y Create access list statements to define interesting traffic. It identifies an alternate timer that is used if: Fast-idle y y y y The physical interface connects to multiple sites (phone numbers) The interface has an existing link to one site Packets are ready to be sent to a different site There is no interesting traffic currently being sent
. You do this by setting one or both of the following timeouts: Timer Idletimeout Description The idle-timeout identifies when the DDR link will be brought down. This is a logical interface that groups multiple physical interfaces. Dialer maps include the destination IP address. If the first one fails. In this way. For example.
Details of active calls such as: show isdn active y y y y y y y y y y y y The number dialed The device called Time left until disconnect ISDN switch type ISDN status by layer (layers 1-3) Number of active calls Number of available ISDN channels Idle and fast idle timer settings for an interface Reason for the connection (source and destination addresses) Number and hostname dialed Time connected Time left until disconnect
show isdn status
show dialer int bri
ISDN Troubleshooting Tips
As you work with ISDN connections.
DDR Show Commands You should be familiar with the information shown for each of the following commands as they relate to DDR routing. A physical connection exists. To view. . Set the amount of time that must elapse before the DDR link can be disconnected early if a call to another destination is received. Check the physical connection or remove the shutdown from the interface. Here you can examine the status of each of the three OSI model layers. . (TEI and SPID messages will show if SPIDs are configured. .. Router(config-if)#dialer idle-timeout Router(config-if)#dialer fast-idle To . Set the amount of time that elapses without interesting traffic before the DDR link is disconnected.. The following table describes the possible meaning of each layer status.. . Status Information Layer 1 Status = NOT Activated Layer 1 Status = ACTIVE Layer 2 Status = NOT Activated TEI Not Assigned Actions to Take There is no physical connection to the ISDN network. use the show isdn status command to check the status of the ISDN interfaces. but communication to the ISDN network is not taking place.
.Use the following commands to configure the DDR timers: Use .
Note: SPID2 will not be sent and cannot be validated until spid1 NOT valid SPID1 has been configured correctly. y show isdn status
Layer 2 State = MULTIPLE_STATE_ESTABLISHED
An incorrect SPID number was configured. y y Layer 2 indicates whether the router has established communications with an ISDN switch. Reverify the SPID status = spid1 configured. Check to make sure the dialer group command has been used for the interface to associate the list with the interface.spid1 NOT sent
Verify the ISDN switch type configuration on the router. The following commands may be useful in identifying the problem. check to make sure that static routes have been defined on each router. spid1 valid Endpoint ID Info shown Layer 3 shows 0 active calls SPIDs have been validated and EIDs assigned. The router is communicating with the ISDN network over the D channel. Validate the SPID configuration. one or more routers have been misconfigured. begin by verifying the problem. Either the router does not require SPIDs.
For each scenario. All simulations use the same network layout as shown. verify that interesting traffic is properly defined to bring the link up. Layer 3 will not show active until a call has been placed to open communication. and EIDs are assigned or validated by the switch. SPID configuration. SPID statuses do not show. Layer 3 indicates whether there is an active phone call through the switch to another
ISDN Troubleshooting Introduction
The next set of simulations gives you a chance to troubleshoot ISDN configuration. SPIDs. TEIs. but devices on either network cannot communicate over the link. check the following: y If the ISDN status shows active but a ping between the two routers fails. In each case. The problem may be with either router. or SPIDs are not yet assigned. but you cannot communicate through the ISDN link. y If you can successfully ping the remote ISDN router from the local ISDN router. Problems with the communication are limited to those configuration settings taught in this section. Your job is to diagnose and fix the problem. A single TEI is assigned and Layer 2 is active. Note: SPIDs will not be sent or validated until Layer 2 communications have been established.
If Layer 1 and Layer 2 statuses are active. spid1 sent.
.y y y y y y
ping show show show show show
interface bri0 interface bri0:1 interface bri0:2 ip route run
Tip: For most troubleshooting activities. you should be able to diagnose the problem using the output from the show isdn status command.