Ccna lab manual[1]

1

Cisco DEVICE AND
IOS BASICS

2

Device connectivity Basics

The series of diagrams below reveal the cable types used for various
device connectivity.

I. Console Connectivity to configure a switch using management host

a. PC serial port to Switch Console port

Catalyst Switch

Rollover cable is being used

Management Console

b. For remote Configuration through Auxiliary interface

Internet cloud
Aux 0
Modem
Remote computer Modem

3

II. Network Connection

a. To cascade same type of device use Cross-Over cable.

b. For HUB/SWICH to PC/ROUTER – straight through cable is used & Cross-
over cable is used between PC – Router & Hub – Switch.

Switch
Host Straight Through cable
Cross Over cable Cross Over cable

Router HUB

Setting up the Management Console (windows environment):

First let’s setup the Hyperterminal from windows – for interfacing with
the Cisco Devices and issue commands. Here we go…

4

Path to trigger the emulation software from your Desktop
Click start  Programs  Accessories  Communications  Hyper
Terminal

We’ll name our Session My_Lab. The next screen requires us to configure
the COM port to which we are going to connect our Cisco Device.

5

Next, choose the default settings, else communication will be a
problem !

On clicking OK, we’ll see the below screen & we are ready to talk to
our CISCO Switch/Router !

6

IOS BASICS
Pressing the RETURN key takes us to the USER EXEC mode.

Switch con0 is now available

Press RETURN to get started.

Switch>

The “>” prompt denotes user exec mode. To move into Privilege mode, we
use the “enable” command.

Switch>enable
Switch#

Privilege mode is identified with the “#” symbol. “configure terminal”
command takes us into the global configuration mode where we can
configure global parameters like hostname etc for the entire device.

Switch#configure terminal
Switch(config)#

To get into any specific interface mode we have use the “interface”
command with relevant interface number. To configure parameters
specific to interface 1 of module 0, we issue the command as shown
below.

7

Switch(config)#interface fastethernet 0/1
Switch(config-if)#

This is the sequence with which we change modes in the forward
direction. Let’s now move backwards now.

Switch(config-if)#exit
Switch(config)#

To go one step backward we have to use the command “exit”

Switch(config)#exit
Switch#

However, we must use the command “disable” to move from privilege to
user exec mode. If we use “exit”, it’ll log us out (and we’ll again see
the first message

Press RETURN to get started)

Switch#disable
Switch>

To logout, we use the “exit” command again.

Switch>exit


Press RETURN to get started

NOTE : We can use ^Z to directly move backward 2 steps – from interface
mode to privilege mode.

Config-if# ^Z

Switch#

Also note that we can use “?” whenever we want to see the various
commands available in a particular mode or want to find out what
commands begin with a certain letter etc. This can be easily observed
in the below case.

Router#?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
access-template Create a temporary Access-List entry
archive manage archive files
cd Change current directory
<output omitted>

Router#s? (displays all commands beginning with “s”)
*s=show send setup slip squeeze start-chat systat

8

If we typed a wrong spelling & try to use help the output will display
as “Unrecognized command”. The same message is displayed even if we try
to use help when no further arguments are possible (or wrong arguments
used). Look at the below examples...
Router#show router ?
% unrecognized command

Router#show ip a
% Ambiguous command: "show ip a"

Router#show ?
access-expression List access expression
access-lists List access lists
accounting Accounting data for active sessions
aliases Display alias commands
arp ARP table
<output omitted>

Another interesting aspect is that we don’t have to type the entire
command. We can just type the first few letters of a command (to the
extent that only one command begins with the typed letters) and press
tab – the command is completed for us! (Even if we don’t complete the
command, it’ll accept!)

Using tab key
Let‟s just type “sh” and use the tab key tab key

Router#sh (tab)
Router#show

There are some shortcut keys that’ll help us to work with IOS faster.
Their description & use is given below.
Shortcut keys to access your CLI mode

CTRL-A Moves the cursor to the beginning of the line
CTRL-E Moves the cursor to the end of the line
ESC-B Moves the cursor back one word at a time
ESC-F Moves the cursor forward one word at a time
CTRL-B Moves the cursor back one character at a time
LEFT ARROW Moves the cursor back one character at a time
CTRL-F Moves the cursor forward one character at a
time
RIGHT ARROW Moves the cursor forward one character at a
time
CTRL-P Recalls the last command
UP ARROW Recalls the last command
CTRL-N Recalls the most previously executed command
DOWN ARROW Recalls the most previously executed command
CTRL-D Deletes the character the cursor is under
BACKSPACE Deletes the character preceding the cursor
CTRL-R Redisplays the current line
CTRL-U Erases the line completely

9

CTRL-W Erases the word the cursor is under
CTRL-Z Takes you from Configuration mode back to
Privilege EXEC mode
TAB Once you enter a few characters and hit the TAB
key, the IOS device completes the word,
assuming that you typed in enough characters to
make the command or parameter unique
$ When this appears at the beginning of a command
line, it indicates that there are more
characters to the right of the $.

11

General Experiments with Basic Switch Commands

Assume we are on a Switch console and the switch’s ready – we see the
below message



(press the return key)

Switch> this is our user exec mode

To get into privilege mode use the command “enable”

Switch>enable

Switch# The prompt has changed from “>” to “#”. if you see “#” after
the hostname you are in Privilege mode

To get back from privilege mode to user exec mode use the command
disable

Switch#disable

Switch>

To get into global configuration mode use the following commands

Switch>enable
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# This prompt indicates global configuration mode

To get into specific interface mode use the following commands

Switch>enable
Switch(config)#interface Fastethernet 0/1
Switch(config-if)#

Let’s add some description to the interface fastethernet 0/1 –
indicating that Host1 is connected to this interface. We do this from
the specific interface mode

Switch>enable
Switch(config)#interface Fastethernet 0/1
Switch(config-if)#description Host1

Check out this description in running configuration using the command
“show running configuration”

Switch#show running-config
Building configuration...

12

Current configuration : 130 bytes
!
interface FastEthernet0/1
description Host1
no ip address
end (irrelevant output omitted)

Let’s see some more basic show commands. (All show commands work only
in privilege mode)

To view details of interfaces/particular interface use
“show interfaces” (or) “show interfaces <interface type interface id>
e.g.
Switch#show interfaces Fa 0/1
FastEthernet0/1 is down, line protocol is down
Hardware is FastEthernet,address is 000d.ed5b.49c1(bia 000d.ed5b.49c1)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
<output omitted>

We can also observe that it’s sufficient to use the first few letters
of the keyword Fastethernet – once these letters identify the unique
command, the balance letters needn’t be typed !

Switch#show interface vlan 1
Vlan1 is administratively down, line protocol is down
Hardware is CPUInterface,address is 000d.ed5b.49c0(bia 000d.ed5b.49c0)
Encapsulation ARPA, loopback not set
<output omitted>

Switch#Show spanning-tree
No spanning tree instances exist.

Following is the command to see the current device configuration which
is in the RAM.

Current configuration : 866 by
version 12.1
!
hostname Switch
!
description Host1
no ip address
<output omitted>
!
no ip address
!
interface Vlan1
no ip address
no ip route-cache

13

shutdown
!
line con 0
line vty 5 15
!
End

Switch#Show startup-config
!
version 12.1
!
hostname Switch
!
!
description Host1
no ip address
!
!
no ip address
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
line con 0
line vty 5 15
!
end

Another interesting command to view the connectivity status of various
interfaces is “show interface status”

Switch#show interface status

Port Name Status Vlan Duplex Speed Type
Fa0/1 Host1 connected 1 a-half a-10 10/100BaseTX
Fa0/2 notconnect 1 auto auto 10/100BaseTX

Now, let’s see the content of the mac-address-table of our switch -
after disconnecting all connected computers (no devices connected to
any interface of the switch) – using the “show mac-address-table”
command

14

Switch#show mac-address-table
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----

No entries are seen! Let’s connect a host (computer) to port no. 1 and
generate some traffic from it.

As soon as we connect the host to the switch in the port 1 the
following message can be observed on the screen

02:18:06:%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
02:18:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/1, changed state to up

To generate traffic (for the switch to learn from source address of
frame) we’ll ping from the host to some IP address & then execute the
show mac-address-table command again.

Switch2950#sh mac-address-table
Mac Address Table
------------------------------------------
---- ----------- ---- -----
1 0040.33a0.4bc7 Dynamic Fa0/1

Total Mac Addresses for this criterion: 1

The above table reveals the mac address of the host connected to
interface fa0/1. It also reveals that this is a dynamically learnt
entry.

If 2 switches are interconnected directly to each other (cascading)
let’s see what happens. We shall use this simple diagram for better
understanding.

F0/12 F0/12

Switch A Switch B

F0/1 F0/2 F0/1 F0/2

0000.0000.0002 0000.0000.0001 0000.0000.000A 0000.0000.000B

15

Now we see Switch A’s mac address table as below

SwitchA#sh mac-address-table
Mac Address Table
------------------------------------------
---- ----------- ---- -----
1 0000.0000.0002 Dynamic Fa0/1
1 0000.0000.0001 Dynamic Fa0/2
1 0000.0000.000A Dynamic Fa0/12
1 0000.0000.000B Dynamic Fa0/12
1 0000.0000.00B1 Dynamic Fa0/12
1 0000.0000.00B2 Dynamic Fa0/12

We observe that this switch reveals the cascaded switch B’s connected
host mac addresses and switch B’s Base Mac address (0000.0000.00B1) &
switch B’s cascade interface Fa0/12 Mac address (0000.0000.00B2) also.
A similar output would be seen for switch B’s mac table (shown below).
The base Mac Address is common for the entire switch while every
interface of the switch has a unique Mac address of its own also.

SwitchB#sh mac-address-table
Mac Address Table
------------------------------------------
---- ----------- ---- -----
1 0000.0000.000A Dynamic Fa0/1
1 0000.0000.000B Dynamic Fa0/2
1 0000.0000.0001 Dynamic Fa0/12
1 0000.0000.0002 Dynamic Fa0/12
1 0000.0000.00A1 Dynamic Fa0/12
1 0000.0000.00A2 Dynamic Fa0/12

Let’s see what “show interface status” command reveals

SwitchA#show interface status
<output omitted>
Fa0/12 Trunk 1 auto auto 10/100BaseTX

SwitchB#show interface status
<output omitted>

It displays the cascade link as TRUNK.

Another interesting command to view various details regarding the
switch’s configuration is “show version”

16

Switch#show version
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 24-Nov-02 23:31 by antonino
Image text-base: 0x80010000, data-base: 0x80562000

ROM: Bootstrap program is CALHOUN boot loader

Switch uptime is 4 hours, 33 minutes
System returned to ROM by power-on
System image file is "flash:/c2950-i6q4l2-mz.121-12c.EA1.bin"

cisco WS-C2950-12 (RC32300) processor (revision K0) with 21002K bytes
of memory.
Processor board ID FOC0739W1K0
Last reset from system-reset
Running Standard Image
12 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0D:ED:5B:49:C0
Motherboard assembly number: 73-5782-12
Power supply part number: 34-0965-01
Motherboard serial number: FOC07391MM3
Power supply serial number: PHI073402LD
Model revision number: K0
Motherboard revision number: A0
Model number: WS-C2950-12
System serial number: FOC0739W1K0
Configuration register is 0xF

To save our current configuration from RAM to NVRAM (startup
configuration) we use the command copy running-configuration startup-
configuration (Alternately the “write” command may also be used)

Switch#copy running-config startup-config
Destination filename [startup-config]?
[OK]

If we want to restart the switch use the following command

Switch#Reload – (used to warm boot the switch)

To clear all the contents of the mac table, use the below command (this
will remove only dynamic entries. Static/Permanent entries will not be
removed).

Switch#clear mac-address-table *

To delete the startup configuration, use

Switch#erase startup-config

To change our switch name to “Switch2950”

17

Switch(config)#hostname Switch2950
Switch2950(config)#

To configure secret (encrypted) password for privilege mode (password
is set as “cisco1” in the below example)

Switch2950(config)#enable secret cisco1

After configuring the secret password let see the output in show
running-config command

Switch2950#show run
<output omitted>
hostname Switch2950
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/ (this is how the
encrypted password is seen)
!
<output omitted>
End

To configure enable password for privilege mode

Switch2950(config)#enable password cisco (to configure enable password
for privilege mode)

Switch2950#sh run
<output omitted>
hostname Switch2950
!
enable password cisco (our password is in clear text which is in
readable format)
!
<output omitted>
end

To configure the console password, the following is the sequence.

Switch2950(config)#line console 0
Switch2950(config-line)#login
% Login disabled on line 0, until 'password' is set
Switch2950(config-line)#password cisco

show running-config reveals

!
line con 0
password cisco
login
!
<Out put omitted>

18

If we restart / relogin into the switch, it asks for the password in
the beginning itself

Switch2950 con0 is now available


User Access Verification

Password: (here we have to supply the console 0 password to get into
user exec mode)

Let’s observe the whole running-config output

Switch# show running-config

!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/
enable password cisco
!
ip subnet-zero
!
!
description Host1
no ip address
!
no ip address
!
no ip address
!
no ip address
!
no ip address
!
no ip address
!
no ip address
!

19

no ip address
!
no ip address
!
no ip address
!
no ip address
!

!
interface Vlan1
no ip address
shutdown
!
ip http server
!
!
line con 0
password cisco
login
line vty 0 4
line vty 5 15
!
End

Note: if both secret and enable passwords exist, only secret will be
used to get into privilege mode.

Let’s say we have some remote administrators who’ll logon into this
switch remotely. (They can do so because Cisco switches run terminal
services). However, setting the vty password is a must for telnet
access & this is how we do it.

Lets start configuring the VTY sessions

Switch2950(config)#line vty 0 15
Switch2950(config-line)#login

20

This reveals that 16 simultaneous telnet sessions are possible! we have
to configure the password to enable all these 16 sessions
Switch2950(config-line)#password cisco
Switch2950(config-line)#

This config alone is not sufficient for telnetting. We need to define
an IP address to the switch and only then telnet is possible. Where do
we configure an IP address in the switch ?

Switch2950>enable
Switch2950#configure terminal
Switch2950(config)#interface vlan 1
Switch2950(config-if)#ip address 1.1.1.1 255.0.0.0 (this is the command
to configure ip address for an interface).

So, we configure the IP address to VLAN1 (we’ll learn more about vlan
later).

Switch2950(config-if)#no shutdown (after assigning the ip address we
have enable the interface using the “NO SHUTDOWN” command). We will be
able to see the below message.

01:33:27: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
01:33:29: %LINK-3-UPDOWN: Interface Vlan1, Line Protocol changed state
to up

Let’s now see how we can control the speed & Duplex operation of the
switch

Switch2950(config)#interface fastethernet 0/1
Switch2950(config-if)#duplex half

Note : Duplex will not be set until speed is set to non-auto value

Switch2950(config-if)#speed 10
Switch2950(config-if)#duplex half

Now check the out put in show interface status command
Switch#show interface status

Fa0/1 Host1 connected 1 half 10 10/100BaseTX

21

Had the switch auto negotiated, the output would have been
Fa0/1 Host1 connected 1 a-half a-10 10/100BaseTX

a-half a-10 means auto negotiated with connected device to half
duplex & 10 Mbps.

PORT SECURITY : Let’s now learn how switch interfaces can be configured
to allow connectivity only for pre-defined hosts (based on their Mac-
Addresses). This is done on a per interface basis.

Before configuring port security for the interfaces, let’s see the
output of “show port-security” command

Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Total Addresses in System : 0
Max Addresses limit in System : 1024

Now let’s configure port security for interface Fa 0/1 – only system
with mac id 0000.0000.a111 should be allowed connectivity – any other
device connection to this interface should result in the interface
shutting down.

Manual port security
Switch2950(config-if)#switchport mode access
Switch2950(config-if)#switchport port-security
Switch2950(config-if)#switchport port-security mac-address
0000.0000.A111

See the output in show running-config & show port-security

Switch2950#sh run
!
hostname Switch2950
!
!
!

22

switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.A111
no ip address
duplex half
speed 10
<output omitted>

Switch2950#show port-security
-----------------------------------------------------------------------
Fa0/1 1 1 0 Shutdown
-----------------------------------------------------------------------

We can also ask the switch to auto-learn the mac address of the
connected host using the keyword “sticky”

Switch2950(config-if)#switchport port-security mac-address sticky

After configuring sticky if any traffic comes to the interface
fastethernet 0/2 of the switch will learn the mac-address and secure
it.

Switch2950#show running-config
!
hostname Switch2950
!
!
!
switchport port-security mac-address sticky
no ip address
<output ommitted>

-----------------------------------------------------------------------
-----------------------------------------------------------------------

23

By default, only one mac-address will be locked to the interface – this
can be changed as demonstrated below.

Increasing the maximum count of mac-address secured for the interface

Switch2950(config-if)#switchport port-security maximum 4 <0-132>

Switch2950#sh run
!
hostname Switch2950
!
!
switchport port-security maximum 4
no ip address
<output omitted>

-----------------------------------------------------------------------
-----------------------------------------------------------------------

The security action is shutdown by default & we can change this among
one of 3 modes.

Shutdown (default) - if violation happens interface will shutdown
automatically
Protect (don’t log) - if violation happens interface won’t shutdown,
won’t allow for communication, won’t log any error
Restrict (do log) - if violation happens interface won’t shutdown but
no communication will be allowed & an alert would be sent / SNMP trap
sent.

The configuration may be done as shown below.

Switch2950(config-if)#switchport port-security violation shutdown /
protect / restrict

If we chose protect

24

Switch2950#sh run
!
hostname Switch2950
!
!
switchport port-security violation protect
no ip address
<output omitted>

-----------------------------------------------------------------------
Fa0/4 1 0 0 Protect
-----------------------------------------------------------------------

Spanning-tree protocol - L et’s n ext d o som e b asic ob servation on S T P
F0/11 F0/11

Switch A Switch B

1000.0000.000A 0000.0000.000A
With reference to the above diagram, the Root Bridge is Switch B
because it has the lowest mac-address 0000.0000.000A. Switch A will be
the non-root bridge. Let’s see the output of show spanning-tree command
now.

SwitchB#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0000.0000.000A
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0000.0000.000A
Aging Time 300

25

Interface Port ID Designated Port ID
Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr
------------ -------- --------- --- ------ --------------------------
Fa0/11 128.1 100 FWD 0 32769 1000.0000.000A 128.1

SwitchA#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0000.0000.000A
This bridge is the root

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 1000.0000.000A
Aging Time 300

Interface Port ID Designated Port ID
Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr
----------- -------- --------- --- --------- -------------------- -----
Fa0/11 128.1 100 FWD 0 32769 0000.0000.000A 128.1

The next major topic we would like to see is VLAN.

The output of “show vlan” command when no vlans are configured is

Switch2950#show vlan
VLAN Name Status Ports
---- ------------------------ --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Tran1 Tran2
---- ----- ------ ---- ------ ------ -------- --- ------- ----- -----
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
-----------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- -----------------------------------

We can observe that all the interfaces are associated with the default
VLAN1.

Now let’s get on to creating STATIC VLANs & define port associations.
Two possibilities exist. One from the privilege mode (using VLAN
Database) & the second from global config mode.

26

Creating vlan using “vlan database” method

Switch2950#vlan database
Switch2950(vlan)#vlan 2 name CCNA – creating VLAN with id 2 & name CCNA
VLAN 2 added:
Name: CCNA
Switch2950(vlan)#apply – to save the configuration
APPLY completed.
Switch2950(vlan)#exit – implicit save & exit
APPLY completed.
Exiting....

Using “^Z” will not save the config & we will also exit from vlan
database.

After Vlan is created see the output of “show vlan” command


---- -------------------------------- --------- -------------------------------
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
2 CCNA active
<output omitted>

Assigning vlan membership – let’s make interface fa0/4 a member of Vlan
2

Switch2950(config)#int fastEthernet 0/4
Switch2950(config-if)#switchport access vlan 2
Switch2950(config-if)# ^z

Interface 4 is now assigned to vlan 2

---- -------------------------------- --------- -------------------------------
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12
2 CCNA active Fa0/4
<output omitted>

You are seeing the output from show run command after assigning the
membership for the interface 4

Switch2950#show run

27

!
!
switchport access vlan 2
no ip address
end

Let’s repeat the above using the second method - Creating vlan using
global configuration mode

Switch2950(config)#vlan 3
Switch2950(config-vlan)#name CCNP
Switch2950(config-vlan)#exit

Output of show vlan command after creating vlan 3 in global
configuration mode
Switch2950#sh vlan
---- -------------------------------- --------- -------------------------------
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12
2 CCNA active Fa0/4
3 CCNP active

We can see that the outcome is the same wherever we create the VLAN
from.

If we wanted to know the VTP Domain name, version used, VTP switch
mode, we use the command “show vtp status”

Switch2950#show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 64
Number of existing VLANs : 6
VTP Operating Mode : Server
VTP Domain Name : Null
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled

Let’s change the switch mode to CLIENT.

Switch2950(vlan)#vtp client
Setting device to VTP CLIENT mode.

The same task using global configuration mode -


28

Switch2950(config)#vtp mode Server / Client / Transparent

VTP Version : 2
VTP Operating Mode : Client
VTP Domain Name : Null

Now we are going to change vtp domain name from “Null” to “Cisco” using
vlan database method

Switch2950(vlan)#vtp domain Cisco
Changing VTP domain name from Null to Cisco
Switch2950(vlan)#exit
APPLY completed.
Exiting....

Same task using global configuration mode

Switch(config)#vtp domain Cisco
Changing VTP domain name from Null to Cisco

VTP Version : 2
VTP Operating Mode : Server
VTP Domain Name : Cisco

29

Let’s see how mac address table reflects the vlan configuration in the
below case.

F0/12 F0/12

Switch A Switch B

F0/1 F0/2 F0/1 F0/2

0000.0000.0002 0000.0000.0001 0000.0000.000A 0000.0000.000B

Vlan 1

Vlan 2
Switch A & B’s mac address table & interface status reveal -

Mac Address Table
------------------------------------------
---- ----------- ---- -----
1 0000.0000.0002 Dynamic Fa0/1
2 0000.0000.0001 Dynamic Fa0/2
1 0000.0000.000A Dynamic Fa0/12
2 0000.0000.000B Dynamic Fa0/12

<other entries omitted>

SwitchB#sh mac-address-table
Mac Address Table
------------------------------------------
---- ----------- ---- -----
1 0000.0000.000A Dynamic Fa0/1
2 0000.0000.000B Dynamic Fa0/2
1 0000.0000.0001 Dynamic Fa0/12
1 0000.0000.0002 Dynamic Fa0/12

<other entries omitted>

30

SwitchA#show interface status
Fa0/1 connected 1 full 100 10/100BaseTX

SwitchB#show interface status

To view trunk details we use the commands “show interface <interface
id> trunk” & “show interface <interface id> switchport”

SwitchA#show interface fastethernet 0/12 switchport
Name: Fa0/12
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: dynamic
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)

We can even configure the mac-address statically. The following command
is used.

SwitchA(config)#mac-address static 0000.0000.AAAA vlan 3 interface
fastEthernet 0/11

Then our mac-address table looks like this

Mac Address Table
------------------------------------------
---- ----------- ---- -----
1 0000.0000.000A Dynamic Fa0/1
2 0000.0000.000B Dynamic Fa0/2
3 0000.0000.AAAA Static Fa0/11
1 0000.0000.0001 Dynamic Fa0/12

31

1 0000.0000.0002 Dynamic Fa0/12


33

Static Routes

There are actually two ways that a router can learn a static route.
First, a router will look at its active interfaces, examine the
addresses configured on the interfaces and determine the corresponding
network numbers, and populate the routing table with this information.
This is commonly called a connected route.

The following example shows the routing table of a Router whose
Ethernet 0 interface has been configured with an IP Address 10.0.0.1 &
Serial 0 with 192.168.1.1. To view the Routing table, use the command
“show ip route”

Router_1#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is not set

C 10.0.0.0/8 is directly connected, Ethernet0
C 192.168.1.0/24 is directly connected, Serial0

Explanation of the Routing Table Entries :

The top portion of the display for this command has a table of codes.
These codes, which describe a type of route that may appear in the
routing table, are shown in the first column at the bottom part of the
display.

“C” represents that it’s a directly connected network.
This is followed by Network ID & to which interface that network is
connected.

In 10.0.0.0/8, the “/8” represents the subnet mask – 255.0.0.0

Note : If we hadn’t configured any IP address on the router, there
would be no entries in the routing table – it would have been empty.

34

The second way is when we manually configure it. A static route is a
manually configured route on the router. Consider the below network
with IP addresses configured as shown.

192.168.1.1 172.16.0.1
S0 172.16.0.2
S0 192.168.1.2
S1 S1
R1 R2 R3
E0 E0 E0
10.0.0.1 20.0.0.1 30.0.0.1

Static Route Configuration

To configure a static route for IP, use one of these two commands:

Router(config)#ip route <Dest_Net_ID><subnet_mask><next_hop IP_address>

-or-

Router(config)#ip route <Dest_Net_ID>< subnet_mask>< interface_to_exit>

The first parameter that you must specify is the destination network
number.

After the subnet mask parameter, you have two ways to specify how to
reach the destination network:

(i)By specifying the next hop neighbor’s IP address (safe to use this
– as this is suitable for all environments)

or

(ii)The router’s specific exit interface to reach a destination
network. (Use this method if it is a point-to-point link only). In this
instance, you must specify the name of the interface on the router,
like serial0.

Here below is the configuration of Router R1 with the next hop
neighbor’s IP address.

R1#sh run


version 12.2

(irrelevant output omitted)

35

interface Ethernet0
ip address 10.0.0.1 255.0.0.0
!
interface Serial0
ip address 192.168.1.1 255.255.255.0
no fair-queue
clockrate 64000
!
ip route 20.0.0.0 255.0.0.0 192.168.1.2
ip route 30.0.0.0 255.0.0.0 192.168.1.2
ip route 172.16.0.0 255.255.0.0 192.168.1.2
ip http server
!
line con 0
transport input none
line aux 0
!
end

The following shows the routing table of a Router (R1 – the leftmost
Router) with Static Routes configured.

R1#sh ip route


S 20.0.0.0/8 [1/0] via 192.168.1.2
S 172.16.0.0/16 [1/0] via 192.168.1.2
S 30.0.0.0/8 [1/0] via 192.168.1.2

This shows additional entries (configuration discussed next) with “S” –
representing manually configured static routes.

Consider the entry - S 20.0.0.0/8 [1/0] via 192.168.1.2

Two values in “[1 / 0]” represent the Administrative Distance (AD) &
Metric value respectively (details discussed in separate section).
Suffice to remember that the first value is the AD value and its
default value is “1” for a static route. The next value indicates the
metric & the default value of a statically configured route is always
“0”.

via 192.168.1.2 represents the gateway address, i.e. the next router’s
interface IP address – this is the interface through which the data has
to travel from R1 to reach destination Network 20.0.0.0 (which is
connected to router R2).

36

Here below is the configuration of Router R2 with the exit interface
configuration.

R2#sh run
!
interface Ethernet0
ip address 20.0.0.1 255.0.0.0
!
interface Serial0
ip address 172.16.0.1 255.255.0.0
clockrate 64000
!
interface Serial1
ip address 192.168.1.2 255.255.255.0
!
no ip http server
ip classless
ip route 10.0.0.0 255.0.0.0 Serial1
ip route 30.0.0.0 255.0.0.0 172.16.0.2
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
!
end

The following table shows the routing table of R2

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2 ia - IS-IS inter area, * - candidate default, U - per-
user static route o - ODR, P - periodic downloaded static route


S 10.0.0.0/8 is directly connected, Serial1
S 30.0.0.0/8 [1/0] via 172.16.0.2

In this example, there are three connected routes, and two static
routes. The static route (10.0.0.0) is treated as a directly connected
route, since it was created by specifying the interface to exit the
router – “SERIAL1”.

37

BACKUP ROUTE

While configuring static route, optionally you can change the
administrative distance of a static route. If you omit this value, it
will have one of two defaults, depending on the configuration of the
previous parameter. If you specified the next hop neighbor’s IP
address, then the administrative distance defaults to 1. If you
specified the interface on the router it should use to reach the
destination, the router treats the route as a connected route and
assigns an administrative distance of 0 to it.

Please note that you can create multiple static routes to the same
destination. For instance, you might have primary and backup paths to
the destination. For the primary path, use the default administrative
distance value. For the backup path, use a number higher than this,
such as 2. Once you have configured a backup path, the router will use
the primary path, and if the interface on the router fails for the
primary path, the router will use the backup route.

The configuration of Router R3 with the interface the router should
exit to reach the destination network with a administrative distance
value of 2 and also with the next hop neighbor’s IP address pointing to
Router R2.

192.168.1.1
S0 172.16.0.2
192.168.1.2 172.16.0.1
S0 S1
S1
R1 R2 S1 R3
200.0.0.1 S0
E0 E0 E0
200.0.0.2
10.0.0.1 20.0.0.1 30.0.0.1

R3#sh run
!
version 12.2
!

!
interface Ethernet0
ip address 30.0.0.1 255.0.0.0
duplex auto
speed auto
!
interface Serial0
ip address 172.16.0.2 255.255.0.0
!
interface Serial1
ip address 200.0.0.2 255.255.255.0

38

!
ip route 20.0.0.0 255.0.0.0 172.16.0.1
ip route 20.0.0.0 255.0.0.0 Serial0 2
ip http server
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
!
end

The following example shows the routing table of R3

R3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -


S 20.0.0.0/8 [1/0] via 172.16.0.1

Mark here that even though we have configured 20.0.0.0 network with the
outgoing interface Serial0 , it has not been populated in the routing
table because of higher Administrative Distance number.

172.16.0.1 172.16.0.2
S0 S1
R2 R3
E0 E0
20.0.0.1 30.0.0.1

Default Route Configuration
A default route is a special type of static route. Where a static route
specifies a path a router should use to reach a specific destination, a
default route specifies a path the router should use if it doesn’t know

39

how to reach the destination. Sometimes this is also referred to as a
“gateway of last resort”.

Note that if a router does not have any path in its routing table
telling it how to reach a destination, and the router receives a packet
destined for this network, the router will drop the packet. Therefore,
a default route can serve as a catch-all: if there is no specific path
to the destination, the router will use the default route to reach it.

To set up a default route, use the following syntax for a static route:

Router(config)#ip route 0.0.0.0 0.0.0.0 IP_address_of_next_hop_neighbor

-or-

Router(config)# ip route 0.0.0.0 0.0.0.0 interface_to_exit

The network number of 0.0.0.0/0 represents all networks, and a mask of
all 0’s in the bit position represents all hosts in the specified
network.

The configuration of Router R3 with a default route is shown below.

R3#sh run
interface Ethernet0
ip address 30.0.0.1 255.0.0.0
duplex auto
speed auto
!
interface Serial1
ip address 172.16.0.2 255.255.0.0
!
ip route 0.0.0.0 0.0.0.0 Serial1
line con 0

!
end

The following table shows the routing table of R3

R3#sh ip route

Gateway of last resort is Serial0 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via Serial0

40

RIP
We shall have a simple setup to learn how RIP routing is enabled and
also try to find out what happens dynamically when a network change
occurs.

In this exercise, to emulate connected networks, we’ll create “virtual
interfaces” called loopback interfaces. We’ll identify and configure
clockrate on DCE interfaces. We’ll verify our IP configuration using
the “show ip interface brief” command & finally enable RIP routing
protocol.

1.1.1.1 3.3.3.3
L0
11.0.0.1 L0
11 11.0.0.2
Router1 Serial 1 Router3
2
Serial 0
1. To create a loopback interface use the “interface loopback <id>”
command. This is very similar to a regular interface command – a
loopback automatically gets created.

Create a loopback interface in Router1

Router1(config)#int loopback 0
Router1(config-if)#ip address 1.1.1.1 255.0.0.0
Rotuer1(config-if)#exit

Create a loopback interface in Router3

Rotuer3(config)#int loopback 0
Rotuer3(config-if)#ip address 3.3.3.3 255.0.0.0
Rotuer3(config-if)#exit

2. We also need to identify if the WAN serial interface is a DCE or DTE
using “show controllers serial 0” command because the DCE provides
clocking.

Router1#sh controller s 1
HD unit 0, idb = 0x29A524, driver structure at 0x2A1AE8
buffer size 1524 HD unit 0, V.35 DTE cable
cpb = 0xE1, eda = 0x4940, cda = 0x4800
RX ring with 16 entries at 0xE14800
00 bd_ptr=0x4800 pak=0x2A5AFC ds=0xE1ECC8 status=00 pak_size=0
01 bd_ptr=0x4814 pak=0x2A584C ds=0xE1E60C status=00 pak_size=0
02 bd_ptr=0x4828 pak=0x2A559C ds=0xE1DF50 status=00 pak_size=0
03 bd_ptr=0x483C pak=0x2A52EC ds=0xE1D894 status=00 pak_size=0
04 bd_ptr=0x4850 pak=0x2A503C ds=0xE1D1D8 status=00 pak_size=0

<output omitted>

Rotuer3#show controllers serial 0
HD unit 0, idb = 0x2A1B80, driver structure at 0x2A9140

41

buffer size 1524 HD unit 0, V.35 DCE cable
cpb = 0xE2, eda = 0x2940, cda = 0x2800
RX ring with 16 entries at 0xE22800
00 bd_ptr=0x2800 pak=0x2AD158 ds=0xE2C60C status=80 pak_size=0
01 bd_ptr=0x2814 pak=0x2ACEA8 ds=0xE2BF50 status=80 pak_size=0
02 bd_ptr=0x2828 pak=0x2ACBF8 ds=0xE2B894 status=80 pak_size=0
03 bd_ptr=0x283C pak=0x2AC948 ds=0xE2B1D8 status=80 pak_size=0
04 bd_ptr=0x2850 pak=0x2AC698 ds=0xE2AB1C status=80 pak_size=0

<output omitted>

The above reveals that Router3’s serial interface is the DCE end &
implies that we need to configure the clockrate on Router3’s S0
interface using the “clock rate <value>” command.

Router3(Config-if)#clock rate 64000

We can also view the enabled ROUTED PROTOCOL using “show protocols”
command.
(This reveals that IP is enabled).

Rotuer3#show protocols
Global values:
Internet Protocol routing is enabled
Ethernet0 is administratively down, line protocol is down
Ethernet1 is administratively down, line protocol is down
Loopback0 is up, line protocol is up
Internet address is 3.3.3.3/8
Serial0 is up, line protocol is up
Serial1 is administratively down, line protocol is down

When no routing protocol is configured, the Routing table displays
directly connected routes only (after configuring serial interface ip
address also).

Router3#show ip route
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area * - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route


C 3.0.0.0/8 is directly connected, Loopback0

3. Another useful command (to view various interface status) is the
“show ip interface brief”.

Router1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

42

Ethernet0 unassigned YES NVRAM administratively down down
Loopback0 1.1.1.1 YES manual up up
Serial0 unassigned YES NVRAM administratively down down
Serial1 11.0.0.1 YES manual up up

The “method” column tells us whether the interface configuration was
taken from NVRAM (startup-config) or was manually configured by the
administrator. The status & Protocol reveal the link (connected
network) status.

If status shows as up, the link is OK. If it shows as down, the network
is down. If it’s administratively down, it means that the network has
been manually shut down using the “shutdown” command. If protocol shows
as down, it means that the line protocol is not properly configured.
Typically either the encapsulation or the clock rate is not configured
properly.

ENABLING RIP PROTOCOL
Let’s now enable the RIP Routing Protocol using “Router RIP” command &
publish directly connected Networks using “Network <Network id>”
command

Router3(config)#router rip
Router3(config-router)#Network 3.0.0.0
Router3(config-router)#Network 11.0.0.0
Router3(config-router)#end
Router3#

Let’s see if the above 3 configurations are reflected in the running-
config output…

Router3#show running-config

!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router3
!
logging rate-limit console 10 except errors
!
ip subnet-zero
no ip finger
!
no ip dhcp-client network-discovery
!
interface Loopback0
ip address 3.3.3.3 255.0.0.0
!
interface Ethernet0

43

no ip address
shutdown
!
interface Ethernet1
no ip address
shutdown
!
interface Serial0
ip address 11.0.0.2 255.0.0.0
clockrate 64000 <DCE interface>
!
interface Serial1
no ip address
shutdown
!
router rip
network 3.0.0.0
network 11.0.0.0
!
ip kerberos source-interface any
ip classless
ip http server
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

similarly in Router1,

Router1(config)#router rip
Router1(config-router)#network 1.0.0.0
Router1(config-router)#end


hostname Router1
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
no ip address
shutdown
!
interface Serial1
ip address 11.0.0.1 255.0.0.0

44

!
router rip
network 1.0.0.0
network 11.0.0.0
!
end

<output omitted>

We are clearly able to see the configuration changes in the running-
config of both the routers. If we view Router1's routing table, we’ll
be able to see what routes have been learnt through RIP.

area* - candidate default, U - per-user static route, o - ODR


R 3.0.0.0/8 [120/1] via 11.0.0.2, 00:00:05, Serial1

Consider the second entry of the routing table

“R” represents RIP learnt routes
“[120/1]” represents AD value of 120 for RIP & hop count of 1 to reach
network 3.0.0.0
“via 11.0.0.2” denotes the gateway and also specifies that it is
reachable through router1's Serial 1 interface.

Router3's routing table displays similar entries

Rotuer3#sh ip route
area * - candidate default, U - per-user static route, o - ODR


R 1.0.0.0/8 [120/1] via 11.0.0.1, 00:00:00, Serial0

To view more details regarding the configured Routing Protocol (RIP in
our case), let's use the “show ip protocols” command.

45

This will display routing protocol details along with certain
parameters like timers, default AD value, routed networks, RIP version
etc
Router3#sh ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 2 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Triggered RIP Key-chain
Loopback0 1 1 2
Serial0 1 1 2
Automatic network summarization is in effect
Routing for Networks:
3.0.0.0
11.0.0.0
Routing Information Sources:
Gateway Distance Last Update
11.0.0.1 120 00:00:17
Distance: (default is 120)

Routing Protocol is "rip"
(Displays various timer values)
Redistributing: rip
Default version control: send version 1, receive any version
(Configured RIP Version is 1)
Interface Send Recv Triggered RIP Key-chain
Loopback0 1 1 2
Serial1 1 1 2
Automatic network summarization is in effect
Routing for Networks: (Displays networks published)
1.0.0.0
11.0.0.0
11.0.0.2 120 00:00:16
Distance: (default is 120) (Displays default AD value)

To view what information is exchanged between routers running RIP,
let's debug the RIP's operation using debug ip rip command

Rotuer3#debug ip rip
RIP protocol debugging is on
Rotuer3#
01:05:49: RIP: received v1 update from 11.0.0.1 on Serial0
(V1 represents version 1)
01:05:49: 1.0.0.0 in 1 hops (This is what is received from router1)
01:05:59: RIP: sending v1 update to 255.255.255.255 via Loopback0 (3.3.3.3)
(Broadcast update sent)
01:05:59: RIP: build update entries

46

01:05:59: network 1.0.0.0 metric 2 (metric refers to hop count)
01:05:59: network 11.0.0.0 metric 1
01:05:59: RIP: sending v1 update to 255.255.255.255 via Serial0 (11.0.0.2)
01:05:59: network 3.0.0.0 metric 1
(30 sec periodic update)
01:06:18: 1.0.0.0 in 1 hops
01:06:27: network 1.0.0.0 metric 2
01:06:27: network 11.0.0.0 metric 1
01:06:27: network 3.0.0.0 metric 1
Rotuer3#undebug all (to switch off all debugging)

Observe that full routing table is not sent as updates in all directions –
because of split horizon rule. Let’s see how similar the debug output is in
router1

Router1#debug ip rip
Router1#
01:07:50: 3.0.0.0 in 1 hops
01:08:05: network 3.0.0.0 metric 2
01:08:05: network 11.0.0.0 metric 1
01:08:05: network 1.0.0.0 metric 1
01:08:18: 3.0.0.0 in 1 hops
01:08:33: network 3.0.0.0 metric 2
01:08:33: network 11.0.0.0 metric 1
01:08:33: network 1.0.0.0 metric 1

Rotuer1#undebug all

To verify the dynamic nature of the routing protocol, let's emulate a
network going down by shutting down the loopback 0 of router1 & observe
the debug output

X 1.1.1.1 3.3.3.3
L0 L0
11.0.0.1
11.0.0.2
Serial 0
Router1(config-if)#shut

47

Router1(config-if)#
01:21:17: %LINK-5-CHANGED: Interface Loopback0, changed state to
administratively down
Router1#debug ip rip
01:21:17: RIP: sending v1 flash update to 255.255.255.255 via Serial1
(11.0.0.1) (this indicates a Triggered Update)
01:21:17: RIP: build flash update entries
01:21:17: network 1.0.0.0 metric 16
(metric 16 means infinity for RIP – route poisoning)
01:21:19: 1.0.0.0 in 16 hops (inaccessible)
(“inaccessible” implies that Poison-Reverse message is received from Router3)
01:21:22: network 1.0.0.0 metric 16
Router1(config-if)#^Z

Now this change is also reflected in the routing table – a network
that’s gone down is immediately removed from the routing table.

Router1#sh ip route
01:21:30: %SYS-5-CONFIG_I: Configured from console by consoleroute
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR


R 3.0.0.0/8 [120/1] via 11.0.0.2, 00:00:22, Serial1

The above experiment reveals that the routers exchange network
connectivity information

(i) During Startup
(ii) Periodically (once in 30 secs)
(iii) Triggered (whenever network changes occur)

We are also able to observe how split horizon functions to ensure
routing updates are not sent in the direction from where they were
learnt.

Route poisoning & poison reverse were also observed.

48

IGRP

1.1.1.1 3.3.3.3
L0
100.0.0.1 L0
11 100.0.0.2
2
Serial 0

In this scenario, let’s complete the basic interface configurations,
check the routing table content without configuring the routing
protocol & then proceed with protocol configuration & verification.

A partial running-config output reveals interface configuration

Router1#sh run

<output omitted>
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial1
ip address 100.0.0.1 255.0.0.0
<output omitted>
!
End

The routing table reveals that the connected networks are up

Router1#sh ip route
BGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area * - candidate default, U - per-user static route, o –
ODR P - periodic downloaded static route



Let’s now configure IGRP routing protocol using

“router igrp <AS number>” command & publish connected networks using
“network <network id>” command.

Router1(config)#router igrp 100 (100 is the Autonomous System)

49

(publish directly connected networks)

The running config on routers 1 & 3 now display the protocol
configuration too.

Router1#sh run

<output omitted>
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial1
ip address 100.0.0.1 255.0.0.0
!
router igrp 100
network 1.0.0.0
network 100.0.0.0
!
<output omitted>
!
End

Router3(Config)#router igrp 100 (This AS number must be similar on all
the routers)
Router3(Config-router)# network 3.0.0.0
Router3(Config-router)# network 100.0.0.0

Router3#sh run
!
<output omitted>
!
interface Loopback0
ip address 3.3.3.3 255.0.0.0
!
interface Serial0
ip address 100.0.0.2 255.0.0.0
clockrate 64000
!
router igrp 100
network 3.0.0.0
network 100.0.0.0
!
<output omitted>
!
end

After configuring IGRP let’s see if the routing tables of Routers 1 & 3
have information about IGRP learnt routes.

Router1#sh ip route

50



I 3.0.0.0/8 [100/8976] via 100.0.0.2, 00:00:01, Serial1

Router3#sh ip route


I 1.0.0.0/8 [100/8976] via 100.0.0.1, 00:01:03, Serial0

The I implies that this is an IGRP learnt route.
100 stands for the AD value &
8976 is the metric (composite – BW & Delay)

“sh ip protocols” command gives us other useful information – same as
what we saw for RIP.

Routing Protocol is "igrp 100"
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing: igrp 100
1.0.0.0
100.0.0.0
100.0.0.2 100 00:00:09

Routing Protocol is "igrp 100"

51

Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing: igrp 100
3.0.0.0
100.0.0.0
100.0.0.1 100 00:00:13

“Debug ip igrp transactions” command give us details reg the metric,
updates etc

Rotuer3#debug ip igrp transactions
IGRP protocol debugging is on
Rotuer3#
00:29:14:IGRP: received update from 100.0.0.1 on Serial0
00:29:14: network 1.0.0.0, metric 8976 (neighbor 501)
00:29:19:IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)
00:29:19: network 1.0.0.0, metric=8976
00:29:19: network 100.0.0.0, metric=8476
00:29:19:IGRP: sending update to 255.255.255.255 via Serial0 (100.0.0.2)
00:29:19: network 3.0.0.0, metric=501
00:30:32:IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)
00:30:32: network 1.0.0.0, metric=8976
00:30:32: network 100.0.0.0, metric=8476
00:30:32:IGRP: sending update to 255.255.255.255 via Serial0 (100.0.0.2)
00:30:32: network 3.0.0.0, metric=501
00:30:38:IGRP: received update from 100.0.0.1 on Serial0
00:30:38: network 1.0.0.0, metric 8976 (neighbor 501)

Let’s simulate a problem of network going down - on Router1. We’ll
shutdown the loopback 0 interface and this should reflect in router3’s
Routing Table – will display possibly down message for the hold-down
time period (280 secs).

X 1.1.1.1 3.3.3.3
L0 L0
100.0.0.1
100.0.0.2
Serial 0

Router1(config-if)#shutdown

52

Router1#sh run

!
hostname Router1
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
Shutdown

Observe the debug output after shutting down the loopback 0 interface
of router1 the metric value for network 1.0.0.0 goes to 4294967295 –
representing infinity.

Router3#debug ip igrp transactions
IGRP protocol debugging is on
00:47:00: IGRP: received update from 100.0.0.1 on Serial0
00:47:00: network 1.0.0.0, metric 4294967295 (inaccessible)
00:47:00: IGRP: edition is now 3
00:47:00: IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)

The routing table now reflects this change as “possibly down” – doesn’t
remove the entry immediately – waits for hold-down timer to expire and
then decides to remove the entry/reinstate the entry if the network has
come up!

Rotuer3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR


I 1.0.0.0/8 is possibly down, routing via 100.0.0.1, Serial0

Note : If the entry were to be removed, it’s not done so immediately
after hold down timer expires. It’s removed only after the flush timer
(630 secs) expires.

53

EIGRP

S0
25.0.0.1 S0
1.1.1.1 25.0.0.2 3.3.3.3
L0 Router1 L0
50.0.0.1 Router3
50.0.0.2
S1 S1

BASIC CONFIGURATION
In this case, we’ll consider a slightly different scenario where we
have two paths to a destination. We’ll be able to understand redundancy
& load balancing also with this case study.

Let’s first configure the Routers according to the above diagram &
observe the routing table without configuring the routing protocols.

Router1(config)#
Router1(config)#int loop 0
Router1(config-if)#ip add 1.1.1.1 255.0.0.0
Router1(config-if)#exit
Router1(config)#int s0
Router1(config-if)#no shut

Router1#sh ip route



Similarly Configure Router3 & check out it’s Routing Table

Router3(config-if)#clock rate 64000

54


Router3#sh ip route



I)EIGRP OPERATION WITH EQUAL COST LOAD BALANCING

ENABLING EIGRP

Now, we’ll enable the routing protocol on both the routers using
“Router EIGRP <AS number>” command & publish Networks using
“Network <Network id>” command

Router1(config)#router eigrp 200
Router1(config-router)#net 1.0.0.0


Let’s see how this configuration reflects in the running configuration
of Router1 & Router3

Router1#sh run
<output omitted>
interface Serial0
ip address 25.0.0.1 255.0.0.0
!
interface Serial1
ip address 50.0.0.1 255.0.0.0
!
router eigrp 200
network 1.0.0.0
network 25.0.0.0
network 50.0.0.0
auto-summary (Observe this is automatically added!)

55

no eigrp log-neighbor-changes
!
<output omitted>
End

Router3#sh run
<output omitted>
interface Serial0
ip address 25.0.0.2 255.0.0.0
clockrate 64000
!
interface Serial1
ip address 50.0.0.2 255.0.0.0
clockrate 64000
!
router eigrp 200
network 3.0.0.0
network 25.0.0.0
network 50.0.0.0
auto-summary (Automatically added indicating Auto-summarisation)
no eigrp log-neighbor-changes)
<output omitted>
End

THE ROUTING TABLE

As there are 2 equally good paths between the routers, 2 routes must be
seen in the routing table of these routers. We can also see “D” in the
first column of the highlighted entry indicating EIGRP learnt routes.

Router1#sh ip route


D 3.0.0.0/8 [90/2297856] via 25.0.0.2, 00:02:25, Serial0
[90/2297856] via 50.0.0.2, 00:02:25, Serial1

The above indicates two paths to reach network 3.0.0.0 from Router1. A
similar table can be seen in Router3.

Router3#sh ip route

56



D 1.0.0.0/8 [90/2297856] via 25.0.0.1, 00:03:08, Serial0
[90/2297856] via 50.0.0.1, 00:03:08, Serial1

The “show ip route eigrp” command displays only EIGRP learnt routes.

Router1#sh ip route eigrp
D 3.0.0.0/8 [90/2297856] via 25.0.0.2, 00:04:43, Serial0
[90/2297856] via 25.0.0.2, 00:04:43, Serial0

Router3#sh ip route eigrp
D 1.0.0.0/8 [90/2297856] via 25.0.0.1, 00:03:19, Serial0
[90/2297856] via 50.0.0.1, 00:03:19, Serial1

THE NEIGHBOR TABLE

Let’s look at the neighbor table contents next.
We use the “sh ip eigrp neighbors” command.

In this case, the same neighbor is learnt via 2 paths & hence 2
entries. Had there been only one path between the 2 routers, only one
entry would be seen.

Router1#sh ip eigrp neighbors
IP-EIGRP neighbors for process 200
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
1 50.0.0.2 Se1 14 00:01:47 28 200 0 6
0 25.0.0.2 Se0 14 00:09:34 30 200 0 5

The first column indicates the order of learning Neighbors.
The next column points the connected interface IP of the neighbor.
Third column is this router’s interface through which the neighbor is
connected.

A similar table is seen on Router3 as well.

(sec) (ms) Cnt Num
1 50.0.0.1 Se1 11 00:03:32 28 200 0 6
0 25.0.0.1 Se0 11 00:11:12 726 4356 0 7

57

THE TOPOLOGY TABLE
Let’s now view the topology table entries using the “sh ip eigrp
topology” command. We should be able to see the “successor” & “feasible
successor” apart from Feasible & Advertised Distance values.

Router1#sh ip eigrp topology
IP-EIGRP Topology Table for AS(200)/ID(1.1.1.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 1.0.0.0/8, 1 successors, FD is 128256
via Connected, Loopback0
via Summary (128256/0), Null0
via 50.0.0.2 (2297856/128256), Serial1 (Both are equally good)
via 25.0.0.2 (2297856/128256), Serial0 (Hence two successors )
via Connected, Serial0

In the highlighted entry “(2297856/128256)” 2297856 is the feasible
distance & 128256 is the advertised distance.

If both paths were with different metrics, the one with the best metric
would have been the successor & the other feasible successor. Then it
would display 1 successor & not 2 successors as we’ll see in the next
section.

“P”in the first column indicates that it’s in the passive state.

Let’s observe Router3’s Topology Table – much the same !



via 50.0.0.1 (2297856/128256), Serial1
via 25.0.0.1 (2297856/128256), Serial0

58

II) EIGRP REDUNDANCY – BACKUP PATH

S0
25.0.0.1 S0
1.1.1.1 25.0.0.2 3.3.3.3
L0 Router1 L0
50.0.0.1 Router3
50.0.0.2
S1 S1

We’ll change the bandwidth of both the paths ensuring they have
different metrics.

Router1#conf t
Router1(config-if)#bandwidth 128

Another useful command to view the running config of a specific
interface is “sh run interface <type id>”

Router1#sh run int s1
!
interface Serial1
bandwidth 128
ip address 50.0.0.2 255.0.0.0
end

Let’s change on Router3 also

Router3#conf t
Router3(config-if)#bandwidth 128

Router3#sh run int s1
!
interface Serial1
bandwidth 128
ip address 50.0.0.2 255.0.0.0
clockrate 64000
end

Having changed the metrics, we now have one path which is better than
the other. So we’ll be able to see only the best path in the Routing
table.

Router1#sh ip route


59



D 3.0.0.0/8 [90/2297856] via 25.0.0.2, 00:01:36, Serial0

If we see the topology table, we’ll be able to see both – the best
(successor) & the next best (feasible successor) paths



P 3.0.0.0/8, 1 successors, FD is 2297856 (1 successor is displayed)
via 25.0.0.2 (2297856/128256), Serial0 (Successor)
via 50.0.0.2 (20640000/128256), Serial1 (Feasible Successor)

However, the neighbor table is still the same.

Router1#sh ip eigrp nei
(sec) (ms) Cnt Num
0 25.0.0.2 Se0 10 00:00:44 32 200 0 25
1 50.0.0.2 Se1 14 00:25:33 36 1140 0 24

Let’s see the tables of Router3

Router3#sh ip route



D 1.0.0.0/8 [90/2297856] via 25.0.0.1, 00:00:40, Serial0

60




via 25.0.0.1 (2297856/128256), Serial0
via 50.0.0.1 (20640000/128256), Serial1

(sec) (ms) Cnt Num
0 25.0.0.1 Se0 13 00:01:56 29 200 0 23
1 50.0.0.1 Se1 10 00:26:51 38 1140 0 22

Back up path
If the best path goes down, the feasible successor immediately gets
installed in the routing table. This is how the feasible successor
works like a backup path.

To simulate this situation, let’s bring down Router1’s Serial 0.

S0
25.0.0.1 S0
1.1.1.1 X 25.0.0.2 3.3.3.3
L0 Router1 L0
50.0.0.1 Router3
50.0.0.2
S1 S1

Router1#conf t
Router1(config-if)#shutdown

Router1#sh ip route


61



D 3.0.0.0/8 [90/20640000] via 50.0.0.2, 00:00:23, Serial1

The second path (feasible successor) is automatically installed in the
Routing table. Even the neighbor table displays only one entry,
indicating that only this link is up and the other is down.

(sec) (ms) Cnt Num
1 50.0.0.2 Se1 10 00:15:46 53 1140 0 15

Similar changes can be observed on Router3’s tables as well.

Router3#sh ip route


D 1.0.0.0/8 [90/20640000] via 50.0.0.1, 00:01:03, Serial1

(sec) (ms) Cnt Num
1 50.0.0.1 Se1 14 00:12:23 45 1140 0 15

III) UNEQUAL COST LOAD BALANCING

S0
25.0.0.1 S0
1.1.1.1 25.0.0.2 3.3.3.3
L0 Router1 L0
50.0.0.1 Router3
50.0.0.2
S1 S1

If we want to ensure both the paths carry the traffic proportionately
(load balance), it’s possible for us to “instruct” IGRP & EIGRP to do
so using the “variance <value>” command.

62

In the above case, the ratio between the successor metric & the
feasible successor metric is 20640000 /2297856 = 8.98. Round it to 9.
If we choose a variance of 9, it means that all paths within this ratio
(w.r.t successor) would be considered for load balancing (max 6 paths).
Hence we’ll be able to see the second entry in the Routing Table even
though its metric is not the best.

Shall we check it out? To do so, we must configure variance on Router1
& Router3.

Router1(config-router)#variance 10

Router3(config-router)#variance 10

Let’s see how it reflects in the routing table.



D 3.0.0.0/8 [90/2297856] via 25.0.0.2, 00:00:01, Serial0
[90/20640000] via 50.0.0.2, 00:00:01, Serial1



D 1.0.0.0/8 [90/2297856] via 25.0.0.1, 00:00:03, Serial0
[90/20640000] via 50.0.0.1, 00:00:03, Serial1

This clearly tells us that traffic is carried proportionately on both
the paths.

63

OSPF

I) OSPF ON POINT-TO-POINT WAN LINK

OSPF offers the widest features & its behavior is different in
different environments. The first case we‟ll take up is point to point
WAN and understand OSPF operation. Consider the below diagram.

1.1.1.1 25.0.0.1
25.0.0.2 3.3.3.3
L0 Router 1 S0 Router 3 L0
S0

IP ADDRESS CONFIGURATION
Router1(config)#int serial 0

Router3(config)#int serial0

OSPF CONFIGURATION
To configure the OSPF Routing Protocol, we use “router OSPF <process
id> syntax. A point to be noted is that the process id can be different
in different routers – this does not refer to the Autonomous System
number like other protocols.

The command to publish Networks is
“network <net id><wild card mask><area><area id>”

Router1(config)#router ospf 1
Router1(config-router)#network 1.0.0.0 0.255.255.255 area 0


64

VERIFICATION
Let’s verify OSPF configuration & operation just like we did with other
protocols.

Router1#sh run
!
hostname Router1
!
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial0
ip address 25.0.0.1 255.0.0.0
!
router ospf 1
log-adjacency-changes
network 1.0.0.0 0.255.255.255 area 0
network 25.0.0.0 0.255.255.255 area 0
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
End

Router1#sh ip route


3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 25.0.0.2, 00:04:41, Serial0

Router1#sh ip route ospf
O 3.3.3.3 [110/65] via 25.0.0.2, 00:04:47, Serial0

Router1#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/ - 00:00:33 25.0.0.2 Serial0

65

A new command is “sh ip ospf interface”. The highlighted part in the
output gives us some important information.

Router1#sh ip ospf interface
Internet Address 25.0.0.1/8, Area 0
Process ID 1, Router ID 1.1.1.1,Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 3.3.3.3
Suppress hello for 0 neighbor(s)
Process ID 1, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host

The database table will give us information about various types of link
state advertisements. In this example, we see only “router link states”
within a single area – area 0

Each router in the area advertises details of links connected to it.
This advertisement is seen only within the area to which the router is
connected.

“Link id” represents the advertising router’s router id – “ADV Router”
also refers to the same info. “Link count” represents the no. of links
connected to this router within this area.

Router1#sh ip ospf database

OSPF Router with ID (1.1.1.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 158 0x80000003 0x9BAA 3
3.3.3.3 3.3.3.3 159 0x80000003 0xD163 3

We’ll be able to make similar observations on Router3 also.

Router3#sh run
!
hostname Router3
!
!
interface Loopback0
ip address 3.3.3.3 255.0.0.0

66

!
interface Serial0
ip address 25.0.0.2 255.0.0.0
clockrate 64000
!
router ospf 3
network 3.0.0.0 0.255.255.255 area 0
network 25.0.0.0 0.255.255.255 area 0
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

Router3#sh ip route



O 1.1.1.1 [110/65] via 25.0.0.1, 00:05:26, Serial0

O 1.1.1.1 [110/65] via 25.0.0.1, 00:05:29, Serial0


1.1.1.1 1 FULL/ - 00:00:39 25.0.0.1 Serial0

Network type is shown as POINT_TO_POINT for a WAN link

Next 0x0(0)/0x0(0)

67





Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 362 0x80000003 0x9BAA 3
3.3.3.3 3.3.3.3 362 0x80000003 0xD163 3

II) OSPF IN LAN :

2.2.2.2 L0

Router 2
25.0.0.2 F0/0
1.1.1.1 25.0.0.1 25.0.0.3
Router 1 3.3.3.3
L0 E0 E0 Router 3 L0

We’ll be able to observe the election of DR & BDR. We’ll see additional
entries in database table.

CONFIGURATION

Router1(config)#int e0



68

Router2(config)#int f0/0


Router3(config)#int e0


Router1# sh run
!
hostname Router1
!
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Ethernet0
ip address 25.0.0.1 255.0.0.0
!
router ospf 1
network 1.0.0.0 0.255.255.255 area 0
network 25.0.0.0 0.255.255.255 area 0
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
End

Router1#sh ip route

69



O 2.2.2.2 [110/11] via 25.0.0.2, 00:25:03, Ethernet0
O 3.3.3.3 [110/11] via 25.0.0.3, 00:25:03, Ethernet0

O 2.2.2.2 [110/11] via 25.0.0.2, 00:25:07, Ethernet0
O 3.3.3.3 [110/11] via 25.0.0.3, 00:25:07, Ethernet0

The neighbor table “state” tells us the state of each neighbor router
in the lan – DR/BDR/DROTHER

3.3.3.3 1 FULL/DROTHER 00:00:38 25.0.0.3 Ethernet0
2.2.2.2 1 FULL/BDR 00:00:35 25.0.0.2 Ethernet0

In the below output, observe - Network type is shown as Broadcast.

Ethernet0 is up, line protocol is up
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 1.1.1.1, Interface address 25.0.0.1
Backup Designated router (ID) 2.2.2.2, Interface address 25.0.0.2
Next 0x0(0)/0x0(0)
Adjacent with neighbor 2.2.2.2 (Backup Designated Router)

An additional entry – “Net Link State” – displays the advertisement by
a DR in LAN. There would be as many entries as there are LANs in this
area.


70



Link ID ADV Router Age Seq# Checksum Link
count
1.1.1.1 1.1.1.1 1552 0x80000002 0xFBDB 2
2.2.2.2 2.2.2.2 1553 0x80000003 0xEBB 2
3.3.3.3 3.3.3.3 1542 0x80000002 0x2499 2

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
25.0.0.1 1.1.1.1 1542 0x80000002 0x748A

Link Id represents the Ethernet interface address of Router1 & Adv.
Router represents the Router id of Router1.

NOTE : Router id is the highest loopback address. If there is no
loopback defined, then it’s the highest active interface address.

Similar details can be seen on Router2 & Router3 as below.

Router2#sh ru
!
hostname "Router2"
!
!
interface Loopback0
ip address 2.2.2.2 255.0.0.0
!
ip address 25.0.0.2 255.0.0.0
duplex auto
speed auto
!
router ospf 2
network 2.0.0.0 0.255.255.255 area 0
network 25.0.0.0 0.255.255.255 area 0
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

Router2#sh ip route

71



O 1.1.1.1 [110/11] via 25.0.0.1, 00:27:37, FastEthernet0/0
C 25.0.0.0/8 is directly connected, FastEthernet0/0


FastEthernet0/0 is up, line protocol is up
Transmit Delay is 1 sec, State BDR, Priority 1
Next 0x0(0)/0x0(0)
Adjacent with neighbor 1.1.1.1 (Designated Router)


3.3.3.3 1 FULL/DROTHER 00:00:37 25.0.0.3 FastEthernet0/0
1.1.1.1 1 FULL/DR 00:00:35 25.0.0.1 FastEthernet0/0

Observe that the Router database tables of all the routers within the
same area have the same details under ROUTER LINK STATES.




72

count
1.1.1.1 1.1.1.1 1705 0x80000002 0x00FBDB 2
2.2.2.2 2.2.2.2 1705 0x80000003 0x000EBB 2
3.3.3.3 3.3.3.3 1695 0x80000002 0x002499 2


25.0.0.1 1.1.1.1 1696 0x80000002 0x00748A

Router3#sh run
!
hostname Router3
!
!
interface Loopback0
ip address 3.3.3.3 255.0.0.0
!
interface Ethernet0
ip address 25.0.0.3 255.0.0.0
!
router ospf 3
network 3.0.0.0 0.255.255.255 area 0
network 25.0.0.0 0.255.255.255 area 0
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

Router3#sh ip route


O 1.1.1.1 [110/11] via 25.0.0.1, 00:30:16, Ethernet0
O 2.2.2.2 [110/11] via 25.0.0.2, 00:30:16, Ethernet0

73

O 1.1.1.1 [110/11] via 25.0.0.1, 00:30:21, Ethernet0
O 2.2.2.2 [110/11] via 25.0.0.2, 00:30:21, Ethernet0

2.2.2.2 1 FULL/BDR 00:00:31 25.0.0.2 Ethernet0
1.1.1.1 1 FULL/DR 00:00:31 25.0.0.1 Ethernet0

Transmit Delay is 1 sec, State DROTHER, Priority 1
Next 0x0(0)/0x0(0)
Adjacent with neighbor 2.2.2.2 (Backup Designated Router)
Adjacent with neighbor 1.1.1.1 (Designated Router)




count
1.1.1.1 1.1.1.1 37 0x80000003 0xF9DC 2
2.2.2.2 2.2.2.2 1866 0x80000003 0xEBB 2
3.3.3.3 3.3.3.3 1856 0x80000002 0x2499 2


25.0.0.1 1.1.1.1 38 0x80000003 0x728B

OSPF MULTI AREA

We’ll configure 3 routers in a multi-area environment comprising area
0, 1 & 2. The configuration & database table differences can be seen in
the relevant outputs.

74

Area1 Area 0 3.3.3.3 L0 Area 2

1.1.1.1 25.0.0.1 50.0.0.1
Router 1 S1 25.0.0.2 50.0.0.2 Router 2 2.2.2.2
L0 Router
1 S1 Router 3 S0 S0/0 L0

CONFIGURATION :




(Note that the area ids differ in the above syntax)

Router1#sh run
!
hostname Router1
!
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial1
ip address 25.0.0.1 255.0.0.0
!
router ospf 1
network 1.0.0.0 0.255.255.255 area 1
network 25.0.0.0 0.255.255.255 area 0
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

Router2#sh run

75

!
hostname "Router2"
!
!
interface Loopback0
ip address 2.2.2.2 255.0.0.0
!
interface Serial0/0
ip address 50.0.0.2 255.0.0.0
no fair-queue
!
router ospf 2
network 2.0.0.0 0.255.255.255 area 2
network 50.0.0.0 0.255.255.255 area 2
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

Router3#sh run
!
!
interface Loopback0
ip address 3.3.3.3 255.0.0.0
!
interface Serial0
ip address 50.0.0.1 255.0.0.0
clockrate 64000
!
interface Serial1
ip address 25.0.0.2 255.0.0.0
clockrate 64000
!
router ospf 3
network 3.0.0.0 0.255.255.255 area 0
network 25.0.0.0 0.255.255.255 area 0
network 50.0.0.0 0.255.255.255 area 2
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

76

ROUTING TABLE :

Router1#sh ip route


O IA 50.0.0.0/8 [110/192] via 25.0.0.2, 00:03:44, Serial1
O IA 2.2.2.2 [110/129] via 25.0.0.2, 00:03:44, Serial1
O 3.3.3.3 [110/65] via 25.0.0.2, 00:03:44, Serial1

In the above output, “O” represents OSPF learnt routes within the same
area & “O IA” represents inter-area learnt OSPF routes.


O IA 50.0.0.0/8 [110/192] via 25.0.0.2, 00:03:51, Serial1
O IA 2.2.2.2 [110/129] via 25.0.0.2, 00:03:51, Serial1
O 3.3.3.3 [110/65] via 25.0.0.2, 00:03:51, Serial1

Router2#sh ip route


O IA 1.1.1.1 [110/129] via 50.0.0.1, 00:06:01, Serial0/0
C 50.0.0.0/8 is directly connected, Serial0/0
O IA 3.3.3.3 [110/65] via 50.0.0.1, 00:06:03, Serial0/0
O IA 25.0.0.0/8 [110/192] via 50.0.0.1, 00:06:01, Serial0/0

O IA 1.1.1.1 [110/129] via 50.0.0.1, 00:06:07, Serial0/0
O IA 3.3.3.3 [110/65] via 50.0.0.1, 00:06:09, Serial0/0

77

O IA 25.0.0.0/8 [110/192] via 50.0.0.1, 00:06:07, Serial0/0

Router3#sh ip route


O IA 1.1.1.1 [110/65] via 25.0.0.1, 00:08:15, Serial1
O 2.2.2.2 [110/65] via 50.0.0.2, 00:08:25, Serial0


O IA 1.1.1.1 [110/65] via 25.0.0.1, 00:08:23, Serial1
O 2.2.2.2 [110/65] via 50.0.0.2, 00:08:33, Serial0

NEIGHBOR & DATABASE TABLES :


3.3.3.3 1 FULL/ - 00:00:33 25.0.0.2 Serial1

The below database table shows database of all connected areas –
Router1 is connected to area 0 & area 1 and hence both are displayed.

“Summary Net Link States” represent the Link State Advertisements from
other areas.




count
1.1.1.1 1.1.1.1 256 0x80000003 0x5EFB 2
3.3.3.3 3.3.3.3 255 0x80000005 0xD061 3

Summary Net Link States (Area 0)

1.1.1.1 1.1.1.1 1487 0x80000001 0x47EC

78

2.2.2.2 3.3.3.3 256 0x80000001 0x5F88
50.0.0.0 3.3.3.3 256 0x80000002 0xA5D7


count
1.1.1.1 1.1.1.1 1486 0x80000002 0xD152 1


2.2.2.2 1.1.1.1 252 0x80000001 0x1E91
3.3.3.3 1.1.1.1 253 0x80000001 0x6D7E
25.0.0.0 1.1.1.1 253 0x80000002 0x2876
50.0.0.0 1.1.1.1 253 0x80000001 0x66DF

3.3.3.3 1 FULL/ - 00:00:31 50.0.0.1 Serial0/0




count
2.2.2.2 2.2.2.2 406 0x80000003 0x00D036 3
3.3.3.3 3.3.3.3 400 0x80000004 0x009288 2


1.1.1.1 3.3.3.3 390 0x80000001 0x008D5E
3.3.3.3 3.3.3.3 1620 0x80000001 0x00AE75
25.0.0.0 3.3.3.3 390 0x80000002 0x00EBAA


1.1.1.1 1 FULL/ - 00:00:38 25.0.0.1 Serial1
2.2.2.2 1 FULL/ - 00:00:32 50.0.0.2 Serial0




count
1.1.1.1 1.1.1.1 532 0x80000003 0x5EFB 2
3.3.3.3 3.3.3.3 530 0x80000005 0xD061 3

79


1.1.1.1 1.1.1.1 1763 0x80000001 0x47EC
2.2.2.2 3.3.3.3 531 0x80000001 0x5F88
50.0.0.0 3.3.3.3 531 0x80000002 0xA5D7


count
2.2.2.2 2.2.2.2 538 0x80000003 0xD036 3
3.3.3.3 3.3.3.3 532 0x80000004 0x9288 2


1.1.1.1 3.3.3.3 521 0x80000001 0x8D5E
3.3.3.3 3.3.3.3 1753 0x80000001 0xAE75
25.0.0.0 3.3.3.3 522 0x80000002 0xEBAA

Next 0x0(0)/0x0(0)

Serial0/0 is up, line protocol is up
Next 0x0(0)/0x0(0)

80


Next 0x0(0)/0x0(0)
Next 0x0(0)/0x0(0)

81

CDP
Cisco Discovery Protocol (CDP) helps us to gather details regarding
Cisco Devices (All Devices) directly connected to the device on which
we are running the protocol. This is a Cisco Proprietory Protocol.

S0
100.0.0.245
S0 FRSW
Router1
100.0.0.2
To view CDP information

Router1#sh cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled

To find out brief details regarding directly connected CISCO Devices,

Router1#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID
FRSW Ser 0 167 R 2520 Ser 0

For detailed neighbor information,

Router1#sh cdp neighbors detail
-------------------------
Device ID: FRSW (neighbor’s Hostname)
Entry address(es):
IP address: 100.0.0.245 (Interface IP address)
Platform: cisco 2520, Capabilities: Router
(Indicates neighbor is a router)
Interface: Serial0, Port ID (outgoing port): Serial0
Holdtime : 159 sec

Version :
IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE
SOFTWARE (fc1)

advertisement version: 2 (CDP version number)

Let’s view the same on the other router

FRSW#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater

82

Device ID Local Intrfce Holdtme Capability Platform
Port ID
Router1 Ser 0 137 R 2500 Ser
0
FRSW#sh cdp neighbors detail
-------------------------
Device ID: Router1
Entry address(es):
IP address: 100.0.0.2
Platform: cisco 2500, Capabilities: Router
Interface: Serial0, Port ID (outgoing port): Serial0
Holdtime : 132 sec

Version :
SOFTWARE (fc1)

advertisement version: 2

Router boot sequence
We can make the router boot from different sources by changing the boot
field (last 4 bits) in the 16 bit config register. The various
possibilities are as under.

0x2100 ROMMON - for diagnostic
0x2101 Mini IOS – in ROM
0x2102 Boot from first file in Flash (default value)
0x2102 – 0x210F with Boot System commands defined can make the router
boot from any other file in Flash / tftp server (remote boot).

0x indicates it’s a hexa value

When we normally boot a router (from flash), we should see the default
config-register value 0x2102 from the “show version” output.

Router1#sh version
SOFTWARE (fc1)
Compiled Sun 03-Feb-02 22:01 by srani
Image text-base: 0x0307EEE0, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c),
RELEASE SOFTWARE (fc1)

Router1 uptime is 10 minutes
System image file is "flash:c2500-jk8os-l.122-1d.bin"

83

cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of
memory.
Processor board ID 21580975, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

Router1#

To change the config register value and make it boot from ROM Monitor
mode, the below command is used.

Router1(config)#config-register 0x2100
Router1(config)#^Z
Router1# reload (warm boot)
System configuration has been modified. Save? [yes/no]: hit the key “Y”
Proceed with reload? [confirm]hit the return key


>
This prompt indicates that the router has booted in ROMMON. This offers
only character based support, not command based support.

I for initialize
O for config mode
R for register
H for help
? for help

From ROMMON mode, to change the config register value to 0x2101 (to
make it boot from mini IOS), let’s use the below syntax

> o/r 0x2101 (to change config register value)
> I (to initialize - reboot)

The router reboots…

Copyright (c) 1986-2002 by cisco Systems, Inc

Router1#(boot)>

This is the mini IOS prompt and this works much like our regular mode.
The major difference is that this mode doesn‟t support many commands.

84

IOS Backup

E0
10.0.0.100

TFTP SERVER
10.0.0.2
Consider the above scenario. We’d like to take a back up of our IOS
image from the router to the tftp server. The process is very simple as
demonstrated below.

First let’s view our IOS file stored in the flash.

Router1#sh version
SOFTWARE (fc1)
Compiled Sun 03-Feb-02 22:01 by srani
Image text-base: 0x0307EEE0, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c),
RELEASE SOFTWARE (fc1)

AccessSrv uptime is 3 minutes
System image file is "flash:/c2500-jk8os-l.122-1d.bin"

cisco 2509 (68030) processor (revision M) with 14336K/2048K bytes of
memory.
Processor board ID 22068840, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
8 terminal line(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

Backing up is using the command “copy flash tftp”. We’ll be able to see
a series of exclamation marks on the console screen indicating that
back up is in progress.

85

Router1#copy flash tftp
Source filename []? c2500-jk8os-l.122-1d.bin
Address or name of remote host []? 10.0.0.2
Destination filename [c2500-jk8os-l.122-1d.bin]?
.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! <process omitted> 15686
Bytes transferred successfully on Friday Jan 13 14:41:03 2006

On the host running tftp server, we’ll be able to see a series of “#”
during the backup process.

86

ACCESS CONTROL LIST – ACL

A company - Madras Plastic & Co. has 2 offices one located in Chennai
and another in salem. Chennai office is the Head Office and salem a
branch office. They have some ftp and web servers at their Head Office
but restrictions are to be imposed (as listed below) for users from
Salem office. Certain other restrictions on Chennai LAN users are also
to be implemented as below.

1. Salem‟s System Admin does not want to provide access (to his
Network) to the Chennai user 10.0.0.4.
2. Only 172.16.0.2 must be allowed to download from the company‟s FTP
server
3. 172.16.0.3 must not be allowed access to web server located in head
office.
4. Chennai Network users are not allowed to telnet Salem router.

So we are going to configure some Access-Control-list on these two
routers. This is done in two steps.

(i)Create Access Lists (ACL) in Global Configuration Mode.
(ii)Apply them to Router interfaces specifying direction.

Let‟s first understand how to create Standard and Extended access list

Standard (In global configuration mode)

Chennai(Config)# access-list < no. > permit / deny < sources network/ip
address> <wild card mask>

 Standard access list number range is 1 to 99.
 Wild card mask is just the opposite of SubNet Mask

87

Extended (In global configuration mode)

Chennai(Config)# access-list < no.> permit / deny < protocol > <
sources network/ip address > < wild card mask> < destination network/ip
address > <wild card mask> eq < port no./ service name >

 extended access list number range is 100 to 199
 Specify both source & destination address
 Specify protocol
 Specify particular application port no. for filtering

Implementation command at specific interface mode

Chennai(Config-if)# ip access-group <access-list no.> <in / out>
Note : default is out

Now we‟ll implement the security policy.

Condition 1. 10.0.0.4 should not access salem office network – this is
a policy to be defined in Salem router using a standard Access List.

Salem(Config)#access-list 10 deny 10.0.0.4 0.0.0.0
Salem(Config)#access-list 10 permit any

We can configure the same command using the keyword “Host” to represent
a single computer – in which case the Wild Card Mask is not required.

Salem(Config)#access-list 10 deny host 10.0.0.4 Salem(Config)#access-
list 10 permit any

(The “permit any” command at the last is necessary to override the
“implicit deny” of ACLs)

As the second step we‟ll now apply this ACL as “outbound” (leaving the
router) on interface Ethernet 0. This is because the traffic has to be
filtered when it „enters the Salem LAN‟ and Standard ACLs are applied
closest to the destination Network.

Salem(config-if)#ip access-group 10 out

Lets check show running-config output

Salem# show running-config
!
interface Ethernet0
description connected to Salem Local Area Network
ip address 10.0.0.1 255.0.0.0
ip access-group 10 out
!
<some output omitted>
!
access-list 10 deny 10.0.0.4 0.0.0.0
access-list 10 permit any

88

Our second task is to control access to FTP & Web Servers. Only Host
172.16.0.2 can download from FTP server(port 20)& Host 172.16.0.3
cannot access webserver (WWW – port 80).

Chennai(config)#access-list 100 permit tcp host 172.16.0.2
host 10.0.0.2 eq ftp
Chennai(config)#access-list 100 deny tcp any
host 10.0.0.2 eq ftp
Chennai(config)#access-list 100 deny tcp host 172.16.0.3
host 10.0.0.3 eq 80
Chennai(config)#access-list 100 permit ip any any

Observe, we have used ftp in the first case & port no. 80 in the next.
Both forms are acceptable.

This access-list is applied on interface s0 as “inbound” access-list as
we are trying to control traffic entering the router.

Chennai(Config)#interface s0
Chennai(config-if)#ip access-group 100 in

Let‟s check running-config

Chennai# show running-config
!
interface Serial0
description connected to public network
ip address 200.0.0.5 255.255.255.252
ip access-group 100 in
!
<some output omitted>
!
Now let‟s see some ACL show commands

Salem#show ip access-list
Standard IP access list 10
deny 10.0.0.4
permit any

Salem#show ip int Ethernet0 (displays application & direction of ACL )
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is 10
Inbound access list is not set
Proxy ARP is enabled
Security level is default
<output omitted>

Chennai#show ip access-list
Extended IP access list 100
deny tcp host 172.16.0.2 host 10.0.0.2 eq telnet
deny tcp host 172.16.0.3 host 10.0.0.3 eq www

89

deny tcp host 172.16.0.4 any
permit ip any any

Chennai#show ip int Serial0
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 100
Proxy ARP is enabled
Security level is default
Split horizon is enabled
<output omitted>

The final task is Chennai network users should not telnet salem
router:

Salem(config)#access-list 1 deny 10.0.0.0 0.255.255.255
Salem(config)#access-list 1 permit any

where should we apply this ?

Salem(config)#line vty 0 4
Salem(config-line)#access-class <access-list no.> in / out

Yes! for telnet, we deploy the access-list on vty ! We use “access-
class” and not “access-group” here.

Command continues…

Salem(config-line)#access-class 1 in

Let‟s see some show commands for this configuration

Salem#show ip access-list
Standard IP access list 1
deny 10.0.0.0, wildcard bits 0.255.255.255
permit any

Salem#show running-config
!
line vty 0 4
access-class 1 in
password cisco
login

Let‟s try telnetting from the host & see what happens.

90

Observe the message in the above screen !

91

NAT - NETWORK ADDRESS TRANSLATION

e0 s0
10.0.0.1 NAT 200.0.0.1 ISP

10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.5
Gateway for all computers is 10.0.0.1

I) STATIC NAT : In the above scenario, an office uses private
addresses for all its systems & requires to use static NAT (one-one
fixed mapping) to communicate via Internet. The config. is as discussed
below.

The inside & outside Network Interfaces have to be defined for all NAT
implementations. Let’s begin with this first. The syntax is simple and
evident from the below config.

Router1(config)#interface ethernet0
Router1(config-if)#ip nat inside
Router1(config-if)#no shutdown

Router1(config)#interface serial 0
Router1(config-if)#ip nat outside

Next let’s define the static NAT using the command

“ip nat inside source static <inside local address><inside global
address>”

and map our private address 10.0.0.2 to public address 200.0.0.10

Router1(config)#ip nat inside source static 10.0.0.2 200.0.0.10

Router1(config)#ip route 0.0.0.0 0.0.0.0 200.0.0.2
- default route defined to reach the ISP.

The above is reflected in the running config too.

!
hostname Router1

92

!
!
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
ip nat inside
!
interface Serial0
ip address 200.0.0.1 255.0.0.0
ip nat outside
!
ip nat inside source static 10.0.0.2 200.0.0.10
ip route 0.0.0.0 0.0.0.0 200.0.0.2
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

To view the NAT table, use the command “show ip nat translations”

Router1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 200.0.0.10 10.0.0.2 --- ---

To view inside & outside interfaces, use the command “show ip nat
statistics”

Router1#show ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Outside interfaces:
Serial1
Inside interfaces:
Ethernet0
Hits: 4 Misses: 0
Expired translations: 0
Dynamic mappings:

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile,
B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type
2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP


S 20.0.0.0/8 [1/0] via 200.0.0.2

93

To observe the Static NAT function, we’ll initiate a ping from host
10.0.0.2 to a remote host 20.0.0.10 and use “debug ip nat” to display
the details.

10.0.0.2 must translate to 200.0.0.10 as per our NAT table.

Router1#debug ip nat

01:54:09: NAT*: s=10.0.0.2->200.0.0.10, d=20.0.0.10 [63104]
ICMP echo request packet
01:54:09: NAT*: s=20.0.0.10, d=200.0.0.10->10.0.0.2 [274]
ICMP echo reply packet

“s” stands for source IP
“->” means translated to
“d” stands for destination IP

As ping sends echo request 4 times & receives an equal no. of replies,
we see the above repeated 3 more times.

01:54:10: NAT*: s=10.0.0.2->200.0.0.10, d=20.0.0.10 [63107]
01:54:10: NAT*: s=20.0.0.10, d=200.0.0.10->10.0.0.2 [275]
01:54:11: NAT*: s=10.0.0.2->200.0.0.10, d=20.0.0.10 [63111]
01:54:11: NAT*: s=20.0.0.10, d=200.0.0.10->10.0.0.2 [276]
01:54:12: NAT*: s=10.0.0.2->200.0.0.10, d=20.0.0.10 [63114]
01:54:12: NAT*: s=20.0.0.10, d=200.0.0.10->10.0.0.2 [273]

94

II) DYNAMIC NAT : For Dynamic NAT too we’ll use the same scenario.
Let’s configure the inside & outside interface first.

Router1(config)#interface ethernet0
Router1(config-if)#ip nat inside

Router1(config)#interface serial 0
Router1(config-if)#ip nat outside

Router1(config)#ip route 0.0.0.0 0.0.0.0 serial 0

We’ll now configure the pool of Public IPs using the command
“ip nat pool <pool name><start IP><end IP>netmask<subnet Mask>

Router1(config)#ip nat pool RJP 200.0.0.1 200.0.0.2 netmask 255.0.0.0

We’ll now have to define a list of our internal IP address using
accesslist (purely for the purpose of listing the IP addresses & not
for any Security configuration). We’ll define all 10.0.0.0 network IPs
in our list.

Router1(config)#Access-list 1 permit 10.0.0.0 0.255.255.255

Finally the list has to be mapped to the pool using the command
“ip nat inside source list <list name> pool <pool name>”

Router1(config)#ip nat inside source list 1 pool RJP

Here we have many internal IP addresses and only 2 valid public IP
addresses for NATing - this means only 2 internal hosts can dynamically
associate with the pool addresses simultaneously and communicate via
internet. Only when released after a timeout (default 24 hrs), the
others may be able to use the same pool IPs.

Router1#sh run
!
hostname Router1
!
!
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
ip nat inside
!
interface Serial0
ip address 200.0.0.1 255.0.0.0
ip nat outside
!
ip nat pool RJP 200.0.0.1 200.0.0.2 netmask 255.0.0.0
ip nat inside source list 1 pool RJP
!

95

!
access-list 1 permit 10.0.0.0 0.255.255.255
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
End

Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile,
B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type
2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, Serial0

The NAT table is empty before any traffic flow.

Router1#sh ip nat translations
<The translation table is empty>

Additional config. details are seen in “sh ip nat statistics” command

Router1#sh ip nat stat
Router1#sh ip nat statistics
Outside interfaces:
Serial0
Inside interfaces:
Ethernet0
Hits: 0 Misses: 0
Dynamic mappings:
-- Inside Source
access-list 1 pool RJP refcount 0
pool RJP: netmask 255.0.0.0
start 200.0.0.1 end 200.0.0.2
type generic, total addresses 2, allocated 0 (0%), misses 0

Let’s try initiating ping from 3 internal hosts simultaneously.

IP NAT debugging is on
Router1#
01:31:49: NAT: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13426]
01:31:49: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13426]

96

01:31:50: NAT*: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13427]
01:31:50: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13427]
01:31:51: NAT*: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13432]
01:31:51: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13432]
01:31:52: NAT*: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13437]
01:31:52: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13437]

01:32:10: NAT: s=10.0.0.3->200.0.0.2, d=20.0.0.1 [1473]
01:32:10: NAT*: s=20.0.0.1, d=200.0.0.2->10.0.0.3 [1473]
01:32:11: NAT*: s=10.0.0.3->200.0.0.2, d=20.0.0.1 [1474]
01:32:11: NAT*: s=20.0.0.1, d=200.0.0.2->10.0.0.3 [1474]
01:32:12: NAT*: s=10.0.0.3->200.0.0.2, d=20.0.0.1 [1475]
01:32:12: NAT*: s=20.0.0.1, d=200.0.0.2->10.0.0.3 [1475]
01:32:13: NAT*: s=10.0.0.3->200.0.0.2, d=20.0.0.1 [1476]
01:32:13: NAT*: s=20.0.0.1, d=200.0.0.2->10.0.0.3 [1476]

01:34:42:NAT:translation failed(A),
dropping packet s=10.0.0.4 d=20.0.0.1
01:34:48: NAT: translation failed (A),

The third translation fails as there are no free IPs in the pool as the
first 2 pings have exhausted the available pool IPs.

--- 200.0.0.1 10.0.0.2 --- ---
--- 200.0.0.2 10.0.0.3 --- ---

Outside interfaces:
Serial0
Inside interfaces:
Ethernet0
Hits: 8 Misses: 4
Dynamic mappings:
-- Inside Source
start 200.0.0.1 end 200.0.0.2

It’s possible to remove all the dynamic entries in the Nat table using
the command “clear ip nat translations *”.

97

III) NAT with PAT : This is for simultaneous use of single (or more
than one) Public IP by many internal hosts. Port numbers are used for
this purpose. Consider the same scenario as before - the only
difference in configuration would be the “overload” keyword used in the
list-pool mapping.

Router1(config)#ip nat pool RJP 200.0.0.1 200.0.0.1 netmask 255.0.0.0

Router1(config)#Access-list 1 permit 10.0.0.0 0.255.255.255

Router1(config)#ip nat inside source list 1 pool RJP overload

Router1#sh run
!
hostname Router1
!
!
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
ip nat inside
!
interface Serial0
ip address 200.0.0.1 255.0.0.0
ip nat outside
!
ip nat pool RJP 200.0.0.1 200.0.0.1 netmask 255.0.0.0
ip nat inside source list 1 pool RJP overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
End

<The table is empty>

Outside interfaces:
Serial0
Inside interfaces:
Ethernet0
Hits: 28 Misses: 4
Dynamic mappings:
-- Inside Source

98

start 200.0.0.1 end 200.0.0.1

Allocated 0 implies unused pool addresses.

Initiating simultaneous ping from multiple hosts results in the below
debug output.

IP NAT debugging is on
Router1#
01:31:49: NAT: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13426]
01:31:49: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13426]
01:31:50: NAT*: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13427]
01:31:50: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13427]
01:31:51: NAT*: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13432]
01:31:51: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13432]
01:31:52: NAT*: s=10.0.0.2->200.0.0.1, d=20.0.0.1 [13437]
01:31:52: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.2 [13437]

01:32:10: NAT: s=10.0.0.3->200.0.0.1, d=20.0.0.1 [1473]
01:32:10: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.3 [1473]
01:32:11: NAT*: s=10.0.0.3->200.0.0.1, d=20.0.0.1 [1474]
01:32:11: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.3 [1474]
01:32:12: NAT*: s=10.0.0.3->200.0.0.1, d=20.0.0.1 [1475]
01:32:12: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.3 [1475]
01:32:13: NAT*: s=10.0.0.3->200.0.0.1, d=20.0.0.1 [1476]
01:32:13: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.3 [1476]

01:32:32: NAT: s=10.0.0.4->200.0.0.1, d=20.0.0.1 [1492]
01:32:32: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.4 [1492]
01:32:37: NAT*: s=10.0.0.4->200.0.0.1, d=20.0.0.1 [1506]
01:32:37: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.4 [1506]
01:32:38: NAT*: s=10.0.0.4->200.0.0.1, d=20.0.0.1 [1511]
01:32:38: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.4 [1511]
01:32:39: NAT*: s=10.0.0.4->200.0.0.1, d=20.0.0.1 [1517]
01:32:39: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.4 [1517]

01:34:11: NAT: s=10.0.0.5->200.0.0.1, d=20.0.0.1 [1553]
01:34:11: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.5 [1553]
01:34:16: NAT*: s=10.0.0.5->200.0.0.1, d=20.0.0.1 [1566]
01:34:16: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.5 [1566]
01:34:17: NAT*: s=10.0.0.5->200.0.0.1, d=20.0.0.1 [1571]
01:34:17: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.5 [1571]
01:34:18: NAT*: s=10.0.0.5->200.0.0.1, d=20.0.0.1 [1577]
01:34:18: NAT*: s=20.0.0.1, d=200.0.0.1->10.0.0.1 [1577]

Let’s see the clear difference in the NAT table - the last no. 512,513
etc is the port no. used to identify the internal host that originated
the traffic.

icmp 200.0.0.1:512 10.0.0.2:512 20.0.0.1:512 20.0.0.1:512
icmp 200.0.0.1:513 10.0.0.3:513 20.0.0.1:513 20.0.0.1:513
icmp 200.0.0.1:514 10.0.0.4:514 20.0.0.1:514 20.0.0.1:514

99

icmp 200.0.0.1:515 10.0.0.5:515 20.0.0.1:515 20.0.0.1:515

Outside interfaces:
Serial0
Inside interfaces:
Ethernet0
Hits: 56 Misses: 8
Dynamic mappings:
-- Inside Source
start 200.0.0.1 end 200.0.0.1

Allocated 1 implies that the single pool IP has been used.

100

WAN
I) PPP & HDLC on Point to Point Link (Leased Line)

s0
s0
L0 200.0.0.1 L0
R1
R1 200.0.0.2 R2
R3
5.5.5.5 6.6.6.6

The default encapsulation on WAN Serial interface of a CISCO Router is
HDLC. No further configuration is called for in a simple Point-to-Point
Link. This is seen from the output of show interface command as below.

Hardware is HD64570
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)

If we are to connect to a non-Cisco Router or if we want to implement
Authentication at the datalink layer, we need to go in for the
standards based PPP encapsulation.

Router1(config-if)#int s0
Router1(config-if)#encapsulation ppp

Router1(config)#int loopback0

Router1(config-if)#ip route 6.0.0.0 255.0.0.0 200.0.0.2

PPP supports optional Authentication with PAP or CHAP. We’ll begin with
PAP first.

a. PAP Authentication
First, PAP Authentication has to be enabled in the interface config
mode.

Router1(config-if)#ppp authentication pap

Next is to configure the other router’s name as the username and choose
a common password (This alone is a global config command).

Router1(config)#username Router2 password cisco
“Router2” is the other router’s hostname & “cisco” is the password

101

An additional command to inform this router’s name to the other router
is also to be configured.

Router1(config-if)#ppp pap sent-username Router1 password cisco

Router1#sh int s0
Hardware is HD64570
Encapsulation PPP, loopback not set
LCP Open
Open: IPCP, CDPCP

Similar configuration has to be done with Router2

Verification :

sh run, sh ip route & sh interface commands are used

Router1#sh run
!
hostname Router1
!
!
username Router2 password 0 cisco
!
interface Loopback0
ip address 5.5.5.5 255.0.0.0
!
interface Serial0
ip address 200.0.0.1 255.0.0.0
encapsulation ppp
ppp authentication pap
ppp pap sent-username Router1 password 7 0822455D0A16
!
ip route 6.0.0.0 255.0.0.0 200.0.0.2
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
End

Router2#sh run
!

102

hostname Router2
!
!
!
interface Loopback0
ip address 6.6.6.6 255.0.0.0
!
interface Serial0
ip address 200.0.0.2 255.0.0.0
clockrate 64000
encapsulation ppp
ppp authentication pap
ppp pap sent-username Router2 password 7 05080F1C2243
!
ip route 5.0.0.0 255.0.0.0 200.0.0.1
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

Router1#sh ip route
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E -


200.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 6.0.0.0/8 [1/0] via 200.0.0.2

Router2#sh ip route
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E -



103

S 5.0.0.0/8 [1/0] via 200.0.0.1

Router2’s s0 is currently down. Output of s0 on router 1 displays “LCP
closed”

Router1#sh int s0
Serial0 is down, line protocol is down
Hardware is HD64570
LCP Closed

LCP closed indicates that the PPP link is not up yet.

Using “Debug ppp authentication” command we can see the authentication
process. It’s a 2-way handshake & bidirectional – both routers
authenticating each other.

Router1#debug ppp authentication
PPP authentication debugging is on
Router1#
00:24:50: Se0 PPP: Treating connection as a dedicated line
00:24:50: %LINK-3-UPDOWN: Interface Serial0, changed state to up
00:24:50: Se0 PAP: O AUTH-REQ id 1 len 18 from "Router1"
00:24:50: Se0 PAP: I AUTH-REQ id 2 len 18 from "Router2"
(Authentication request – username, password sent)
00:24:50: Se0 PAP: Authenticating peer Router2
00:24:50: Se0 PAP: O AUTH-ACK id 2 len 5
00:24:50: Se0 PAP: I AUTH-ACK id 1 len 5
(Authentication acknowledged – if username, password correct)
00:24:51: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to up

Once s0 of Router2 goes up, interface status shows “LCP open”. Wan link
is now up.

Router1#sh int s0
Hardware is HD64570
LCP Open

104

b. CHAP Authentication

The configuration is exactly like PAP only that “sent username…” is not
required here. The below would show us the difference.


Router1(config-if)#ppp authentication chap


Router2(config-if)#ppp authentication chap

Router1#sh run
!
hostname Router1
!
!
!
interface Loopback0
ip address 5.5.5.5 255.0.0.0
!
interface Serial0
ip address 200.0.0.1 255.0.0.0
encapsulation ppp
ppp authentication chap

<output omitted>

Router2#sh run
!
hostname Router2
!
!
!

105

interface Loopback0
ip address 6.6.6.6 255.0.0.0
!
interface Serial0
ip address 200.0.0.2 255.0.0.0
clockrate 64000
encapsulation ppp
ppp authentication chap
<output omitted>

Router1#sh ip route

S 6.0.0.0/8 [1/0] via 200.0.0.2

Router2#sh ip route

S 5.0.0.0/8 [1/0] via 200.0.0.1

VERIFICATION USING DEBUG COMMAND

Router1#debug ppp authentication
PPP authentication debugging is on
01:13:37: Se0 PPP: Treating connection as a dedicated line
01:13:37: Se0 CHAP: O CHALLENGE id 114 len 28 from "Router1"
01:13:37: Se0 CHAP: I CHALLENGE id 113 len 28 from "Router2"
(A challenge is sent and another received)
01:13:37: Se0 CHAP: O RESPONSE id 113 len 28 from "Router1"
01:13:37: Se0 CHAP: I RESPONSE id 114 len 28 from "Router2"
(Username, password is sent/received only after the challenge)
01:13:37: Se0 CHAP: O SUCCESS id 114 len 4
01:13:37: Se0 CHAP: I SUCCESS id 113 len 4
(If username & password are correct, authentication is successful)
01:13:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to up

The link now goes up !

Also note that the 3-way authentication process is bidirectional – both
the routers authenticate each other.

106

II) ISDN

BRI0 200.0.0.2
L0 ISDN BRI0 L0
1.1.1.1 R4
R1
R4 Cloud R3 2.2.2.2
R5
R5
200.0.0.1
ISDN no:24731102 ISDN no:252912

Consider the above scenario where there are 2 offices of the same
organization connected over a dial-up ISDN. The requirement being the
ISDN connection should automatically come up whenever there is a
traffic flow between the offices. This is referred to as Dial on Demand
routing.

This is a 3 step process

(i) Configure static route between the offices
(ii) Define Interesting Traffic
(iii) Configure Dialer

Step (i) Static route configuration



Step (ii) Interesting Traffic definition using dialer list

Router4(config)#dialer-list 1 protocol ip permit

Router5(config)#dialer-list 2 protocol ip permit

Note : If we want to selectively allow access for ISDN dial-up, we’ll
then have to define the allowed IP addresses in an access-list and
invoke in a dialer list as shown below.

Config # dialer-list 1 protocol ip list <ACL no.>

e.g. Router4(config)#dialer-list 1 protocol ip list 10
Router4(config)#access-list 10 permit 1.1.1.1 0.0.0.0

Step (iii) Dialer configuration

We need to define the destination IP, number to be dialed & Interesting
traffic list to be used.

Router4(config-if)#dialer-group 1
Router4(config-if)#dialer map ip 200.0.0.2 252912

Router5(config-if)#dialer-group 2

107

Router5(config-if)#dialer map ip 200.0.0.1 24731102
As ISDN service providers use different types of ISDN switches, we need
to specify the appropriate switch type in our router. In our case we’ll
specify basic-net3.

Router4(config)#isdn switch-type basic-net3

Router5(config)#isdn switch-type basic-net3

VERIFICATION
Running config of routers 4 & 5

Router4#sh run
!
hostname Router4
!
!
isdn switch-type basic-net3
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
!
interface BRI0
ip address 200.0.0.1 255.255.255.0
dialer map ip 200.0.0.2 252912
dialer-group 1
!
ip route 2.0.0.0 255.0.0.0 200.0.0.2
!
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
End

Router5#sh run
!
hostname Router5
!
nable password cisco
!
!
interface Loopback0

108

ip address 2.2.2.2 255.0.0.0
!
interface BRI0
ip address 200.0.0.2 255.255.255.0
dialer map ip 200.0.0.2 24731102
dialer-group 2
!
ip route 1.0.0.0 255.0.0.0 200.0.0.1
!
dialer-list 2 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

When there is no traffic between the 2 offices, let’s find out the ISDN
call status using the below 2 commands.

Router4#sh isdn status
Global ISDN Switchtype = basic-net3
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask: 0x80000003
Total Allocated ISDN CCBs = 0

The above would be the typical output if the configuration is correct.
“0 Active layer 3” calls mean that ISDN link is not yet up.

Router4#sh isdn active
-----------------------------------------------------------------------
ISDN ACTIVE CALLS
-----------------------------------------------------------------------
Call Calling Called Remote Seconds Seconds Seconds Charges
Type Number Number Name Used Left Idle Units/Currency
-----------------------------------------------------------------------

“sh ISDN active” output reveals that no ISDN call is in progress.

Router4#sh int bri 0
BRI0 is up, line protocol is up (spoofing)
Hardware is BRI

109

Router4#sh int bri 0:1
BRI0:1 is down, line protocol is down
Hardware is BRI

Look at the difference – “sh int bri 0” shows the line protocol as up
whereas “sh int bri 0:1” shows line protocol is down. This implies that
BRI config is correct. Since there is no traffic, the BRI channel 1 is
still down (Recall each BRI interface has 2 B channels).

Similar outputs can be observed on Router5 as well.

-----------------------------------------------------------------------
ISDN ACTIVE CALLS
-----------------------------------------------------------------------
-----------------------------------------------------------------------
-----------------------------------------------------------------------

ISDN BRI0 interface
Layer 1 Status:
ACTIVE
Layer 2 Status:
Layer 3 Status:

Hardware is BRI

BRI0:1 is down, line protocol is down
Hardware is BRI

To check our DDR config, we’ll initiate ping from router4’s loopback &
checkout if the WAN link comes up automatically.

110

Router4#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

00:37:39: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 32/33/36 ms
00:37:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1,
changed state to up

ISDN BRI0 interface
Layer 1 Status:
ACTIVE
Layer 2 Status:
Layer 3 Status:
CCB:callid=8002, sapi=0, ces=1, B-chan=1, calltype=DATA

Observe the above output shows 1 Active Layer 3 calls now which was not
the case earlier.

“sh isdn active” gives us details of currently active calls.

-----------------------------------------------------------------------
ISDN ACTIVE CALLS
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Out 252912 14 107 12 0

Hardware is BRI

The BRI channel 1 protocol is also up now.

BRI0:1 is up, line protocol is up
Hardware is BRI

Debug output gives us greater details.

111

Router4#debug dialer
Dial on demand events debugging is on

Router4#ping 2.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

00:41:30: BR0 DDR: Dialing cause ip (s=200.0.0.1, d=2.2.2.2)
00:41:30: BR0 DDR: Attempting to dial 252912
00:41:31: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
00:41:31: BR0:1 DDR: dialer protocol up
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 32/32/32 ms
changed state to up
00:43:32: BR0:1 DDR: idle timeout
00:43:32: BR0:1 DDR: disconnecting call
00:43:32: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from
252912 , call lasted 121 seconds
00:43:32: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
changed state to down

112

III) Frame-Relay

Point-to-Point WAN configuration

L0 s0
FR 150.0.0.2
1.1.1.1 R1 L0
150.0.0.1 Cloud
s0 2.2.2.2
R2

Frame-Relay is typically a PVC and the configurations are fairly
simple. Once encapsulation Frame-relay is configured on the WAN Serial
Interface, it supports both Multipoint & Point-to-Point connections
without any further configuration.

Router1(config-if)#encapsulation frame-relay

Router2(config-if)#int s0/0

As usual, let’s view the running config & routing tables of both the
routers.

Router1#sh run
!
hostname Router1
!
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial0
ip address 150.0.0.1 255.255.0.0
encapsulation frame-relay
!
router rip
network 1.0.0.0
network 150.0.0.0
line con 0
line aux 0

113

line vty 0 4
password cisco
login
!
End

Router2#sh run
!
hostname "Router2"
!
!
interface Loopback0
ip address 2.2.2.2 255.0.0.0
!
interface Serial0/0
ip address 150.0.0.2 255.255.0.0
no fair-queue
!
route rip
network 2.0.0.0
network 150.0.0.0
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
End

Router1#sh ip route


R 2.0.0.0/8 [120/1] via 150.0.0.2, 00:00:17, Serial0
R 3.0.0.0/8 [120/1] via 150.0.0.3, 00:00:08, Serial0

Router2#sh ip route


R 1.0.0.0/8 [120/1] via 150.0.0.1, 00:00:02, Serial0/0
R 3.0.0.0/8 [120/2] via 150.0.0.1, 00:00:02, Serial0/0

If the frame-Relay link were up, we will be able to see the PVC status
as active & we’ll also be able to view the DLCI number.

Router1#sh frame-relay pvc
PVC Statistics for interface Serial0 (Frame Relay DTE)

114

Active Inactive Deleted Static
Local 1 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0

DLCI = 100,DLCI USAGE = LOCAL,PVC STATUS = ACTIVE,INTERFACE = Serial0

input pkts 41 output pkts 50 in bytes 4032
out bytes 4806 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 12 out bcast bytes 970
pvc create time 00:40:28, last time pvc status changed 00:37:30

To view the DLCI no. mapping, use the below command

Router1#sh frame-relay map
Serial0 (up): ip 150.0.0.2 dlci 100(0x64,0x1840), dynamic,
broadcast,, status defined, active

The LMI type can be seen as below

Router1#sh frame-relay lmi

LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 244 Num Status msgs Rcvd 245
Num Update Status Rcvd 0 Num Status Timeouts 0

Let’s see Router2’s outputs also.


PVC Statistics for interface Serial0/0 (Frame Relay DTE)

Local 1 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0

DLCI = 200, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =
Serial0/0

out bytes 5158 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
Serial0/0 (up): ip 150.0.0.1 dlci 200(0xC8,0x3080), dynamic,

115


Router2#sh frame-relay lmi

LMI Statistics for interface Serial0/0(Frame Relay DTE)LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 256 Num Status msgs Rcvd 257
Num Update Status Rcvd 0 Num Status Timeouts 0

NOTE : The “show frame-relay PVC” command would show “inactive” entry
if the remote WAN link were down. If the local link were down, it would
have shown as “deleted”.

116

HUB & SPOKE configuration Diagram
L0
s0 3.3.3.3
R3
150.0.0.2
L0 S0.1 150.0.0.1
1.1.1.1 FR
R1
Cloud 160.0.0.2
S0.2 160.0.0.1
2.2.2.2
s0 L0
R2

Such a configuration would warrant configuring the HUB router with sub-
interfaces as shown below.

Router1(config)#int serial 0.1
This would be the normal sub-interface creation command.

However, in a Frame-Relay environment, the sub-interface type also has
to be specified during configuration.

Router1(config)#int serial 0

Router1(config)#int s0.1 ?
multipoint Treat as a multipoint link
point-to-point Treat as a point-to-point link

Let’s create 2 point-to-point sub-interfaces

Router1(config)#int s0.1 point-to-point
Router1(config-subif)#ip add 150.0.0.1 255.255.0.0
Router1(config-subif)#exit

Router1(config)#int s0.2 point-to-point
Router1(config-subif)#ip add 160.0.0.1 255.255.0.0
Router1(config-subif)#

Once created, we also need to associate appropriate DLCI to the sub-
interfaces on the HUB Router.

Router1(config)#int s0.1
Router1(config-subif)#frame-relay interface-dlci 100
Router1(config-fr-dlci)#exit

Router1(config)#int s0.2
Router1(config-subif)#frame-relay interface-dlci 300
Router1(config-fr-dlci)#exit

Router1#sh run

117

!
hostname Router1
!
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial0
no ip address
ip split-horizon
!
interface Serial0.1 point-to-point
ip address 150.0.0.1 255.255.0.0
frame-relay interface-dlci 100
!
interface Serial0.2 point-to-point
ip address 160.0.0.1 255.255.0.0
frame-relay interface-dlci 300
!
router rip
network 1.0.0.0
network 150.0.0.0
network 160.0.0.0
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

Router1#sh ip route

R 2.0.0.0/8 [120/1] via 150.0.0.2, 00:00:13, Serial0.1
R 3.0.0.0/8 [120/1] via 160.0.0.2, 00:00:27, Serial0.2
C 160.0.0.0/16 is directly connected, Serial0.2
C 150.0.0.0/16 is directly connected, Serial0.1

We’ll now be able to see 2 active PVCs on the HUB Router.



Local 2 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0

Serial0.1

118


Serial0.2


Serial0.2 (up): point-to-point dlci, dlci 300(0x12C,0x48C0), broadcast
status defined, active
Serial0.1 (up): point-to-point dlci, dlci 100(0x64,0x1840), broadcast
status defined, active

Router2#sh run
!
hostname "Router2"
!
!
interface Loopback0
ip address 2.2.2.2 255.0.0.0
!
interface Serial0/0
ip address 150.0.0.2 255.255.0.0
no fair-queue
!
router rip
network 2.0.0.0
network 150.0.0.0
!
<output omitted>

Other Routers display similar details

Router2#sh ip route


R 1.0.0.0/8 [120/1] via 150.0.0.1, 00:00:16, Serial0/0
R 3.0.0.0/8 [120/2] via 150.0.0.1, 00:00:16, Serial0/0
R 160.0.0.0/16 [120/1] via 150.0.0.1, 00:00:16, Serial0/0

119



PVC Statistics for interface Serial0/0 (Frame Relay DTE)

Local 1 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0

Serial0/0

out bytes 12708 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0

Serial0/0 (up): ip 150.0.0.1 dlci 200(0xC8,0x3080), dynamic,

Router3#sh run
!
hostname Router3
!
!
interface Loopback0
ip address 3.3.3.3 255.0.0.0
!
interface Serial0
ip address 160.0.0.2 255.0.0.0
!
router rip
network 3.0.0.0
network 160.0.0.0
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

Router3#sh ip route


120

R 1.0.0.0/8 [120/1] via 160.0.0.1, 00:00:23, Serial0
R 2.0.0.0/8 [120/2] via 160.0.0.1, 00:00:23, Serial0
R 150.0.0.0/16 [120/1] via 160.0.0.1, 00:00:23, Serial0



Local 1 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0

Serial0


Serial0 (up): ip 160.0.0.1 dlci 400(0x190,0x6400), dynamic,

Ccna lab manual[1]

More Related Content

What's hot (15)

Similar to Ccna lab manual[1] (20)

Recently uploaded (20)

Ccna lab manual[1]