CCNA LAB Manual Corvit

~.
.. -.-.---
.. --_.-- ..--_----~ -,---._ ..
..- '-----~-:-"-;-",.,-"
"".'-,
-\~-
-",~;.
~~--~-
--~----_--.--._--"--'---_------"",
LATllC~ STUDIES
Reaching end to end
CCNA
PRACTICAL GUIDE
1st Edition
Organized
& Written
by:
MUHAMMAD SHAKEEL ASHRAF CCNA, JNCIA-ER, JNCIA-EX, JNCIS-ER
supervised By:
HAROON AHMAD MALIK

ceIE (R&S), eeIE (Security), eeIE (Service Provider) CCIE No. 15429
CopyrightD 2010 by Muhammad Shakeel Ashraf for Lattice Studies/Corvit Systems. All rights reserved. Printed in Pakistan. Except as permitted under the Copyright Ordinance 1962 of Pakistan, no part of this publication may be reproduced or distributed/transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without the prior written permission of the author.
-------
..----.-_~----..
----.---.~-.-------- "--'_ -..:..~.~~--------
TABLE OF CONTENTS
PART-l
Exercise Ex.ercise Exercise Exercise
Exercise
ROUTING
No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. 1 HOW TO ATTACH ; 4 5 6 7 8 A ROUTER WITH A PC? •..••••••.••••••..••••••.••••••.•••••••.••••••..••••••.•••••• ~~~~~~N~O~~~TNAME 7•.. 1 CONFIGURING DATE & TIME ••.••••••.••••••.•••••••.••••••.••.•••••••••••.••.••••.••.••••••..••••• SETT ING A BANNER '" DISPLAYING RUNNING-C<1NFIGURATION •••••..••••••.•••••••••.••••.••.••••••.•••••••..••••••.••••••. LINE CONSOLE PASSWORq ..••••••.••••••..••••••.••••••.••.••••••••••••••.•••••••..••••••..•••••.. LINE VTY / TELNET PA~ SWORD ••••••••••.••.••••••..•••••..••••••.••••••.••••••••.••••••..•••••.. 9 AUXILIARY LINE PASSWqRD .•••••••.••••••.••••••..••••••.••••••.••••••..•••••••.••••••.••••••••• 10 PASSWORD FOR PRIVIL~GED MODE 11 SECRET (ENCRYPTED) liAS SWORD FOR PRIVILEGED MODE 12 REMOVING LINE CONSOLE PASSWORD 13 RgMOVING LINE VTY TELNET PASSWORD ••••••.••.•••••••.••••••.••••••.•••••••..••••••.•••••••.• 14 REMOVING AUXILIARY tINE PASSWORD ••••.••••••.••••••..•••••..••••••.•••••••.•••••••.•••••••.•• 15 REMOVING PASSWORD F9R PRIVILEGED EXEC MODE .•••••••.••••••.•••••• -••••••••..••••••.•••••••.••• 16 REMOVING SECRET PAS;;WORD ••••••••••..••••••.••••••.••••••.••••••••••.•••••••.••••••..••••••.. 11 CHECKING SYSTEM FLA~H ••.••.••••••.•••••••.••••••.•••••••.••.••••••..••••••.••••••..••••••..• 18 IDS VERSION s CONFI~URATION REGISTgR'S VALUE ••••••••••••••.••••••.•••••••.••••••..••••••..•• 19 CHECKING ROUTER INTfRE'ACES AND I P ADORE SSES .••••••.••••••••••••••.••.••••••••••••••.•••••••. 20 ASSIGNING IP AODRESp TO AN INTERFACE •••••••••.•••••••.••••••.••••••..••••••.•••••••.•••••••. 21 ENABLING AN INTERE'AFE •••••.••••••..••••••.••.•••••••.••••••.••••••..••••••..•••••..•••••••.• 22 ADMINISTRATIVELY SHpTTING DOWN AN INTERFACE .•••••••.••••••.••••••..••••••..••••••.•••••••.•• 23 SETTING CLOCK RATE pN ROUTER'S SERIAL INTERFACE 24 SAVING RUNNING-CONFiIGURATION TO NVRAM •••••••••.••.••••••.••••••..••••••.••.••••.••.••••.••.• 25 SAVING RUNNING-CONFiIGURATION TO TFTP SERVER •••••.••••••..••••••.•••••••••.•••••••.•••••••.•• 26 SAVING STARTUP-CON~IGURATION TO TFTP SgRVER ••••.•••••••.•••••••••.•••••••.••••••..••••••..•• 27 COPYING lOS/IMAGE ~ROM ROUTER TO TFTP SERVER ••••••.••••••.••••••..••••••.•••••••.••.••••.••. 28 REMOVING STARTUP/N\\RAM CONFIGURATION FROM ROUTER " 29 ERASING FLI\.SIl MEMOF,Y •••..•••••..••••••.•••••••••..••••••.••••••.••.••••.••.••••••..••••••..• 30 COPYING lOS/IMAGE E;ROM TFTP SERVER TO ROUTER •••...•••••.••••••.•••••••.••.•••••••.••••••..•• 31 COPYING STARTUP-CONFIGURATION FROM TFTP SERVER TO ROUTER •••••.•••••••.••.•••••••.••••••..••• 32 CONFlGURING ROUTER INTERFACES 33 PING s EXTENDED PI~G •••••••••••.••••••.••••••..••••••.••.••••••..••••••.••••••..••••••.••••• 34 CISCO DISCOVERY PR9TOCOL (CDP) .••••••.•••••••.•••••••••.••••••..••••••.••••••.•••••••.••.••• 35 1l0W TO TELNET A ROUTER? .•••••.•••••••.••.••••••.••••••..••••••.••••••.•••••••.•••••••••••••• 36 STATIC ROUTE ••.•• 37 STATlC ROUTE •.••• 38 IP NAMING (USING H9ST TARLE) ••.•••••••.••••••.••••••.•••••••.••••••.••.•••••••.••••••..••••• 39 IP NAMING (USING DI'S) •.••••.•.•••••••.••••••.••••••.•••••••.•••••••••.•••••••.•••••••.•••••• 40 DYNAMIC ROUTING USING RIP (ROUTING INFORMATION PROTOCOL) •..•••••••••••••••••.•••••••.••••••. 41 CONFIGURING RIPI/2 42 CONFIGURING IGRP 43 CONFIGURING EIGRP 44 CONFI GURING OSPF S ~NGLE AREA ••.••.••••••..•••.•.••••••..•••••..•••••••••••••••••.••••.••.••• 45 CONFIGURING OSPF MPLTIPLE AREAS •.••••••..••••••.••••••.••••••.•••••••.••.••••••••••••••.•••• 46 REDISTRIBUTION OF ROUTING PROTOCOLS ••••.••••••.••••••.••••••..••••••.••.••••••••••••••.••••• 41 STANDARD IP ACCESsi CONTROL LIST .••••••.••••••.••••••.••.••••.••••••••••••••.••.••••••..••••• 48 EXTENDED IP ACCESS CONTROL LIST ••••••.•••••••.•••••••••.••••.•..••••••.••••••..••••••.•••••• I 49 NAMED I P ACCgSS CONTROL LI ST •.••••••..••••••.•••••••••.•••••••.••••••.••••••..••••••.••••••. 50 STATIC NAT (NETWORK ADDRESS TRANSLATION) •••.•••••••••.•••••••.••••••.••••••.•••••••.••••••.. 51 DYNAMIC NAT (NETW9RK ADDRESS TRANSLATION) ••••..•••••.•••••••.••••••.•••••••.••.••••.•••••••• 52 PAT (PORT I\.DDRESS ITRANSLATION) - OVERLOI\.DING ..••••••.••••••••••••••.•••••••.••.••••••.•••••• 53 FRAME RELAY (HUB-~-SPOKE TOPOLOGY) - DYNAMIC MAPPING/INVERSE ARP ••.••.•••••••.••••••.•••••• 54 FRAME RELAY (HUB-N-SPOKE TOPOLOGY) - STATIC MAPPING/INVERSE ARP •••••.••••.••.•••••••.•••••.
1
2 7 7 8 8
Ex.ercise Exercise Exercise

Exercise
.1
9
10 10 10 11 11 12 12 12 12 12 13 15 15 15 16 16 11 17 23 23 , 24 24 24 25 25 27 30
Ex.erc::ise EJo::ercise
Exercise
Exercise Exercise Exercise Exercise Exercise Ex.ercise Exercise Exercise

Exercise
/1
Exercise
Exercise
Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise
El'::ercise Exercise
! !
33
36
"
"
39
44 46
Exercise
E:-::ercise
Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise
! .! f .........................•......•.......•...............................•.
49
53
59
62 66 71 14 81 85 89
91 94
97 100
103
PART-2
Exercise
Exercise
SWITCHING
No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. NO. No. 1 2 3 4 5 6 7 8 CHANGING IlOSTNAME .: ••••••.•••••••••.••••••.••••••••••••••.••••••.•••••••.••••••.••••••..••••• DISPLAYING RUNNING,CONFIGURATION •.••••••..••••••.••••••.••••••..••••••.••••••.•••••••.•••••• LINE CONSOLE PASSWORD ••••..•••••..•.••••.••••••.••••••.••••••..••••••.••••••..•••••••••.•••• LINE VTY PASSWORD PASSWORD FOR PRIVILEGED MODE .•••••..••••••.••••••..•••••..••••••.••••••.•••••••.••••••.••••• SECRET (ENCRYPTED) PASSWORD FOR PRIVILEGED MODE •..•••••..••••••.••••••..••••••.••••••..••••• REMOVING LINE CONS?LE PASSWORD ••••••••••••••••••.••••••.••••••••••••••.••.••••••••••••••.••• REMOVING PASSWORD FOR PRIVILEGED EXEC MODE •.••••••••••••••••••.••••••.•••••••.••.••••••..••• 9 REMOVING SECRET PASSWORD •••..••••••.••••••..•••••..••••••.••••••.•••••••.••••••..•••••..•••• 10 CHECKING SYSTEM FLASH •••••.••••••.••••••..••••••.••••••..•••••..••••••.••••••.•••••••.••••• 11 SWITCH HARDWARE IpFORMATION 12 SWITCH PORTS STATUS •••••.••••••.•••••••.••••••.••••••.•••••••.••••••.••••••.•••••••.••••••. 13 MAC ADDRESS TABLE! ••••••.•••••••••••••••••••••.••••••.••••••..••••••.••••••• SPEED s MODE OF AN INTERFACE 1 4 CONFIGURING I 15 DEFAULT VTP CONFlP;URATION VALUES OF A SWITCIl ••.••••••.••••.••••••.••••••..••••••.••••••..•• 16 CONFIGURING VTP S,ERVER MODE ••••.••••••..•••••.••••••..••••••.••••.••••••.••••••.••••••..••• 11 CONFIGURING VTP <iLIENT MODE 18 CONFIGURING VTP ~RANSPARENT MODE •••••.••••••.••••••.••••••..••••••.••••••.•••••••••••.••.•• 19 CONFIGURING VTP DOMAIN
lOS i
1
Exercise
Exer-cise EJo::ercise
106 106 107 108 108
E:xercise Exercise Ex:ercise

E,;,;;ercise
Exercise Exercise E .... ercise

El'::ercise
109 109 109 109 109

110 111 111 112 113 113 114 114 115
, ••••
"
.•••••••.
Exercise Exercise Ex.ercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise Exercise:
;~ 22 23 24 25 26 27 28
~!N=I\.~~~~~~.::: SWITCHPORT TRUNK 1& ACCESS MODES SWITCHPORT DYNAMIC DESIRABLE AND AUTO MODES ••••••••••..••••••.••••••••••..••••••.••••••..•• INTER-VLAN ROUTING (ROUTER ON STICK) ••..•••••••••••••.•••.••.••••••.•••••••••••.•••••..•••• PORT SECURITY •• PORT SECURITY WITH STICKY MAC-ADDRESS .•••••..••••••.••••••.••••••.•••••••••••.••••••.•••••• SPANNING TREE PROTOCOL (STP) ••••.••••••.••••••.••••••.•••••••••••.••••••.•••••••.•••.••.••• SELECTION OF PORTS BY CHANGING COST OF INTERFACES/PORTS •••••.••••••.•••••••••••
:1:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
J .••••••..•••••..•••.••.•••.••.•••.••••••.••.•••.••.•••.••••••..•••••..•••••
~~;
121 126 132 134 137 138 141
, ••••••.••••
-- ..-,-.-----~
"Arne&"
STUDIES
-1-
CCNA
Practical
Guide
All
rights
are reserved
with Lattice
Studies/Corvit
Systems.
I
I
I
~)
/
"Arneii'
STUDIES
-2-
Exercise
No.1
HOW TO ATTACH A ROUTER WITH A PC?

STEP-l
Arrange a. b. c. d. the Complete computer CISCO Router Console cable Power cable for router power cables
CISCO Router
(Front View)
CISCO
Router
(Rear View)
9 Pin DB-9 conne ctor
connector
Console
cable
STEP-2
(CABLE CONNECTIONS)
a. Find the COM port
;e
.~
11
:Jr.:.
COM 1 COM 2
•4
••4 •
.
cable) into one of the COM ports of
are reserved with Lattice Studies/Corvit Systems.
b.
Plug DB-9 connector CPU.
female
side of console
CCNA
Practical
Guide
All rights
i
J .~
,"Artie.: STUDIES
c. Plug the other end of console port of router. console
-3-
RIIIIIlhin"ll ond 10 -ond
cable
i. e.
RJ-45
(8 pin
connector)
into
Console
Port
STEP-3
(COMMUNICATION
a.
THROUGH HYPERTERMINAL)
by clicking Accessories' on: Communications'
I
Open HyperTerminal Start' Programs
rTerminal
Set~~s 5o""h Help.nd S"Pport

Run ...
Easv Pdf Pass_d
Remover free
P
@J
,8
lOQ Off dsoo ...
(NOTE: This image
is captured
on Microsoft
Windows
Professional. )
CCNA Practical Guide
All rights are reserved
Studies/Corvit
Systems.
LA'TnC£" STUDIES
b. In "Connection button. Description"
I I
-4-
window,
type
any
name
for
the
connection
and
press
OK
Connection Description
I? .Ix
fiiIj New COIYIeCtion

Enter a name and cIIoc= an icon fO( lhe cornection:
I
i OK I
I[ Cancel "--=;';;';_..J
.i.,
V
of PC
c.
In the "Connect To" IWindOW, selec~p;'rppri'ate)c~,J Port (the COM/p~:~)nUmber onto which you have plugged the r6ute;":;; conso l e cable) and press ,OK ,.bii_:tt6n-:"'"
I
Connect 10
'? II~I
)-/
_/
d. In the button. press "Restore Defaults" button and then press OK
POlt SeUn9*
-----------------~::::-=h:·~-c_/,_ --l ...

Rit: per second:
19600
i -_ ,
I
'-II I II
III III til
!lata bit$: B
eM!}': bit;;
I I I I
INone
11
L--------t-[~:u
flow eonllot
~top
I
I
INone
OK
111
Cancel
Ii
e,pply:J
CCNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems.
LAl"l1C'E STUDIES
e.
-5this
The router takes few moments to complete its booting proc1ess. Just wait to finish process. The whole booting process can be seen in the HypbrTerminal Window.
CISCO
lOS BOOTING
PROCESS (fcl)
System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE Copyright (c) 1999 by cisco Systems, Inc. TAC:Home:SW:10S:Specials for info C2600 platform with 65536 Kbytes of main memory
program load complete, entry point: Ox80008000, size: Oxb99880 Self decompressing the image : I #########################################################~############################ #########################################################~############################ ################# [OK] Smart Init is enabled smart init is size 10 MEMORY REQ TYPE 000091 OXOOOBBBOO C2600 single Ethernet OX00098670 public buffer pools OX00211000 public particle pooLs OX00334E70 TOTAL.: If any of the above Memory Requirements are "UNKNOWN", you may be using an unsupported configuration or there is a software problem ,FOnd system operation may be compromised. Rounded 10MEM up to: 4Mb. Using 6 percent iomem. [4Mb/64Mb]
Restricted
Rights
Legend
Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (d.L)of the Rights in Technical Data and Computer Software clause at OFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System software lOS (tm) C2600 Software (C2600-ADVSECUR1TYK9-M), ARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Tue 08-Aug-06 20:50 by kesnyder Image text-base: Ox80008098, data-base: OxBl3553A8
This product contains cryptographic features and is subject to United States and local country laws governing import, export, t~ansfer and use. Delivery of Cisco cryptographic products does not imdly third-party authority to import, export, distribute or us~ encryption. Importers, exporters, distributors and users I compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If ~ou are unable to comply with U.S. and local laws, return this product i~ediatelY. A summary of U.S. laws governing Cisco cryptographic http://www.cisco.com/wwl/export/crypto/tool/stqrg.html products
I
may be found at:
If you require further assistance please contact US by sending email to export@cisco.com. I cisco 2610 (MPC860) processor (revision Ox203) with 61440K/4096K bytes of memo. Processor board 10 JA0050207GY (3269948344) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet(IEEE B02.3 interface(s)
CCNA
Practical Guide
All rights are reserved witJ Lattice Studies/Corvit
Systems.
'--.--.~- .. ...
,.
STUDIES
LAf"nCE
-6-
RaacbiD.;r
"iIll-ct
to and.
4 Serial (sync/async) nltwork interface(s) 32K bytes of. non-volatile configuration memory. 16384K bytes of proces~or board System flash (Read/Write) Press RETURN *Mar *Mar *Mar *Mar *Mar *Mar 1 1 1 1 to get started! ~LINK-3-UPDOWN: Interface ~LINK-3-UPDOWN: Interface ~LINK-3-UPDOWN: Interface ~LINK-3-UPDOWN: Interface ~LINK-3-UPDOWN: Interface ~LINEPROTO-S-UPDOWN: Line
! I
00:00:21.402: 00:00:21.402: 00:00:21.402: 00:00:21.406: 1 00:00:21.406: 1 00:00:22.592:
EthernetO/O, changed state to up SerialO/O, changed state to down Serial0/l, changed state to down SerialO/2, changed state to down SerialO(3, changed state to down protocol on Interface~thernetO/O,
~~:~ge~ changed *Mar 1 changed *Mar 1 changed *Mar 1 changed *Mar 1 *Mar 1
~;~;~: ~~. ~~2: I%LINEPROTO-S-UPDOWN: Line protocol on Inter;ftfe SerialO/O, state to down I / 00:00:22.592: I%LINEPROTO-5-UPDOWN: Line protocol on Inp! state to down / 00:00:22.596: %LINEPROTO-5-UPDOWN: Line protocol o~Interface SerialO/2, state to down ~ 00:00:22.596: %LINEPROTO-S-UPDOWN: Line protocoXCln Interface SerialO/3, state to down / '~ 00:00:22.980: %SYS-5-CONFIG I: Configured fro~~memory by console 00; 00: 24,811: %LINK-S-CHANGED: Interface S;:;~ialOlO, chahged state to
administratively down Interface/ser1.'a,lO/~l' Chang"ed state to *Mar 1 00:00:24.815: %LINK-5-CHANGED: ' 11 ~ re~ administratively down '\ " ~ -, *Mar 1 00:00:24.815: %LINK-5-CHANGED: Interface SerialO/2, changed state to administratively down /' .. " *Mar 1 00: 00: 24.815: %LINK-5-CHANGED :/rnterface .SerialOl$, changed state to administratively down, *Mar 1 00:00:27.600: %SYS-5-RESTART:'Systemrestarted -Cisco Internetwork OP'Tr<lting Sy~ern Software, 105 (trn) C2600 SoftwaJ;e (C2 60071!.DVSECURITY,K9-M), Lon 12.3 (20), RELEASE SOFTWARE vers (fc2) I " Technical support: http://w w.ci.{co.com/techsupp()rt Copyright (c) 1986-2096 bi cisco Sy.stems, Inc. ' Compiled Tue 08-Aug-06 20:50 by kesnyder
:~~~ s!a~~: 00: 27. 6~4: %SNMP,-~~DSTP(l\Z~'SNMP'
agent
on host Router
is undergoing EthernetO/O,
*Mar 1 00: 00: 28. 606: %LINEPRQTO-'~-UPDOWN.:._ Line protocol changed state to "
/
on Interface
f.
After booting" process, is f~nish~d, displays on the Hyper~ermirial. Rout~r> ,NOTE: '
press
ENTER
key from
keyboard.
The
command
prompt
"I
'
This is" the default mode of a router and is called user exec mode. You can't write':'or add to a configuration in this mode, but you can run quite a few show comman'ds, ,Th~s is a good mode to have users in (who need to see the ",confi,guration,l but shouldn't be allowed to change it) .
,_/
CCNA
Practical
Guide
All
rights
are reserved
with Lattice
Studies/Corvit
Systems.
LA'TDCE
STUDIES
-7-
Exercise No. 2
ROUTER MODES
Router> enable NOTE: This command allows you to enter io', p.ivile.ed exl, mode/enable mode, where you can have more options for show and other commands. The next prompt looks like this:
Router#
Router# configure terminal Enter configuration commands, NOTE:
one per line.
End with CNTL/Z. can
This command allows you to enter into global configuration mode, where you configure a range of commands. The prompt for this cdmmand looks like this:
Router (config)II
Router(config)# exit *Mar 1 00:34:42.593: Router# exit Router>
%SYS-5-CONFIG
I: Configured
from console
by console
Exercise NO.3
CHANGING HOSTNAME
To specify or modify the host name for the router, global COnfigUraJion command HOSTNAME is used. Hostname is case sensitive. The host name is used in promptk and default configuration filenames. The factory-assigned default host name is router. Router> enable Router# configure terminal Router(config)# hostname CORVIT CORVIT(config)# exit CORVIT#
Exercise No.4
CONFIGURING DATE & TIME

The system clock runs from the moment the system starts up and keJps track of the current date and time based on Coordinated Universal Time (UTC) , also known as Greenwich Mean Time (GMT). The system clock can be set from a number of sources, and in turn can be used to distribute the current time through various mechanisms to other systems. To manua ly set the system clock, use one of the formats of the clock set EXEC command.
CORVIT# clock set ? hh:mm:ss Current Time NOTE: ? Allows you to see the format of complete command.
CORVIT# clock set 12:15:25 % Incomplete command. CORVIT# <1-31> MONTH clock set 12:15:25 Day of the month Month of the year
?
CORVIT# clock set 12:15:25 MONTH Month of the year CORVIT# clock set Year set 12:15:25
17?
17 March?
<1993-2035>
CORVIT# clock
12:15:25
17 March
2010 All rights are reserved with Lattice Studies/Corvit

I
Systems.
"__.~--.
STUDIES
LATnc£'
-8-
VERIFICATION
CORVIT# show clock 12:16:56.441 UTC Wed Mar 17 2010
Exercise No.5
SETTING A BANNER
:::::::::::"oooooot, co ne N"II
t
the MOTD ter,
(Message of the Day) banner
appears before
the
CORVIT# configure terminal CORVIT(config)# banner motd # WELCOME TO CORVIT it CORVIT(config)# exit I CORVITit I NOTE:
it is a delimitingl character. You can use any claracter.
It is used before starting and ending of a message.
VERIFICATION
CORVIT# exit CORVIT conO is now available Press RETURN to get started. [Press ENTER key from keyboard]
WELCOME TO CORVIT CORVIT>
Exercise No. 6
DISPLAYING RUNNING-CONFIGURATION
CORVIT> enable CORVIT# show running-config Building configuration ... Current configuration Last configuration : 810 bytes change at J2:17:42 UTC wed Mar 17 2010 at ]z:17:43 UTC Wed Mar 17 2010
! NVRAM config last updated
!ersion 12. I service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption
!
hostname CORVIT boot-start-ma:rke:r boot-end-ma:rker no aaa new-model ip subnet-ze:ro ip cef
ip audit po max-events 100 ceNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems.
t.ArnCE STUDIES
interface EthernetO/O no ip address half-duplex interface SerialO/O no ip address shutdown interface SerialO/l no ip address shutdown ip classless ip http server no ip http secure-server
-9-
line con 0 line aux 0 line vty 0 4 no login
end
Exercise No. 7
LINE CONSOLE PASSWORD

The router has a number of ports that allow access to the router, on each of these ports you can specify passwords to provide a layer of security to the router. I There is also the option of disabling login password checking to any of the ports by entering the comrnand to get to the Router(config-line)f section of the port and entering the no login command. The console port is on the back of the router and is used to direclFlY connect a console to the router for configuring the router. This port should allow logins with passwords if the router is physically secured. The port should be disabled if it is not regulatly used or the router is not securable. To specify a password on a line, use the password line configuration command. The first character cannot be a number. The string can contain any alphanumeric characters, including spaces, up to 80 characters. Console password is needed when logging into router at user EXEC mode from console.
I
CORVIT> enable CORVITf configure terminal CORVIT(config)* line console CORVIT(config-line)* password CORVIT(config-line)* login
0
corvit123
NOTE:
LOGIN
command end
is used for checking
enable
password.
CORVIT(config-line)* CORVIT#
VERIFICATION
CORVIT# CORVIT exit conO is now available
Press RETURN to get started. WELCOME TO CORVIT
All rights are reserved with Lattice Studies/Corvit
Systems.
STUDIES
..Arne.:
-10-
User Access Verification Password: corvit123 CORVIT> enable NOTE: If you type a wrong password, user exec mode. I lOS of the device does not allow you to enter into
Exercise No. 8
LINE VTY / TELNET PASSWORD

Virtual terminal lines (vty) arelused to allow remote access to the router (by telnet through its interfaces). The router has variable virtual terminal lines depending upon the model of the router. I CORVIT# configure terminal CORVIT(config)# line vty 0 4 CORVIT(config-line)# password corvit456 CORVIT(config-line)# login CORVIT(config-line)# exit CORVIT(config)# exit CORVIT#
I
VERIFICATION
Before going through verificatioJ
I I
process, see Exercise No. 35 (How to telnet a router?) .

I
Exercise No. 9
AUXILIARY LINE PASSWORD

The auxiliary port is on the badk of the router and is commonly used to connect a modem to. If a modem is used to allow a remote uset access to the configuration of the router. connected to the port, it Should1definitely have a password specified for it. CORVIT# configure terminal CORVIT(config)# line aux 0 CORVIT(config-line)# password CORVIT(config-line)# login CORVIT(config-line)# exit CORVIT(config)# exit CORVIT# It is
corvit786
Exercise No. 10
PASSWORD FOR PRIVILEGED MODE

To set a local password to conthol access to various privilege levels, use the enable password global configuration command. An enable password is defined as follows:
o
D D
It must contain uppercase and lowercase alphanumeric characters from 1 to 25. Must not have a number as the first character. Can have leading spaces, but they are ignored. However, intermediate and trailing spaces are recognized.
CORVIT# configure terminal CORVIT(config)# enable password CORVIT(config)# exit CORVIT#
corvit222
All rights are reserved with Lattice Studies!CorvitSystems.
LATllCeSTUDIES
VERIFICATION
CORVIn CORVIT ex lt conO is now available
-11-
R.acbiD~ tlll.d to
Illd
CORVIT# show running-co~fig Building configuration ... Current configuration 12.3 timestamps timestamps : 1062 bytes
Press RETURN
to get started.
version service service
debug datetime msec log datetime msec
WELCOME
TO CORVIT Verification
~o service
password_enC1lyption
User Access Password: CORVIT>
corvit123
hostname CORVIT ! boot-start-marker boot-end-marker
CORVIT> enable Password: corvit222 CORVIT#

/
/
Exercise No. 11
SECRET (ENCRYPTED) PASSWORD FOR PRIVILEGED MODE

/~' / I .
-J
The enable secret password is the password~' encrypted ':form-arid is used to gain adcE;~s to enable mode and to the global configuration mode 0 t~e\ router ~-;'he enable password is, used .when you do not specify an enable secret password./ e ~le pas~w~d should be different fI:oll(the,enable secret password. CORVIT# configure terminal /.;.. CORVIT(config)# enabl~ secret/orvit333 CORVIT (config)# exit ._ <, CORVIT#· . " ~ ,,/
,~
->///
/ '_
" ..
/'~
, -,'V /
'.
-,
~,
VERIFICATION
CORVIT# CORVIT exit conO is<~a~ to get~~rted. CORVIT# Building
'.,
"
show \un'r;,ing-c~~fig config~ration.l. , ./
Press RETURN
~"no WELCOME TO CORVIT Verification
Current con,figuration : 1062 bytes ! -, version 12.3 ,/ service timestamps debug date time msec service timestamps log datetime msec service password-enctyption !~, / ho stsname CORVIT -, ! 'boot-start -marker 'boot-end-marker
User Access Password: CORVIT>
corvit123
/-
/1
!nable
secret
5 $1$4bY/§kF. HISbbN662d9bHOYksOOI
CORVIT> enable Password: corvit333 CORVIn
::·:::t::::::::::::::t:1'om,tt.d
I
__
Exercise No. 12
REMOVING LINE CONSOLE PASSWORD

CORVIT> enable CORVIT# configure terminal CORVIT{config)# line console CORVIT(config-line)# no login
CCNAPractical Guide
o
All rights are reserved wilth Lattice Studies/Corvit Systems.
'-Arne.:
STUDIES
-12I
CORVIT(config-line)# CORVIT(config-line)# CORVIT#
no password end
Exercise No. 13
REMOVING LINE VTY / TELNET PASSWORD

CORVIT> enable CORVIT# configure terminal CORVIT(config)# line vty 04 CORVIT(config-line)# no login CORVIT(config-line)# no password CORVIT(config-line)# end CORVIT#
I I
Exercise No. 14
REMOVING AUXILIARY LINE PASSWORD

CORVIT# configure terminal CORVIT(config)# line aux 0 CORVIT(config-!ine)# no login CORVIT(config-line)# no password CORVIT{config-line)# exit CORVIT(config)# exit CORVIT#
Exercise No. 15
REMOVING PASSWORD FOR PRIVILEGED EXEC MODE

CORVIT> enable CORVIT# configure terminal CORVIT(config)# no enable CORVIT(config)# exit CORVIT#
password
Exercise No. 16
REMOVING SECRET PASSWORD

CORVIT> enable CORVIT# configure terminal CORVIT(config)# no enable CORVIT(config)# exit CORVITIl'
secret
Exercise No. 17
CHECKING SYSTEM FLASH

CORVI~#show
flash
System flash directory: File Length Name/status 1 12163484 ccna 2 690 redirect. out 3 690 r.outer [deleted] 4 690 routeru [12165816 bytes used, 4087108 available, 16252924 total] 16384K bytes of processor board System flash (Read/Write)
I
ceNA Practical Guide
Systems.
LATliCE
STUDIES
-13-
Exercise No. 18
lOS VERSION & CONFIGURATION REGISTER'S VALUE

The 16-bit configuration register can be used to change router behaviar in several ways, such as:
I
o o o
o
D
Haw the rauter boats (into.ROMmon, NetBaat)? Where the lOS image? Optians while baoting (ignare canfiguration, disable baot messages) Cans ale speed (baud rate far a terminal emulatian session) How to deal with the NVRAM canfiguratian Enabling ar disabling break functian
The factory-default setting for the configuratian register is Ox21'02. Thi-s indicates that the router shauld attempt to. laad a Cisco. lOS saftware image from Flash! memo)"y and laad the startup configuratian with a cansale speed of 9600 baud. If the rauter finds" a valid lOS image, it searches for a valid canfiguration file. If yaur router daes not find ~valid system image, or if its configuratian file is corrupted at startup, and the configuratiob \~9ister'(bit 13} is set to enter ROM monitor mode, the system will bypass the NVRAM setti7,~nd 'enters ROM mon i.t or made. This also allow access to. the rauter in the event a password is Ib~ The confd.qur at.Lcn file, saved in NVRAM, is laaded into. main memary and executed one lirte a~ a ~me. These canfiguratian cammands sta~t routing processes, supply addresses for intery,{ces~nd se~edia characteristics. If no canfiguratian file exists in NVRAM, the operating sy;>fem executes a questian-driven initial canfiguratian routine called the' system canfiguratian dialog. This )~Cial 'made is also called the Setup mode. ~
CONFIGURATION
CONFIGURATION REGISTER SETTING Ox102 Ox1202
REGISTER VALUES AND THEIR/FUNCTIONS
· ·
0
BEHAVIOR OF THE ,ROUTER"

/
Ignares br% 9600 canso
'- -, bau~
",
'"
1200 baud<rate
V
'_
--
Ox2101
· · · .',
0
Boots into.ba'?tstrap~, Ignores-break" , -, B~-ots into ~OM if initi~boat fails,

/
96,00 cansale baud rate Ignpres break ,I Boots-into/ROM if initial boot , fails 96.00 console, baud rate default value- fori'iIast platforms
/ I
',-
0'
Ox2102
.>
1"""'/
Ox21;W
-,
"
·
"
0,
Boats into ROMmon 19200 cansole speed Ignores break Baots into ROM if initial boot fails 19200 cansale baud rate NetBoot Ignores break Boots into ROM if initial boot fails 19200 console speed Ignores break Boots into ROM if initial boat fails 9600 console baud rate Ignares the contents of NonValatile RAM (NVRAM) (ignores configuration)
-,
Ox2122
,
,
--
,"
Ox2124
· · · ·
·
· · ·
Ox2142
· ·
CCNA
Practical
Guide
All rights
are reserved
witJ
Lattice
Studies/Corvit
Systems.
"Arr~ceSTUDIES
-14-
RllcMnllau.d
10 Illd.
Ox290Z
OxZ922
· · · · · ·
·
Ignores break Bootslinto ROM if initial boot fails 4800 console baud rate Ignor~S break Boots I into ROM if initial boot fails: 38400!console baud rate Ignores break Boots into ROM if initial boot fails 57600 console baud rate Ignorks break Bootsl into ROM if initial boot fails 2400 console baud rate Ignor~s break Bootsl into ROM if initial boot fails 11520P console baud rate
I I
Ox3122
Ox390Z
· ·
Ox39Z2
· · ·
CHECKING lOS
CORVIT# show
VERSION
AND CONFIG REGISTER
cisco Internetwork Operating Sys em Software lOS (tm) C2600 Software (C2600-ADVSECURITYK9-M), IVersion 1Z. 3 (20JI,RELEASE SOFTW ARE (fc2J I Technical Support: http://www.cikco.com/techsupport Copyright (c) 1986-Z006 by cisco! Systems, Inc. Compiled Tue 08-Aug-06 20:50 by Fesnyder Image text-base: Ox80008098, data-base: ox813553A8 ROM: System Bootstrap, Version ll.3(2)XA4, RELEASE SOFTWARE (fc1) ROM: C2600 Software (C260o-ADVSECURITYK9-M), Version 1Z.3(ZO), RELEASE SOFTWARE (fcZJ I CORVIT System System System uptime is 1 hour, 4 minutes returned to ROM by power-bn restarted at 11:59:28 UTC! Wed Mar 17 2010 image file is IIflash:ccnal"
version
l
I
VALUE
This product contains cryptographic features and is subject to United States and local country laws gorerning import, export, transfer and use. Delivery of cisco cryptographic products does not imply third-party authority to import, I export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with u.S. and local cbuntry laws. By using this product you agree to comply with applicable Ilaws and regulations. If you are unable to comply with u.S. and local la~s, return this product immediately. A summary of U. S. laws gOVernin91 Cisco cryptographic products may be found at: http://www.Cisco.com/wwl/export/icrypto/tool/stqrg .html ~iSCO 2610 (MPC86o) processor (r!evision ox203) with 6144oK/4096K bytes of memo ry Processor board 10 JAo050207GY (13269948344 J M86a processor: part number 0, mask 49 Bridging software. I x.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface~s) 4 Serial (sync/asyncJ network in~erface(sJ 32K bytes of non-volatile confiduration memory. 16384K bytes of processor board Isystem flash (Read/WriteJ IConfiguration register is ax21a~1
I
Systems.
LATnCS'
STUDIES
-15-
Exercise No. 19
CHECKING ROUTER INTERFACES AND IP ADDRESSES

CORVIT# show ip interface brief IP-Address unassigned unassigned unassigned unassigned unassigned OK? YES YES YES YES YES Method unset unset unset unset unset Status administrative~y administratively Protocol down down down down down By default, all
Interface EthernetO/O SerialO/O SerialO/l SerialO/2 SerialO/3 NOTE:
down down down administ.ra.tiv.e:lY administrative y down administrative y down and one ethernet state. I
I
This router has four serial interfaces interfaces of a router are in shutdown
interface.
Exercise No. 20
ASSIGNING IP ADDRESS TO AN INTERFACE

CORVIT# config terminal CORVIT(config)# interface Ethernet 0/0 CORVIT(config-if)# ip address 10.1.1.2 CORVIT(config-if)# exit
255.0.0.0
CORVIT(config)# interface serial 0/0 CORVIT(config-if)# ip address 150.137.116.22 CORVIT(config-if)# end CORVIT#
255.255.0.0
VERIFICATION
CORVIT# show ip interface brief IP-Address 10.1.1.2 150.137.116.22 unassigned unassigned unassigned OK? YES YES YES YES YES Method manual manual unset unset unset Status administrativelr administrativelr administratively administrativel'y administrativelr Protocol down down down down down
Interface EthernetO/O SerialO/O SerialO/1 SerialO/2 SerialO/3
down down down down down
Exercise No. 21
ENABLING AN INTERFACE
CORVIT# con fig terminal CORVIT(config)# interface serial CORVIT(config-if)# no shutdown CORVIT(config-if)# end CORVIT# 0/0
VERIFICATION
CORVIT# show ip interface brief IP-Address 10.1.1.2 150.137.116.22 unassigned unassigned unassigned OK? YES YES YES YES YES Method manual manual unset unset unset Status administratively
I
Interf~ce EthernetO/O SerialO/O SerialO/l SerialO/2 SerialO/3
G:lEl
administratively administratively administratively
Protocol down down down down down down down down down
Studies/corvit
Systems.
STUDIES
LATTiCe-
-16-
Exercise No. 22
ADMINISTRATIVELY
SHUTTING DOWN AN INTERFACE
In some cases, you want an intelface to be down for administrative reasons, but you do not want to have to un-configure it or pJII out the cable to keep the interface from being up and up. To bring down an interface for adm~nistrative reasons and, as a side effect, remove the connected route from the routing table, you can use the shutdown interface subcommand. An interface may be correctly configured and phYSicJlly connected, yet be "administratively down." In this state it , will not function.
.::/-c.!
W~, ~t,::.. (9,05 § Rowr~V rJ.H>kC'~ _"" ~ + o ~-. /'

,
bi1!h
(.lJYL c.0}121g!.m'd:)!~ .
#it~ t'S .4d:I)~
CORVIT# config terminal I CORVIT (config) # interface seriail.% CORVIT (config-if) # shutdown I CORVIT(config-if)# end CORVIT#
Ct.!'. VC.l..,
&e..~
bf'lMOWlf4:
u fi
\..Of/(w.:r.: c» cJw4mtlli kpb£ 4:J ~

I~ '( 16
{)
('1
o~<l.
l<f)? f2_!
~
r,0
flfJ.
,y
A,~i"ll~?'-, " r,
<..)
GC{!o.vI\)D
iN
f<~AO IRf'rEPc. .. ;.[

~itff.:k_
(p(J!wCt,
C~K:
f!.of){)
W,'LL
VERIFICATION
, ~t
"BfWD
I;/f'fJ! .ft'
(r.li\!L
CORVITII show Interface EthernetO!O SerialO/O SerialO/1 SerialO/2 SerialO/3
ip
interface
brirf IP-Acjdress 10.1'11.2 150.1137.116.22 unassigned unass1igned unaSSiigned OK? YES YES YES YES YES
t!fkde RCl...~:2 b r66 C> ,~ ~.rd!i o,lf.-- t4~N'lo\d'
0/1 ~~
G t~\
fPI(W£,.
Method Status manual administratively manual ladministratively unset administratively unset administratively unset administratively
Protocol down down downjdown down down down down down down
CORVIT#
show
interface
serial
0/0
SerialO/O is ladministratively dqwn,1 line protocol is down Hardware is PowerQUICC Serial I Internet address is 150.137.1]6.22/16 MTU 1500 bytes, BW 1544 Kbit, IDLY 20000 usec, reliability 255/255, txload 1/255, rx10ad 1/255
I
Exercise No. 23
SETTING CLOCK RATE ON ROUTER'S SERIAL INTERFACE

CORVIT# config terminal CORVIT(config)# interface CORVIT(config-if)# clock CORVIT(config-if)* end CORVIT# NOTE:
rate
,ecit
0/0
64000
To use back-to-bJck WAN connection, one router must supply the clocking. The clock rate command set~ the rate in bits per second on the router that has the DCE cable plugged into it.1 If no cable has been plugged in, the lOS accepts the command. If a DTE cable has been plugged in, lOS rejects the command. If you do not know which router has the DCE cable in it, you can find out by using the show controllers command, as showA below. Also notice the Ibandwidth 64 command on serial 0/0. The bandwidth command tells lOS the speed of the link in kilobits per second, regardless of whether the router is supplying clc;cking. The bandwidth setting does not change anything that the router does at r,ayer 1; instead this setting is used by lOS software for other purposes. For example, IGRP and EIGRP both use bandwidth to calculate a metric for routing protocols; they use the bandwidth setting on the inter-faces.
Systems.
'-Arne&'"
STUDIES
-17-
CORVIT
:J:t'i,,"~bll1-'iT ODd
til
"'lid
VERIFICATION
CORVIT# show cont~olle~sse~ial 0/0
Interface SerialO/O Hardware is PowerQUICC MPC860 IDeE V.35, clock rate 640001 idb at Ox820CE638, driver data structure at Ox820D640C sec Registers: , General [GSMRj=Ox2:0x00000030, Protocol-specific [PSMR]=Ox8 Events [SeCE]=OxOOOO, Mask [SeeM]=OxOOlF, Status [SeCS]=oxOO Transmit on Demand [TODRj=OxO, Data Sync [DSR]=Ox7E7E -- rest of the output is omitted --
Exercise No. 24
SAVING RUNNING-CONFIGURATION
METHOD-l
eORVIT# copy running-con fig startup-config
TO NVRAM
Destination filename [startup-config]? Building configuration ... [OK] CORVIT#
METHOD-2
eORVIT# Building [OK] eORVIT# write memory ...
configuration
Exercise No. 25
SAVING RUNNING-CONFIGURATION
TO TFTP SERVER
192.168.1.101
EthemetOIO
192.168.1.100 TFTPServer
BASIC CONFIGURATION
OF ROUTER
eORVIT# config terminal CORVIT(config)# interface Ethernet 0/0 CORVIT(config-if)# ip address 192.168.1.100 CORVIT(config-if)# no shutdown eORVIT(config-if)# exit
255.255.255.0
CCNA
Practical
Guide
All rights
are reserved
wi
Lattice
Studies/Carvit
Systems.
t.A'TllCG'"
STUDIES
-18-
F1.achill"
.. ad
to
111.';\
INSTALLING
To download
TFTP
(TRIVIAL FILE TRANSFER

I
PROTOCOL)
SERVER
this software visit
wlw. latticestudies. com
I '\',lllIftp,_1'1i1
IP
\p~ 1/"1
4 10
r;] f
i\"~1J1-I
UC:l!:n •• ~ot
Yw must.DIJDd
with l.tJ!: .!iclllnjljlll
...,..~
beIQIrIf
to pecceed,
"""""vent.[e)TFTPS"""""an:Ioh1 5l"1..... ...... ndow. Cow9lI =·2007 T

AIAist!.A_ lJcen<.Ag<_
Ltd
•
IX,
JiIII
~-;_'-m..oi c.. oMl> reodtho

bel ... ~ tho ,oil ......
l,bMg t""" on$~", By uoilg 1M _ ... you
roc ... thot youIICcopltho

SoILWalDi::ense
pr.""" ~ .. _..",",..I
--Tho_
_~_l.~h'"
on$ ~
• ...:t~_tionyou"',.OCQ ~.l'OU IMJI reoeiv<O (cole<me!1 ,... ,...:-'-L ,~.•.~ __ :"L___ ~___.'
!l.+ ....
',011"",.', ... .. ed
___•..:......
gJ
01jlCtejlt
_lnstaIotIan_(R)
0120
tho Iic""" not 0<Cept tho
Iicense.10'<~
~;d;:J
I
I
I~
CCNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems.
LArnCE STUDIES
IJ 1'/inAgent< TrTP Server 1.1.0. ~27 Setup
~
-19-
~I
'__
_Sd_~_~_'_::_:=?_InsI:_Tl'P" ~type._~~
0t.amplete
__ ~".
'_J_'
~:
g' g'
AI applcotionfoo«.ro, ..abo ""'_. r.ecorrme:nded for f.or most users.
TIis"""",,~
cCQ_tom
"~&l:' ~D
s·
U.. tN, Optloo to ebccse _ lnotoled lind ........ they "bo i!ldY4I'I(ifdusers:.
;"t_.
appkotlon feo«.r es voo "lint Re,001I1lOI1ded fOf
WI,.ln"'oIotIonW"~
.. d (R) --------------.------
<~
Ii (feXt-,-l ~
f.=...'
-----
I.;' Wi.Agent.
TF1P Server 1.1.0.527 Setup
iRl
Window, FltewaU Soto.,p WIndow, Flrowon.
• Commun".tlons • Commun".tlons
_ _
WnAgent, TFTl' SoNIc. ~~ ~
be .. _
TFTPserverMonollerl<ilbe_d
port
• lnc<ll"OOQ ,00"t>0<tl0m
tlYouoh 6~ LtlP
(for trOll5lTllS5lons)'"
port
be wi!
oIo~ed
/ /
.lIlcooMlQ ,00"t>0<tl0m tIJ-Ot41I2000 If you.are oshQ ottx!r r.rl!!wail, ~ for)'CUl" few ...
TCP
(fOf ._.tlon)
be.oIii_
nmt setup. it maooally.
PiNSe- refer to doa:roentation
Ready to Instal the
Application
O"kNoxt to bogn Inst.IIo.lon.
-.
/
the_d.
Cldthe
flad;,
button to reenter the ilstlllMion itformlxlli
or dd<.Clncei to uit
Wl<e1Ml;_W~
...d(R) -------~------
CCNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems.
'"Arne£"
STUDIES 1'$VIi"~&n"l.TfW Snrve, '1.1 .0 S21 S~lup
Updotlng System Tho f ••
tu" .. )'C"
-20-
!;_I
selected or. currentt,o bei>;l retol.d.
Connect to TfW Server

Connect to
Ixl
® .!.ocal server
OftemoteseNer:
~==:;--I_;.......c....I
::
.v
Eort 112000 Authentication
® Connect
as current Windows CIedentials
user
o Use &ustom
!J~ername: Pas~.l!Yord: Domain:
I
.
~======+==~
OK
F======~:
JI
Cancel want to sl!!lt
I
.
o .s_M'e login inlolnlalion lex further use

Help
WinAgenls TFTP Server Mdlldger
&
CCNA
TFT!' Service Is not llIIlI1ing. Do you
TFTP Service?
Practical
Guide
All
rights
are reserved
with Lattice
Studies/Corvit
Systems.
LArnCf" STUDIES
ASSIGNING IP ADDRESS TFTP SERVER
a. b. c.
-21-
Attach a cross cable between a router and TFTP Server. Click on Start' Setting' Network Connections' Local Area Connection Click on Properties button.
Ii.... ISupport I ,at
c~::~ r
Speed:
Connecled
l_~~__.. _
I
I
1.
00:09:50 10.0Mbpo
AttMty
'mP4Ckel~ 55
.. _.
tlI
~ ... _ ... __ . __ .
'--I
0
..
d.
Select
Internet
Protocol Properttes
(TCP/IP) and click on Properties
button.
~ Local Areil Connection
?I/x
General I ALthontioolion II Adv...-.ced
I_
Conned",ing: IrXeI(RI B2$60C Gigabit Network Co
II
~!l'Ze.
..
Tlis Cll~
use~ the following items:

!m!i'
1":'"
21 -V- Ciooom.covel!' l1~ocoI Pock.t Driver 21 -V- Network Monitor Driver 21 -V-Irternel I1oIocoI (TCPIlp]
,----,I",ntt..ll=;:.,.'
_-JI l
Unin,lalt ... --.---~ :
(Description-~----'_--~-n_~_
l s~ o
Tr.."""i.,ion
!CIOS~ divelse ---.-.-.-- ..
Control l1otocd11_ Pr~oool The deI.utt w-Id.area network Plotocol ~ provides com......-ication
fter<::onnected nel~ -----~-.-~- ~~--~-~------~--) ..
i
!
o Netly me when tIis corneclioo
icon in rotification
v.t.en o:mitCIed
ho, rried
Dr
no conncctiyj!)l
OK
II
Coneel
Systems.
LAf'ncS" STUDIES
e. Select the values as shown below
-22window and press OK button.
oQbt>in.n IP oddr."
...tomoijc~
O Uieth. lollowi1gIP ~ •• ~ IP odd!.,~ [

S~boeI; ... "" llofdgol'"""l'
..
---;====j=:::::;---I
_-
---------~~~
~,_._-_ _._
..
ftoioIfedDIlS_r.
~.mote ONS •• "'"'
SAVING RUNNING-CONFIG
CORVIT# copy Address running-config
TO
tftp host
1I
or name of remote filename copied in
[]?
192.16B.}:i-Ol Sh/81/ \
~~stination 680 bytes
[corvit-coffg]? 3.490 secs
the TFTP
(195 bytreS/S~/
OORV,," NOTE,
'''er
; ~rver
fin"hing"QPY'~" _,/
,
Window.
<;
i
yo;;:~;-:~e'
-,
a
file
named "shakeel"
in
TFTP Server
1:1- Winf,r,ents IF TP Server Millt~ger
tocothost
"
1:- Ifllrx_
Ble
~cit ltIew
tlel:>
!f/ ~ --~ iwwLFolder:I\/

..a~_//
,
~lilfiYl~
I
~
I~
SiZe
<.
.. I'
---------.-
"ishakeeJ
<
~&
I Type
Ala-
IKB
-_.
I o..te Modfied
3/18/2010 1:01 PM
--
.... _-
TJ..,.feJ~
IServer Logl
I
I
••••
r ••••••••••••
.........
, ...........
Slall time 6 I cient AddJ&~ Filet 13I18J20101:01:44 PM !192.1S9.1.1Otlsi-lakeel
I Mod~ Sile loc:lell680
I Traooen,' Blocks~ Timoot.l Slalu;lOesaiption 1~ IFile Uploaded to setvt!l suc:cestfuI}I. 1512 15 1680
® Comected to Ioc"'ost
Tri.!II ode (3Ddays of 30 lefl) m
All rights are reserved with Lattice Studies!Corvit
Systems.
"Arne&'"
STUDIES
-23-
Exercise No. 26
SAVING STARTUP-CONFIGURATION
CORVIT# copy startup-config tftp:
TO TFTP SERVER
Address or name of remote host []? 192.168.1.101 Destination filename [corvit-confg]? haroon !! 680 bytes copied in 0.044 sees (15455 bytes/sec) CORVITII,
Exercise No. 27
COPYING lOS/IMAGE FROM ROUTER TO TFTP SERVER

CORVIT# copy flash:ecna tftp:
Address or name of remote host []? 192.168.1.101 Destination filename [cena]? cisco IOS-2600 !!!!!!!!!!!!!!! II II II II II II II II II I ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !! ! ! ! ! ! ! ! ! ! ! ! ~ !! !!!!!!!!!!!!!!! ;;~;~;;;;;~;~;~;~;; i" !! !! ! ! ! ! ! ! ! ! ! ! ! ! ! ~ 1 ! ! ! ! ! ~! ! ! •••••••••.•.•.•. !!!! !!!!!!! ! ! ! ! ! ! ~! ! ! ! ! ! ! ~! ! ! ! ! ! ! ! ! ! ! ! ! ! ~i : ii ii i i i : t !! ! ! ! ! ! ! t ! ! ! ! ! ~ !! I r r I I , , I ~ I t I I I t I r r r !!!! !!!!!!! ! ! ! ! ! ! ! ! ! ! ! ! ~! ! ! ! t ! t ! ~! t ! t ! ~! t ! ~ ;;;;;;;;;;;;;;;; i ;; !!!! ! !! !!!! !! t ! t ! t ! t ! t ! t ! t ~ ~ ! ! !! ! !!! !! ! t!!!!!!!!!!!!! t!! u ru u u u ru r !! !! ! ! !! ! ! ! !!!!!!!!!!!!!!!! ! ! ~ ! ! ! ! ! ! 1 ! ! ! ~! ! ~! ! ! ! ! ! ! ! ! ! ! ! ! ! , ~! ! ! ! ! ! ! !! !! !! ! ! ! ! ! ! ! ! ! ! ! ! ! !! I 1I I I I I I I II l I I I l I II! uuununnu! ! ! ! ! ~! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ~ ! !!!!!!!!!!!~!~!~!!!!;!;!;!iii!iiit~!!!!~!~!!! !!!!~!!!r!~!!!!!!!~!~!!!~!~!!!t!~!!!!!~!~!~!r!~!t!t!~!~!~ 12163484 bytes copied in 70.520 secs (172483 bytes/sec)
r r r r r r r r
lllll!I
rr
r r
ii
rr:
i!.:i! i!!!!! i!! j,!!
!!!!!! ~ !!!!!!!
t:t
!~
uuur ir rr rr :
! ! ~! ! !
CORVIT#
NOTE:
CCNA is the image/lOS name that finishing copy process I . you'll server window.
# WinAee'lls
is already loaded in router's flash memory. After see a new file nam~d "cisco-IOS-2600" in TFTP
I
Trw
Server M~"ap.~r Int..,lhosl tle\!l
., :!Lllrxl
; ~erver E~e tdit
1~~
·b.\
~!
y'lew
Vlrtu~
Fold.ml \
-,,-
~li~I~~
I
Size
...
I
...
III'
Name .. hroO<1 : jg)eIsCO·IOS.2600
J~
Type
Date ModfIed 3116(20102:21 PM J116/2010 2:21 PM J116/2010 2:23 PM
II~Mkecl
HB Ale
1KB File 11,879 KB FlI<!
<
..~ ......
Trant1er$ 'Server Logi
.Il 1Cieri Ada ....1Fle Startlime I Model 3118120102:21 :32 PM 192.168.1.101 $hake.1 oct.t 311 81201 0 2:21 :50 PM 192.16B.l.1Ot MID"" octet 311 91201 0 2:22:33 PM 192.168.1.101 cisco·IOS·: octet
•. A
•••••••••••
735
i Tr_1eml Blocks~1~!~aIlJ.1 D6*cription . . ._ 735 512 5 Fie uploaded to ~erver sycC6$$fuUy. 735 512 735 5 r:J!IFie uploaded to sewer syccenfut>. 1216348- 121S3411l 512 5 ~.1 Fie uploaded to server wcceffiullo.
Size
r.aT,
I!:l Comected to lotlllhost
TMI mode (30 days of 30 left)
CCNA
Practical
Guide
All
rights
are reserved
with
Lattice
Studies/Corvit
Systems.
LAf'nCE STUDIES
-24-
Exercise No. 28
REMOVING STARTUP/NVRAM CONFIGURATION FROM ROUTER

CORVIT# write erase will remove all configuration files! Continue? [confirm] Erasing the nvram filesystem [OK] Erase of nvram: complete CORVIT#"
VERIFICATION
CORVITf show
startup-configuraJion is not present
startup-config
Exercise No. 29
advised not to apply this command on a router.
ERASING FLASH MEMORY

NOTE: CCNA candidates are strictly
I
CORVIT* Erasing
erase
flash filesystem wi~l remove all files! Continue? [confirm]
~;::~:;:::~=:::.:~:::::eeeeeeeieeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee,
CORVIT*
I
the flash
VERIFICATION
CORVIT# show flash
System flash directory: No files in System flash I [0 bytes used, 16252924 available, 16252924 total] 16384K bytes of processor bOardlsystem flash (Read/Write)
Exercise No. 30
COPYING lOS/IMAGE FROM TFTP SERVER TO ROUTER

CORVIT# copy tftp:cisco-IOS-2600
I
flash
'Address or name of remote host []? 192.168.1.101 Source filename [cisco-IOS-2600]? Destination filename [ciscO-IOSf2600}? Accessing tftp://192.168.1.101/cisco-IOS-2600 ... Erase flash: before copying? [c6nfirm] Erasing the flash filesystem wiil remove all files! Continue? [confirm] Erasing device ... eeeeeeeeeeeee~eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ee ...erased Erase of flash: complete Loading cisco-IOS-2600 from 192 168.1.101 (via EthernetO/O): !!!!!!!!!!!!!!!!!!! r n u n u n n n u u r u u n n n , !!!!!!!!!!!!!!!!!!!!!!~!!!!!!!!!!!!!~!!!!!!!!!!! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ~! ! ! ! ! ! ! ! ! ! ! !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !! !!!!!!!!!!!!!!!! 1 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ~! ~! ~! [OK - 12163484 bytes] Verifying checksum ... OK 12163484 bytes copied in CORVIT#
106.83!
(Ox2E88) aac s (113852 bytes/sec)
All rights
are reserved
with
Lattice
StudiesfCorvit
Systems.
LA'fllCE
STUDIES
-25-
Exercise No. 31
COPYING STARTUP-CONFIGURATION
CORVIT# copy tftp:haroon startup-eonfig
FROM TFTP SERVER TO ROUTER
Address or name of remote host [192.l68.l.l0l]? Source filename [haroon]? Destination filename [startup-config]? Accessing tftp://192.168.1.101/haroon ... Loading haroon from 192.168.1.101 (via EthernetO/O); [OK - 735 bytes] Smart-init will be enabled upon reload. [OK] 735 bytes copied in 18.627 sees (39 bytes/sec) CORVIT# *Mar 1 00:33;27.005; %SYS-5-CONFIG NV I; tftp;//192.168.1.101/haroon by console-
.onv01ati1. ,to.ag. .0nfigUI .d f.om
Exercise No. 32
CONFIGURING ROUTER INTERFACES

R1 R2
Console Cable (AdmInistrator)
BASIC CONFIGURATION
Router> enable Router# eonfig Router(config)# terminal hostname
OF Rl
Rl
Rl(config)# interface serial I/O R1(config-if)# ip address 185.100.1.1 R1(config-if)# clock rate 64000 Rl (config-if) It encapsulation hdlc 6::: R1(config-if)# no shutdown *Mar 19 12;05:08.783: *Mar 19 12:05:09.799: state to up Rl(config-if)# exit Rl(config)# interface *Mar 19 12:05:13.167; state to up Rl(config-if)# R1(config-if)# NOTE:
255.255.0.0
B~ d..e~
%LINK-3-UPDOWN: Interface Seriall/O, changed s %LINEPROTO-S-UPDOWN: Line protocol on Interface
to up Serial1/0,
changed
loopback
°
Line protocol on Interface LoopbackO, changed 255.0.0.0
%LINEPROTO-5-UPDOWN:
ip address exit
100.1.1.1
Loopback interface is an imaginary/virtual physically does not exist on the router.
interf
ce
and
is
always
up.
It
CCNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems.
LArne&"
STUDIES
-26-
BASIC CONFIGURATION
Router> enable Router* config Router(config)* terminal hostname
OF R2
R2
I
R2 (config) * interface serial 1/0 R2(config-if)* ip address 185.]00.1.2 Rl(config-if)* encapsulation hd]c R2(config-if)# no shutdown I
1
255.255.0.0
*Mar 19 12:05:46.031: *Mar 19 12:05:47.043: state to up
%LINK-3-UPDOWN: Interface Serial1/0, changed state to up %LINEPROTOJI5-UPDOWN: Line protocol on Interface Seriall/O,
changed
I
.2
conf::::::' ::::P'Ul.CiOO ,hol,d b. ,am. on bOch ,ide,. Oth.rwi". lin. p,ococol will
down state.
I
be
in
R2(config)#
interface
loopback 0 %LINEPROTo 5-UPDOWN: 200.1.1.1 I

I I
*Mar 19 12:05:49.055: state to up R2(config-if)# R2(config-if)#
Line protocol on Interface LoopbackO,
changed
ip address exit
255.255.255.0
VERIFICATION
Rl# show
OF DCE/DTE AND CLOCK RATE

serial
controller
1/01
Interface Seria11/0 Hardware M4T I.D"CSV •.35, . 610ckrate 64.,QOOI idb at Ox820CE638, driver data structure at Ox820D640C -- rest of the output is 6mitted R2# show controller serial I/O
I'
Interface Serial1/0 Hardware is M4T Itl'l'E::V;35::1;Xar):c;i:·R}tclQcksdE:i't;eC£~d,; .1 idb at Ox8164140C, driver data structure at Ox816491A8 -- rest of the output is slmTiAtTtEed
VERIFICATION
Rl# show
OF INTERFACE
serial I/O
I
interface
1$:er~al;L'X~0Aii$'?i,uPJ;':!+ii:1'(e,~CP1:;oJi.p.C:6:D"fil:4iJipl Hardware is M4T I Internet address is 185.100.1.1/16 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txloadI1/255, rxload 1/255 Encapsulation HDLC, crc 16, loopback not set Keepalive set (10 sec) I Restart-Delay is 0 sees I
R2# show
interface
serial I/O
I
ISEi#a11/0 •. Js;·iJp(· .• .·.lihe.:prq.f:q¢ol:"i~i1:.\ipl , Hardware is M4T I Internet address is 185.100.1.2/16 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usee, reliability 255/255, tx1oad11/255, rxload 1/255 Encapsulation HDLC, crc 16, loopback not set Keepalive set (10 sec) I Restart-Delay is 0 secs
I
GGNA
Practical
Guide
All
rights
are reserved
with
Lattice
Studies/Gorvit
Systems.
LArneE
STUDIES
-27-
Rl# show
ip
interfaces
brief IP-Address unassigned 185.100.1.1 unassigned unassigned unassigned unassigned unassigned unassigned unassigned 100.1.1.1 OK? YES YES YES YES YES YES YES YES YES YES Method unset manual unset unset unset unset unset unset unset manual Protocol down down up up I administratively down down administrative1ly down down administratively down down I admdn i st.ra t LvelLy down down administratively down down administratively down down administrative~y down down up up Status administratively
Interface FastEthernetO!O Seriall!O Seriall!l Seriall!2 Seriall!3 Ethernet2/0 Ethernet2/l Ethernet2/2 Ethernet2!3 LoopbackO
R2# show
ip
interfaces
brief IP-Address unassigned 185.100.1.2 unassigned unassigned unassigned unassigned unassigned unassigned unassigned 200.1.1.1 OK? YES YES YES YES YES YES YES YES YES YES Method unset manual unset unset unset unset unset unset unset manual Status administrative~y up I administratively administratively administratively administratively administratively administratively administratively up
I
Interface FastEthernetO/O Seriall/O Seriall/l Sedall/2 Serialll3 Ethernet2/0 Ethernet2/l Ethernet2/2 Ethernet2!3 Loopbacko
Protocol down down up down down down down down down down down down down down down down down up
Exercise No. 33
PING & EXTENDED PING

..... Continued Exercise No. 32
Ping is used to test network connections. It can be used to determine if a remote device can be reached across the network. Most ping tools use Internet Control Message Protocol (ICMP). They send request messages to a target network address at periodic inte~vals and measure the time it takes for a response message to arrive. These tools typically support options like
o o o o
How How How The
many times to send requests? large of a request message to send? long to wait for each reply? output of ping varies depending on the tool. that "ping" is an abbreviation
Standard
res ults
1
includes Groper.
It is often believed
for Packet
Interret
The ICMP ECHO REQUEST and ECHO REPLY messages are sent and received by the ping" command. In fact, when people say that they "sent a ping packet", they really mean I that they sent an rCMP Echo Request. The Echo Request simply means that the host to which it is addressed should reply to the packet. The Echo Reply is the ICMP message type that should be psed in the reply. The Echo Request includes some data that can be specified by the ping command; whatever data is sent in the Echo Request is sent back in the Echo Reply.
'I
CODES THAT THE PING

PING CODE ! U N P Q M ?
COMMAND RECEIVES
IN
RESPONSE
TO ITS
I I I I I I I I I I
ICMP ECHO REQUEST
DESCRIPTION .ICMP Echo Reply received Nothing was received before the ping command timed out (Destination) received ICMP Unreachable (Network) received ICMP Unreachable (Port) received ICMP Unreachable ICMP Source Quench received ICMP Can't Fragment Message received Unknown Packet received
.
CCNA Practical Guide All rights are reserved WiJh Lattice Studies(Corvit Systems.
LA'TlIc"e'"
STUDIES
-28-
SIMPLE PING TO AN INTERFACE

R1I ping 185.100.1.2
OF A ROUTER
Type escape sequence to abort. Sending 5, 10o-byte ICMP Echos to 185.100.1.2, timeout is 2 seconds:
! ! ! ~!
Success rate is 100 percent

Rl# ping \ 200.1.1.1
(5/5)" round-trip min/avg/max
24/41/68 ms
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.1.1.1, timeout is 2 seconds: Success rate is 0 percent
NOTE;
(0/5)
In order to reach a remote IP address / network from a local router, the information of that remote network should be listed in the local router from which you are trying to access. For this purpose you need to learn routing protocols. (See Exercise Nos. 36-37, 40-46)
ROUTING
Rli show
TABLE OF ROUTERS Rl & R2

ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area Nl - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-I, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route a - ODR, P - periodic downloaded static route Gateway of last resort is not set C
C
100.0.0.0/8 is directly connected, LoopbackO 185.100.0.0/16 is directly connected, Seriall/O

NOTE:
Network 200.0.0.0 is not listed in the routing table of Router Rl.

route
R2# show
ip
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area Nl - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 El - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-I, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C
C
185.100.0.0/16 is directly connected, Seriall/O 200.0.0.0/24 is directly connected, LoopbackO

NOTE:
Network 100.0.0.0 is not listed in the routing table of Router R2.
CCNA ?ractical Guide
All rights are reserved with Lattice Studies/CorvitSystems.
LATl1CE STUDIES
EXTENDED
Rl# ping
-29-
PING
Protocol [ip]: Target IP address: 185.100.1.2 Repeat count [5]: 10 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Yes Source address or interface: 100.1.1.1 Type of service [0]: Set DF bit in IP header? [noJ: Validate reply data? [no]: Data pattern [OxABCD]: Loose, Strict, Record, Timestamp, Verbose [noneJ : Sweep range of sizes [n]: Type escape sequence to abort. Sending 10, 100-byte ICMP Echos to 185.100.1.2, timeout Packet sent with a source address of 100.1.1.1 Success rate is 0 percent NOTE:
is 2 seconds:
(OlIO)
The PING command sends a packet to the stated destination address. The'TCP/IP software at the destination then replies to the ping packet with a similar packet. The PING command sends the first packet and waits on the response. If a response ,is received, the command displays an exclamation mark (!). If no response is received within the default timeout of 2 seconds, the ping command displays a period sign (.). The lOS command sends five of these packets by default. In this case, router R1 holds the information of network 185.100.0.0 in its routing table to reach destination IP address 185.100.1.2, but, in order to return back from router R2 to IP address 100.1.1.1, router R2 does not have the information of network 100.0.0.0 in its routing table. Therefore, the PING is unsuccessful. Remember that on the way back, the source address (100.1.1.1) converts into destination address and the destination address (185.1.1.2) converts into source address.
Source Address: 185.100.1.2 Destination Address: 100.1.1.1
co ••••••••••••••••••••••••
.................................... ,x
:
R1
Serial 110 185.100.1.1
R2
o
200.1.1.1
01..
Source Address: 100.1.1.1 Destination Address: 165.100.1.2
.,;:.
Systems.
.....
-.
"Arne£'
STUDIES
-30-
Exercise No. 34
CISCO DISCOVERY PROTOCOL
(COP)
Cisco Discovery Protocol (CDP) is primarily used to obtain protocol addresses of neighboring devices and discover the platform of those devices. CDP can also be used to show information about the interfaces your router uses. CDP is media and protocol-independent, and runs on all Cisco-manufactured equipment including routers, bridges, access servers, and switches .
PiVl/Mi., ~ ~~/( d;~~ •~ ~tW..I:t ~/ed.
.fft, ~~
WO'fK.
&V'1{!.""'~
lb
tD
,.
R1
R3
• 11: IM..U.1b ~
-:-.
OF Rl
,
BASIC CONFIGURATION
Router> enable Router# config terminal Router (config) II hostname
Rl
./ ,"', ~) 55,0.0.0
~~~~~su~:~~on 64~~~c .. _,~ -. -. R1 (config-if) # no shutdown / .. R1(config-if)# exit . R1(config)# interface s~rial'1/1 R1(config-if)# ip addre~s 13.1.1.1 Rl(config-if)1I clock ra~e 6iooo Rl(config-if)# encap_sulation hdlc Rl (config-if) IIn"6" shutdown Rl(config-if~#/exit '
--".J
~i~~~~~~~=~~~:
./
Rl(config)1I interface serial I/O Rl(config-if)# ip address 12.1.1.1
255.0.:0.0
"
./
BASIC CONFIGURATION:OF
R2
Router> enable ~ / Router# cont:i~ ter~:Lna'l / Router (config) jk,,~ostname,,/R2 R2(config)# interface serial I/O R2(config-if)# ip address 12.1.1.2 R2(config-if)# no shutdown R2(config-if)# exit R2(config)# interface serial 1/1 R2(config-if)# ip address 23.1.1.2 R2(config-if)# no shutdown R2(config-if)# exit
255.0.0.0
255.0.0.0
\)
BASIC CONFIGURATION
Router> enable Router# config Router(config)# terminal hostname
OF R3
R3
Systems.
I
·----..__.. ~---..._/...-----~_ ...... .''J :
LArnc("
STUDIES
-31-
R3(config)# interface serial 1/0 R3(config-if)# ip address 13.1.1.3 R3(config-if)# no shutdown R3(config-if)# exit R3(config)# interface serial 1/1 R3(config-if)# ip address 23.1.1.3 R3(config-if)# clock rate 64000 R3(config-if)# encapsulation hdlc R3(config-if)# no shutdown R3(config-if)# exit
255.0.0.0
255.0.0.0
CDP COMMANDS
Rl# show cdp
?
entry interface neighbors traffic
I
<cr>
Information for specific neighbor entry CDP interface status and configuration CDP neighbor entries CDP statistics Output modifiers
Rl# show
Capability
cdp
neighbors
R - Router, S - Switch, Local Intrfce T - Trans H - Host, Bridge, B - Source Route I - 1GMP, r - Repeater Capability R R Bridge
Codes:
~ +-----~Se~!tt&?0';'1
R3 Ser 1/1
Device
10
Holdtme 141 ~ 135
·~'~'T<f~~)
,~!" ,",
Platform 7206vXR 72 0 6VXR
Ser 1/0
NOTE:
To understand the above command, first of all see Column No. 2 (Local Intrfce) that is the port of local router (R1), than see Column No.1 (Device ID) that is the router to which the local router is attached, than see Column No. 6 (Port ID) that is the Port ID of Router R2 onto which the local router (R1) is attached. Forth column (Capability) indicates that device R2 is a router and fifth column indicates the model of device R2 (e.g. R2 is a 7206 router). As a whole, we can say that local router R1 is attached through its interface serial 1/0 to the interface serial 1/0 of router R2. Similarly, local router Rl is attached through its interface serial 1/1 to the interface serial 1/0 of router R3.
R2# show
Capability
cdp
neighbors
R - Router, S - Switch, Local Intrfce Ser 1/1 Ser I/O T - Trans Bridge, B - Source Route H - Host, I - IGMP, r - Repeater Holdtme 142 142 Capability
R R
Codes:
Bridge
Device R3 R1
ID
Platform 7206VXR 7206vXR
Port ID Ser 1/1 Ser 1/0
NOTE:
Local router RZ is attached through its interface serial 1/1 to the interface serial 1/1 of router R3 and similarly, local router R2 is attached through its interface serial 1/0 to the interface serial 1/0 of router R1.
R3# show
Capability
cdp
neighbors
R - Router, S - Switch, Local Intrfce Ser 1/1 Ser 1/0
Codes:
T - Trans Bridge, B - Source Route H - Host, I - IGMP, r - Repeater

Holdtme 143 143 Capability R
R
Bridge
Device R2 Rl
ID
Platform 7206vxR 7206VXR
Port 1D Ser 1/1 Ser 1/1
NOTE:
Local router R3 is attached through its interface serial 1/1 to the interface serial 1/1 of router R2 and similarly, local router R3 is attached through its interface serial 1/0 to the interface serial 1/1 of router Rl.
eeNA
Practical Guide
All rights are reserved with Lattice Studies/Corvit Systems.
-_,." ...
~--:.--- ... - ..~
:.._--
.. -
LA'Tl1C6
STUDIES
-32-
RIff show
cdp
interface line protocol is down
FastEthernetO/O is administratively down, Encapsulation ARPA Sending COP packets every 60 seconds
Seria11/2 is administratively -- rest of the output
down, line protocol is omitted --
is down
RIff show
cdp
interface
sedal
1/0
Serial1/0 is up, line protocol is up Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds ~"~"
R1#.h_
cdp
tr.me
/"
s-~
...
,
COP counters ~ ~~ / Total packets output: 12, I~put: 10 Hdr syntax: 0, Chksum e~r6r: a, Encaps i1ed: No memory: 0, Invalid 'packet: 0, Fragmented: a COP version 1 advertisements output: 0; Input: COP version 2 adver.tLsement.s output: 12, Input: NOTE:
..
~-,.,
..
a
10
' Each dev{ce·.configu}e,d ~or COP sends period;ic mess,ag s , known as advertisements, to a mul.t Lce sL addresY(Ol-OO-Oc-cc-cc.,-cC) /coh announ ments are sent by default every 60 seCof}ds on interfaces that suppo r t, Subne'two~k Access Protocol (SNAP).
"
"'"
Each device a¥er't~s at least on(/addr~'is. at w~icil it can receive SNMP messages. advertisements also contain time-to,live, or holdtime, information, which indicates ~the/length of tim. /a/i'e_pei e ving. dev i ce should hold CDP information before ( " discardingf't. Each device also ~istehs \:;0 the periodic COP messages sent by ~thers i9 order to learn~'a out ;retgtibo;,ing devices and determine when their interfaces to the media go u or down. / The
~/
/'"
CDP Version-2 (COPV2{;' the most ;ecen~ release of the protocol, provides more intelligent device t~~{ing fea~ures. These features include a reporting mechanism which allows for,.. mor.? rapid error. tracking, thereby reducing costly downtime.
The informati~n /ccli1fa'i'ne'd COP announcements in varies the version of t'h~ ope ra't i nq system running on it.
by
the
type
of device
and
RIff show OR RIff show
cdp
entry
<
cdp
neighbors
detail
Oevice 10: R2 Entry address (es) : IP address: 12.1,1,2 Platform: Cisco 7206VXR, Capabilities: Router Interface: Serial1/0, Port IO (outgoing port): Holdtime : 142 sec
Seriall/O
Version : Cisco lOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Sun 19-Nov-06 01:10 by prod_reI_team
Version
12.4(ll)T,
CCNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems .
.'
.......
-33advertisement version: 2
Device ID: R3 Entry address (es) : IP address: 13.1.1.3 Platform: Cisco 7206VXR, Capabilities: Router Interface: Serial1/1, Port 10 (outgoing port): Holdtime ! 142 sec
Seria11/0
Version : Cisco lOS so~tware, 7200 Software (C7200-AOVENTERPRISEKg-M), Technical Support: http://www.cisco.com/techsupport Copyright (c) IgS6-2006 by Cisco Systems, Inc. Compiled Sun 19-Nov-06 01:10 by prod_reI_team advertisement
NOTE:
Version
12.4(11)T,
version:
This commands displays detailed information of the devices (e.g. R2 & R3) to which the local device (RI) is attached. If COP commands are not working, enable COP on the desired interfaces of a router. e.g. Rl{config)# interface serial Rl(config-if)# cdp enable Rl(config-if)# end Rl#
I/O
Exercise No. 35
HOW TO TELNET A ROUTER?

..... Continued Telnet, part of the TCP/IP protocol suite, is a virtual terminal protocol connections to remote devices, gather information, and run programs. Exercise No. 34 that allows you to make
After your routers and switches are configured, you can use the Telnet program to reconfigure and/or check up on your routers and switches without using a console cable. You run the Telnet program by typing telnet from any command prompt (DOS or Cisco). You need to have VTY passwords set on the router(s) for this to work (see Exercise No.8).
TELNET TO A DEVICE
R1f te~net Trying 12.1.1.2 ... Open
12.1.1.2
Password required, but none set [Connection to 12.1.1.2 closed by foreign Rlit NOTE:
host]
Remember that the VTY ports on a router are configured as login, meaning have to either set the VTY passwords or use the no login command. Use connection/cable and HyperTerminal to set vty on router R2. R2> enable R2# configure terminal R2(config}# line vty 0 R2(config-line)# password R2(config-line)# login R2(config-line)# end R2#
that we console
*******
Rt# te1net Trying
12.1.1.2 ... Open
12.1.1.2
User Access
Verification All rights are reserved with Lattice Studies/Corvit Systems.
LA 1"11("£
STUDIES
-34-
Password: ******* R2> enable % No password set R2> R2> exit NOTE: Before you completely access a remote device, you must also specify an enable password/secret on that device. Use console connection/cable and HyperTerminal to set enable password on router R2. R2# configure terminal R2(config)# enabl~ password R2(config)# exit
R2#
********
NOTE:
On a Cisco router, you don't need to use the telnet co~an an IP address from a command prompt and the router will telnet to the device. e.g. ~f 12.1.1.2
. /\
\
, you can just type in ssume that you want to
/
~
-,
~'~
R1f 12.1.1.2 Translating "12.1.1.2" ...domain server (255.255.255.255) (255.255.255.255)Trying 12.1.1.2 .,. Open User Access verification Password: ******* R2> enable Password: ******** R2# NOTE: R2* exit [Connection to 12.1.1.2 closed ~~.S2~eign host]
Rl#
\.
".'-.
'" ~,
...........
Now you can completely
NOTE:
If you te;t~et f';' a '?o\lteror a s .i tch, you can end the connection by typing exit at any time. But if you want I to keep your connection to a remote device but still l come back " to ?tour origp-nal ,! router console, you can press the Ctrl+Shift+6 key combination, reie€lse it! and/then press X key .
..
.:
..,.
/.
-.---...,
',
../"
. _,c ..
"..
.,/
./
-,
".
\. ,.,1'"
.• .---"-•~c._. .
R1f 12.1.1.2/
!
Translating "12!1.102" ...·Qoma'in , server (255.255.255.255) (255.255.~55. 25,5) Trying",_, 12.1 1. 2 ... Open
1 • I,
i
.
User Access\.~erificat!:gl/ Password: ****"'1<..* •.---~." R2> enable Password: ******** R211 [Press Ctrl+Shift+6],
.~,"--
-"
"
-,
RH
[Release Ctrl+Shift+6],
[Press
key from keyboard]
Rlf show sessions OR R1f where Conn Host
Address
12.1.1.2
Byte
1 12.1.1.2
Idle Conn Name 1 12.1.1.2 (router R2) is opened. and HyperTerminal to set
NOTE:
This output indicates that your session to host 12.1.1.2 Before you telnet router R3, use console connection/cable vty and enable password on router R3.
CCNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems.
l.ATl1CE STUDIES
R3> enable R3# configure terminal R3(config)# line vty 04 R3{config-line)# line vty 04 R3(config-line)# password ******* R3(config-line)# login R3(config-line)# exit R3(config)# enable password ****** R3(config)# exit R3#
-35-
R1f telnet Trying
13.1.1.3 ... Open
13.1.1.3
User Access
Verification
Password: ******* R3> enable Password: ****** R3#
NOTE:
R3# te1net Trying
After successful router R3. Let's
tel net from router see what happens?
R1
to
router
R3,
tel net
to
router
R2
from,
23.1.1.2 ... Open
23.1.1.2
User Access
Verification
Password: ******* R2> enable Password: ********
R2lI
R2# Rl#
[Press Ctrl+Shift+6],
[Release
Ctrl+Shift+6],
[Press X]
Rl# show
sessions Address 12.1.1.2 13.1.1.3 Byte
Conn Host 1 12.1.1.2
2 13.1.1.3 NOTE:
Idle Conn Name 4 12.1.1.2 1 13.1.1.3
This output indicates that there are two suspended sessions with hosts 12.1.1.2 (router R2) and 13.1.1.3 (router R3). Asterisk (*) next to connection 2 indicates that session 2 was your last session. You can return to your last session by pressing Enter twice. You can also return to any session by typing the number of the connection and preSSing Enter twice.
R1# 1 [Press ENTER OR Rlj resume 1 [Resuming
key)
connection key)
1 to 12.1.1.2
... ]
[Press ENTER
R2# show
users User Host (s) idle idle idle Mode Idle 00:03:20 00:00:00 00:01:00 Idle Location 12.1.1.1 23.1.1.3 Peer Address its console and 2 VTY
Line con 0 2 vty 0 3 vty 1
Interface NOTE;
User
This output shows that router R2 is being accessed through (telnet) users (12.1.1.1/R2 and 23.1.1.3/R3) via telnet.
Systems.
'-Arneli
STUDIES
-36-
R2# exit [Connection to 12.1.1.2 closed by foreign host]
RU
Rl# show sessions Address 13.1.1.3 You can also· close a suspended Byte
Conn Host * 2 13.1.1.3
Idle Conn Name o 13.1.1.3 with the help of disconnect command.
NOTE:
Rl# disconnect Closing
session
2 to 13.1.1.3 [confirm]
connection
Rl# show
sessions open
% No connections
Exercise No. 36
STATIC ROUTE
The purpose of configuring static routes is to add routing consists of individual configuration commands routes to a router's routing table. that define a route· to a router. Static
A router can forward packets only to subnets in its routing table. The router always knows about directly connected routes (routes to subnets off interfaces that have an "up and up" status). By adding static routes, a router can be told how to forward packets to subnets that are not attached to it.
R1
Serial 1/0 12.1.1.1/8 Serial 111 12.1.1.218
R2
Loopback 0 1.1.1.1/8
Loop~ack 0 2.2.2~8
BASIC CONFIGURATION
Router> enable Router# config Router(config)# terminal hostname
OF Rl
Rl
Rl(config)# interface serial I/O R1(config-if)# ip address 12.1.1.1 255.0.0.0 R1(config-if)# clock rate 64000 R1(config-if)# encapsulation hdlc R1 (config-if) IIno shutdown " r;J, o1wa,,'"ll R1(config-if)# exit l ,. 0R1(config)1I interface looPba~ R1(config-if)# ip· address 1.1.1.1 R1(config-if)# exit
[For DCE terminal
only]
rJ)
255.0.0.0
BASIC CONFIGURATION
OF R2
Router> enable Router# config terminal Router(config)# hostname R2 R2(config)# interface serial
1/1
All rights are reserved with Lattice Studies(Corvit Systems.
'"Arne&"
STUDIES R2(config-if)* R2(config-if)* R2(config-if)* R2(config-if)* ip address 12.1.1.2 encapsulation hdlc no shutdown exit 255~0.0.0
-37-
~ RllcbiD.~ ,ul.d to ",no;l
Rl(config)# interface loopback 0 Rl(config-if)# ip address 2.2.2.2 Rl(config-if)# exit
255.0.0.0
ROUTING TABLES OF ROUTER Rl
& R2
R1f show ip rou~e Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area Nl - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 El - OSPF ext.e rna L type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-I, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway C C of last resort is not set
1.o.o.o/B is directly connected, LoopbackO 12.0.0.0/B is directly connected, Seriail/o
R2f show ip rou~e Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, 0 - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type I, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, Ll - IS-IS level-I, L? - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway C C of last resort is not set
2.0.0.0/B is directly connected, LoopbackO 12.0.0.0/B is directly connected, Seriall/l
VERIFICATION
R1f ping 12.1.1.2
Type escape sequence to abort. Sending 5, 100-byte reMP Echos to 12.1.1.1, timeout is 2 seconds: !!!! ! Success rate is 100 percent (5/5), round-trip min/avg/max ~ 56/BO/14B ms
R1f ping
2.2.2.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos Success rate is 0 percent (0/5)
to 2.2.2.2,
timeout
is 2 seconds:
R2# ping
12.1.1.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds: !!!! ! Success rate is 100 percent (SIS), round-trip min/avg/max = 24/4B/BO
ms
All rights are reserved with Lattice studies/Corvit
Systems.
LAT1JCE STUDIES
R2# ping 1.1.1.1
-38-
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos Success rate is 0 percent NOTE: (0/5J
to 1.1.1.1,
timeout
is 2 seconds:
As mentioned earlier that a router can forward packets only to subnets in its routing table. Since networks 12.0.0.0 and 1.0.0.0 are listed in the routing table of router Rl (because these are directly connected networks to router RIJ, therefore, ping to 12.1.1.2 is successful. Network 2.0.0.0 is not directly connected to router R1 and not listed in its routing table; therefore ping to 2.2.2.2 is failed. Similarly, networks 12.0.0.0 and 2.0.0.0 are listed in the routing table of router R2 (because these are directly connected networks to "router R2J, therefore, ping to 12.1.1.1 is successful. Network 1.0.0.0 is not directly connected to router R2 and not listed in its routing table; therefore ping to 1.1.1.1 is failed.
ADDING
STATIC ROUTE ON ROUTER Rl

~ 255.0.0.0 12.1.l.2~
Rl!1 configure terminal 2.0.0.0 Rl(configJ!I ip route Rl(configJ~ exit RlJI NOTE:
~ tfll~6-IE1 tJ'-1~VbtJ('
for
After adding static route for network 2. O. o. 0, all traffic from router R1 network 2.0.0.0 will be forwarded to its next hop 12.1.1.2 (i.e. router R2J.
ROUTING TABLES OF ROUTER Rl & R2

R1# show ip route
(AFTER ADDING
STATIC ROUTE ON ROUTER Rl)
NOTE:
"5" indicates
that 2.0.0.0
is a static
route wh i cn is coming
via 12.1.1. 2
R2# show ip route C C 2.0.0.0/8 is directly connected, LoopbackO 12.0.0.0/8 is directly connected, Seriall/l NOTE: Network 1.0.0.0 is still missing in the routing table of router R2
VERIFICATION
R1# ping 2.2.2.2
Type escape sequence to abort. Sending 5, lOa-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: ! ~! ! ! Success rate is 100 percent (5/5J, round-trip min/avg/max = 28/51/108 R2# ping 1.1.1.1
ms
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos Success rate is 0 percent NOTE: (0/5J
to 1.1.1.1,
timeout
is 2 seconds:
Ping 1.1.1.1 from router R2 is still not successful because network 1.0.0.0 is not listed in the routing table of router R2. So, we have to manually add network 1.0.0.0 in the routing table of router R2.
CCNA
Practical
Guide
All rights
are reserved
with Lattice
Studies/Corvit
Systems.
I.Af'l1C'~
STUDIES
-39-
ADDING
STATIC ROUTE ON ROUTER R2

255.0.0.0 12.1.1.1
R2# configure terminal R2{config)# ip route 1.0.0.0 R2(config)# exit R2#

NOTE:
Above static route is used to inform 1.0.0.0 to its next hop 12.1.1.1.
router
R2 to deliver
all traffic
for network
ROUTING
TABLE OF ROUTER R2
(AFTER ADDING
STATIC ROUTE ON ROUTER R2)
R2# show ip route
Is . ..;1 ;:O"cO"P/~·.[~;/O.].,:.Y::iji,12i.~<i.,,11
C C 2.0.0.0/8 is directly connected, LoopbackO 12.0.0.0/8 is directly connected, Serial111
NOTE:
"S" indicates
that 1. 0.0.0 is a static
route which
is coming
via 12.1.1.1
VERIFICATION
R1# ping 1.1.1.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: !!!! ! Success rate is 100 percent (515), round-trip min/avg/max = 24145/88
ms
Exercise No. 37
STATIC ROUTE
R1 R3
BASIC CONFIGURATION
Same as defined
OF Rl, R2 & R3
No. 34.
in Exercise
ADDITIONAL
CONFIGURATION
OF Rl, R2
&
R3
R1# conf igure terminal R1(config)# interface loopback 0 R1(config-if)# ip address 1.1.1.1 R1(config-if)# end CCNA PracticalGuide
255.0.0.0
LATncS" STUDIES
R2i configure terminal R2(config)* interface loopback 0 R2(config-if)# ip address 2.2.2.2 R2(config-if)# exit
-40-
255,0.0.0
R2# configure terminal R2(config)# interface loopback 0 R2(config-if)# ip address 3.3.3.3 R2(config-if)# exit
255.0.0.0
ROUTING TABLES OF ROUTER Rl,

R1# show ip route
R2 & R3
C C C
1.0.0.0/8 is directly connected, LoopbackO 12.0.0.0/8 is directly connected, Serial1/0 13.0.0.0/8 is directly connected, Serial1/1
R2# show ip route C 2.0.0.0/8 is directly connected, LoopbackO 23.0.0.0/8 is directly connected, Seriall/l 12.0.0.0/8 is directly connected, Seriall/O
C
C
R3# show ip route C C C
3.0.o.0/B is directly
23.0.0.0/8 13.0.0.0/8 is directly is directly
connected, Loopbacko connected, Seriall/l connected, SerialllO
VERIFICATION
R1f ping 12.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds: i r i :! Success rate is 100 percent (5/5), round-trip min/avg/max ~ 24/38/80 ms
Rlf ping 13.1.1.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.1.1.3, timeout is 2 seconds: nu! Success rate is 100 percent (515), round-trip min/avg/max = 24/40/92
ms
Rlf ping 1.1.1.1 Type escape sequence to abort. Sending 5, lOO-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: i rn ! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/40/92
ms
Rlf ping 23.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos Success rate is 0 percent (0/5)
to 23.1.1.2,
timeout
is 2 seconds:
R1f ping 23.1.1.3 Type escape sequence to abort. Sending 5, lOO-byte ICMP Echos Success rate is 0 percent (0/5)
to 23.1.1.3,
timeout
is 2 seconds:
Systems.
LAmC"E
STUDIES
-41-
R1f ping
2.2.2.2
to 2.2.2.2, timeout is 2 seconds:
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos Success rate is 0 percent (0/5)
R1f ping
3.3.3.3
to 3.3.3.3, timeout is 2 seconds:
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos Success rate is 0 percent
NOTE:
(0/5)
Since networks 12.0.0.0, 13.0.0.0 and 1. 0.0.0 are listed in the routing table of router Rl (because these are directly connected networks to router Rl), therefore, ping to 12.1.1.2, 13.1.1.3 and 1.1.1.1 is successful. Networks 23.0.0.0, 2.0.0.0 and 3.0.0.0 are not directly connected to router R1 and not listed in its routing table; therefore ping to 23.1.1.2, 23.1.1.3, 2.2.2.2 and 3.3.3.3 is failed.
ADDING

255.0.0.0 255.0.0.0 255.0.0.0 13.1.1.3 12.1.1.2 13.1.1.3
Rl# configure terminal R1(cOnfig)* ip route 23.0.0.0 Rl(config)~ ip route 2.0.0.0 Rl(config)# ip route 3.0.0.0 R1{config)# exit R1#
NOTE:
Remember that, if we set next hop 13.1.1.3 for the network 2.0.0.0, it will be a longer path between router R1 and network 2.0.0.0. Therefore, setting a next hop 12.1.1.2 for the network 2.0.0.0 is a better path.
ROUTING
TABLES OF ROUTER Rl, R2 & R3
R1f show ip route

C
S S S
C C
1.0.0.0/B is directly connected, LoopbackO 2.0.0.0/8 [ 1/0] via 12.1.1.2 3.0.0.0/8 [1/0] via 13.1.1.3 23.0.0.0/B [1/0] via 13.1.1.3 12.0.0.0/B is directly connected, Seriall/O 13.0.0.0/8 is directly connected, Seriall/i
R2f show ip route C 2.0.0.0/8 is directly connected, LoopbackO 23.0.0.0/8 is directly connected, Seriall/l l2.0.0.0/B is directly connected, Serial1/0
C C
R3f show ip route

C C C 3.0.0.0/B is directly connected, LoopbackO 23.0.0.0/8 is directly connected, Seriall/l 13.0.0.0/B is directly connected, Seriall/0
VERIFICATION
R1f ping 23.1.1.2
to 23.1.1.2, timeout is 2 seconds: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos Success rate is 0 percent
(DIS)
Rlf ping 23.1.1.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds: i r i: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/41/60
ms
Systems.
LA rner STUDIES
-42-
Rl# ping 2.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: !!!! ! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/39/B4 Rl# ping 3.3.3.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds: !!!! ! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/39/B4 NOTE:
ms
ms
You'll be surprised that although network 23.0.0.0 is listed in the routing table of router R1 and ping to 23.1.1.3 is successful but ping to 23.1.1.2 is not. This is because of network 13.0.0.0 (link between router R1 & R3), which, is used to access network 23.0.0.0 from router R1. Network 13.0.0.0 is listed in the routing table of router R1 & R3, therefore router R3 can easily reply to ping request for 23.1.1.3 and router R2 could not reply to ping request for 23.1.1.2 because it has no information about network 13.0.0.0 to reply. To resolve this issue, we have to manually add static routes on router R2.
ADDING

255.0.0.0 255.0.0.0 255.0.0.0 23.1.1.3 12.1.1.1 23.1.1. 3
R2# configure terminal R2(config)# ip route 13.0.0.0 R2(config)# ip route 1.0.0.0 R2(config)# ip route 3.0.0.0 R2{config)# exit R2# NOTE:
Static routes 1.0.0.0 and 3.0.0.0 are also router R2. Remember that, if we set next hop will be a longer path between router R2 and next hop 12.1.1.1 for the network 1.0.0.0 is
added to access these networks from 23.1.1.3 for the network 1.0.0.0, it network 1.0.0.0. Therefore, setting a a better solution.
Instead of setting a next hop for a static route, the other option is to define a static route with reference to the outgoing interface which is connected to the next hop towards the destination network. The example is given below; R2 (config) II ip R2(config)# ip R2(config)# ip route route route 13.0.0.0 1.0.0.0 3.0.0.0 255.0.0.0 255.0.0.0 255.0.0.0
ADDING
R3* configure terminal R3(config)# ip route 12.0.0.0 R3 (config) ip route 1.0.0.0 R3(config)# ip route 2.0.0.0
255.0.0.0 255.0.0.0 255.0.0.0
13.1.1.1 13.1.1.1 23.1.1.2
OR R3(config)# ip R3 (config) # ip R3(config)* ip R3 (config) II exit R3# route route route 12.0.0.0 1.0.0.0 2.0.0.0 255.0.0.0 255.0.0.0 255.0.0.0 serial serial serial 1/0 1/0 1/1
ROUTING
TABLES OF ROUTER R2
&
R2
R2# show ip route

S C S C C S 1.o.0.0/B [liD] via 12.1.1.1 2.o.0.0/B is directly connected, 3.0.0.0/8 [1/0J via 23.1.1.3 23.0.0.0/8 12.0.0.0/B LoopbackO Seriall/l Seriall/O
13.0.0.0/B
is directly connected, is directly connected, [1/0J via 23.1.1.3
CCNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems.
LAf'l1CE
STUDIES
-43-
R3f show ip route

S
S C~ C
S
1.0.0.0/8 is directly 2.0.0.0/8 is directly 3.0.0.0/8 is directly 23.0.0.0/8 is directly 12.0.0.0/8 is directly 13.0. O. 0/8 is directly NOTE:
connected, connected, connected, connected, connected, connected,
SerialllO Seriallil LoopbackO Seriall/l SerialllO SerialllO converged and there are
Routing table of routers Rl, R2 & R3 have been completely no missing networks.
VERIFICATION
Rlf ping 23.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.1.1.2, timeout is 2 seconds:
!!!! !
(515), round-trip min/avg/rnax
56174/128 ms
Rl# ping 23.1.1.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds;
!!!! !
(5/5), round-trip
min/avg/max
24144/84 ms
Rlf ping 2.2.2.2 Type escape sequence to abort. Sending 5, 100-byte IeMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!! !
(5/5), round-trip min/avg/max
28140/68 ms
Rlf ping 3.3.3.3 Type escape sequence to abort. Sending 5, lOO-byte IeMP Echos to 3.3.3.3, timeout is 2 seconds: Success rate is 100 percent (515), round-trip min/avg/max
=
24140/80 rns
R2f ping
~! ! ! !
13.1.1.1 Type escape sequence to abort. Sending 5, lOO-byte ICMP Echos to 13.1.1.1, timeout is 2 seconds: Success rate is 100 percent
(515), round-trip min/avg/max
= 60173/88 ms
R2f ping
!!!! !
13.1.1.3 Type escape sequence to abort. Sending 5, 100-byte IeMP Echos to 13.1.1.3, timeout is 2 seconds; Success rate is 100 percent (5/5), round-trip min/avg/max = 24138/84 rns
R2# ping
1.1.1.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: Success rate is 100 percent
!!!! !
(SIS), round-trip rnin/avg/max = 24136/80 ms
R2f ping
!!!! !
3.3.3.3 Type escape sequence to abort. Sending 5, lOO-byte IeMP Echos to 3.3.3.3, timeout is 2 seconds: Success rate is 100 percent
(5/5),
round-trip rnin/avg/max
24/36/64 ms
Systems.
"Arne£'
STUDIES
-44-
R3# ping 12.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos
rn : !
to 12.1.1.1,
timeout
is 2 seconds:
Success
rate is 100 percent
(5/5J, round-trip
min/avg/max
20/43/80
ms
R3# ping 12.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds: !!!! ! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/52/84
ms
R3# ping 1.1.1.1 Type escape sequence to abort. Sending 5, lOO-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: !!!! ! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/35/64
ms
R3# ping 2.2.2.2 Type escape sequence to abort. Sending 5, laO-byte ICMP Echos
!!!~ !
to 2.2.2.2,
timeout
is 2 seconds:
Success'rate NOTE:
is 100 percent
(5/5), round-trip
min/avg/max
28/50/96
ms
As you may have noticed above, there are static routes that point to an interface on the router, and static routes that point to an IP address on the network. For example, a static route to an interface may tell a router "send all traffic going to x network out interface SERIAL 1/0". A static route to an IP address may tell a router "send all traffic going to X network to IP address 12.1.1.2". Either of these types of routes can be used, depending on the situation.
Exercise No. 38
IP NAMING
(USING HOST TABLE)
To use a hostname rather than an IP address to connect to a remote device, the device that you are using to make the connection must be able to translate the hostname to an IP address. There are two ways to resolve hostnames to IP addresses: building a host table on each router or building a Domain Name System (DNSJ server, which is similar to a dynamic host table. A host table provides name resolution only on the router that it was built upon.
R1 (LHR)
5eri81111 _ 13.1.1.118
DeE DeE
5erial110 12.1.1.118
13.1.1.3/8
"",,·CII
5erlal111 23.1.1.318
R3 (KHI)
DeE
5erlal110 12.1.1.2/8~ ~
5erlal111 23.1.1.2/8
R2 (158)
BASIC CONFIGURATION
OF Rl, R2 & R3
in Exercise No. 34. Please
Please apply complete configuration of routers Rl, R2 & R3 as defined also set enable and vty passwords on these routers.
Systems.
LAf'nC£ STUDIES
BUILDING A HOST TABLE ON ROUTER Rl
R1# configure terminal R1(config)# ip host ISB Rl(config)# ip host KHI Rl(config)# exit 23 12.1.1.2 13.1.1.3
-45-
NOTE:
23 is a default port number of TCP, but you can create a session using Telnet with a different TCP port number if you want. You can also assign up to eight IP addresses to a hostname. If you want to remove a host entry, just type NO before the command. e.g. Rl(config)# no ip host KHI
VERIFICATION
RllI show hosts
OF HOST TABLE ON ROUTER Rl
Default domain is not set Name/address lookup uses domain Name servers are 255.255.255.255 Codes:
service
UN - unknown, EX - expired, OK - OK, ?? - revalidate. temp - temporary, perm - permanent NA - Not Applicable None - Not defined Port 23 None
/'
Host ISB KHI
Flags Age A.ddre~s(~s) (perm, OK) a T~ . 12.1. L2 ..· I (perm, OK) a ~;I.p "'13.1.1. 3 . ~~. the~';:,ss~'~l"ated IP addresses in the output. The a means .. that ithe entry l:s··.. anually configured. If it said m was,;/J;",.s{):~~~_bY DNS.
NOTE:
You can see two hostnames "PERM" in the Flags colum "TEMP", it would be an, "
try~,::
VERIFICATION
Rl# telnet
Trying ISB
USING TELNET
/
-,
ish
(12.1.1.2) ... p'pen /. Verification I. """"_
User Access Password:
* * * * *~":c.*~c_.-.---"-.-.,.,:, /,/
R2> enable** '~**** Password: ""
R211
R2* exit
'-. , [Connection \1;.0 isb 'clos.,§d b~/ foreign -, ".
host]
RllI telnet
Trying KHI
khi
"'...,
(13.1.1.3) ... Open
User Access
Verifi,cation
Password: ******* R3> enable Password: ****** R311 R3# exit [Connection R1# ceNA Practical Guide All rights are reserved with Lattice Studies/Corvit Systems. to khi closed by foreign host]
LATtiCE
STUDIES
-46-
Exercise No. 39
IP NAMING
If there are number of devices and you don't use a DNS server to resolve hostnames.
(USING DNS)
want to create a host table on each device, you can
R1
R3
R2 (DNS SERVER)
BASIC CONFIGURATION
OF Rl, R2 & R3
in Exercise No. 34. Please
Please apply complete configuration of routers Rl, R2 & R3 as defined also set enable and vty passwords on these routers.
DNS CONFIGURATION
ON ROUTER Rl
(CLIENT)
Rl# configure terminal R1(config)# ip domain-lookup R1{config)# ip name-server 12.1.1.2 R1(config)# exit
NOTE:
When you supply an anonymous command to a Cisco device, it does The device tries to resolve that command using DNS Server. e.g. Rl# pakistan Translating "pakistan" ...domain server (255.255.255.255) (255.255.255.255) Translating "pakistan" ...domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer Rl# This is really a. b. got on your nerves for two reasons:
not
understand.
address
Because the device doesn't know my names Because we need to spend time and wait for the name lookup to time' out. You can avoid this and save a time-consuming DNS lookup with the help of following command: R1(config)# no ip domain-lookup
DNS CONFIGURATION
ON ROUTER R3
(CLIENT)
R3# configure terminal R3{config)# ip domain-lookup R3(config)# ip name-server 23.1.1.2 R3{config)# exit
Systems.
LAmeS'
STUDIES
-47-
DNS CONFIGURATION
ON ROUTER R2
(SERVER)
R2# configure terminal R2(config)# ip domain-lookup R2(config)# ip dns server R2(config)# ip host 1SB 12.1.1.2 R2 (config) II ip host LHR 12.1.1.1 R2(config)# ip host KHI 23.1.1.3 R2 (config)# exit
VERIFICATION
Rl# ping khi
USING PING COMMAND
Translating
"khi" ...domain server (12.1.1.2) [OK]
Type escape sequence to abort. Sending 5, lOa-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds:
!!!! !
Success rate is 100 percent Rl# ping isb
32/40/60 ms
Translating
"isb" ...domain server (12.1.1.2) [OK]
Type escape sequence to abort. Sending 5, lOa-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds: Success rate is 100 percent R2# ping Ih~
!!!! ! (5/5), round-trip min/avg/max
=
20/36/76 ms
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:
i

R2# ping
n :!
(SIS), round-trip min/avg/max
20142/96 ms
khi
Type escape sequence to abort. sending 5, lOa-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds: Success rate is 100 percent R3# ping Ih~ "lhr" ...domain server (23.1.1.2) [OK]
!!!! !
(SIS), round-trip min/avg/max
28/45/84 ms
Translating
Type escape sequence to abort. Sending 5, lOa-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds: Success rate is 100 percent R3# ping isb "isb" ...domain server (23.1.1.2) [OK] (S/S), round-trip min/avg/max
24/37/64 ms
Translating
Type escape sequence to abort. Sending 5, laO-byte 1CMP Echos to 12.1.1.2, timeout is 2 seconds: Success rate is 100 percent
!!!! ! (5/5),
round-trip min/avg/rnax
40/54/92 rns
CCNA
Practical
Guide
All rights
are reserved
with
Lattice
studies/Corvit
Systems.
LA'TllCG" STUDIES
VERIFICATION
Rl# show hosts
-48-
OF HOST TABLE ON ROUTERS
Ri, R2 & R3
Default domain is not set Name/address lookup uses domain service Name servers are 12.1.1.2 Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate temp - temporary, perm - permanent NA - Not Applicable None - Not defined Host isb khi
R2# show hosts
Port None None
Age Type IP 0
0 IP
Address (es)
12.1.1.2 23.1.1.3
Default domain is not set Name/address lookup uses domain service Name servers are 255.255.255.255 Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate temp - temporary, perm - permanent NA - Not Applicable None - Not defined Host isb 1hr khi
R3# show hosts
Port None None None
Age Type
o o o
IP
IP IP
Address (es) 23.1.1. 2 12.1.1.1 23.1.1.3
Default domain is not set Name/address lookup uses domain service Name servers are 23.1.1.2 Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate temp - temporary, perm - permanent NA - Not Applicable None - Not defined Host lhr isb
NOTE:
Port None None
Age Type o IP o IP
Address (es) 12.1.1.1 12.1.1.2 If it
The "PERM" in the Flags column means that the entry is manually configured. said "TEMP", it would be an entry that was resolved by DNS.
Systems.
LAr11(,,£
STUDIES
-49-
R ... c-MI1U lind
to end
Exercise No. 40
DYNAMIC ROUTING USING RIP (ROUTING INFORMATION PROTOCOL)

If a network isn't directly connected to the router, the router must use one of two ways to learn how to get to the remote network: static routing, meaning that someone must hand type all network locations into the routing table, or something called dynamic routing. In dynamic routing, a protocol on one router communicates with the same protocol running on neighbor routers. The routers then update each other about all the networks they know about and place this information into the routing table. If a change occurs in the network, the dynamic routing protocols automatically inform all routers about the event. If static routing is used, the administrator is responsible for updating all changes manually into all routers. Typically, in a large network, a combination of both dynamic and static routing is used. Routing Information Protocol (RIP) is a true distance-vector routing protocol. RIP sends the complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count to determine the best way to a remote network, but it has a maximum allowable hop count of 15 by default, meaning that 16 is deemed unreachable. RIP works well in small networks, but it's inefficient on large networks with slow WAN links or on networks with a large number of routers installed. RIP version 1 uses only classful routing, which means that all devices in the network must use the same subnet mask. This is because RIP version 1 doesn't send updates with subnet mask information in tow. RIP version 2 provides something called prefix routing and does send subnet mask information with the route updates. This is called classless routing.
BASIC CONFIGURATION
OF Rl
Router> enable Router* configure terminal Router(config)i hostname Rl R1(config)# interface serial I/O Rl(config-if)# ip address 12.1.1.1 Rl(config-if)# clock rate 64000 Rl(config-if)# no shutdown RI(config-if)# exit Rl(config)# interface serial1/1 Rl(config-if)# ip address 13.1.1.1 R1(config-if)# clock rate 64000 Rl(config-if)# no shutdown Rl(config-if)# exit
255.0.0.0
255.0.0.0
LAl"l1CS'
STUDIES
-50-
Et....
cb..ing
Illd to
IDd
R1{config)# interface loopback 0 R1(config-if)# ip address 1.1.1.1 Rl{config-if)# exit
255.0.0.0
BASIC CONFIGURATION
OF R2
Router> enable Router# configure terminal Router{config)# hostname R2 R2{config)# interface seria11/1 R2{config-if)# ip address 12.1.1.2 R2{config-if)# no shutdown R2{config-if)# exit R2{config)# interface serial I/O R2{config-if)# ip address 23.1.1.2 R2(config-if)# no shutdown R2{config-if)# exit R2(config)# interface loopback 0 R2(config-if)# ip address 2.2.2.2 R2(config-if)# exit
255.0.0.0
255.0.0.0
(
/
....
/
-.
255.0.0.0
BASIC CONFIGURATION
OF R3
Router> enable Router# configure terminal Router{config)# hostname R3 R3(config)# interface serial I/O R3(config-if)# ip address 13.1.1.3 R3(config-if)# no shutdown R3(config-if)# exit 255.·.0.0
G)
..
R3(config)# interface serial 1/1 R3(config-if)# ip address 23.1.1.3 2,,,.0.0.0 ~.... o.. _ o_ .. R3 (config-if) It clock rate 640.0.0·· .. "0". R3 (config-if) #- no shutdown /,.... '.... ~ R3(config-if)# exit
R3 (config) # interface Loopbaok 0 ..... , i, R3(config-if)# ip addre~s 3l3.3.3 2~5.0.q.O R3(config-if)' exit .....)
'0.,
::' \'" ROUTING TABLE OF ROUTER Rl, R2 ~/R3

_.,-, ..
'
"~.
Rl# show
ip
~,
route
;" -
.>:
'0,
c c
c
1. 0.0.0/8 is directly connected, LoopbackO 12.0.0\0/8 is.?ires-tly cpnnected, Seriall/O l3.0.0.Q(8 is dir~~tly/60nnected, Seriall/l
\\
"
R2# show C C C
ip
route
2.0.0.0/8 is directly connected, LoopbackO 23.0.0.0/8 is directly connected, Serial1/0 12.0.0.0/B is directly connected, Seriall/l
R3# show
C C C
ip
route
3.0.0.0/8 is directly connected, LoopbackO 23.0.0.0/B is directly connected, Serial1!1 13.0.0.0(8 is directly connected, Seriall/O
NOTE:
Only directly connected networks are listed in the routing table of routers & R3. Therefore, one cannot communicate with a remote device, e.g. one acces s 23.1.1. 2 or 23.1.1. 3 from router Rl.
Rl, R2 cannot
CCNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems.
LATnCfi STUDIES
CONFIGURING RIP ON Rl
R1* configure terminal Rl(config)# router rip R1(config-router)* network R1(config-router)# network R1(config-router)# network R1(config-router)# exit Rl(config)# exit
-51-
ne.chill;- end to aDd
12.0.0.0 13.0.0.0 1.0.0.0
Rl#
NOTE: Remember that, when configuring the network and RIPv2 uses classless addresses. address, RIpvl uses classful addresses
All IP addresses have a network and host portion. In c1assful addressing, the network portion ends on one of the separating dots in the address (on an octet boundary). There were three address classes to choose from: A, B, or C, corresponding to 8-bit, 16-bit, or 24-bit prefixe~s other prefix lengths were allowed, and there was no concept of nesting g up of 24-bi t prefixes, for example, within a 16-bit prefix, e.g. 1 .1.1.0/8, 172.16.0.0/16 and 200.100.1.0/24.
'7 -.
Classless addressing uses a variable number' 'pf bit~ for the network and host portions of the address. Classless addre'ssi.J1g'" treats the IP address as a 32 bit stream of ones and zeroes, where the boundary .bet,ween network and host portions can fall anywhere between bit 0 and biit 3'\1.. Th~ neitwork portion of an IP address is determined by how many l's areJ~th~. sUb n,e. ..t,.ma:.k.
", " .i.> /
/,'->~_
:: .......
F
CONFIGURING
RIP ON R2
R2# configure terminal R2(config)# router rip R2(config-router)# network R2(config-router)# network R2(config-router)# network R2(config-router)# end R2*
CONFIGURING
RIP ON R3
.i.>:
°
129(0.0.0 ". 23.0.0.0 / 2.0 .. 0
..
V.: /
/
R3# configure terminal R3(config)* rou~~ rip R3 (config-rout,\r) # network A13. .O. R3(config-router\# networj/ 20.0.0.0 R3(config-router)#"netwQik 3.0.0.0 R3(config-router)# end R3# ~
ROUTING
Rl# show
TABLE OF ROUTER Rl, ".~'~ R3

ip route
,. ,, __ •••••••• c '.
> <>.
"\
-V
I,
I
. C C
is directly conn~ctedr;:L(l,~'pb~ckO 1[1'2:0)1;:141 via 12.1.1.2/0()":0ry.'01, Seriall/O 120 1 via 13.1.1.3;·.0,0:·00:18, Seriall/i via 13.1.1.3, 00:00:18, Serial1/1 12.1.1.2, 00:00:01, Serial1/0 connected, Serial1/0 connected, Seria11/1 13.0.0.0/8 is NOTE: "R" indicates that this is a route coming through "120" is the administrative distance of RIP. "1" is the hop count value. RIP.
The administrative distance (AD) is used to rate the trustworthiness of routing information received on a router from a neighbor router. An administrative distance is an integer from 0 to 255, where 0 is the most trusted and 255 means no traffic will be passed via this route. If a router receives two updates listing the same remote network, the first thing the router checks is the AD. If one of the advertised routes has a lower AD than the other, then the route with the lowest AD will be placed in the routing table. If both advertised routes to the
ceNA Practical Guide All rights are reserved with Lattice StudiesfCorvit Systems.
LArne&"
STUDIES
-52same network have the same AD, then routing protocol metrics (such as hop count or bandwidth of the lines) will be used to find the best path to the remote network. The advertised route with the lowest metric will be placed in the routing table. But if both advertised routes have the same AD as well as the same metrics, then the routing protocol will load-balance to the remote network (which means that it sends packets over each link) . DEFAULT ADMINISTRATIVE Route Source Default Interface DISTANCES
Directly Connected Static route EIGRP IGRP OSPF RIP External EIGRP Unknown R2# show R C R C ip route
o
1
90
100 110 120 170 255
(this route will never be used)
[120/1] via 12.1.1.1, 00:00:23, Seriall/1 is directly connected, LoopbackO [120/1] via 23.1.1.3, 00:00:21, Serial1/0 directly connected, Serial1/0 ctly connected, Seria11/1 via 23.1.1.3, 00:00:21, Seriall/O via 12.1.1.1, 00:00:23, Serial1/1 NOTE: As stated above, if a router receives two updates listing the same remote network with the same administrative distance and hop count / metric, than both paths will be installed in the routing table and routing protocol (RIP) will load-balance to that remote network.
R3# show R R
C
ip
route [12o/1J via 13.1.1.1, 00:00:26, Seriall/O [120/1] via 23.1.1.2, 00:00:20, Seriall/1 is directly connected, LoopbackO directly connected, Seriall/l via 23.1.1.2, 00:00:20, Seriall/l ;0:10d via 13.1.1.1, 00:00:26, SerialllO directly connected, Seria11/0
pk~:)
NOTE:
Only directly connected networks are listed in the routing table of routers & R3. Therefore, one cannot communicate with a remote device, e.g. one access 23.1.1.2 or 23.1.1.3 from router Rl.
R1, R2 cannot
DE-ADVERTISING
A NETWORK
R3# configure terminal R3(config)# router rip R3(config-router)# no network R3(config-router)# end R3# NOTE: Let's
3.0.0.0
see what happens,
if we de-advertise
a network
from RIP.
ROUTING TABLE OF ROUTER Rl, R2 & R3

Rli show C ip route
R
R C C
1.0.0.0/8 is directly connected, LoopbackO 2.0.0.0/8 [120/1J via 12.1.1.2, 00:00:10, Serialllo 23.0.0.0/8 [120/1] via 13.1.1.3, 00:00;07, Serial!/1 [120/1] via 12.1.1.2, 00;00:10, Seria11/0 12.0.0.0/8 is directly connected, Seria11/0 13.0.0.0/8 is directly connected, Seria11/1 All rights are reserved with Lattice Studies/Corvit Systems.
,"Arne.:
STUDIES R2# show R C C C R ip route 1.0.0.0/8 2.0.0.0/8
-53-
RO'_l;lhinll' ond to &Qd
[120/1] via 12.1.1.1, 00:00:23, Serial111 is directly connected, LoopbackO 23.0.0.0/8 is directly connected, Serial1/0 12.0.0.0/8 is directly connected, Seriall/1 13.0.0.0/8 [120/1] via 23.1.1.3, 00:00:21, Seriall/0 [120/1] via 12.1.1.1, 00:00:23, Seriall/l
R3# show R R C C R C
ip
route
[120/1] via 13.1.1.1, 00:00:04, Seria11/0 [120/1] via 23.1.1.2, 00:00:16, Seria11/1 3.0.0.0/8 is directly connected, LoopbackO 23.0.0.0/8 is directly connected, Seria11/1 12.0.0.0/8 [120/1] via 23.1.1.2, 00:00:16, Serial1/1 [120/1] via 13.1.1.1, 00:00:04, Seriall/0 13.0.0.0/8 is directly connected, Seria1110
1.0.o.o/B 2.0.0.o/B
NOTE:
Network 3.0.0.0 is not listed in the routing table of routers R1 & R2, but it is still listed in the routing table of router R3 because it is directly connected to router R3.
HOW TO REMOVE RIP?

Rl# configure terminal R1(config}# no router Rl(config}# exit rip
RU
R2# configure terminal R2(config}# no router R2(config)# exit R2#
rip
R3# configure terminal R3(config)# no router R3(config)# exit R3#
rip
Exercise No. 41
CONFIGURING RIPv2
RIP version 2 is mostly the same as RIP version 1. Both RIPv1 and RIPv2 are distance-vector protocols, which means that each router running RIP sends its complete routing tables out all active interfaces at periodic time intervals. Also, the timers and loop-avoidance schemes are the same in both RIP versions (i .e ,, holddown timers and split horizon rule). Both RIPv1 and RIPv2 are configured as classful addressing (but RIPv2 is considered classless because subnet information is sent with each route update), and both have the same administrative distance (120). But there are some important differences that make RIPv2 more scalable than RIPvl. Since RIP is an open standard, you can use RIP with any brand of router. RIP requires too much bandwidth, making it pretty intensive to use in your network.
DIFFERENCE
RIPvl
a. b. c. d. e.
BETWEEN RIPvl
& RIPv2
RIPv2
Distance vector Maximum hop count of 15 Classless Uses multicast 224.0.0.9 Supports VLSM networks Allows for MD5 authentication Supports discontiguous networks
Distance vector Maximum hop count of 15 Classful Broadcast based No support for VLSM f. No authentication g. No support for discontiguous
networks
CCNA
~ractical
Guide
All rights
are reserved
with
Lattice
Studies(Corvit
Systems.
'"A Tne.:
STUDIES
-54-
R1
SerIal 110
12.1.1.118
R2
Serial 110
23.1.1.218
DeE
LoopbackO
2.2.2.218
RIPv2
BASIC CONFIGURATION
OF Rl
Router> enable Router# configure terminal Router(config)# hostname R1 R1(config)# interface serial 1/0 R1(config-if)# ip address 12.1.1.1 Rl(config-if)# no shutdown Rl(config-if)# exit Rl(config)# interface loopback 0 Rl(config-if)# ip address 1.1.1.1 R1(config-if)# exit
255.0.0.0
255.0.0.0
BASIC CONFIGURATION
OF R2
Router> enable Router# configure terminal Router(config)# hostname R2 R2(config)# interface serial 1/1 R2(config-if)# ip address 12.1.1.2 R2(config-if)# clock rate 64000 R2(config-if)# no shutdown R2(config-if)# exit R2(config)# interface serial I/O R2(config-if)# ip address 23.1.1.2 R2(config-if)# clock rate 64000 R2(config-if)# no shutdown R2(config-if)# exit R2(config)# interface loopback 0 R2(config-if)# ip address 2.2.2.2 R2(config-if)# exit
255.0.0.0
255.0.0.0
255.0.0.0
BASIC CONFIGURATION
OF R3
(PI
Router> enable Router# configure terminal Router(config)# hostname R3 R3(config)# interface serial 1/1 R3(config-if)# ip address 23.1.1.3 R3(config-if)# no shutdown R3(config-if)# exit R3(config)# interface serial 1/0 R3(config-if)# ip address 34.1.1.3 R3(config-if)# no shutdown R3(config-if)# exit eeNA Practical Guide
255.0.0.0
255.0.0.0
Lattice Studies/Corvit
Systems.
LAf"l1C6 STUDIES
R3 (config) jt interface loopback 0, R3 (config-if) IIip address 3.3.3 .!3 255.0.0.0 R3(config-if)1I exit
I
-55-
RHlIllhln'IJ .md to ond
BASIC CONFIGURATION
OF R4
Router> enable Routerll configure terminal Router(config)1I hostname R4 R4(config)1I interface serial 1/1 R4(config-if)1I ip address 34.1.1 4 R4 (config-if) IIclock rate 64000 R4(config-if)1I no shutdown R4(config-if)1I exit I
II
255.0.0.0
R4 (config)IIinterface loopback o! R4(config-if)1I ip address 4.1.1"11 255.255.0.0 R4(config-if)1I exit R4(config)1I interface loopback 11 R4(config-if)1I ip address 4.2.2.2 R4(config-if)1I exit I
I
255.255.0.0
R4 (config)# interface loopback 2'1 R4 (config-if) IIip address 4.3.3 '18 255.255.0. R4(config-if)# exit
NOTE:
IP addresses of loolpback interfaces are defined using 8 bits subnetting of network 4.0.0.0/8.
ROUTING TABLE OF ROUTER Rl, R2, R3 & R4

Rl# show ~p route
I
1.0.0.0/8 is directly connectld, LoopbackO 12.0.0.0/8 is directly connected, Seriall/O ip route
R2# show C C C
2.0.0.0/8 is directly connected, LoopbackO 23.0.0.0/8 is directly connected, Seria11/0 , 12.0.0.0/8 is directly connected, Seriall/1 ip route
R3# show C C C
34.0.0.0/8 is directly connected, Seriall/O 3.0.0.0/8 is directly connect~d, Loopbacko 23.0.0.0/B is directly connected, Seriall/l ip route is is is is is directly connecfed, Serial1/1 subnetted, 3 subnets directly connected, LoopbackO directly connected, Loopbackl directly connected, Loopback2
R4# show
C C C C
34.0.0.0/8 4.0.0.0/16 4.1.0.0 4.2.0.0 4.3.0.0
CONFIGURING
RIPv2 ON Rl
RIll configure terminal R1(config)1I router rip R1(config-router)1I version 2 Rl(config-router)# auto-summary Rl(config-router)1I network 12.0.0.0 Rl(config-router)# network 1 0 0 Rl (config-router) IIend . . '1 Rl#
CCNA ~ractical Guide
Systems.
LA TnCE
STUDIES
-56-
NOTE: ./
RIpv2, unlike RIPvl, is a classless routing protocol (even though it is configured as classful, Lj.ke RIPvl), which means' that it sends subnet mask information along with the route ·updates. By sending the subnet mask information with the updates, RIPv2 can support Variable Length Subnet Masks (VLSMs) as well as the summarization of network boundaries. Auto-summary command.
command
is
enabled
by. default
and
there
is
no
need
to
apply
this
CONFIGURING
RIPv2 ON R2
R2# configure terminal R2 (config) # 'router rip R2(config-router)# version R2(config-router)# network R2(config-router)# network R2(config-router)# network R2(config-router)# end R2#
2 12.0.0.0 23.0.0.0 2.0.0.0
CONFIGURING
RIPv2 ON R3
R3# configure terminal R3(config)# router rip R3(config-router)# version R3(config-router)# network R3(config-router)# network R3(config-router)# network R3(config-router)# end R3#
23.0.0.0 34.0.0.0 3.0.0.0
CONFIGURING
RIPv2 ON R4
R4# configure terminal R4(config)# router rip R4(config-router)# version R4(config-router)# network R4(config-router)# network R4(config-router)# end R4#
34.0.0.0 4.0.0.0
ROUTING
Rl# show
TABLE OF ROUTER
ip route
Rl, R2, R3
&
R4.
f'.
/ 'C
R
R
R R
34.0.0.0/8 1. 0.0. 0/8 2.0.0.0/B 3.0.0.0/8 4.0.0.0/8 23.0.0.0/8 12.0.0.0/B NOTE:
rr:tw,:Q!z/~lJ] via
12.1.1. 2, directly connected, via 12.1.1.2, via 12.1.1.2, via 12.1.1.2, 12.1.1.2, connected,
00: 00: 22, LoopbackO 00:00:22, 00:00:22, 00:00:22, 00:00:22, Serial1/0
Seriall/O Serial1/0 Serial1/0 Serial1/0 Seriall/O
Kindly note that, router RI.
how the hop count
increases?
Network
4.0.0.0
is 3 hops away from
R2# show R R
ip
route
C
R R C C
34.0.0.0/8 [120/1] via 23.1.1.3, 00:00:04, Serial1/0 1.0.0.0/B [120/1] via 12.1.1.1, 00:00:06, Seria1111 2.0.0.0/8 is directly connected, LoopbackO 3.0.0.0/8 [120/1] via 23.1.1.3, 00:00:04, Serial1/0 4.0.0.0/8 (120/2] via 23.1.1.3, 00:00:04, Serial1/0 23.0.0.0/B is directly connected, Seriall/O 12.0.0.0/B is directly connected, Serial111
All rights are reserved with Lattice.Stucties/Corvit Systems.
-_--
__ ._ -.._-_ ...~-....
...
_.--.---
.. -.-.-.-.-
.. -..
.. _ ....
-_._--_
....
"Arne&"
STUDIES
-57route
R3# show
C R R C R C R
ip
34.0.0.0/8 is directly connected, Seriall/O 1.0.0.0/8 [120/2] via 23.1.1.2, 00:00:06, Seriall/! 2.0.0.0/8 [120/1] via 23.1.1.2, 00:00:06, Seria11/1 3.0.0.0/8 is directly connected, LoopbackO 4.0.0.0/8 [120/1J via 34.1.1.4, 00:00:14, Seria11/0 23.0.0.0/8 is directly connected, Seriall/1 12.0.0.0/8 [120/1) via 23.1.1.2, 00:00:06, Serial1/1
R4# show
C R R R
ip
route
c c
C R R
34.0.0.0/8 is directly connected, Seria11/l 1.0.0.0/8 [120/3] via 34.1.1.3, 00:00:24, Seria11/1 2.0.0.0/a [120/2] via 34.1.1.3, 00:00:24, Seria11/1 3.0.0.0/8 [120/1] via 34.1.1.3, 00:00:24, Serial1/1 4.0.0.0/16 is subnetted, 3 subnets 4.1.0.0 is directly connected, LoopbackO 4.2.0.0 is directly connected, Loopbackl 4.3.0.0 is directly connected, Loopback2 23.0.0.0/8 [120/1) via 34.1.1.3, 00:00:24, Seriall/l 12.0.0.0/8 [120/2] via 34.1.1.3, 00:00:24, Seriall/l ip .protocols
R3# show
Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 24 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: Irse'nii':;,""l;l'rs:f:QQ'~'~'K'¥~fq'Ei[CY:~;~MIi!RS,:q.;9Ji!J~2"1 Interface Send Recv Triggered RIP Key chain Seriall/O 2 2 Seriall/1 2 2
Routing Information Sources: Gateway Distance 23.1.1.2 120 34.1.1.4 120 Distance: (default is 120)
Last Update 00:00:25 00:00:25
DISABLING
AUTO-SUMMARY
ON ROUTERS Rl, R2, R3 & R4
Rl# configure terminal R1(config)* router rip R1(config-router)* no auto-summary Rl(config-router)# end R2# configure terminal R2(config)# router rip R2(config-router)# no auto-summary R2(config-router)# end R3# configure terminal R3(config)# router rip R3(config-router)# no auto-summary R3(config-router)# end R4# configure terminal R4 '(config)II router rip R4(config-router)# no auto-summary R4(config-router)# end
Systems.
.~~-------~.-~-----.---.-,-\
L.Al'nCE STUDIES
(AFTER DISABLING Rl# show
R C R
-58-

AUTO-SOMMARI~TION) ip route
34.0.0.0/8 [120/2] via 12.1.1.2, 00:00:13, Serial1/0 1.0.0.0/8 is directly connected, LoopbackO 2.0.0.0/8 [120/1] via 12.1.1.2, 00:00:13, Seriall/0 .1. :13
_,,:
;/
R
C
23.0.0.0/8 12.0.0.0/8 ip
[120/1] via 12.1.1.2, 00:00:13, Seriall/O is'directly connected, Seriall/O
'I ~~
R2# show
R R C
route
(
I. I
h !
is ip route
connected,
,
"
R3# show
C
R
R
34.0.0.0/8 is directly connected, SerialliO 1.0. O. 0/8 [120/2] via 23.1.1. 2, 00: 00: 25, Seriall/l 2.0.0.0/8 [120/1] via 23.1.1. 2, 00:00:25, Serial1/!
C R
23.0.0.0/8 12.0.0.0/8 ip
is directly connected, Serial!/l [120/1] via 23.1.1.2, 00:00:25, Seria11/1
R4# show C
route is directly connected, Serial!/1 via 34.1.1. 3, 00: 00: 08, Se:dall/! via 34.1.1.3, 00:00:08, Seriall/l 4.1.1.3 00:00:08
34.0.0.0/8
NOTE:
After disabling auto-summarization, indi vidual subnets listed in the routing table of routers Rl, R2, R3 & R4.
of
network
4.0.0.0
are
Systems.
.•... _.~
., ..
._
..,.. c.~~··_'.oc_-~~
.._..
._...
-------~----~---·,-~~~r-'--~,..,-------------------~---,--------,----
l·
t:
..
"
-\
\.
LAf'nCE " STU D I,E S

R3# sho_' ~p
,
-5~-
protocols
RoutirlJ:'Protocol is~ Outgbing \lpdate filter list for all interfaces/is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in ,17 seconds -r,n'valid after 180 seconds, hold down 180, flushed after 240 p.eqistdbuting: !Default version ) ,~Interf;3.Ce ! '§eriaJ!l/O j " S~{rial1/1 rip control:
m;d\'~2{~~Y.:.e~~1
Send 2 2
,,'iE'
""",'==_=========""",==""""""",
Recv 2 Triggered RIP Key-chain
",'
12
;:3~"JneitG¥RtfL~m_~~pl , '. Maximum path: 4 '

J;'
l.i
'
j,:-
Routing for Networks: 3.0.0.0 23.0.0.0 34.0.0.0 Routing Information Sources: Gateway Distance 23.1.1.2 120 34.1.1.4 120 Distance: (defaulf is'120)
Last update 00:00:25 00:00:25
Exercise No. 42
CONFIGURING IGRP
r
Interior Gateway Routing Protocol (IGRP) is a Cisco-proprietary distance-vector routing protocol, This .means that to use IGRP in your network, all your routers must be Cisco routers. Cisco created this routing protocol to overcome the problems associated with RIP. IGRP has a maximum hop count of 255 with the default being 100 (same as EIGRP). This is helpful in larger networks and solves the problem of 15 hops being the maximum possible in a RIP network. IGRP also uses a different metric than RIP. IGRP uses bandwidth and delay of the line by default as a metric for determining the best route to an internetwork. This is called a composite metric. Reliability, load, and maximum transmission unit (MTU) can also be used, although they are not used by default. The main difference between RIP and supply the autonomous system number. routing table information. IGRP configuration is that when you configure IGRP, you All routers must use the same number in order to share
DIFFERENCE
IGRP
BETWEEN
IGRP & RIP

RIP Works best in smaller networks Does not use autonomous system
a. Can be used in large internetworks b. Uses an autonomous system number for activation c. Gives a full route table update every 90 seconds d. Has an administrative distance of 100 e. Uses bandwidth and delay of the line as metric (lowest composite metric), with a maximum hop count of 255
numbers
Gives a full route table update every 30 seconds Has an administrative distance of 12'0 Uses only hop count to determine the best path to a remote network, with 15 hops being the maximum
Systems.
-------------~----------
----_
--------_-
__ ---_._---------
'-Arne.:StUDIES
-60-
IGRP
BASIC CONFIGURATION
OF Rl
Router> enable Router# configure terminal Router(config)# hostname Rl Rl(config)# interface serial I/O Rl(config-if)# ip address 12.1.1.1 R1(config-if)# no shutdown Rl(config-if)# exit Rl(config)# interface loopback 0 Rl(config-if)# ip address 1.1.1.1 Rl{config-if)# exit Rl(config-if)# exit
255.0.0.0
255.0.0.0
BASIC CONFIGURATION
OF R2
";:'~-----,R9l1ter> enable Router* configure terminal Router(config)# hostname R2 R2(config)# interface serial 1/1 R2(config-if)# ip address 12.1.1.2 R2(config-if)# clock rate 64000 R2{config-if)~ no shutdown R2(config-if)# exit R2(config)# interface loopback 0 R2(config-if)# ip address 2.2.2.2 R2(config-if)# exit
255.0.0.0
255.0.0.0
ROUTING
R1# show C C
TABLE OF ROUTER Rl
ip route
&
R2
1.0.0.0/8 is directly connected, LoopbackO 12.0.0.0/8 is directly connected, Seriall/O Missing Network: 2.0.0.0
R2# show C C
ip
route
2.0.0.0/8 is directly connected, LoopbackO 12.0.0.0/8 is directly connected, serialill Missing Network: 1.0.0.0 Autonomous System Number. It can be in the range from 0 to 4294967295 and should be same on the routers running IGRP.
CONFIGURING
IGRP ON Rl
Rl# configure terminal Rl(config)# router igrp 5 Rl(config-router)# network 12.0.0.0 Rl(config-router)# network 1.0.0.0 R1(config-router)# end Rl# CCNA Practical Guide
All rights are reserved with Lattice Studies/Carvit
Systems.
__ -----_-~-
--_-~------(
---------
----.~-.--
..---.. -.---.
LA'fnC'E
STUDIES
-61-
EI".ch.iJ:lgInd. to *nd
CONFIGURING
IGRP ON R2
R2# configure terminal R2(config)# router igrp 5 R2(config-router)# network 12.0.0.0 R2(config-router)# network 2.0.0.0 R2(config-router)# end R2#
ROUTING TABLE OF ROUTER Rl & R2

(AFTER Rl# show C RUNNING ip IGRP) route is directl connected Loo backO
,~t;:~~1'!'¢1~:O;~,'dt;'f(jY;8i?~til1o~o,n8\sm:!i)J0k,-W:ilat\i-i1"2~~iV.vi¥:'~"i;lm:f()':;o;jJ':;04_i;:' ·se£ii9S.11;J.b'
C 12.0.0.0/8 is directly connected, Serial1/0
1.0.0.0/B
R21t show
ip
route
ft:~·Wt.iJ;};;;:(ir;~Qt!()r;'r:1'1i~;:Bn-159til:~;976]·~y'-;{:.ji;;;12;:-;'l):Jf!/li1,}?'!(JPh'.Q.Q.:;d':7)'.:,
C C 2.0.0.0/8 is directly connected, LoopbackO 12.0.0.0/8 is directly connected, Seriall/l
NOTE:
S'etiLaf1 {r· J
"I" indicates that it' 5 an IGRP route. 100 is the administrative distance value .of IGRP route and 8976 is the metric value. For detail, please see CCNP Routing Lab Manual (by Lattice Studies).
"'
..
'
VERIFICATION
.>
A.
".-.~-:._-
I
I
Rl# ping 2.2.2.2 Type escape sequence to abort. Sending 5, loO-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: !!!! ! Success rate is 100 percent (5/5), round-trip min/avg/rnax = 28136/60
ms
R1# ping
3.3.3.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds: !!!! ! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/36
rns
Rl# show
ip
protocol
Routing Protocol is "igrp 5" Sending updates every 90 seconds, next due in 57 seconds Invalid after 270 seconds, hold down 280, flushed after 630 OJtgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates IGRP metric weight KI=l, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing: igrp 5 Maximum path; 4 Routing for Networks: 1.0.0.0 12.0.0.0 Routing Information Sources: Last Update Gateway Distance 12.1.1.2 100 00:00:26 Distance: (default is 100)
Systems.
"Al'lIe.:
STUDIES
-62-
Exercise No. 43
CONFIGURING EIGRP
Enhanced IGRP (EIGRP)is a classless, enhanced distance-vector protocol that gives us a real edge over another Cisco proprietary protocol, Interior Gateway Routing Protocol (IGRP). That's basically why it's called Enhanced IGRP. Like IGRP, EIGRP uses the concept of an autonomous system to describe the set of contiguous routers that run the same routing protocol and share routing information. But unlike IGRP, EIGRP includes the subnet mask in its route updates. And as you now know, the advertisement of subnet information allows us to use variable Length Subnet Masks (VLSMs) and summarization when designing our networks! EIGRP is sometimes referred to as a hybrid routing protocol because it has characteristics of both distance-vector and link-state protocols. For example, EIGRP doesn't send link-state packets as OSPF does; instead, it sends traditional distance-vector updates containing information about networks plus the cost of reaching them from the perspective of the advertising router. And EIGRP has link-state characteristics as well (it synchronizes routing tables between neighbors at startup and then sends specific updates only when topology changes occur). This makes EIGRP suitable for very large networks. EIGRP has a maximum hop count of 255 (the default is set to 100). There are protocols. a number of powerful features The main ones are listed here: that make EIGRP a real standout from IGRP arid other
o
o o o o
o
Support for IP and IPv6 (and some other useless routed protocols) modules Considered classless (same as RIPv2 and OSPF) Support for VLSM!CIDR Support for summaries and discontiguous networks Efficient neighbor discovery Communication via Reliable Transport Protocol (RTP) Best path selection via Diffusing Update Algorithm (DUAL)
via protocol
dependent
BASIC CONFIGURATION
OF Rl
Router> enable Router# configure terminal Router(config)# hostname R1 R1(config)# interface serial liD R1(config-if)# ip address 12.1.1.1 R1(config-if)# clock rate 64000 Rl(config-if)* no shutdown R1{config-if)# exit
255.0.0.0
Systems.
LA TnCE
STUDIES
-63-
R1(config)# interface serial 111 R1{config-if)# ip address 13.1.1.1 R1{config-if)# clock rate 64000 R1(config-if)# no shutdown R1(config-if)# exit R1{config)# interface loopback 0 R1(config-if)# ip address 1.1.1.1 R1(config-if)# exit
255.0.0.0
255.0.0.0
BASIC
CONFIGURATION
OF R2
Router> enable Router' configure terminal Router (config)# hostname R2 R2{config)# interface serial 1/1 R2(config-if)' ip address 12.1.1.2 R2(config-if)# no shutdown R2(config-if)# exit R2{config)' interface serial 110 R2(config-if)# ip address 23.1.1.2 R2(con£ig-if)# no shutdown R2 (con£ig) # interface (contig-if)' exit loopback 0 R2 (con£ig-if) # ip address 2.2.2.2 R2 (config-if) # exit /"
255.0.0.0
255.0.0.0 ~\\ 257' '-, ••'_., ", .•.• )
<" .
~
a '. .
'
.:»
BASIC CONFIGURATION
OF R3
'. ,
~~
Router> enable -;:/" Router# configure terminal Router(con£ig)# hostname ~
R3 (config) # interface /€D:i~l 110 -, ~ R3(config-if)' ip address 13~l.1.3 .2~5.0.0.0 R3 (config-if) • no ShtltdoWn.. ". R3 (config-if) # exit...·\./.// R3 (contig) # Lnt.e f ace r ~·~.r.ia~/1 R3 (config-i i# ip address 2'3.1.1.3 R3 (config-i # clock J:;ate;/64 000 R3(config-if) no s9itdown R3(config-if)# it~' R3(config)# interfac~ loopback 0 R3 (config-if) # ip address 3.3.3. 3·~5. R3{config-if)# exit /--,
/"
/
0.0.
.. //
.....
,.
ROUTING
Rl# show C C C
TABLE OF ROUTER Rl'~ R2. &iR3

ip route
1.0.0.0/8 is directly connected, LoopbackO 12.0.0.0/8 is directly connected, Serial1/0 13.0.0.0/8 is directly connected, Serial1/1
R2# show C C C
ip
route
2.0.0.0/8 is directly connected, LoopbackO 23.0.0.0/8 is directly connected, Seriall/O 12.0.0.0/8 is directly connected, Seriall/l
R3# show
C C C
ip
route
3.0.0.0/8 is directly connected, LoopbackO 23.0.0.0/8 is directly connected, Serial!/l 13.0.0.0/8 is directly connected, Seriall/0
CCNA practical Guide
All rights are reserved with Lattice studies/Corvit Systems.
LArtle.:
STUDIES
-64-
CONFIGURING
EIGRP ON Rl
Rl* configure terminal Rl(config)* router eigrp 2 Rl(config-router)* network 12.0.0.0 Rl(config-router)# network 13.0.0.0 Rl(config-router)# network 1.0.0.0 Rl(config-router}# end Rl#
NOTE:
2 is the autonomous system number. It should be same on routers Rl, R2 & R3. The value can be 1-65535 .
CONFIGURING
EIGRP ON R2
R2* configure terminal R2(config)* router eigrp 2 R2(config-router)* network 12.0.0.0 R2(config-router)* network 23.0.0.0 R2(config-router)# network 2.0.0.0 R2(config-router)# end R2#
CONFIGURING
EIGRP ON R3
R3# configure terminal R3(config)# router eigrp 2 R3(config-router)# network 13.0.0.0 R3(config-router)# network 23.0.0.0 R3(config-router)# network 3.0.0.0 R3(config-router)# end R3#
ROUTING
Rl# show
TABLE OF ROUTER Rl, R2

ip route
&
R3
c
b
D
c c
1.0.0.0/8 is directly connected, LoopbackO 2,.(j.O:;Oi.8~ [SQ/:2297856] Ivia 12.1.1. 2, 00:00: 46, Seriall/O 3;O.,;Q";O)'~[901229,7S5p] 13.1.1.3, 00:00: 44, Seriall/1 Ivia 2:Ld;Q'.Of8[~·Ci/26B1856] via 12.1.1. 2, 00: 00:46, Serial1/0 .... '[901268iB56 via 13.1.1.3, 00:00:46, Serial1/1 12.0.0.0/8 is directly connected, Seriall/0 13.0.0.0/B is directly connected, Seriall/l
NOTE:
"D" indicates that this is a route coming through EIGRP. "90" is the administrative distance of EIGRP. "2681856" is the metric value.
route
R2# show
D C D C C D
ip
1.0.0.0/8 [90/2297856] via 12.1.1.1, 00:03:10, Serial1/1 2.0.0.0/8 is directly connected, LoopbackO 3.0.0.0/8 [9012297856] via 23.1.1.3, 00:03:10, Seriall/O 23.0.0.0/8 is directly connected, Serial1/o 12.0.0.o/B is directly connected, Seriall/l 13.0.0.0/8 [90/2681856J via 12.1.1.1, 00:03:15, Seriall/l [90/2681856] via 23.1.1.3, 00:03:15, Seriall/O
ip route
R3# show
D D C C 0 C
1.0.0.0/8 2.0.0.0/8 3.0.0.0/8 23.0.0.0/8 12.0.0.0/8
[90/2297856J via 13.1.1.1, 00:03:24, Seriall/o [90/2297856J via 23.1.1.2, 00:03:24, Seriall/l is directly connected, Loopbacko is directly connected, Seriall/l [90/2681856] via 23.1.1.2, 00:03:24, Seriall/l [90/2681856J via 13.1.1.1, 00:03:24, Seriall/o 13.0.0.0/8 is directly connected, Seriall/o
Guide All rights are reserved with Lattice Studies/Corvit Systems.
CCNA
Practical
LArnC'1C STUDIES
VERIFICATION
R1f ping 2.2.2.2
-65-
Type escape sequence to abort. Sending 5, laO-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!! !
Success rate is 100 percent R1# ping 3.3.3.3
~ 28/36/60 ms
Type escape sequence to abort. Sending 5, lOa-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
~! ~! !
Success rate is 100 percent R1# show ip protocol
(5/5), round-trip min/avg/max = 28/32/36 ms
Routing Protocol is "eigrp 2" Outgoing update filter list for all interfaces is not set/\. Incoming update filter list for all interfaces is not set . Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 2 Automatic network summarization is in effect Automatic address summarization: 13.0.0.0/8 for Serial1/o, LOOPbac~~.~o~ 12.0.0.0/8 for Seriall/1, LoopbackO_ 1.O.O.0/8 for Seriall/O, Seriall/l Maximum path: 4' Routing for Networks: . ~ 1.0.0.0 12.0.0.0 13.0.0.0 .'.'", Routing Information Sourcef( Gateway Distance _Last Update 13~1.1.3 '90 ,/" 0'0'! 58 . 07: 12.1.1.2 90 co, tn :58 Distance: internal 90 ~xterri~l 170
<.. ',-
CCNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems.
LArnel!' STUDIES
-66-
Exercise No. 44
CONFIGURING OSPF SINGLE AREA

Open Shortest Path First (OSPF) is an open standard routing protocol that's been implemented by a wide variety of network vendors, including Cisco. If you have multiple routers and not all of them are Cisco (what!), then you can't use EIGRP, can you? So your remaining CCNA objective options are basically RIP, RIPv2, and OSPF. If it's a large network, then, really, your only options are OSPF and something called route redistribution-a translation service between routing protocols that we discussed earlier in this chapter. OSPF works by using the Dijkstra algorithm. First, a shortest path tree is constructed, and then the routing table is populated with the resulting best paths. OSPF converges quickly, although perhaps not as quickly as EIGRP, and it supports multiple, equal-cost routes to the same destination. Like EIGRP, it does support both IP and IPv6 routed protocols. OSPF provides the following features:
o o o o
o
Consists of areas and autonomous systems Minimizes routing update traffic Allows scalability Supports VLSM!CIDR Has unlimited hop count Allows multi-vendor deployment (open standard)
OSPF is the first link-state routing protocol that most people are introduced to, so it's useful to see how it compares to more traditional distance-vector protocols such as RIPv2 and RIPvl.
OSPF & RIP COMPARISON

Characteristic Type of protocol Classless support VLSM support Auto-summarization Manual summarization Discontiguous support Route propagation Path metric Hop count limit Convergence Peer authentication Hierarchical network Updates Route computation
OSPF RIPv2 RIPvl
Link state Yes Yes No Yes Yes Multicast on change Bandwidth None Fast Yes Yes (using areas) Event triggered Dijkstra
Distance vector Yes Yes Yes No eYes Periodic multicast Hops 15 Slow Yes No (flat only) Route table updates Bellman-Ford
No
Distance vector No No Yes No
Periodic broadcast Hops 15 Slow No No (flat only) Route table updates Bellman-Ford
CCNA
Practical
Guide
All
rights
are reserved
with
Lattice
Studies/Corvit
Systemse
LAme&' STUDIES
-67-
OSPF Area D
BASIC CONFIGURATION
OF Rl
Router> enable Router# configure terminal Router(config)# hostname Rl Rl(config)# interface serial I/O R1(config-if)# ip address 12.1.1.1 R1(config-if)# clock rate 64000 Rl(config-if)# no shutdown Rl(config-if)# exit Rl(config)# interface serial 1/1 R1(config-if)# ip address 13.1.1.1 R1(config-if)# clock rate 64000 RI(config-if)# no shutdown R1(config-if)# exit
255.0.0.0
255.0.0.0
R1(config)# interface fastethernet 0/0 255.255.255.0 Rl(config-if)# ip address 192.168.1.1 Rl (config-if)'# no shutdown Rl(config-if)# no keepalive Apply this command if you are working R1(config-if)# exit on GNS3 and there is no device attached on this interface.
BASIC CONFIGURATION
OF R2
Router> enable Router# configure terminal Router(config)# hostname R2 R2(config)# interface serial 1/1 R2(config-if)# ip address 12.1.1.2 R2(config-if)# no shutdown R2(config-if)# exit R2(config)# interface serial I/O R2(config-if)# ip address 23.1.1.2 R2(config-if)# no shutdown R2(config-if)# exit
i
255.0.0.0
\.
255.0.0.0
R2(config)# interface fastethernet 0/0 R2(config-if)# ip address 192.168.2.1 R2(config-if)# no shutdown R2(config-if}# no keepa1ive R2(config-if)# exit
255.255.255.0
All rights are reserved with Lattice Studies/CorvitSystems.
LAl'nce'"
STUDIES
-68-
R';I! • ..,hlIl.(l
o!Ind 100 11!1lId
BASIC
CONFIGURATION
OF R3
Router> enable Router* configure terminal Router(config)* hostname R3 R3(config)# interface serial 1/0 R3(config-if)* ip address 13.1.1.3 R3(config-if)# no shutdown R3(config-if)# exit R3(config)# interface serial 1/1 R3(config-if)# ip address 23.1.1.3 R3(config-if}# clock rate 64000 R3(config-if)# no shutdown R3(config-if)# exit
255.0.0.0
255.0.0.0
R3(config)# interface fastethernet 0/0 R3(config-if)# ip address 192.168.3.1 R3(config-if)# no shutdown R3(config-if)# no keepalive R3(config-if)# exit
255.255.255.0
ROUTING
Rt# show
TABLE OF ROUTER Rl,

ip route
R2 & R3 /:\'\''')
~
->.
-,<s.:»: / ~
C 12.0.0.0/8 is directly connected~er~ll/O C 192.168.1,0/24 is directly con~ected, F~tEthernetO/O C13.0, 0.0/8 is directly con/ted, ser~all) R2# show C C C ip route
23.0.0.0/8 is directlY"c;onn~~ted, Seriall/O , '"-''' 12.0.0.0/8 is directly connect~d, Seriall/1 / , 192.168.2.0/24 is/directlY,connecy;{d, FastEtherne,tO/O /--",,\, , i ip route " /"'/ /'~'
R3# show C C C
23,0.0.0/8 is directly connected, serial~~~ ,\ 13. O. 0/0/8 is direct.;ty/60nnected, Serian/ ~,., 192.168>3.0/24 is di~ctly connected~,-..FastEtli rnet,O/O/
<, /
OSPvbN
CONFIGURING
Rl
1
,f
/ ,"-" 0" ? -,"""/ -,/

"~
c ......
Rl# configure terminal R1(config)# router ospf
...'>
/
:~ ....
A value in t he range 1-65;535 identifies the OSPF Process 10. It's a unique number on this router th.at"grciups a series of OSPF configuration commands under a specific running' 'pro,c'ess'. ifferent D OSPF routers don't have to use the same ,Process 10 in ordir to,60mmunicate. It's purely a local value that essentially has little meaning, but'--it cannot start at 0; it has to start at a minimum of 1. You can have more than one OSPF process running simultaneously on the same router if you want, but this isn't the same as running multi-area OSPF. The second process will maintain an entirely separate copy of its topology table and manage its communications independently of the first process. After identifying the OSPF process, you need to identify the interfaces that you want to activate OSPF communications on as well as the area in which each resides. This will also configure the networks you're going to advertise to others. OSPF uses wildcards in the configuration-which are also used in access-list configurations. It is strongly recommended that before working with OSPF, you should have sound knowledge of wild cards and subnetting. R1(config-router)#
NO:I'E;
network
12.0.0.0
0.255.255.255
area
An OSPF area is a grouping of contiguous networks and routers. All routers in the same area share a common Area ID. Because a router can be a member of more than one area at a time, the Area ID is associated with specific interfaces on the router. This would allow some interfaces to belong to area 1 while the remaining All rights are reserved with Lattice Studies/Corvit Systems.
GCNA Practical Guide
LA TnCE STUDIES
-69-
naacbil1ll .nd to
lind
interfaces can belDng tD area O. All Df the rDuters within the same area have the same tDpDIDgy table. When configuring OSPF, you've got to remember that there must be an area 0 and that this is typically cDnfigured on the routers that connect to the backbone of the network. Area can be a number from 0 - 4294967295 . Rl(config-router)# R1(config-router)# Rl(cDnfig-router)# R1# netwDrk network end 13.0.0.0 192.168.1. 0 0.255.255.255 0.0.0.255 area area
CONFIGURING
OSPF ON R2
R2# configure terminal R2(config)* router ospf 1 R2(config-rDuter)# network 12.0.0.0 R2(config-rDuter)# network 23.0.0.0 R2(config-router)# network 192.168.2.0 R2(config-router)# end R2#
0.255.255.255 0.255.255.255 0.0.0.255
area area area
0 0 0
CONFIGURING
OSPF ON R3
R3# configure terminal R3(config)# router ospf 1 R3(config-router)# network 13.0.0.0 R3(config-router)# network 23.0.0.0 R3(config-router)# network 192.168.3.0 R3(config-router)# end R3#
0.255.25 5· area "·0 ... 0.255.255.255 area 0 0.0.0.2. area ·· .. 0
. r
.... ".,_
ROUTING TABLE OF ROUTER Rl, R2 ~/'\

Rl# show ip
route
~ ~
V'
c c
L2J
r2;;c3;c~:-:0'-1".,8'. c.-.:c=7::00::-;:-::,-" via 12.1.1.2, 00: 00: 27 ~~~~~ii/o •. "O'".'·. ~:':0;;-' .• "-~~=-'-'-'-'-'-"--"-"'="-"'''''-''~ via/13 .1.1. 3;-, 00 :'00 :27, Seriall/1 12.0.0.0/8 is directly connected, S~riall/O ~ 192.168.1.0/24 is di,r'ectlY"Cbhnected,\FastEthernetO/O 13.0.0.0 8 is directly cdnnected) SeriaU/l ~~2~,;l,??,.~:'9/?4,TPO(65J ia 12.1.\.2, ~O:00:27, Seria11/0 ~ 192;1.68'.~;OI2IjlllO/65J via 13.1.1!.3, 00:00:27, Seriall/1 NOTE: ~~o"'Iridicat'es that this is 'an OSPF route. /"110" i.8· the'-a,dministrati?e distance of OSPF. "ll8 ..f,/ 65" Lndfca te s... the' metric value of respective
/
routes.
qSPF uses····~~,tric referred to as cost. A cost is a.s soc La t ed with every outgoing .. m i~terface"iincluded in an SPF tree. The CDSt of the entire path is the sum of the cos.t s of ,the outgoing interfaces along the path. Because cost is an arbitrary valu~··as/defined in RFC 2338, cisco had to implement its own mat.hod of calculating ,the CDSt for each OSPF-enabled interface. Cisco uses a simple equation of '1·08/band~.i'Cith. bandwidth is the configured bandwidth for the interface. Using The th:ls'-rule, a 100Mbps Fast Ethernet interface would have a default OSPF cost of 1, a 10Mbps Ethernet interface would have a cost of 10 and a serial interface would have a cost of 64. For example, metric value 65 of network cost of Fast Ethernet % of router R2 link 1/0 of router Rl' (Point B) . [A
+
(Po Lnt; A)
192.168.2.0 on router R1 is a sum of the and the cost of outgoing serial
1 + 64
65 J.
Similarly, metric value 128 of network 23.0.0.0 on router Rl via its serial 1/1) is a sum of the cost Df outgoing serial link 1/1 of router R3 (Point Y) and the cost of outgoing serial link 111 of router R1 (Point Z).
[Y + Z
= 64
+ ~4
128 1.
ceNA
Practical Guide
Systems.
LAl'lIC£" STUDIES
R2# show
C C o
-70-
ip
route
23.0.0.0/8 is directly connected, Seriall/O 12.0.0.0/8 is directly connected~ Seriall/1 192.168.1.0/24 [110/65] via 12.1.1.1, 00;05:10, Seria11/1 13.0.0.0/8 [110/128] via 12.1.1.1, 00:05:10, Seria11/1 [110/128] via 23.1.1.3, 00:05:10, Seria11/0 192.168.2.0/24 is directly connected, FastEthernetO/O 192.168.3.0/24 [110/65] via 23.1.1.3, 00:05:10, Serial1/0
R3f show c
ip
route
o
o o
C C
23.0.0.0/8 12.0.0.0/8
is directly connected, Seriall/l [110/128] via 23.1.1.2, 00:05;13, Seriall/1 [110/128] via 13.1.1.1, 00:05:13, Serial1/0 192.168.1.0/24 [110/65] via 13.1.1.1, 00:05:13, Seriall/O 13.0.0.0/8 is directly connected, Serial1/0 192.168.2.0/24 [110/65] via 23.1.1.2, 00:05:13, Serial1/1 192.168.3.0/24 is directly connected, FastEthernetO/O
VERIFICATION
R1# ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos Success rate is 100 percent
to 192.168.2.1,
timeout
is 2 seconds: 28/32/36 ms
(5/5), round-trip
min/avg/max
R1f ping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds; ! ! ! ~! 20/35/60 Success rate is 100 percent (5/5), round-trip min/avg/max Rlf show ip protocol Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 192.168.1.1 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 12.0.0.0 0.255.255.255 area 0 13.0.0.0 0.255.255.255 area 0 192.168.1.0 0.0.0.255 area a Routing Information Sources: Last Update Gateway Distance 00:38;24 192.168.1.1 110 00:38:24 192.168.3.1 110 00:38:24 192.168.2.1 110 Distance: (default is 110) R1f show ip ospf interface serial I/O Seriall/0 is up, line protocol is up Internet Address 12.1.1.1/8, Area 0 Process ID 1, Router ID 192.168.1.1, Network Type POINT TO POINT, Cost: Transmi t Delay is 1 sec, State POINT TO POINT, -Timer intervals configured, Hello 10~ Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:02 Index 1/1, flood queue length 0 Next OxO(O)/OxO(O) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 192.168.2.1 Suppress hello for 0 neighbor(s)
ms
64
Systems.
,"ArnCI!
STUDIES
-71-
Rl# show ~p ospf Routing Process "ospf 1" with ID 192.168.1.1 Supports only single TOS[TOSO) routes Supports opaque LSA SPF schedule delay 5 sees, Hold time between two SPFs 10 sees Minimum LSA interval 5 sees. Minimum LSA arrival 1 secs Number of external LSA O. Checksum Sum OxOOOOOO Number of opaque AS LSA O. Checksum Sum OxOOooOO Number of DCbitless external and opaque AS LSA a Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub a nssa External flood list length 0 Area BACKBONE (0) Number of interfaces in this area is 3 Area has no authentication SPF algorithm executed 7 times Area ranges are Number of LSA 3. Checksum Sum OxOlD4CA Number of opaque link LSA O. Checksum Sum OxOOOOOo Number of DCbitless LSA a Number of indication LSA 0 Number of DONotAge LSA 0 Flood list length a Rl# show ip ospf pri 1 1 neighbor State FULL! FULL! Dead Time 00:00:31 00:00:37 Address 13.1.1.3
12.1.1.2
Neighbor ID 192.168.3.1 192.168.2.1
Interface Seriall!l Seriall!O
Exercise No. 45
CONFIGURING OSPF MULTIPLE AREAS
OSPF
OSPFAreaO
BASIC CONFIGURATION
OF Rlf R2 & R3
Same as defined in Exercise No. 44.
CONFIGURING
OSPF ON Rl
Rl~ configure terminal Rl(config)~ router ospf 10 12.0.0.0 Rl(config-router)# network 13.0.0.0 Rl(config-router)# network 192.168.1.0 R1[config-router)# network Rl(config-router)# end Rl#
0.255.255.255 0.255.255.255 0.0.0.255
area area area
Systems.
"Arne&"
STUDIES
-72-
CONFIGURING
OSPF ON R2
R2# configure terminal R2(config)# router ospf 10 12.0.0.0 R2(con£ig-router)# network R2(config-router)# network 23.0.0.0 R2(config-router)# network 192.168.2.0 R2(config-router)# end
0.255.255.255 0.255.255.255 0.0.0.255
area area area
o
2
RU
CONFIGURING
OSPF ON R3
R3# configure terminal R3(config)# router ospf 10 R3(config-router)# network 13.0.0.0 R3(config-router)# network 23.0.0.0 R3(config-router)# network 192.168.3.0 R3(config-router)# end R3#
0.255.255.255 0.255.255.255 0.0.0.255
area area area
o o
ROUTING
R1# show
TABLE OF ROUTER Rl, R2

ip route
&
R3
c c c o
23.0.0.0/8 [110/128J via 13.1.1.3, 00:01:31, Serial1/1 12.0.0.0/8 is directly connected, Seria11/0 192.168.1.0/24 is directly connected, FastEthernetO/O 13.0.0.0/8 is directly connected, Seria11/1 IA 192.168.2.0/24 [110/129] via 13.1.1.3, 00:01:31, Serial1/1 192.168.3.0/24 [110/65) via 13.1.1.3, 00:01:31, Serial1/1 NOTE: ROIAH indicates inter-area route
R2# show C C
ip
route
o o
C
23.0.0.0/8 is directly connected, Seria11/0 12.0.0.0/8 is directly connected, Serial1/1 192.168.1.0/24 [110/65] via 12.1.1.1, 00:02:20, Serial1/1 13.0.0.0/8 [110/128] via 23.1.1.3, 00:02:10, Serial1/0 192.168.2.0/24 is directly connected, FastEthernetO/O 192.168.3.0/24 [110/65J via 23.1.1.3, 00:02:10, Seria11/0
R3# show
ip
route
is directly connected, Serial1/1 [110/128J via 13.1.1.1, 00;03;49, Seriall/0 [110/128J via 23.1.1.2, 00:03:49, Serial1/1 o IA 192.168.1.0/24 [110/65] via 13.1.1.1, 00:03:48, Serial1/0 C 13.0.0.0/8 is directly connected, Serial1/0 o IA 192.168.2.0/24 [110/65] via 23.1.1.2, 00:03:48, Serial1/1 C 192.168.3.0/24 is directly connected, FastEthernetO/O
C 23.0.0.0/8 o IA 12.0.0.0/8
VERIFICATION
R1# ping 192.168.2.1
Type escape sequence to abort. Sending 5, laO-byte ICMP Echos Success R1# ping rate is 100 percent 192.168.3.1
to 192.168.2.1,
timeout
is 2 seconds: 50/60/68 ms
(5/5), round-trip
min/avg/max
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: !!!! ! Success rate is 100 percent (5/5), round-trip min/avg/max 28/31/32
ms
All
rights
are reserved
with
Lattice
Studies/Corvit
Systems.
LArne£'
STUDIES
-73ospf Pri
1 1
R2# show
ip
neighbor State FULL/ FULL/ Dead Time 00:00:32 00:00:30 Address 23.1.1.3 12.1.1.1 Interface Seriall/O Seriall/1
Neighbor ID 192.168.3.1 192.168.1.1
R2# show ip protocol Routing Protocol is "ospf 10" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 192.168.2.1 It is an area border router Number of areas in this router is 3. 3 normal a stub 0 nssa Maximum path: 4 Routing for Networks: 12.0.0.0 0.255.255.255 area 1 23.0.0.0 0.255.255.255 area 0 192.168.2.0 0.0.0.255 area 2 Routing Information Sources: .t.as Update t; Gateway Distance 192.168.1.1 110 00:07:06 00:06:56 192.168.3.1 110 192.168.2.1 110 00:06:56 Distance: (default is 110) R2# show ip ospf Routing Process "ospf 10" with ID 192.168.2.1 Supports only single TOS(TOSO) routes Supports opaque LSA It is an area border router SPF schedule delay 5 sees, Hold time between two SPFs 10 sees Minimum LSA interval 5 sees. Minimum LSA arrival 1 sees Number of external LSA O. Checksum Sum OxOOOOOO Number of opaque AS LSA O. Checksum Sum OxOOOOOO Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 3. 3 normal 0 stub 0 nssa External flood list length 0 Area BACKBONE(O) 'Numbe'r' ''Of'Interfaces in this area is 1 Area has no authentication SPF algorithm executed 3 times Area ranges are Number of LSA 8. Checksum Sum Ox04B529 Number of opaque link LSA O. Checksum Sum OxODOOOO Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Area 1 Number of interfaces in this area is 1 Area has no authentication SPF algorithm executed 3 times Area ranges are Number of LSA 10. Checksum Sum Dx04759A Number of opaque link LSA O. Checksum Sum OxOOOOOO Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Area 2 Number of interfaces in this area is 1 Area has no authentication SPF algorithm executed 1 times Area ranges are Number of LSA 6. Checksum Sum Ox02D99A Number of opaque link LSA O. Checksum Sum OxOOOOOO Number of DCbitless LSA 0 Number of indication LSA D Number of'DoNotAge LSA 0 Flood list length 0
Systems.
l.Al"l1CIi
STUDIES
-74-
Exercise No. 46
REDISTRIBUTION
OF ROUTING PROTOCOLS
Using a routing protocol to advertise routes that are learned by some other means, such as by another routing protocol, static routes, or directly connected routes, is called redistribution. While running a single routing protocol throughout your entire IP internetwork is desirable, multi-protocol routing is common for a number of reasons, such as company mergers, multiple departments managed by multiple network administrators, and multi-vendor environments. Running different routing protocols is often part of a network design. In any case, having a multiple protocol environment makes redistribution a necessity. Differences in routing protocol characteristics, such as metrics, administrative distance, classful and classless capabilities can effect redistribution. Consideration must be given to these differences for redistribution to succeed.
R1
Serial 1/0 34.1.1.318 DeE Serial 111 34.1.1.418
R4
Area 0
l.oopback 0 2.2.2.218 l.oopback 0
4.4.4.418 OSPF5 Area 1 EIGRP5
IGRP2
RIPv2
BASIC CONFIGURATION
OF Rl
Router> enable Router# configure terminal Router(config)# hostname Rl Rl(config)# interface serial 1/0 Rl(config-if)# ip address 12.1.1.1 R1(config-if)# no shutdown Rl(config-if)# exit R1(config)# interface loopback 0 R1(config-if)# ip address 1.1.1.1 R1(config-if)# exit R1(config)#
255.0.0.0
255.0.0.0
BASIC CONFIGURATION
OF R2
Router> enable Router# configure terminal Router(config)# host name R2 R2(config}# interface serial 1/1 R2(config-if)# ip address 12.1.1.2 R2(config-if)# clock rate 64000 R2(config-if)# no' shutdown R2(config-if)# exit R2(config)# interface serial 1/0 R2(config-if)# ip address 23.1.1.2 R2(config-if)# cloCk rate 64000 R2(config-if)# no shutdown R2(config-if)# exit R2(config)# interface 100pback 0 R2(config-if)# ip address 2.2.2.2 R2(config-if)# exit R2(config)II ceNA Practical Guide
255.0.0.0
255.0.0.0
255.0.0.0
All rights are reserved with Lattice Studies(Corvit
Systems.
LAf'l1C"E
STUDIES
-75-
BASIC CONFIGURATION
OF R3
Router> enable Router# configure terminal Router(config)# hostname R3 R3(config)# interface serial 1/1 R3(config-if)# ip address 23.1.1.3 R3(config-if)# no shutdown R3(config-if)# exit R3(config)# interface serial I/O R3(config-if)# ip address 34.1.1.3 R3(config-if)# no shutdown R3(config-if)# exit R3(config)# interface loopback 0 R3(config-if)# ip address 3.3.3.3 R3(config-if)# exit R3(config)#
255.0.0.0
255.0.0.0
255.0.0.0
BASIC CONFIGURATION
OF R4
Router> enable Router# configure terminal Router (config) # hostname R4
A \'"
~'~' ' ~ // ~ 25~.0.~0
R4(config)# interface serial 1/1 R4(config-if)# ip address 34.1.1. 40 R4 (config-if) # clock rate R4 (config-if) # no shutdown R4(config-if)# exit R4 R4 R4 R4
,2 °:°," -. ~ ,
<,
"-
(config) # interface loop~ck "-0 (config-if) # ip add/S ..4.4.4.4, 255. 0.0.0 (config-if) # exit " // (config) # '.' ,
-:
ROlrrING TABLE OF RO~~?~,

Rt# show C
C
R3
> ~~
&
R4
~
~>"/
~'....
~;~>
. " -,
-, .
,,-'
~/
'"
"
I
i~oute
//)/
.:
1.0.0.0/B is d i rcc.t'Ly 12.0.0.0/8 ~ireCtly

NOTE:
connected, LoopbackO connected, Seriall/O in the routing networks in the
In order to access "theSe n~~k' all networks should be listed table of all f our ro~Yers. Remeffib,er hat there are following seven t topology: / / ~
/
\.
1.0.0.0 12.0.0.0
2;0:0.0 23. O,O~0 /
3.0.0.0 34.0.0.0
4.0.
O.
R2# show
ip
route
C C C
2.0.0.0/8 is directly connected, LoopbackO 23.0.0.0/B is directly connected, Seriall/O 12.0.0.0/8 is directly connected, Serial1/l
R3# show C C C
ip
route
34.0.0.0/8 is directly connected, Seriall/O 3.0.0.0/B is directly connected, LoopbackO 23.0.0.0/8 is directly connected, Seriall/l
R4# show
ip
route
C C
34.0.0.0/B is directly connected, Seriall/1 4.0.0.0/8 is directly connected, LoopbackO Guide All rights are reserved with Lattice Studies/Corvit Systems.
ceNA Practical
LArne&'"
STUDIES
-76-
CONFIGURING
IGRP & RIP ON Rl
R1~ configure terminal R1(config)# router igrp 2 Rl(config-router)# network 1.0.0.0 Rl(config-router)~ exit Rl(config)* router Rl(config-router)# R1(config-router)# R1(config-router)# rip version network end
2 12.0.0.0
Rut
CONFIGURING
RIP & OSPF ON R2
R2# configure terminal R2(config)* router rip R2(config)# version 2 R2(config-router)# network 12.0.0.0 R2(config-router)# network 2.0.0.0 R2(config-router)# exit R2(config)# router ospf 5 R2(config-router)# network 23.0.0.0 R2(config-router)# end
0.255.255.255
area
RU
CONFIGURING
OSPF & EIGRP ON R3
R3# configure terminal R3(config)# router ospf 5 R3(config-router)# network 23.0.0.0 R3(config-router)# network 3.0.0.0 R3(config-router)# exit R3(config)# router R3(config-router)# R3(config-router)# R3# eigrp network end 5 34.0.0.0
0.255.255.255 0.255.255.255
area area
o
1
CONFIGURING
EIGRP ON R4
5 34.0.0.0 4.0.0.0
RH
R4# configure terminal R4(config)# router eigrp R4(config-router)# network R4(config-router)# network R4(config-router)# end
ROUTING TABLE OF ROUTER Rtf R2, R3 & R4

(AFTER RUNNING
Rl# show c R C ip
ROUTING
PROTOCOLS)
route
1.0.0.0/B is directly connected, LoopbackO 2.0.0.0/B [120/1] via 12.1.1.2, 00:00:21, Seriall!O 12.0.0.0/8 is directly connected, Seriall/O
MISSING NETWORKS:
3.0.0.0
4.0.0.0
23.0.0.0
34.0.0.0 and cannot
Remember that, although routing protocols are running, but they are different communicate with each other until we apply redistribution technique.
Systems.
LA TnC'"E
STUDIES
-77route
R2# show C
ip
2.0.0.0/8 is directly connected, LoopbackO 3.0.0.0/32 is subnetted,· 1 subnets o IA 3.3.3.3 [110/65] via 23.1.1.3, 00:02:19, C 23.0.0.0/8 is directly connected, Serial1/0 C 12.0.0.0/8 is directly connected, Seriall/l MISSING NETWORKS: 1.0. O. 0
Serial1/0
4.0.0.0
34.0.0.0
R3# show C C D C
ip
route
34.0.0.0/8 is directly connected, Serial1/0 3.0.0.0/8 is directly connected, LoopbackO 4.0.0.0/8 [90/2297856] via 34.1.1.4, 00:00:21, 23.0.0.0/8 is directly connected, Seria11/1 MISSING NETWORKS: 1.0.0.0 2.0.0.0
Serial1/0
12.0.0.0
R4# show C C
ip
route
34.0.0.0/8 is directly connected, Seriall/l 4.0.0.0/8 is directly connected, Loopbacko MISSING NETWORKS: 1.0.0.0 2.0.0.0 3.0.0.0 12.0.0.0 23.0.0.0
R4'
DeE
Serlal1/1 34.1.1.418
AreaO'
L.oopback 0 4.4.4.4/8
lGRP2
R1Pv2
OSPF5 Area 1
EIGRP5
R1~ configure terminal R1(config)# router rip R1(config-router)~ redistribute R1(config-router)~ end NOTE:
igrp
metric
When any protocol is redistributed in RIP, it adopts the same pattern/parameters/language as of RIP i.e. Hop Count. Default-metric command represents hop count. The va.).ue should be less than 16 because RIP cannot go beyond 16 hops. Suggested value is O.
ROUTING
Rl# show C R C
TABLE OF ROUTER Rl, R2, R3 & R4

REDISTRIBUTION OF IGRP INTO RIP)
ip route
(AFTER PERFORMING
1.0.0.0/8 is directly connected, LoopbackO 2.0.0.0/8 [120/1) via 12.1.1.2, 00:00:21, Serial1/0 12.0.0.0/8 is directly connected, Seriall/O MISSING NETWORKS: 3.0.0.0 4.0.0.0 23.0.0.0 34.0.0.0 and cannot
Remember that, although routing protocols are running, but they are different communicate with each other until we apply redistribution technique.
All rights ar~ reserved with Lattice Studies/Corvit
Systems.
t.Al'nce'"
STUDIES
-7S-
R2# show
ip
route
IR
c
1,0;.0;0/13 ·J120/31·Via12.;LL.l,·.· OO.;O.O:O:8,Serj,il:ll.l11 2.0.0.0/8 is directly connected, LoopbackO 3.0.0.0/32 is subnetted, 1 subnets o IA 3.3.3.3 [110/65] via 23.1.1.3, 00:44:13, Seria11/0 C 23.0.0.0/8 is directly connected, Seria11/0 C 12.0.0.0/8 is directly connected, Seria11/1
MISSING NETWORKS;
4.0.0.0 has been reached
34.0.0.0 on router R2 with a metric value of 3.
Network
1.0.0.0
R3# show
ip
route
C C
D
34.0.0.0/13 is directly connected, Serial1/0 3.0.0.0/S is directly connected, LoopbackO

4.0.0.0/8 [90/2297856] 23.0.0.0/8 is directly
MISSING NETWORKS;
via 34.1.1.4, 00:00:21, connected, Serial1/1 1.0.0.0 2.0.0.0
Seriall/0
12.0.0.0
R4# show C C
ip
route
34.0.0.0/8 is directly connected, Seria11/1 4.0.0.0/8 is directly connected, LoopbackO

MISSING NETWORKS:
1.0.0.0
2.0.0.0
3.0.0.0
12.0.0.0
23.0.0.0
REDISTRIBUTION
OF RIP INTO OSPF - ROUTER R2
R2* configure terminal R2(config)* router ospf 5 R2(config-router)# redistribute rip metric 50 % Only classful networks will be redistributed R2(config-router)# redistribute rip subnets metric R2(config-router)# end
NOTE:
50
Use the word "SUBNETS" be redistributed.
with the above
command,
otherwise
subnets
(if any) will not

(AFTER PERFORMING
R1# show C R C ip route
REDISTRIBUTION
OF RIP INTO OSPF)
1.0.0.0/8 is directly connected, LoopbackO 2.0.0.0/8 [120/1] via 12.1.1.2, 00:00:21, Seriall/o 12.0.0.0/8 is directly connected, Seriall/o
MISSING NETWORKS:
3.0.0.0
4.0.0.0
23.0.0.0
34.0.0.0
R2# show
ip
route
IR
C
1.0-.0 .O/BI12a!3] via 2.0.0.0/8 is directly

IA 3.0.0.0/32 3.3.3.3 23.0.0.0/8 12.0.0.0/8
MISSING
12;1.LI;()a:aiJ:os,
Seriil.:I."lDI
Seria11/0
a
C C
connected, LoopbackO is subnetted, 1 subnets [110/65] via 23.1.1.3, 00:44;13, is directly connected, Seria11/0 is directly connected, Seria1l/l 4.0.0.0
NETWORKS;
34.0.0.0
All rig~ts are reserved with Lattice Studies/Corvit Systems.
t.ATnCE
STUDIES
-79route
R3# show
C
ip
0 E2 1.0.0.0/8 0 E2 2.0.0.0/8 C 3.0.0.0/8 D 4.0.0.0/8
connected, SerialllO [110/50] via 23.1.1.2, 00:00:16, Seriallli [110/50] via 23.1.1.2, 00:00:16, Seriall/1 is directly connected, LoopbackO [90/2297856] via 34.1.1.4, 00:13:31, Seriall/O C 23.0.0.0/8 is directly connected, Seriall/1 0 E2 12.0.0.0/8 [110/50] via 23.1.1.2, 00:00:16, Seriall/1 NOTE: Routing routing route is directly connected, Serial1/1 is directly connected, LoopbackO NETWORKS: 1.0.0.0 2.0.0.0 3.0.0.0 12.0.0.0 23.0.0.0 table of router R3 has been completed. All the networks table. OE2 indicates OSPF External Type 2 Route. are listed in the
34.0.0.0/8 is directly
R4# show C
ip
34.0.0.0/8
4.0.0.0/8 MISSING
REDISTRIBUTION
OF OSPF INTO EIGRP
- ROUTER R3
R3# configure terminal R3(config)# router eigrp 5 R3(config-router)# redistribute R3(config-router)# end R3# NOTE: Following 64000 1000 255 255 1500 values
ospf
metric
64000
1000 255 255 1500
are used to calculate
EIGRP metric.
Bandwidth metric in Kbits per second IGRP delay metric, in lQ microsecond units IGRP reliability metric where 255 is 100% reliable IGRP Effective bandwidth metric (Loading) where 255 is 100% loaded IGRP MTU of the path
ROUTING TABLE OF ROUTER Rl, R2 & R4

(AFTER PERFORMING
Rl# show C R C ip route
REDISTRIBUTION
OF OSPF INTO EIGRP)
1.0.0.0/8 is directly connected, LoopbackO 2.0.0.0/8 [120/1] via 12.1.1.2, 00:00:21, Serial110
12.0.0.0/8 MISSING is directly NETWORKS: route [120/3.] via12~Ll.l;0.0:00:08, s~:Fial:L/]1 is directly connected, Loopbacko is subnetted, 1 subnets [110/65] via 23.1.1.3, 00:44:13, Serial1/0 is directly connected, Serial1/0 is directly connected, Serial1/1 NETWORKS: route 4.0.0.0 34.0.0.0 connected, 3.0.0.0 Seria1110 4.0.0.0 23.0.0.0 34.0.0.0
R2# show IR
ip
1.0.0.0/8 2.0.0.0/8
o
C C
3.0.0.0/32
IA 3.3.3.3 23.0.0.0/8 12.0.0.0/8 MISSING
R4# show C D D D C D D
ip
34.0.0.0/8 is directly connected, Seriall/l EX 1.0.0.0/8 [170/2425856) via 34.1.1.3, 00:06:08, Serial1/1 EX 2.0.0.0/8 [170/2425856) via 34.1.1.3, 00:06:08, Serial1/1 EX 3.0.0.0/8 [170/2425856) via 34.1.1.3, 00:06:08, Serial111 4.0.0.0/8 is directly connected, LoopbackO EX 23.0.0.0/8 [170/2425856] via 34.1.1.3, 00:06:08, Serial1/1 EX 12.0.0.0/8 [170/2425856] via 34.1.1.3, 00:06:08, Seria11/1 NOTE: Routing routing table of router R4 has been completed. All table. DEX indicates EIGRP External Route. the networks are listed in the
Systems.
L-41"11(,,':
STLiDIES
-80-
R1
~1t~~~~~~~JI~II:!~~~~~S~e-ri~8
34.1.1.4/8
R4
Area 0
LoopbackO 4.4.4.4/8
IGRP2
RIPv2
OSPF5 Area 1
EIGRP5
NOTE:
Since EIGRP routes are not listed in the routing table of routers R1 & R2 and OSPF routes are not listed in the routing table of router Rl, therefore, EIGRP 5 should be redistributed into OSPF 5, OSPF 5 should be redistributed into RIP in reverse direction.
REDISTRIBUTION
OF EIGRP INTO OSPF - ROUTER R3
R3t configure terminal R3(config)* router ospf 5 R3(config-router)* redistribute R3(config-router)* end R3lt
eigrp
subnets
metric
333
ROUTING
Rl# show C R
TABLE OF ROUTER Rl
ip route
&
R2
OF EIGRP INTO OSPF)
(AFTER PERFORMING
REDISTRIBUTION
1.0.0.0/8 is directly connected, LoopbackO 2.0.0.0/8 [120/1J via 12.1.1.2, 00:00:21, Seriall/O 12.0.0.0/8 is directly connected, Serial1/0 MISSING 3.0.0.0 NETWORKS: 4.0.0.0 23.0.0.0 34.0.0.0
R2# show
ip
route
E2 34.0.0.0/8 [110/333J via 23.1.1.3, 00:02:41, Serial1/0 1.0.0.0/8 [120/3J via 12.1.1.1, 00:00:04, Seria11/1 2.0.0.0/8 is directly connected, LoopbackO 3.0.0.0/32 is subnetted, 1 subnets o IA 3.3.3.3 [110/65] via 23.1.1.3, 00:03:40, Serial1/0 o E2 4.0.0.0/8 [110/333] via 23.1.1.3, 00:02:41, Seriall/O C 23.0.0.0/8 is directly connected, Seriall/O C 12.0.0.0/8 is directly connected, Seriall/l R C
NOTE:
Routing routing
table of router table.
R2 has been
completed.
All
the networks
are listed
in the
REDISTRIBUTION
OF OSPF INTO RIP - ROUTER R2
R3# configure terminal R3(config)* router rip R3(config-router)# redistribute R3(config-router)lt end R311
ospf
metric
Systems.
LATtiCE
STUDIES
-81-
'R ....
cblna imdtil-".m:l
ROUTING
Rl# show R
C
TABLE OF ROUTER Rl
REDISTRIBUTION OF OSPF INTO RIP)
ip route [120/1] via 12.1.1.2, 00;00;28, Serial1/0 is directly connected, LoopbackO [120/1J via 12.1.1.2, 00;00:28, Seriall/O [120/1J via 12.1.1.2, 00;00:12, Seriall/O [120/1] via 12.1.1.2, 00:00:28, Seriall/O [120/1] via 12.1.1.2, 00;00;12, Seriall/O is directly connected, Seriall/O Routing table of router Rl has been completed. All the networks are listed in the routing table. If there is no other router (except router R2) connected to router RI than there is no need to redistribute RIP into IGRP 2 on router Rl.
(AFTER PERFORMING
R R R
R C
34.0.0.0/8 1.0.0.0/8 2.0.0.0/8 3.0.0.0/8 4.0.0.0/8 23.0.0.0/8 12.0.0.0/8 NOTE;
Exercise No. 47
STANDARD IP ACCESS CONTROL LIST

An access list is essentially a list of conditions that categorize packets. They can be really helpful when you need to exercise control over network traffic. An access list would be your tool of choice for decision making in these situations. One of the most common and easiest to understand uses of access lists is filtering unwanted packets when implementing security policies. For example, you can set them up to make very specific decisions about regulating traffic patterns so that they'll allow only certain hosts to access web resources on the Internet while restricting others. With the right combination of access lists, network managers arm themselves with the power to enforce nearly any security policy they can invent. There list: are a few important rules that a packet follows when it's being compared with an access
D
D
It's always compared with each line of the access list in sequential order-that is, it'll always start with the first line of the access list, then go to line 2, then line 3, and so on. It's compared with lines of the access list only until a match is made. Once the packet matches the condition on a line of the access list, the packet is acted upon and no further comparisons take place. There is an implicit "deny" at the end of each access list-this means that if a packet doesn't match the condition on any of the lines in the access list, the packet will be discarded.
STANDARD ACCESS LISTS

These use only the source IP address in an IP packet as the condition test. All decisions are made based on the source IP address. This means that standard access lists basically permit or deny an entire suite of protocols. They don't distinguish between any of the many types of IP traffic such as web, Telnet, UDP, and so on.
rGRP
BASIC CONFIGURATION
Same as defined
OF Rl & R2
No. 42
in Exercise
CONFIGURING
Same as defined
IGRP ON ROUTER Rl & R2

in Exerc{se No. 42 All rights are reserved with Lattice Studies/Corvit Systems.
..Arneli
STUDIES
-82-
hoiLll'Wn!l"
ead
to
end
ROUTING TABLE OF ROUTER Rl & R2

(AFTER RUNNING
Rl# show C I C ip
IGRP)
route is directly connected, LoopbackO [100/8976] via 12.1.1.2, 00:00:04, is directly connected, Serial1/0
1.0.0.0/8 2.0.0.0/8 12.0.0.0/8
Seriall/O
R2# show
I C C
ip
route [100/8976] via 12.1.1.1, 00:00:07, is directly connected, LoopbackO is directly connected, Seriall/l Seriall/l
1.0.0.0/8 2.0.0.0/8 12.0.0.0/8
VERIFICATION
Rl# ping Protocol [ip]: Target IF address: 12.1.1.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: yes Source address or interface: 1.1.1.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [OxABCD]: Loose, Strict, Record, Timestamp, Verbose [no~el:' Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, I~a-byte ICMP Echos to 23.1 .. 3, ~imeout Packet sent with a source address of 1. x'
L
~
u::u:w
Success
rate
is 100 percent
(S/S),
round-trip
.
-,
VI.
2 seconds:
V'
min/avg/max
Rl# ping . '-', <, Protocol [ip]: ". Target IP address: 12.1.1.2 Repeat count [5]: Datagram size [100): Timeout in seconds [2): Extended commands .. In]: yes, Source add.re s s c r inter,fac·e.: 12.1.1.1 Type of serv~ce [0]: ! Set DF bit in IP header? [no]: Validate reply data? [noJ._:·' Data pattern [OXABCD]: .' Loose, Strict, Record, Timestamp, Verbose [none] : Sweep range of s i ze s [n~: Type escape "sequence . to' aboz t . Sending 5, 100,~yte ICMP ~chos to 23.1.1.3, timeout Packet sent wi tli·a.source address of 12.1.1.1
j
'"
= 44/50/60 ms
is 2 seconds:
[I!JJJ
..
Success
rate
is 100 percent
(5/5), round-trip
min/avg/max
44/50/60 ms
CREATING
STANDARD
IF ACCESS
?
CONTROL LIST
R2t configure terminal R2(config)# access-list 1<1-99> <100-199> <1100-1199> 1<1300-1999> <200-299> <2000-2699> <700-799> compiled ceNA practical Guide
. IP standard access listl IP extended access list Extended 48-bit MAC address access list IP standard access list· (expanded" rangeJI Protocol type-code access list IF extended access list (expanded range) 48-bit MAC address access list Enable IF access-list compilation All rights are reserved with Lattice Studies/Corvit Systems.
LArne&" STUDIES
dynamic-extended rate-limit Extend Simple You can type access list. access-list 5 ?
-83the dynamic ACL absolute timer rate-limit specific access list any number starting from 1 to 99 or 1300 to 1999 for a standard
NOTE:
R2(config)# Deny permit Iremark '
Specify packets to reject Specify packets to forward Acces:slisteJ?tryco:Irnnenij Using the access-list number access list number 5. 5 remark
NOTE:
R2(config)#
5, you're telling
WHOSE
the router
to create
a standard
IP
access-list
STOP ALL TRAFFIC
SOU~P
ADDRESS
IS 12.1.1.1
NO,.,
R2(config)* IHostnameOr any host
'hi. line i. u.od to oommont tho

5 deny ? mat'chl:(source .~'
0000"'
li"~~~~onOl
oo...nd.
access-list A,B~C.b
Addresst.o
IF Address] \ "" -, ,,_ ./

"'_>
Any source host A single host address
R2 (config) # acceSS-,list,' 5 , deny IA;B.C.D
12.1/.1.1.?
~~;>
, Wildcard
bitsl against
Log matches 5 5 OR
?1S
ent'~ 0.0.0.0
R2 (config) * access-list R2(config)* access-list
den 12.1.1.1, pe mit any
-,
R2 (config) * access-list/'5 deny R2 (config) # access-litt ,~ permit

NOTE:
..<,
ho_st/ 12.1.1.1 any
'-.
about wildcard
Before mask.
you 'W~fk/w~tli.>access-lists, you-s hou.Ld have ,strong knowledge / ~
<,
APPLYING
'ANDARD/I~CCESS
~-rmi~al"
CONTROL -L~
.•• .
,-
R2# configure
R2 (config) # interf'a<;:e serial III R2 (config-if) II ip access-group 5 .._in/ R2(config-if)1I end ._/ R2# .:' -'/
<
)'
":>
VERIFICATION RIll ping

Protocol [ip]: Target IP address: 12.1.1.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: yes Source address or interface: 1.1.1.1 Type of service [OJ: Set DF bit in IP header? [noJ: Validate reply data? [no]: Data pattern [DxABCD]: Loose, Strict, Record, Timestamp, Verbose [none] : Sweep range of sizes [nl: Type escape sequence to abort. Sending 5, 1DD-byte IeMP Echos to 12.1.1.1, timeout Packet sent with a source address of 1.1.1.1 rate is 100 percent
is 2 seconds:
DJJIIJ Success
(SIS), round-trip
min/avg/max
44/50/60
ms
CCNA Practical
Guide
Systems.
LAT'DCff STUDIES
-84-
Iv.o.vl
RI# ping Protocol [ip]: Target IP address: 12.1.1.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]; Extended commands [n]: yes Source address or interface: 12.1.1.1 Type of service [0]; Set DF bit in IP header? [no]: validate reply data? [no]: Data pattern [OxABCDj: Loose, Strict, Record, Timestamp, Verbose [none] : Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout Packet sent with a source address of 12.1.1.1 Success rate is 0 percent NOTE: (0/5)
is 2 seconds:
Target address 12.1.1.2 is UNREACHABLE with a source we have applied access-list on interface serial 1/1 traffic from source 12.1.1.1.
address of 12.1.1.1 because of router R2 to block ICMP
R2# show
access-lists
Standard IF access list 5 deny 12.1.1.1 permit any
R2# show
ip
interface
serial
1/1
Serial1/l is up, line protocol is up Internet address is 12.1.1.2/8 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled access list is not set access list is 5 Proxy ARP is enabled Security level is default Split horizon is enabled IeMP redirects are always sent IeMP unreachables are always sent IeMP mask replies are never sent -- rest of the output is omitted
REMOVING AN ACCESS CONTROL LIST

R2# configure terminal R2(config)* interface serial 1/1 R2(config-if)# no ip access-group R2(config-if)# exit R2(config)# no access-list 5 R2#
in
Systems.
LArnC'E STUDIES
-85-
Exercise No. 48
EXTENDED IP ACCESS CONTROL LIST

STANDARD ACCESS LISTS
Extended access lists can evaluate many of the other fields in the layer 3 and layer 4 headers of an IP packet. They can evaluate source and destination IP addresses, the protocol field in the Network layer header, and the port number at the Transport layer header. This gives extended access lists the ability to make much more granular decisions when controlling traffic.
IGRP
BASIC CONFIGURATION
OF ROUTER Rl & R2
Same as defined in Exercise No. 42
CONFIGURING
Same as defined in Exercise No. 42
ADDITIONAL
CONFIGURATION
OF ROUTER R2
R2# configure terminal R2(config)# line vty 0 4 R2(config-line)# password R2(config-line)# login R2(config-line)# end R2#
*****
VERIFICATION
Rl# telnet 12.1.1.2
Trying 12.1.1.2 ... Open User Access Verification Password: ***** R2> enable Password: ***** R2# exit [Connection to 12.1.1.2 closed by foreign host]
Rl#
CREATING
AN EXTENDED
IP ACCESS CONTROL
remark
LIST
R2# configure terminal R2(config)# access-list 101 ADDRESS 12.1.1.1 NOTE;
STOP TELNET TRAFFIC TO ROUTER R1 HAVING SOURCE IP
You· can type any number starting from 100 to 199 or 2000 to 2699 for an extended access list.
LATTiC':
STUDIES
-86-
Ruching
eDd 10 Inc!.
R2(config)# access-list <0-255> ahp eigrp esp gre icmp igmp igrp ip ipinip nos ospf pcp im tcp udp
101
deny
An IP protocol number Authentication Header Protocol Cisco's EIGRP routing protocol Encapsulation Security Payload Cisco's GRE tunneling Internet Control Message Protocol Internet Gateway Message Protocol Cisco's IGRP routing protocol Any Internet .Protocol IP in IP tunneling KA9Q NOS compatible IP over IP tunneling OSPF routing protocol Payload Compression Protocol Protocol Inde endent Multicast Transmission Control Protocol User Datagram Protocol 101 deny tcp
?
R2(config)# access-list
IA;B.C.D Source ado-ress Any source host any A single source host host R2(config)# IA.B.C.D access-list 101 deny tcp 12.1.1.1
Source wildcard bits I 101 deny tcp 12.1.1.1
Source IP Address: 12.1.1.1 Source WCM: 0.0.0.0 0.0.0.0

?
R2(config)# access-list
IA.B.C.D .Destil).ation.ad<iress Any destination host any Match only packets on a given port number eq Match only packets with a greater port number gt A single destination host host Match only packets with a lower port number It Match only packets not on a given port number neq Match only packets in the range of port numbers range R2(config)# access-list 101 deny tcp 12.1.1.1 0.0.0.0 12.1.1.2
?
IA.B.C.bC Destination wildcardbitsl R2(config)# access-list ack dscp 101 deny tcp 12.1.1.1 0.0.0.0 12.1.1.2 0.0.0.0
?
Ie:q· .
Match on the ACK bit Match packets with given dscp value Match established connections Match on the FIN bit Check non-initial fragments Match only packets with a greater port number Log matches against this entry Log matches against this entry, including input interface Match only packets with a lower port number Match only packets not on a given port number Match packets with given precedence value Match on the PSH bit Match only packets in the range of port numbers Match on the RST bit Match on the SYN bit Specify a time-range Match packets with given TOS value Match on the URG bit
established fin fragments gt log log-input

It neq
precedence psh range rst syn time-range tos urg <cr>
ceNA
~ractical Guide
Systems.
'-Arne&"
STUDIES
-S7-
R2(config)# <0-65535> bgp chargen cmd daytime discard domain echo exec finger ftp ftp-data gopher hostname ident ire klogin kshell login lpd nntp pim-auto-rp pop2 pop3 smtp sunrpc syslog tacacs talk telnet time uucp whois www
access-list
101
deny
tcp
12.1.1.1
0.0.0.0
12.1.1.2
0.0.0.0
eq
Port number Border Gateway Protocol (179) Character generator (19) Remote commands (rcmd, 514) Daytime (13) Discard (9) Domain Name Service (53) Echo (7) Exec (rsh, 512) Finger (79) File Transfer Protocol (21) FTP data connections (20) Gopher (70) NIC hostname server (101) Ident Protocol (113) Internet Relay Chat (194) Kerberos login (543) Kerberos shell (544) Login (rlogin, 513) Printer service (515) Network News Transport Protocol (l19) PIM Auto-RP (496) Post Office Protocol v2 (109) Post Office Protocol v3 (110) Simple Mail Transport Protocol (25) Sun Remote Procedure Call (111) Syslog (514) TAC Access Control System (49) Talk (517) Telnet (23) Time (37) Unix-to-Unix Copy Program (540) Nicname (43) World Wide Web (HTTP, SO)
23 is the number of
R2(config)# access-list R2 (config) # access-list OR R2(config)it access-list R2(config)# access-list NOTE:
101 101
deny permit
tcp ip
12.1.1.1 any any
0.0. O.
12.1.1.2
0.0.0.0
eq
2J
}
(which is an from any
101 101
deny permit
tcp ip
host 12.1.1.1 any any
host
12.1.1.2
eq
23
In the upper line, we are application of tcp) coming
telling router R2 to block telnet traffic from 12.1.1.1 for destination 12.1.1.2.
In the lower line, we are telling the other source address for any destination
router R2 to permit all traffic IP address of router R2.
APPLYING
EXTENDED
IP ACCESS CONTROL
LIST
R2# configure terminal 1/1 R2(config)# interface serial R2(config-if)# ip access-group 101 R2(config-if)it end R2Jt
in
VERIFICATION
R2# show access-lists
Extended IP access list 101 deny tcp host 12.1.1.1 host 12.1.1.2 permit ip any any
eq telnet
ceNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems.
LA1'l1c"£"
STUDIES
-88-
R2# show
ip
interface
serial
1/1
Serial1/1 is up, line protocol is up Internet address is 12.1.1.2/8 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inboqnd access lis.tis 101 Proxy ARP is enabled -- rest of the output is omitted --
R1# telnet
12.1.1.2
Trying 12.1.1.2 ... % Destination unreachable; R1#
gateway
or host down
Rl# ping Protocol [ip]: Target IP address: 12.1.1.2 Repeat count [5]: Datagram size [100J: Timeout in seconds [2J; Extended commands [n]: yes Source address or interface: 1.1.1.1 Type of service [0): Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [OxABCD]; Loose, Strict, Record, Timestamp, Verbose [none] ; Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte rCMP Echos to 12.1.1.2, timeout Packet sent with a source address of 1.1.1.1
is 2 seconds:
rrrrr
Success
rate is 100 percent
(515), round-trip
min/avg/max
44/50/60 ms
ITI:8JJ Success
Rl# ping Protocol [ip): Target IP address: 12.1.1.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2J: Extended commands [n]: yes Source address or interface: 12.1.1.1 Type of service [0]: Set DF bit in IP header? [noJ; Validate reply data? [noJ: Data pattern [OxABCD]; Loose, Strict, Record, Timestamp, Verbose [none] ; Sweep range of sizes [n): Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.1.2 timeout Packet sent with a source address of 12.1.1.1 rate is 100 percent (5/5), round-trip
is 2 seconds;
minlavglmax
44/50/60 ms
REMOVING AN ACCESS
CONTROL LIST
R2# configure terminal R2(config)* interface serial 1/1 R2(config-if)# no ip access-group R2(config-if)# exit R2(config)# no access-list 101 R2#
101
in
CCNA Practical
Guide
All rights are reserved with Lattice Studies/Carvit
Systems.
'STUDIES -ATtiC&'"
-89-
Exercise No. 49
NAMED IP ACCESS CONTROL LIST

NAMED ACCESS LISTS
lists are either standard Technically, there really are only two access-lists. Since named access or extended and not actually a new type. They're functionally the same.
IGRP
BASIC CONFIGURATION
Same as defined
OF ROUTER Rl & R2
No. 42
in Exercise
CONFIGURING
Same as defined

in Exercise No. 42
VERIFICATION
Rl# telnet Trying 12.1.1.2 ... Open
12.1.1.2
User Access Password: R2> enable Password: R2jf exit
Verification
*****
*****
to 12.1.1.2 closed by foreign host]
Rl#
[Connection
CREATING NAMED STANDARD

R2jf configure terminal R2{config)jf ip access-list extended log-update 10
?
IP ACCESS
CONTROL
LIST
Extended Access List Control access list log updates Control access list logging Standard Access List ip access-list standard ? number number
R2{config)#
<1-99> <1300-'1999> WORD
Standard IP access-list Standard IP access-list Access-list name I
(expanded
range)
ceNA
Practical
Guide
All rights
are reserved
with
Lattice
Studies/Corvit
Systems.
LA rner STUDIES
R2(config)# ip access-list deny permit OR R2(config-ext-nacl)# R2(config-ext-nacl)# deny permit standard SHAKEEL R2(config-ext-nac1)# R2(config-ext-nacl)# icmp 1.1.1.1 any ip any
-90-
0.0.0.0
2.2.2.2
0.0.0.0 }
icmp host 1.1.1.1 ip any any
host
2.2.2.2
}
icmp traffic with a source IP from any
NOTE:
In the upper line, we are telling 1.1.1.1 destined for 2.2.2.2.
router
R2 to block
In the lower line, we are telling the other source address for any destination R2(config-ext-nacl)# end
router R2 to permit all traffic IP address of router R2.
APPLYING
NAMED STANDARD
IP ACCESS
CONTROL
LIST
R2# configure terminal R2(config)# interface serial 111 R2(config-if)# ip access-group SHAKEEL R2(config-if)# end R2#
in
VERIFICATION
R2# show access-lists
Extended IP access list corvit deny icmp host 1.1.1.1 host 2.2.2.2 permit ip any any (42 matches)
(11 matches)
R2# show
ip
interface
serial
111
Seria11/l is up, line protocol is up Internet address is 12.1.1.2/8 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled access list is not set access list is SHAKEEL Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent -- rest of the output is omitted Rl# ping Protocol [ip]: Target IP address: 2.2.2.2 Repeat count [5): Datagram size (100): Timeout in seconds [2): Extended commands [nJ: yes Source address or interface: 1.1.1.1 Type of service [0): Set DF bit in IP header? [no): Validate reply data? [no): Data pattern [OxABCD): Loose, Strict, Record, Timestamp, Verbose [noneJ : Sweep range of sizes (nJ: Type escape sequence to abort. Sending 5, 100-byte rCMP Echos to 2.2.2.2, timeout Packet sent with a source address of 1.1.1.1 Success rate is 100 percent (5/5), round-trip
is 2 seconds:
Iv.v.vl
min/avg/max
44150/60
ms
Systems.
LATnCE
STUDIES
-91-
Ru.e:hIDIlI
ilnd
to *l1d
Rl# ping Protocol [ip]: Target IF address: 2.2.2.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: yes Source address or interface: 12.1.1.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [DxABCD]: Loose, Strict, Record, Timestamp, Verbose [none] : Sweep range of sizes [nl: Type escape sequence to abort. Sending 5, lDD-byte ICMP Echos to 2.2.2.2 timeout is 2 seconds: Packet sent with a source address of 12.1.1.1 ! 1!!! Success rate is 100 percent (5/5), round-trip min/avg/max 44/50/60
ms
REMOVING
AN ACCESS
CONTROL LIST
R2# configure terminal R2(config)# interface serial 1/1 R2(config-if)# no ip access-group SHAKEEL in R2(config-if)# exit R2(config)# no ip access-list extended corvit R2#
Exercise No. 50
STATIC NAT
(NETWORK ADDRESS TRANSLATION)

is required to For each local
Static NAT is a simple one-to-one mapping of private and public addresses. This support inbound connections from your public network into your private network. address defined, there has to be an associated globally unique address.
R1
R2
FaslelhernellJllJ 192.168.1.5124
II-
Inside Local IPAddress
Fasle!herne! 010 10.1.1.218
BASIC CONFIGURATION
OF ROUTER Rl
Router> enable Router# configure terminal Router(config)# hostname Rl Rl(config)# interface serial 1/0 R1(config-if)# ip address 12.1.1.1 255.0.0.0 Rl(config-if)# no shutdown Rl(config-if)# ip nat outside ~-----Rl(config-if)# exit Rl(config)# interface fastethernet 010 Rl(config-if)# ip address 192.168.1.5 R1(config-if)# no shutdown R1 (config-if) if no keepalive [For Rl(config-if)# ip nat inside ~~._----Rl(config-if)# exit
255.255.255.0
GNS
users, apply
this
command if
no device
is
attached
with
FaO/O]
CCNA
Practical Guide
All rights
are reserved
with Lattice
Studies/Corvit
Systems.
LATnCE STUDIES
BASIC CONFIGURATION OF ROUTER R2
Router> enable Router# configure terminal Router(config)# hostname R2 R2(config}# interface serial 1/1 R2(config-if)# ip address 12.1.1.2 R2(config-if)# clock rate 64000 R2(config-if)# no shutdown R2(config-if)# exit R2(config)# interface fastethernet R2(config-if)# ip address 10.1.1.2 R2(config-if)# no shutdown R2(config-if)# no keepalive R2(config-if)# exit
-92-
255.0.0.0
0/0 255.0.0.0
[For GNS use z-s , apply this command if no device is attached with FaD/D]
CONFIGURING

255.0.0.0 12.1.1. 2
RI* configure terminal R1 (config) * ip route 10.0.0.0
CONFIGURING
Rl(config)* Stateful create linside· log outside pool service source translation Rl(config)# destination Isource R1(config)# list ip ip ip
STATIC NAT ON ROUTER Rl

nat ?
Stateful NAT configuration commands Create flow entries .Ins:i,d.e··ad,ll:ess.transla.dop NAT Logging Outside address translation Define pool of addresses Special translation for application Source address translation NAT translation entry configuration nat inside ?
using
non-standard
port
Destination address translation ·Sourceaqdress translation I nat inside source ? local addresses
R1(config)#
ip
nat
inside
source
static
IA.B.C.D .Inside. local.IFaddressl esp IPSec-ESP (Tunnel mode) SUpport network Subnet translation tcp Transmission Control Protocol udp User Datagram Protocol Rl(config)# IA.B.C.D interface Rl(config)# R1(config)# ip nat inside source static 192.168.1.5 ?
Inside global· IP addz ess I Specify interface for global ip nat exit inside source
address 192.168.1.5 12.1.1.3
static
RlII
VERIFICATION
Rl# show ip nat translations Inside local 192.168.1.5 Outside local Outside global
Pro Inside global 12.1.1.3 CCNA Practical Guide
All rights are reserved with Lattice Studies(Corvit
Systems.
'-Arne.:
STUDIES
-93-
Etlll.r:hinljl'
Ind.
to
and
R1# debug
ip
nat
IP NAT debugging is on
R1# ping
Protocol [ip): Target IP address: 10.1.1.2 Repeat count [5): Datagram size [100): Timeout in seconds (2): Extended commands [n): yes Source address or interface: 192.168.1.5 Type of service (0): Set OF bit in IP header? [no): Validate reply data? [no): Data pattern [OxABCD): Loose, Strict, Record, Timestamp, Verbose [none) : Sweep range of sizes [n): Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: Packet sent with a source address of 192.168.1.5
~ !! ! !
'~
Success
Rl#
~~r
R1# show
*Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar
1 1 1 1 1 1 1 1 1
00:21:20.879: 00:21:21.063: 00:21:21.071: 00:21:21.171: 00:21:21.175: 00:21:21.307: 00:21:21.311: 00:21:21.531: 00:21: 21.535:
NAT: s-192.168.1.5->12.1.1.3, d-10.1.1.2 [0) NAT*: s=10.1.1.2, d=12.1.1.3->192.168.1.5 [0) NAT~.S==92.168.1.5-~12.1.1'M' =10.1.1.2 [1) NAT. s-10.1.1.2, d-12.1.1.3- 192.168.1.5 [1) NAT: s=192.168.1.5->12.1.1. , d=10.1.1.2 [2) NAT*: s=10.1.1.2, d=12.1.1.3~>192.168.l.5,(21 NAT: s=192.168.1.5->12.1;1-;3" d=10.1.1.2 (3') NAT*: s=10.1.1.2, d=1;~i.1.3->I92.l6B';1.S.,[3) NAT: s=192 .168.;: 5Z12 .1.1.3, d=10 .1.1.2 [4J 3->7'~~:~:~·1.5
[4)
;o::~~::l~::~:::~g N:::: b:::O ~:~:2:f:1~~>
-,
NOTE:
Type
nat
u all ~--~statistics
from keyboard to <i:~~n'offdebugging. ~

-,
ip
~
./ ..
-v-,
Total active translations: 1 (1 stati:c, 0 dynamic; Outside interfaces: Seriall/O ,/ Inside interfaces: FastEthernet9JO" -,? / Hits: 10 Mi~ses: a / CEF Translated packet's: 5, Cf:F Punted' packets: a Expired translatl.ons: 1 Dynamic mappings: Queued Packets: "0
<,
extended)
CCNA
Practical
Guide
All
rights
are reserved
with Lattice
Studies/Corvit
Systems.
LArne.:
STUDIES
-94-
R-!'IllIlhlng
oIiIIId 10 Inc!.
Exercise No. 51
DYNAMIC NAT (NETWORK ADDRESS TRANSLATION)

Dynamic NAT can only be used to establish connections from within the private network out to the public network. A pool of network addresses is maintained and used when an outbound connection is made. Each connection is assigned a unique public address. The maximum number of simultaneous connections is equal to the number of public addresses in the pool. This is similar to a one-toone correspondence between addresses. Dynamic NAT allows you to communicate with the Internet through a dynamic NAT address. The figure below illustrates Dynamic NAT.
R1
Serial1/1 12.1.1.2/8
R2
Inside Local __IP Addresses Faslelhernet 0/0 192.168.1.5/24 192.168.1.6 Secondary 192.168.1.7 Secondary 192.168.1.8 Secondary
Faslelhernet 0/0 10.1.1.2/8
BASIC CONFIGURATION
OF ROUTER Rl
Router> enable Router# configure terminal Router(config)# hostname Rl Rl(config)# interface serial I/O Rl(config-if)# ip address 12.1.1.1 255.0.0.0 Rl(config-if)# no shutdown R1(config-if)# ip nat outside ~~f-----R1(config-if)# exit R1[config)# interface FastEthernet 0/0 R1(config-if)# ip address 192.168.1.5 R1(config-if)# ip address 192.168.1.6 R1(config-if)# ip address 192.168.1.7 Rl(config-if)# ip address 192.168.1.8 R1(config-if)# no shutdown R1 (config-if) # no keepalive [For Rl(config-if)# ip nat inside ~~~---R1(config-if)# end R1# write 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
GNS users, apply this
secondary secondary secondary

command if no device is attached with FaO/O]
BASIC CONFIGURATION
OF ROUTER R2
Router> enable Router# configure terminal Router(config)# hostname R2 R2(config)# interface serial 1/1 R2(config-if)# ip address 12.1.1.2 R2(config-if)# clock rate 64000 R2(config-if)# no shutdown R2(config-if)# exit R2(config)# interface FastEthernet R2(config-if)# ip address 10.1.1.2 R2(config-if)# no shutdown R2(config-if)# no keepalive R2(config-if)# end R2# write
255.0.0.0
a/a
255.0.0.0
[For GNS users, apply this command
if no device
is
attached
with
FaO/O]
CONFIGURING

255.0.0.0 12.1.1.2 All rights are reserved with Lattice Studies/Corvit Systems.
terminal RH configure R1(config)# ip route 10.0.0.0
LA TnC"E STUDIES
CREATING
Rl(config)~ Rl(config)# Rl(config)#
-95-
SOURCE LIST USING ACCESS-LIST

access-list access-list access-list 2 2 2 permit permit permit 192.168.1. 6 192.168.1.7 192.168.1.8
ON ROUTER Rl
CONFIGURING
Rl(config)# R1(config)* ip ip
DYNAMIC NAT ON ROUTER Rl

nat nat inside source pool SHAKEEL list 2 12.1.1.3 pool SHAKEEL 12.1.1.5 netmask 255.0.0.0
VERIFICATION
Rl# debug ip nat IP NAT debugging is on
Rl# ping Protocol [ip]: Target IP address: 10.1.1.2 Repeat count [5J: Datagram size [100]: Timeout in seconds [2]: Extended commands [nJ: yes Source address or interface: 192.168.1.6 Type of service [0]: Set OF bit in IP header? [no]: Validate reply data? [no]: Data pattern [OxABCD]: Loose, Strict, Record, Timestamp, verbose [none] : Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: Packet sent with a source address of 192.168.1.6 ! ! ! ~! Success rate is 100 percent (5/5), round-trip min/avg/max = 361105/152
Rut
ms
*Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar
1 1 1 1 1 1 1 1 1 1
00:54:59.695: 00:54:59.847: 00:54:59.851: 00:54:59.987: 00:54:59.991: 00:55:00.063: 00:55:00.067: 00:55:00.095: 00:55:00.103: 00:55:00.231:
NAT: s=192.168.1.6->12.1.1.4, d=10.1.1.2 NAT*: 5=10.1.1.2, d=12.1.1.4->192.168.1.6 d=10.l.1.2 NAT: 5=192.168.1.6->12.1.1.4, NAT*: s=10.1.1.2, d=12.1.1.4->192.168.1.6 NAT: s=192.168.1.6->12.1.1.4, d=10.1.1.2 NAT*: s=10.1.1.2, d=12.1.1.4->192.168.1.6 d=10 .1.1. 2 NAT: 5=192.168.1.6->12.1.1.4, NAT*: s=10.1.1.2, d=12.1.1.4->192.168.1.6 d=10.1.1.2 NAT: s=192.168.1.6->12.1.1.4, NAT* : 5=10.1.1.2, d=12.1.1.4->192.168.1.6
[25] [25] [26] [26] [27] [27) [28] [28] [29J [29]
Rl# ping Protocol [ipJ: Target IP address: 10.1.1.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: yes Source address or interface: 192.168.1.7 Type of service [0]: Set DF bit in IP header? [noJ: Validate reply data? [noJ: Data pattern [OxABCDJ: Loose, Strict, Record, Timestamp, Verbose [noneJ : Sweep range of sizes [nJ: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: Packet sent with a source address of 192.168.1.7 !u u Success rate is 100 percent (5/5), round-trip min/avg/max = 60179/116 Rl# *Mar 1 00:52:17.867: NAT: s=192.168.1.7->12.1.1.3, d=10.1.1.2 [20] *Mar 1 00:52:17.939: NAT*: s=10.1.1.2, d=12.1.1.3->192.168.1.7 [20] *Mar 100:52:17.943: NAT: 8=192.168.1.7->12.1.1.3, d=10.1.1.2 [21J
CCNA Practical Guide All rights are reserved with
ms
Lattice
studies(Corvit
Systems.
LA TnCS" STUDIES
*Mar *Mar *Mar *Mar *Mar *Mar *Mar 1 1 1 1 1 1 1 00:52:18.055: 00:52:18.059: 00:52:18.143: 00:52:18.147: 00:52:18.203: 00:52:18.207: 00:52:18.267: NAT*: NAT: NAT*: NAT: NAT*: NAT: NAT*:
-96s=10.1.1.2, d=12.1.1.3->192.168.1.7 5=192.168.1.7->12.1.1.3, d=10.1.1.2 s=10.1.1.2, d=12.1.1.3->192.168.1.7 s=192.168.1.7->12.1.1.3, d=10.1.1.2 s=10.1.1.2, d=12.1.1.3->192.168.1.7 5=192.168.1.7->12.1.1.3, d=10.1.1.2 s=10.1.1.2, d=12.1.1.3->192.168.1.7 [21] [22) [22] [23) [23) [24) [24)
Rl# ping Protocol [ip): Target IP address: 10.1.1.2 Repeat count [5): Datagram size [100): Timeout in seconds [2]: Extended commands [n): yes Source address or interface: 192.168.1.8 Type of service [D): Set DF bit in IP header? [no): Validate reply data? [no): Data pattern [oxABCD): Loose, Strict, Record, Timestamp, Verbose [none] : Sweep range of sizes [n): Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, t Lmqout; is '2 aecbnds : Packet sent with a source address of 192.168.X~8" , ~~~~!ss Rut *Mar *Mar *Mar *Mar *Mar *Mar rate is 100 percent (5/5), roun~p. " min/~:'~ax = 32/132/200 ms
-:>
:~:~ :~~;~ :;;8~:i;:i:i;~>i;~:i~/i~8 i~~ ~~i~ ~;~~;~ :'s~:i~1~~ : r~~h

*Mar *Mar 1 00: 5 6:27.867: 1 00:56:27.891:
NAT·*:
'\ 1 00: 56:27 .223: NAT:. S=~92.168/Y. 8-~1~1,1. 5~ d=),0.1.1.2 [30) 1 00:56:27.323: NAT .: ~-10.1.1.2, ~-12.~1.5 >1:'2.168.1.8 [30J 100:56:27.327: NAT:.S-':92)68.1.8 ~12.1.~5~ d-10.1.1.2 [31] 1 00.56.27.527. NAT. s-19.1.1.2, d-12.1.1,.5 >192.168.1.8 [31] 1 00:56:27.531: NAT~.S=':92.168.1.8-~12.1.1.5~ d=10.1.1.2 ~32] 1 00:56:27.703: NAT. 5-10.1.1.2, d-12.1.1.5 >192.168.1.8 ~2) NAT :S=19~: ~~\~/8(_>12 .1.1. 5, d=10.1 ~1.2',J34): s=10.1.1.2, d=12.1.1.5->19~.168.1.B,[341 // has been turned -, ~' _~."""
/
Rl# u all All possible/debugging

< NO'rE
off
"
?.....
-.
Type
/
u
,,/
>all
from keyboard
,')
to trn
-.
off debugging .
'
Rl# show
ip
n~,~rans~ations Inside localV 192.168/1.6"; 192.168.}.7< 192.168.1.-8:6 192.168.1.8

/",_
/ Out~lde local Outside global
Pro Inside global 12.1.1.4 12.1.1.3 icmp 12.1.1.5:6 --- 12.1.1.5
10.1.1.2:6
10.1.1.2:6
Rl# show
ip
nat
statistics 0 extended)
Total active translations: 3 (0 static, 3 dynamic; Outside interfaces: Seriall/O Inside interfaces: FastEthernetO/O Hits: 60 Misses: 0 CEF Translated packets: 30, CEF Punted packets: 0 Expired translations: 6 Dynamic mappings: -- Inside Source [Id: 1] access-list 2 pool SHAKEEL refcount 3 pool corvit: netmask 255.0.0.0 start 12.1.1.3 end 12.1.1.5 type generic, total addresses 3, allocated Queued Packets: 0
3 (100%), misses

CCNA LAB Manual Corvit

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

CCNA LAB Manual Corvit

Încărcat de

Drepturi de autor:

Formate disponibile

~.

.. --_.-- ..--_----~ -,---._ ..

Reaching end to end

MUHAMMAD SHAKEEL ASHRAF CCNA, JNCIA-ER, JNCIA-EX, JNCIS-ER

HAROON AHMAD MALIK

----.---.~-.-------- "--'_ -..:..~.~~--------

Ex.ercise Exercise Exercise

Exercise Exercise Exercise Exercise Exercise Ex.ercise Exercise Exercise

106 106 107 108 108

E:xercise Exercise Ex:ercise

Exercise Exercise E .... ercise

109 109 109 109 109

HOW TO ATTACH A ROUTER WITH A PC?

9 Pin DB-9 conne ctor

Plug DB-9 connector CPU.

RIIIIIlhin"ll ond 10 -ond

Open HyperTerminal Start' Programs

Set~~s 5o""h Help.nd S"Pport

Easv Pdf Pass_d

lOQ Off dsoo ...

(NOTE: This image

CCNA Practical Guide

All rights are reserved

fiiIj New COIYIeCtion

-----------------~::::-=h:·~-c_/,_ --l ...

may be found at:

All rights are reserved witJ Lattice Studies/Corvit

00:00:21.402: 00:00:21.402: 00:00:21.402: 00:00:21.406: 1 00:00:21.406: 1 00:00:22.592:

:~~~ s!a~~: 00: 27. 6~4: %SNMP,-~~DSTP(l\Z~'SNMP'

Router# configure terminal Enter configuration commands, NOTE:

one per line.

End with CNTL/Z. can

Router(config)# exit *Mar 1 00:34:42.593: Router# exit Router>

CONFIGURING DATE & TIME

2010 All rights are reserved with Lattice Studies/Corvit

CCNA Practical Guide

the MOTD ter,

(Message of the Day) banner

It is used before starting and ending of a message.

WELCOME TO CORVIT CORVIT>

! NVRAM config last updated

hostname CORVIT boot-start-ma:rke:r boot-end-ma:rker no aaa new-model ip subnet-ze:ro ip cef

ip audit po max-events 100 ceNA

line con 0 line aux 0 line vty 0 4 no login

LINE CONSOLE PASSWORD

is used for checking

Press RETURN to get started. WELCOME TO CORVIT

CCNA Practical Guide

All rights are reserved with Lattice Studies/Corvit

LINE VTY / TELNET PASSWORD

process, see Exercise No. 35 (How to telnet a router?) .

AUXILIARY LINE PASSWORD

PASSWORD FOR PRIVILEGED MODE

CORVIT# configure terminal CORVIT(config)# enable password CORVIT(config)# exit CORVIT#

CCNA Practical Guide

All rights are reserved with Lattice Studies!CorvitSystems.

version service service

debug datetime msec log datetime msec

User Access Password: CORVIT>

hostname CORVIT ! boot-start-marker boot-end-marker

CORVIT> enable Password: corvit222 CORVIT#

SECRET (ENCRYPTED) PASSWORD FOR PRIVILEGED MODE

show \un'r;,ing-c~~fig config~ration.l. , ./

:~ s!a: 00: 27. 6~4: %SNMP,-~~DSTP(l\Z~'SNMP'