11 Lab22CompanionGuide

Lab#22 For questions and support pertaining to this lab, please visit: www.RouterIE.
com
Lab 22
Initial Configuration
IP addressing / initial configuration
We recommend that you start all configurations from scratch, but you can use the pre-
configuration files to apply proper IP addresses and to name the routers if you wish. Add
the IP addresses as shown on the network diagram and name your routers. Note: No
initial configuration files hae been proided for the !atalyst "##$ switches. All %erial
interfaces should hae a clock rate of &'$$$.
Frame Relay
1.1 & 1.2 Frame Relay Configuration
Configure router R6 with a sub-interface to connect to router BB1 (Configure the appropriate IP address on
this sub-interface). Configure router R6 with a sub-interface to connect to routers R3 and R5 (Configure the
appropriate IP address on this sub-interface) nsure that each router on!" uses the P#Cs needed.
(& has two subinterfaces, and the other routers each are using the physical interfaces.
We will configure (& first, and will test connectiity as each of the other routers is
configured. %ince the %erial$)$)$.* interface only connects to ++*, we will configure it
as a point-to-point subinterface.
Lab22R6(config)#int Serial0/0/0
Lab22R6(config-if)#encap frame
Lab22R6(config-subif)#no arp frame
Lab22R6(config-subif)#no frame inve
Lab22R6(config-if)#int Serial0/0/0.1 point-to-point
Lab22R6(config-subif)#ip aress 1!2.16.1"6.6 2##.2##.2##.2"0
Lab22R6(config-subif)#frame-rela$ interface-lci 60%
%ince the other routers are using physical interfaces, we will use a frame map
statements for the connection to (&.
Lab22&&1(config)#int Serial0/0/0
Lab22&&1(config-if)#encap frame
Lab22&&1(config-if)#no arp frame
Lab22&&1(config-if)#no frame inve
Lab22&&1(config-if)#ip aress 1!2.16.1"6.% 2##.2##.2##.2"0
Lab22&&1(config-if)#frame-rela$ map ip 1!2.16.1"6.6 %06 broa
Lab22&&1#ping 1!2.16.1"6.6
'$pe escape se(uence to abort.
Sening #) 100-b$te *+,- .c/os to 1!2.16.1"6.6) timeout is 2 secons0
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 #6/#%/60 ms
Lab22&&1#
2!!" #etwor$ Learning Inc. Report unauthori%ed copies to: sales&ccbootcamp.com
1
Lab#22 For questions and support pertaining to this lab, please visit: www.RouterIE.com
%ince subinterface %erial$)$)$., connects to both (" and (#, we will configure it as a
multipoint subinterface.
Lab22R6(config)#int Serial0/0/0.2 multipoint
Lab22R6(config-subif)#no arp frame
Lab22R6(config-subif)#no frame inverse
Lab22R6(config-subif)#ip aress 1!2.16.100.6 2##.2##.2##.22"
Lab22R6(config-subif)#frame-rela$ map ip 1!2.16.100.# 60# broa
Lab22R6(config-subif)#frame-rela$ map ip 1!2.16.100.4 604 broa
Ne-t, we.ll configure (#:
Lab22R#(config)#int Serial0/0/0
Lab22R#(config-if)#encap frame
Lab22R#(config-if)#no arp frame
Lab22R#(config-if)#no frame inv
Lab22R#(config-if)#ip aress 1!2.16.100.# 2##.2##.2##.2"0
Lab22R#(config-if)#frame-rela$ map ip 1!2.16.100.6 #06 broa
Lab22R#(config-if)#frame-rela$ map ip 1!2.16.100.4 #06
/inally, (":
Lab22R4(config-if)#no arp frame
Lab22R4(config-if)#no frame inv
Lab22R4(config-if)#ip aress 1!2.16.100.4 2##.2##.2##.2"0
Lab22R4(config-if)#frame-rela$ map ip 1!2.16.100.# 406
Lab22R4(config-if)#frame-rela$ map ip 1!2.16.100.6 406 broa
Lab22R4#ping 1!2.16.100.6
Sening #) 100-b$te *+,- .c/os to 1!2.16.100.6) timeout is 2 secons0
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 60/60/60 ms
Lab22R4#ping 1!2.16.100.#
Sening #) 100-b$te *+,- .c/os to 1!2.16.100.#) timeout is 2 secons0
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 116/11!/12" ms
Lab22R4#
We also hae the frame relay connection between (* and (' to configure.
Lab22R1(config-if)#no arp frame
Lab22R1(config-if)#no frame inv
Lab22R1(config-if)#ip aress 1!2.16.10".1 2##.2##.2##.2"5
Lab22R1(config-if)#frame-rela$ map ip 1!2.16.10"." 10" broa
Lab22R"(config)#int Serial0/0/0
Lab22R"(config-if)#encap frame
Lab22R"(config-if)#no arp frame
Lab22R"(config-if)#no frame inv
Lab22R"(config-if)#frame-rela$ map ip 1!2.16.10".1 "01 broa
Lab22R1#ping 1!2.16.10"."
2
Sening #) 100-b$te *+,- .c/os to 1!2.16.10".") timeout is 2 secons0
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 60/60/6" ms
Lab22R1#
1.3 & 1. R1!R and R"!R# Frame Relay $oint!to!$oint connections
Configure R6 with a point-to-point $ra%e-Re!a" subinterface to R&. Configure a point-to-point fra%e-re!a"
!in' between R1 and R(.
/or (& and (0 it1s similar to the point-to-point sub-interfaces we already configured on
(&.
Lab22R6(config)#int Serial0/0/0.65 point-to-point
Lab22R6(config-subif)#frame-rela$ interface-lci 605
2n (* and (', we will use the physical interfaces:
Lab22R1(config)#interface Serial0/0/0
Lab22R1(config-if)#ip aress 1!2.16.10".1 2##.2##.2##.2"5
Lab22R1(config-if)#encapsulation frame-rela$
Lab22R1(config-if)#no arp frame-rela$
Lab22R1(config-if)#frame-rela$ map ip 1!2.16.10"." 10" broacast
Lab22R1(config-if)#no frame-rela$ inverse-arp
Lab22R"(config)#interface Serial0/0/0
Lab22R"(config-if)#ip aress 1!2.16.10"." 2##.2##.2##.2"5
Lab22R"(config-if)#encapsulation frame-rela$
Lab22R"(config-if)#no arp frame-rela$
Lab22R"(config-if)#frame-rela$ map ip 1!2.16.10".1 "01 broacast
Lab22R"(config-if)#no frame-rela$ inverse-arp
Catalyst 3%%& Configuration
2.1 '(itc) naming & *+P domain
)a%e Cat1 and Cat * +Cat,- where , is the cata!"sts nu%ber. .et the #/P do%ain na%e to 01as#egas2.
S6itc/(config)#/ostname +at1
Lab22+at1(config)#
S6itc/(config)#/ostname +at2
Lab22+at2(config)#
We only need to configure the domain on !at*. !at, will learn about the domain
change.
Lab22+at1(config)#vtp omain Las7egas
+/anging 7'- omain name from 89LL to Las7egas
3
2.2 *L,- configuration / naming
Create #13) settings according to the pro4ided diagra%5 Cat1 is acting as the .er4er. 6a'e sure "our
#13)s are na%ed appropriate!" on "our switch.
We hae three 3lans: 34AN5A, 34AN5+, and 34AN5!. We need to name these
34ANs, configure the ports for the respectie 34ANs, and ad6ust !at, to be a 37P
client. !at, does not need any 34AN configuration. !at, will learn about the 34ANs
from !at*.
Lab22+at1(config)#vlan 100
Lab22+at1(config-vlan)#name 7L:8;:
Lab22+at1(config-vlan)#vlan 200
Lab22+at1(config-vlan)#name 7L:8;&
Lab22+at1(config-vlan)#vlan 400
Lab22+at1(config-vlan)#name 7L:8;+
Lab22+at1(config)#int fa0/1
Lab22+at1(config-if)#s6itc/ moe acc
Lab22+at1(config-if)#s6itc/ acc vlan 400
Lab22+at1(config-if)#int fa0/4
Lab22+at1(config-if)#int fa0/"
Lab22+at1(config-if)#int fa0/#
Lab22+at1(config-if)#int fa0/%
Lab22+at2(config)#vtp moe client
Setting evice to 7'- +L*.8' moe.
Lab22+at2(config)#
2n !at*, the command s)o( .lan brief will erify that our ports are in the proper
34ANs. 2n !at,, the commands s)o( .lan brief and s)o( .t$ status will erify that
our 34AN naming information propagated.
Lab22Cat1#show vlan brief
7L:8 8ame Status -orts
---- -------------------------------- --------- -------------------------------
1 efault active <a0/2) <a0/6) <a0/!) <a0/%
<a0/10) <a0/11) <a0/12) <a0/10
<a0/1#) <a0/16) <a0/1!) <a0/15
<a0/2") =i0/1) =i0/2
100 VLAN_A active Fa0/8, Fa0/9
200 VLAN_ active Fa0/!, Fa0/2"
"00 VLAN_C active Fa0/1, Fa0/", Fa0/#
Lab22+at2#show vlan brief
4
7L:8 8ame Status -orts
---- -------------------------------- --------- -------------------------------
1 efault active <a0/1) <a0/2) <a0/4) <a0/"
<a0/#) <a0/6) <a0/!) <a0/5
<a0/%) <a0/10) <a0/11) <a0/12
<a0/10) <a0/1") <a0/1#) <a0/16
<a0/1!) <a0/15) <a0/24) <a0/2"
=i0/1) =i0/2
100 VLAN_A active
200 VLAN_ active
"00 VLAN_C active
Lab22+at2#show vt$ stat%s
7'- 7ersion 0 2
+onfiguration Revision 0 4
,a2imum 7L:8s supporte locall$ 0 100#
8umber of e2isting 7L:8s 0 5
7'- >perating ,oe 0 +lient
V&' (o)ain Na)e * LasVe+as
7'- -runing ,oe 0 ?isable
7'- 72 ,oe 0 ?isable
7'- 'raps =eneration 0 ?isable
,?# igest 0 02<+ 02<5 02:! 02:% 021. 02&6 02!+ 02%0
+onfiguration last moifie b$ 10.24.#0.# at 4-1-%4 0000!00#
Lab22+at2#
2.3 '$anning +ree
Configure a!! of the ports on Cat15 e7cept fa891: ; 89**5 to a!!ow de4ices connected to the ports to connect
faster.
7o enable the ports to connect faster, we can configure portfast with the interface
command s$anning!tree $ortfast. 8on.t forget the 9igabit /ast:thernet interfaces.
Lab22+at1(config)#interface range fa0/1 - 15) fa0/24 - 2") gi0/1 - 2
Lab22+at1(config-if-range)#spanning-tree portfast
2. +raffic ,naly/er
Configure port 89*( on both Cata!"st switches to a!!ow an ana!"<er to be ab!e to see a!! traffic on #13)=C.
7he command monitor session configures the switch to send a copy of specified traffic
to another port. 7wo independent sessions can be defined on the switch. :ach session
needs a source and destination. !onfiguration can be erified with the commands s)o(
monitor and s)o( interface. When monitoring a 34AN, you can only specify traffic
receied. If you are monitoring an indiidual port, you can monitor traffic sent, receied,
or both.
Lab22+at1(config)#monitor session 1 source vlan 400 r2
Lab22+at1(config)#monitor session 1 estination int fa0/2"
Lab22+at2(config)#monitor session 1 source vlan 400 r2
Lab22+at2(config)#monitor session 1 estination interface fa0/2"
Lab22+at1#show )onitor
Session 1
---------
'$pe 0 Local Session
Source 7L:8s 0
5
R@ >nl$ 0 400
?estination -orts 0 <a0/2"
.ncapsulation 0 8ative
*ngress0 ?isable
Lab22+at2#show int fa0/2!
Fast,thernet0/2! is -own, line $rotocol is -own .)onitorin+/
2.% +elnet Configuration
Configure Cat1 so it can te!net to the 1oopbac' 8 interface on router R3 when +R3- is entered.
In order for !at* to be able to telnet to (".s loopback interface by name, we can
configure a static hostname mapping on (". We will not be able to test this until ++*
has a route for the loopback network, but we can erify that !at* is trying to telnet to (".
Lab22+at1(config)#ip /ost R4 1!2.16.40.4
Lab22+at1#R4
'r$ing R4 (1!2.16.40.4)...
0004"0"40 ASBS-#-+>8<*=;*0 +onfigure from console b$ console
A +onnection time outC remote /ost not responing
2." IP addressing / gate(ay configuration
Configure Cat1 with an IP address in #13)=3 and set a defau!t gatewa" pointing to BB1.
;ere, we are configuring an IP address for the 34AN *$$ %3I. 7he command s)o( i$
route will erify that our default gateway is set to ++*.s /a$)$ interface.
Lab22+at1(config)#int vlan 100
Lab22+at1(config-if)#ip aress 1!2.16.50.4# 2##.2##.2##.125
Lab22+at1(config)#ip efault-gate6a$ 1!2.16.50.%
Lab22Cat1#show i$ ro%te
?efault gate6a$ is 1!2.16.50.%
Dost =ate6a$ Last 9se 'otal 9ses *nterface
*+,- reirect cac/e is empt$
Lab22+at1#
2.0 ! +run1ing
Configure port 891: ; 89*8 to be an &8*.1> trun' with a nati4e #13) of 188. nsure that Cat* sees a!! of
the #13)..
!urrently ports $)*<-$),, hae dynamically negotiated ' indiidual I%4 trunks. In order
to configure $)*< and $),$ as a single trunk, we will configure :therchannel. We will
also shutdown ports $),* and $),,.
Lab22+at1(config)#int range fa0/1% - 20
Lab22+at1(config-if-range)#s6itc/port trunE encap ot1(
Lab22+at1(config-if-range)#s6itc/port moe trunE
Lab22+at1(config-if-range)#s6itc/port trunE native vlan 100
Lab22+at1(config-if-range)#c/annel-group 1 moe esirable
+reating a port-c/annel interface -ort-c/annel 1
6
Lab22+at1(config)#int range fa0/21 - 22
Lab22+at1(config-if-range)#s/ut
Lab22+at2(config)#int range fa0/1% - 20
Lab22+at2(config-if-range)#s6itc/port trunE encap ot1(
Lab22+at2(config-if-range)#s6itc/port moe trunE
Lab22+at2(config-if-range)#s6itc/port trunE native vlan 100
Lab22+at2(config-if-range)#c/annel-group 1 moe esirable
+reating a port-c/annel interface -ort-c/annel 1
Lab22+at2(config)#int range fa0/21 - 22
Lab22+at2(config-if-range)#s/ut
We can erify our configuration with the commands s)o( interface trun1 and s)o(
et)erc)annel summary.
Lab22+at2#show int tr%n0
-ort ,oe .ncapsulation Status 8ative vlan
-o1 on 502.1( trunEing 100
-ort 7lans allo6e on trunE
-o1 1-"0%"
-ort 7lans allo6e an active in management omain
-o1 1)100)200)400
-ort 7lans in spanning tree for6aring state an not prune
-o1 1)100)200)400
Lab22+at2#
Lab22+at2#show etherchannel s%))ar1
<lags0 ? - o6n - - in port-c/annel
* - stan-alone s - suspene
D - Dot-stanb$ (L:+- onl$)
R - La$eLab22R4 S - La$eLab22R2
u - unsuitable for bunling
9 - in use f - faile to allocate aggregator
- efault port
8umber of c/annel-groups in use0 1
8umber of aggregators0 1
=roup -ort-c/annel -rotocol -orts
------F-------------F-----------F-----------------------------------------------
1 -o1(S9) -:g- <a0/1%(-) <a0/20(-)
Lab22+at2#
2'PF
3.1 ,rea &
Configure the networ' between routers R35 R55 and R6 for ?.P$ area 8 (@o not use an" neighbor
state%ents for connecti4it" in area 8).
/rame relay is considered nonbroadcast, and 2%P/ will not neighbor up across frame
relay without a little help. 7he two most common methods are configuring neighbors and
ad6usting the 2%P/ network type. %ince we are prohibited from using neighbor
statements, we will configure the 2%P/ network type, and set it to point to multipoint.
7
We will also statically set our 2%P/ router I8s with the 2%P/ command router!id
3.3.3.3.
Lab22R4(config)#router ospf 1
Lab22R4(config-router)#router-i 4.4.4.4
Lab22R4(config-router)#net6orE 1!2.16.100.4 0.0.0.0 area 0
Lab22R4(config-router)#e2it
Lab22R4(config-if)#ip ospf net6orE point-to-multipoint
Lab22R#(config)#router ospf 1
Lab22R#(config-router)#router-i #.#.#.#
Lab22R#(config-router)#net6orE 1!2.16.100.# 0.0.0.0 area 0
Lab22R#(config-router)#e2it
Lab22R#(config)#int Serial0/0/0
Lab22R#(config-if)#ip ospf net6orE point-to-multipoint
Lab22R6(config-router)#e2it
Lab22R6(config)#int Serial0/0/0.2
Lab22R6(config-subif)#ip ospf net6orE point-to-multipoint
At this point, the command s)o( i$ os$f neig)bor on (& should show full ad6acencies
for (" and (#.
Lab2223#show i$ os$f nei+h
8eig/bor *? -ri State ?ea 'ime :ress *nterface
4.4.4.4 1 F4LL/ - 000010#" 1!2.16.100.4 Serial0/0/0.2
#.#.#.# 1 F4LL/ - 000010#" 1!2.16.100.# Serial0/0/0.2
Lab22R6#
3.2 ,rea 1
Configure the networ' between routers R15 R3 and R5 for ?.P$ area 1.
;ere, we are configuring Area * for 34AN5!.
Lab22R#(config-router)#net6orE 1!2.16.14#.# 0.0.0.0 area 1
Lab22R4(config-router)#net6orE 1!2.16.14#.4 0.0.0.0 area 1
Lab22R1(config-router)#net6orE 1!2.16.14#.1 0.0.0.0 area 1
(* should show neighbors for (" and (#.
Lab22R1#s/o6 ip ospf neig/
#.#.#.# 1 <9LL/?R 0000004! 1!2.16.14#.#
<ast.t/ernet0/0
4.4.4.4 1 <9LL/&?R 0000004! 1!2.16.14#.4
<ast.t/ernet0/0
Lab22R1#
8
3.3 ,rea 2
Configure the networ' between routers R( and BB* for ?.P$ area * (@o not enab!e ?.P$ on the networ'
connecting routers R1 and R().
;ere we are configuring area ,. Again, we will erify with the command s)o( i$ os$f
neig)bor.
Lab22R"(config)#router ospf 1
Lab22R"(config-router)#router-i "."."."
Lab22R"(config-router)#net6orE 1!2.16.14"." 0.0.0.0 area 2
Lab22&&2(config)#router ospf 1
Lab22&&2(config-router)#router-i 10.10.10.10
Lab22&&2(config-router)#net6orE 1!2.16.14".10 0.0.0.0 area 2
Lab222#show i$ os$f nei+h
"."."." 1 <9LL/?R 00000045 1!2.16.14"."
<ast.t/ernet0/0
Lab22&&2#
Now that we hae configured Area , for 2%P/, we need to 6oin it to the other 2%P/
areas. %ince area , is not touching any 2%P/ areas, we will use a tunnel to connect it
to the nearest area, which is area * on (*.
Lab22R1(config)#int tunnel 1
Lab22R1(config-if)#ip aress 1!2.16.11".1 2##.2##.2##.0
Lab22R1(config-if)#tunnel source 1!2.16.10".1
Lab22R1(config-if)#tunnel est 1!2.16.10"."
Lab22R"(config)#int tunnel 1
Lab22R"(config-if)#ip aress 1!2.16.11"." 2##.2##.2##.0
Lab22R"(config-if)#tunnel source 1!2.16.10"."
Lab22R"(config-if)#tunnel est 1!2.16.10".1
Lab22R"(config-router)#net6orE 1!2.16.11"." 0.0.0.0 area 2
Lab22R1(config-router)#net6orE 1!2.16.11".1 0.0.0.0 area 2
%ince (* is not touching area $, we will also add a irtual link to e-tend area $ to (*.
(* can reach area $ ia either (" or (#. /or redundancy, we will configure two irtual
links, one to (", and one to (#.
Lab22R1(config-router)#area 1 virtual-linE 4.4.4.4
Lab22R1(config-router)#area 1 virtual-linE #.#.#.#
Lab22R4(config-router)#area 1 virtual-linE 1.1.1.1
Lab22R#(config-router)#area 1 virtual-linE 1.1.1.1
9
3. Loo$bac1s
Configure the 1oopbac' 8 networ' on router R6 in ?.P$ area 68. Configure the 1oopbac' 8 networ' on
router R3 in ?.P$ area 38. Configure the 1oopbac' 8 networ' on router R5 in ?.P$ area 58.
;ere, we are 6ust adding additional networks to 2%P/.
Lab22R#(config-router)#net6orE 1!2.16.#.# 0.0.0.0 area #0
We can use the command s)o( i$ route os$f on (* to erify that these networks were
added to 2%P/.
Lab2221#show i$ ro%te os$f
1!2.16.0.0/16 is variabl$ subnette) ! subnets) 4 masEs
> *: 1!2.16.40.4/42 G110/11H via 1!2.16.14#.4) 000000#2) <ast.t/ernet0/0
> *: 1!2.16.#.#/42 G110/11H via 1!2.16.14#.#) 00001044) <ast.t/ernet0/0
> *: 1!2.16.6.6/42 G110/!#H via 1!2.16.14#.4) 0000201") <ast.t/ernet0/0
G110/!#H via 1!2.16.14#.#) 0000201") <ast.t/ernet0/0
> *: 1!2.16.100.4/42 G110/10H via 1!2.16.14#.4) 000110#4) <ast.t/ernet0/0
> *: 1!2.16.100.#/42 G110/10H via 1!2.16.14#.#) 000110#4) <ast.t/ernet0/0
> *: 1!2.16.100.6/42 G110/!"H via 1!2.16.14#.4) 000110#4) <ast.t/ernet0/0
G110/!"H via 1!2.16.14#.#) 000110#4) <ast.t/ernet0/0
Lab22R1#
3.% 4R/54R configuration
Configure router R1 to be the designated router for area 15 but if router R1 goes down5 router R3 shou!d
beco%e the @R. R5 shou!d ne4er beco%e a @R or B@R.
7o preent (# from becoming a 8( or +8(, we can configure the 2%P/ priority to $.
/or (* to be preferred oer (", it will need a better priority. We will set the priority for
(* to *$ and the priority for (" to ". After configuring the priorities, clear the 2%P/
processes and erify with the command s)o( i$ os$f neig)bor.
Lab22R1(config)#int <ast.t/ernet0/0
Lab22R1(config-if)#ip ospf priorit$ 10
Lab22R4(config-if)#ip ospf priorit$ 4
Lab22R#(config)#int <ast.t/ernet0/0/0
Lab22R#(config-if)#ip ospf priorit$ 0
Lab222"#show i$ os$f nei+h
1.1.1.1 10 <9LL/?R 00000045 1!2.16.14#.1 <ast.t/ernet0/0
#.#.#.# 0 <9LL/?R>'D.R 00000046 1!2.16.14#.# <ast.t/ernet0/0
Lab22R4#
3." Reac)ability
10
If router R5 or router R3 goes down5 router BB* shou!d sti!! be ab!e to reach a!! networ's (e7cept for the
ones on routers R5 or R3).
+y configuring dual irtual links, we will hae reachability if either (# or (" goes down.
3.0 ,rea & aut)entication
Configure the strongest authentication for 3rea 8.
7he /rame (elay interfaces for (", (#, and (& are in area $. In addition to configuring
authentication keys on the interface, we will configure area & aut)entication message!
digest under the 2%P/ process.
Lab22R#(config-if)#int Serial0/0/0
Lab22R#(config-if)#ip ospf message-igest-Ee$ 1 m# cisco
Lab22R#(config-router)#area 0 aut/entication message-igest
Lab22R4(config-if)#ip ospf message-igest-Ee$ 1 m# cisco
Lab22R4(config-router)#area 0 aut/entication message-igest
Lab22R6(config-if)#int Serial0/0/0.2
Lab22R6(config-subif)#ip ospf message-igest-Ee$ 1 m# cisco
%ince we are authenticating area $, we also need to authenticate the irtual links which
we hae configured.
Lab22R1(config-router)#area 1 virtual-linE 4.4.4.4 message-igest-Ee$ 1 m#
cisco
Lab22R1(config-router)#area 1 virtual-linE #.#.#.# message-igest-Ee$ 1 m#
cisco
Lab22R4(config-router)#area 1 virtual-linE 1.1.1.1 message-igest-Ee$ 1 m#
cisco
Lab22R#(config-router)#area 1 virtual-linE 1.1.1.1 message-igest-Ee$ 1 m#
cisco
We can erify authentication on (&.s serial interface with the command s)o( i$ os$f
interface. At the end of the output for the interface are the lines =message digest
authentication enabled. and =youngest key id is *.. If the key id is $, it means that a null
key is being sent.
Lab2223#show i$ os$f int 5erial0/0/062
Serial0/0/0.2 is up) line protocol is up
*nternet :ress 1!2.16.100.6/2!) :rea 0
11
-rocess *? 1) Router *? 6.6.6.6) 8et6orE '$pe ->*8';'>;,9L'*->*8') +ost0 6"
'ransmit ?ela$ is 1 sec) State ->*8';'>;,9L'*->*8')
'imer intervals configure) Dello 40) ?ea 120) Iait 120) Retransmit #
Dello ue in 0000001#
*ne2 1/1) floo (ueue lengt/ 0
8e2t 020(0)/020(0)
Last floo scan lengt/ is 1) ma2imum is 2
Last floo scan time is 0 msec) ma2imum is 0 msec
8eig/bor +ount is 2) :Jacent neig/bor count is 2
:Jacent 6it/ neig/bor #.#.#.#
:Jacent 6it/ neig/bor 4.4.4.4
Suppress /ello for 0 neig/bor(s)
7essa+e -i+est a%thentication enable-
8o%n+est 0e1 i- is 1
Lab22R6#
3.# Loo$bac1s 'ubnet 6as1s
nsure that a!! of the 1oopbac's show their correct subnet %as's in a!! of the routers routing tab!es.
/or 2%P/, loopbacks are treated as stub hosts, and a ", bit mask is used. 7here are a
few ways to make 2%P/ show the correct mask. 2ne method is to configure the
loopback as a point to point network with the interface command i$ os$f net(or1 $oint!
to!$oint. We will configure (& this way.
Lab22R6(config)#int lo0
Lab22R6(config-if)#ip ospf net6orE point-to-point
/or (" and (#, we will configure using a different method. %ince the loopbacks are in
their own areas, we can configure the area range command under 2%P/.
Lab22R#(config-router)#area #0 range 1!2.16.#.0 2##.2##.2##.0
Lab22R4(config-router)#area 40 range 1!2.16.40.0 2##.2##.2##.125
7o erify that our loopbacks show up properly, we can check our routing table on (*.
Lab2221#show i$ ro%te os$f
1!2.16.0.0/16 is variabl$ subnette) 5 subnets) " masEs
9 :A 1;26136"060/2# <110/11= via 1;261361"#6", 00*02*1", Fast,thernet0/0
9 :A 1;26136#60/2! <110/11= via 1;261361"#6#, 00*01*#9, Fast,thernet0/0
9 :A 1;26136360/2! <110/;#= via 1;261361"#6#, 00*02*!#, Fast,thernet0/0
<110/;#= via 1;261361"#6", 00*02*!#, Fast,thernet0/0
> *: 1!2.16.100.4/42 G110/10H via 1!2.16.14#.4) 0000"0"6) <ast.t/ernet0/0
> *: 1!2.16.100.#/42 G110/10H via 1!2.16.14#.#) 0000"0"6) <ast.t/ernet0/0
> *: 1!2.16.100.6/42 G110/!"H via 1!2.16.14#.4) 0000"0"6) <ast.t/ernet0/0
G110/!"H via 1!2.16.14#.#) 0000"0"6) <ast.t/ernet0/0
7I8RP
.1 ! 7I8RP 1 & 7I8RP 1" & 7I8RP "#
Configure the networ' between routers R1 and R( for IARP 1(. Configure the networ' between routers R6
and BB1 for IARP 1(6. Configure the networ' between routers R6 and R& for IARP 6&.
12
;ere, we are 6ust adding configuring the :I9(P process for (* and ('. When
configuring :I9(P, we will use an e-act match on our network statements. 7his will help
to aoid adding unwanted interfaces :I9(P. If you hae problems with :I9(P neighbor
relationships forming, make sure to erify that your network commands are typed
correctly, and that you hae IP connectiity between the two routers that are forming the
ad6acency.

Lab22R1(config)#router eigrp 1"
Lab22R1(config-router)#no auto-summar$
Lab22R1(config-router)#net6orE 1!2.16.10".1 0.0.0.0
Lab22R"(config)#router eigrp 1"
Lab22R"(config-router)#no auto-summar$
Lab22R"(config-router)#net6orE 1!2.16.10"." 0.0.0.0
We can erify the ad6acency with the command s)o( i$ eigr$ neig)bor.
Lab22R"#show i$ ei+r$ nei+h
*--.*=R- neig/bors for process 1"
D :ress *nterface Dol 9ptime SR'' R'> K Se( '$pe
(sec) (ms) +nt 8um
0 1!2.16.10".1 Se0/0/0 14# 000000"! 1 4000 0 1
Lab22R"#
;ere we are configuring :I9(P *'& between (& and ++*.
Lab22R6(config)#router eigrp 1"6
Lab22R6(config-router)#net6orE 1!2.16.1"6.6 0.0.0.0
Lab22&&1(config)#router eigrp 1"6
Lab22&&1(config-router)#no auto-summar$
Lab22&&1(config-router)#net6orE 1!2.16.1"6.% 0.0.0.0
Again, we will erify the neighbor relationship with the command s)o( i$ eigr$
neig)bor.
Lab221#show i$ ei+r$ nei+h
*--.*=R- neig/bors for process 1"6
D :ress *nterface Dol 9ptime SR'' R'> K Se( '$p
e
(sec) (ms) +nt 8um
0 1!2.16.1"6.6 Se1/0 11 000000"# %20 #000 0 1
Lab22&&1#
Lab22R6(config)#router eigrp 65
Lab22R6(config-router)#net6orE 1!2.16.56.6 0.0.0.0
Lab2228#show i$ ei+r$ nei+h
*--.*=R- neig/bors for process 65
13
(sec) (ms) +nt 8um
0 1!2.16.56.6 Se0/0/0 12 0000001" "0" 2"2" 0 1
Lab22R5#
.2 Loo$bac1s
Configure the 1oopbac' 8 networ's on routers R15 R( and BB1 to be in the pre4ious!" %entioned IARP
processes without using networ' state%ents.
7o add the loopback networks to :I9(P without network statements we will redistribute
them using the command redistribute connected in con6unction with a route map, so
that we only match the loopback network.
Lab22&&1(config)#route-map eigrp
Lab22&&1(config-route-map)#matc/ interface lo0
Lab22&&1(config-router)#reist connecte route-map eigrp
Lab22R1(config)# route-map eigrp
Lab22R1(config-route-map)#matc/ interface lo0
Lab22R1(config)#router eigrp 1"
Lab22R1(config-router)#reist connecte route-map eigrp
Lab22R"(config)#route-map eigrp
Lab22R"(config-route-map)#matc/ interface loop0
Lab22R"(config)#router eigrp 1"
Lab22R"(config-router)#reist connecte route-map eigrp
We can erify that the routes were added with the command s)o( i$ route eigr$ on
(&, (', and (*.
Lab2223#show i$ ro%te ei+r$
1!2.16.0.0/16 is variabl$ subnette) % subnets) # masEs
? .@ 1!2.16.%.0/2" G1!0/22%!5#6H via 1!2.16.1"6.%) 00004041) Serial0/0/0.1
Lab222!#show i$ ro%te ei+r$
1!2.16.0.0/16 is variabl$ subnette) " subnets) 2 masEs
? .@ 1!2.16.1.0/2" G1!0/22%!5#6H via 1!2.16.10".1) 00004024) Serial0/0/0
Lab22R"#
1!2.16.0.0/16 is variabl$ subnette) 10 subnets) # masEs
? .@ 1!2.16.".0/2" G1!0/22%!5#6H via 1!2.16.10".") 0000202%) Serial0/0/0
Lab22R1#
.3 7I8RP u$dates
nsure that IARP updates are on!" sent out of the necessar" interfaces on router R6.
7o erify where :I9(P updates are being sent, we will use an access list and a debug.
We will use the access-list access!list 1&1 $ermit eigr$ any any with the command
debug i$ $ac1et 1&1.
Lab22R6(config)#access-list 101 permit eigrp an$ an$
14
Lab22R6#ebug ip pacEet 101
*- pacEet ebugging is on for access list 101
Lab22R6#
0#0#20#40 *-0 s31!2.16.56.5 (Serial0/0/0.65)) 322".0.0.10) len 60) rcv 2
0#0#20#"0 *-0 s31!2.16.1"6.6 (local)) 322".0.0.10 .5erial0/0/061/, len 30,
sen-in+ broa-/)%lticast
0#0#20#!0 *-0 s31!2.16.56.6 (local)) 322".0.0.10 .5erial0/0/0638/, len 30,
0#0#20#!0 *-0 s31!2.16.56.5 (Serial0/0/0.65)) 322".0.0.10) len 60) rcv 2
0#0#20#%0 *-0 s31!2.16.1"6.6 (local)) 322".0.0.10 .5erial0/0/061/, len 30,
0#0#40020 *-0 s31!2.16.56.5 (Serial0/0/0.65)) 322".0.0.10) len 60) rcv 2
0#0#40020 *-0 s31!2.16.56.6 (local)) 322".0.0.10 .5erial0/0/0638/, len 30,
0#0#400"0 *-0 s31!2.16.1"6.6 (local)) 322".0.0.10 .5erial0/0/061/, len 30,
0#0#400!0 *-0 s31!2.16.56.5 (Serial0/0/0.65)) 322".0.0.10) len 60) rcv 2
0#0#400!0 *-0 s31!2.16.56.6 (local)) 322".0.0.10 .5erial0/0/0638/, len 30,
7he debug shows that we are only sending :I9(P traffic out the serial $)$)$.&0 and
serial$)$)$.* interfaces, which is correct.
. 7I8RP 6etrics
Configure IARP to use on!" the bandwidth in the %etric ca!cu!ation on both routers R6 and R&.
7he default metric calculation for :I9(P uses constants k* and k" to influence
bandwidth and delay. 7o remoe delay from the calculation, we can set k" to >ero, and
leae k* as the only non>ero constant. Any time you ad6ust your metric calculation, you
need to ad6ust any neighboring routers in the :I9(P process. We will make the
ad6ustment on both (& and (0. !hanging the metric will cause the ad6acency to break,
and you will receie the error message shown below about a mismatched k alue until
the other router?s@ hae also been changed.
Lab22R6(config-router)#metric 6eig/ts 0 1 0 0 0 0
060050#40 A?9:L-#-8&R+D:8=.0 *--.*=R- 650 8eig/bor 1!2.16.56.5 (Serial0/0/0.65)
is o6n0 metric c/ange
060050#60 A?9:L-#-8&R+D:8=.0 *--.*=R- 650 8eig/bor 1!2.16.56.5 (Serial0/0/0.65)
is o6n0 L-value mismatc/
Lab22R5(config-router)#metric 6eig/ts 0 1 0 0 0 0
Lab2223#show i$ ei+r$ nei+h 38
(sec) (ms) +nt 8um
0 1!2.16.56.5 Se0/0/0 1" 0000"014 1 4000 0 2
Lab22R6#
.% Loo$bac1s
Configure #13)=3 and R&2s 1oopbac' 8 to participate in IARP 6& as we!!.
15
%ince we ad6usted the metric weights for :I9(P &0, we need to make sure to ad6ust
them for ++*.s :I9(P process as well.
Lab22&&1(config)#router eigrp 65
Lab22&&1(config-router)#net6orE 1!2.16.50.% 0.0.0.0
Lab22&&1(config-router)#metric 6eig/ts 0 1 0 0 0 0
Lab221#show i$ ei+r$ nei+h 38
D :ress *nterface Dol 9ptime SR'' R'> K Se(
'$pe
(sec) (ms) +nt 8um
0 1!2.16.50.1 <a0/0 12 000010"5 1445 #000 0 #
Lab22&&1#
RIP
%.1 RIP configuration
Configure the 1oopbac' 8 networ' on router BB* for RIP.
In addition to entering a network statement to coer the loopback interface, we will
configure ersion , because we are not instructed otherwise in the Auestion, and no
auto-summary.
Lab22&&2(config)#router rip
Lab22&&2(config-router)#version 2
Lab22&&2(config-router)#net6orE 1!2.16.0.0
%.2 RIP u$dates
nsure that RIP updates are on!" sent out the necessar" interfaces.
We are not asked to neighbor (IP with any other routers, so (IP does not need to be
sent out any interfaces on ++,. We will configure all interfaces as passie with the
command $assi.e!interface default under the (IP process.
Lab22&&2(config-router)#passive-interface efault
%.3 RIP +imers
Configure a!! of the RIP ti%ers on BB* so the" are doub!e the defau!t 4a!ues.
Bou are not e-pected to hae all the timers memori>ed, but you should know where to
find them Auickly. As a general guideline the command reference will hae the default
alues for a gien command. In this case, it is 6ust a matter of doubling those alues.
7he defaults are "$, *0$, *0$, and ,'$ for update, inalid, holddown and flush,
respectiely.
16
Lab22&&2(config-router)#timers basic 60 460 460 "50
Redistribution
".1 & ".2 Redistribution
Configure the reBuired redistribution points to a!!ow fu!! connecti4it" and redundanc" throughout the networ'.
nsure that the ?.P$ %etric for e7terna! routes changes throughout the ?.P$ networ'.
In order for the 2%P/ metric for e-ternal routes to change, the e-ternal routes need to
be set as :* routes. In order to determine where to do redistribution, we will look at the
routing protocols on each router. We will start at the bottom of the topology and work
our way up.
++, has a loopback in (IP and an /ast:thernet interface in 2%P/. In order for the rest
of the network to learn about the loopback, we need to redistribute (IP into 2%P/.
7here aren.t any (IP routers that ++, is sending updates to, so we do not need to
redistribute from 2%P/ into (IP.
Lab22&&2(config)#router ospf 1
Lab22&&2(config-router)#reist rip subnets metric-t$pe 1
With the command s)o( i$ route os$f on (', we can erify that the loopback network
was successfully redistributed into 2%P/ as an :* route.
Lab222!#show i$ ro%te os$f
1!2.16.0.0/16 is variabl$ subnette) # subnets) 2 masEs
> .1 1!2.16.10.0/2" G110/40H via 1!2.16.14".10) 00000026) <ast.t/ernet0/0
Lab22R"#
Coing upward along our topology, (*, (", (', (#, and (& are all running 2%P/. Now
that the loopback for ++, has been added to 2%P/, the ne-t group of networks to add to
2%P/ are the :I9(P loopbacks on (* and (', and the network between (* and ('. If
we redistribute :I9(P into 2%P/, 2%P/ will know about these three :I9(P networks.
We do not need to redistribute from 2%P/ into :I9(P, because both of these routers
are also running 2%P/. If there were another router that was only running :I9(P, we
would need to redistribute into :I9(P so that other router would hae routes for the
network. If we redistribute :I9(P into 2%P/ on both (* and (', (*.s loopback can still
be reached by (" and (#, and ('.s loopback can be reached by ++, een if the link
between (* and (' failed.
Lab22R1(config-router)#reist eigrp 1" subnets metric-t$pe 1
Lab22R"(config-router)#reist eigrp 1" subnets metric-t$pe 1
At this point, (& has routes for all the networks beyond (" and (#. (0 is running
:I9(P &0, and ++* is running :I9(P *'&. 7here is also the connection between (0
and ++* ia 34AN5A running :I9(P &0.
In order for ++* and (0 to hae (outes for the 2%P/ networks, we need to redistribute
from 2%P/ into :I9(P. In order for 2%P/ to hae routes for the :I9(P networks, we
17
need to redistribute from :I9(P into 2%P/. 4ooking at the connections between (&,
(0, and ++*, we can see where we need to redistribute for ma-imum redundancy.
+etween these three routers, our topology resembles a triangle. 4et.s consider what
happens if any of the three links breaks.
/irst, lets look at 34AN5A. If the connection between (0 and ++* did not e-ist ?or
broke@, what would we need for redistributionD In order for (0 to hae routes for the
networks in 2%P/, the 2%P/ routes need to be redistributed into :I9(P &0. :I9(P &0
would need to be redistributed into 2%P/, so that the 2%P/ routers would know about
the serial link between (& and (0, as well as (0.s loopback.
Lab22R6(config-router)#reist ospf 1 metric 1#"" 2000 2#" 1 1#00
Lab22R6(config-router)#reist eigrp 65 subnets metric-t$pe 1
4ooking at ++*, 2%P/ needs to be redistributed into :I9(P *'& for ++* to hae routes
for the 2%P/ networks. :I9(P *'& needs to be redistributed into 2%P/ for the 2%P/
routers to learn routes for ++*.s loopback and serial networks.
Lab22R6(config-router)#reist ospf 1 metric 1#"" 2000 2#" 1 1#00
Lab22R6(config-router)#reist eigrp 1"6 subnets metric-t$pe 1
(& and (0 would hae routes for the 2%P/ networks, but (0 would not hae a router for
(&.s loopback and ice ersa. 2n (&, we need to redistribute between our :I9(P
processes.
Lab22R6(config-router)#reist eigrp 1"6 metric 1#"" 2000 2#" 1 1#00
Lab22R6(config-router)#reist eigrp 65 metric 1#"" 2000 2#" 1 1#00
With (0.s /ast:thernet shut down, we will erify that we can (0 and ++* can ping each
other.s loopbacks.
Lab22R5#ping 1!2.16.%.%
Sening #) 100-b$te *+,- .c/os to 1!2.16.%.%) timeout is 2 secons0
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 55/55/%2 ms
Lab22R5#
Lab22&&1#ping 1!2.16.5.5
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 5"/55/%2 ms
Lab22&&1#
18
With the /ast:thernet interface shut down on ++*, you may notice that (& doesn.t hae
a route for 34AN5A. 7his presents a problem, because !at* is using ++*.s
/ast:thernet interface as a default gateway. +y adding the fa$)$ interface to the route-
map for connected interfaces, (& will hae a route for 34AN5A.
Lab22&&1(config)#route-map eigrp
Lab22&&1(config-route-map)#matc/ interface lo0 fa0/0
Now let.s look at what happens if the serial link between (& and (0 were to fail. (0 still
has a path to (& ia ++*, but does not hae any routes for (&. If we redistribute
between our :I9(P processes on ++*, (& will learn about the path to (0 ia ++*. In
order for (0 to learn about the networks from (&, the redistribution needs to be two-way.
Lab22&&1(config-router)#reist eigrp 1"6 metric 1000 2000 2#" 1 1#00
Lab22&&1(config-router)#reist eigrp 65 metric 1000 2000 2#" 1 1#00
At this point, (' should be able to ping (0.s loopback.
Lab22R"#ping 1!2.16.5.5
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 155/1%#/22" ms
Lab22R"#
4ets take a close look at (0.s routing table at this point ?with the serial interface still shut
down@.
1!2.16.0.0/16 is variabl$ subnette) 16 subnets) 6 masEs
? .@ 1!2.16.1"6.0/25 G1!0/16#!5#6H via 1!2.16.50.%) 0000%0##) <ast.t/ernet0/0
? .@ 1!2.16.14".0/2" G1!0/16#!5#6H via 1!2.16.50.%) 0000%0"6) <ast.t/ernet0/0
? .@ 1!2.16.14#.0/25 G1!0/16#!5#6H via 1!2.16.50.%) 0000%0"6) <ast.t/ernet0/0
? .@ 1!2.16.40.0/2# G1!0/16#!5#6H via 1!2.16.50.%) 0000%0#") <ast.t/ernet0/0
? .@ 1!2.16.10.0/2" G1!0/16#!5#6H via 1!2.16.50.%) 0000%0#") <ast.t/ernet0/0
? .@ 1!2.16.".0/2" G1!0/16#!5#6H via 1!2.16.50.%) 0000%0"6) <ast.t/ernet0/0
? .@ 1!2.16.#.0/2" G1!0/16#!5#6H via 1!2.16.50.%) 0000%0#") <ast.t/ernet0/0
? .@ 1!2.16.6.0/2" G1!0/16#!5#6H via 1!2.16.50.%) 0000%0"6) <ast.t/ernet0/0
? .@ 1!2.16.1.0/2" G1!0/16#!5#6H via 1!2.16.50.%) 0000%0#") <ast.t/ernet0/0
? .@ 1!2.16.11".0/2" G1!0/16#!5#6H via 1!2.16.50.%) 0000%0"6) <ast.t/ernet0/0
? .@ 1!2.16.10".0/2% G1!0/16#!5#6H via 1!2.16.50.%) 0000%0"6) <ast.t/ernet0/0
? .@ 1!2.16.100.0/2! G1!0/16#!5#6H via 1!2.16.50.%) 0000%0"6) <ast.t/ernet0/0
? .@ 1!2.16.100.4/42 G1!0/16#!5#6H via 1!2.16.50.%) 0000%0"!) <ast.t/ernet0/0
? .@ 1!2.16.100.#/42 G1!0/16#!5#6H via 1!2.16.50.%) 0000%0"!) <ast.t/ernet0/0
Lab22R5#
Although (0 is learning routes from the rest of the topology, (0 is N27 learning about
the network for ++*.s loopback. +ecause ++* is redistributing the connected loopback
into :I9(P *'&, it will not be redistributed into :I9(P &0, during the redistribution from
:I9(P *'& into :I9(P &0. In order for (0 to learn about this network, we will
redistribute the loopback into :I9(P &0.
Lab22&&1(config)#route-map eigrp2
19
Lab22&&1(config-route-map)#matc/ int lo0
Lab22&&1(config-router)#reist connecte metric 1000 2000 2#" 1 1#00 route-map
eigrp2
/inally, let.s look at what happens with ++*.s serial interface down.
1!2.16.0.0/16 is variabl$ subnette) 1! subnets) 6 masEs
? .@ 1!2.16.14".0/2"
G1!0/16#!5#6H via 1!2.16.50.1) 0000201") <ast.t/ernet0/0
? .@ 1!2.16.14#.0/25
G1!0/16#!5#6H via 1!2.16.50.1) 0000201") <ast.t/ernet0/0
? .@ 1!2.16.40.0/2#
G1!0/16#!5#6H via 1!2.16.50.1) 0000201") <ast.t/ernet0/0
? .@ 1!2.16.10.0/2"
G1!0/16#!5#6H via 1!2.16.50.1) 0000201") <ast.t/ernet0/0
? 1!2.16.5.0/2" G%0/2#600H via 1!2.16.50.1) 0000201") <ast.t/ernet0/0
? .@ 1!2.16.".0/2" G1!0/16#!5#6H via 1!2.16.50.1) 0000201") <ast.t/ernet0/0
? .@ 1!2.16.#.0/2" G1!0/16#!5#6H via 1!2.16.50.1) 0000201") <ast.t/ernet0/0
? .@ 1!2.16.6.0/2" G1!0/16#!5#6H via 1!2.16.50.1) 0000201") <ast.t/ernet0/0
? .@ 1!2.16.1.0/2" G1!0/16#!5#6H via 1!2.16.50.1) 0000201") <ast.t/ernet0/0
? .@ 1!2.16.11".0/2"
G1!0/16#!5#6H via 1!2.16.50.1) 0000201") <ast.t/ernet0/0
? .@ 1!2.16.10".0/2%
G1!0/16#!5#6H via 1!2.16.50.1) 0000201") <ast.t/ernet0/0
? .@ 1!2.16.100.0/2!
G1!0/16#!5#6H via 1!2.16.50.1) 00002016) <ast.t/ernet0/0
? .@ 1!2.16.100.4/42
G1!0/16#!5#6H via 1!2.16.50.1) 00002016) <ast.t/ernet0/0
? .@ 1!2.16.100.#/42
G1!0/16#!5#6H via 1!2.16.50.1) 00002016) <ast.t/ernet0/0
? 1!2.16.56.0/2" G%0/16#!5#6H via 1!2.16.50.1) 00002015) <ast.t/ernet0/0
Lab22&&1#
We can erify connectiity by pinging from ++* to ++,.s loopback and ice ersa.
Lab22&&1#ping 1!2.16.10.10
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 1#6/1#6/160 ms
Lab22&&1#
Lab22&&2#ping 1!2.16.%.%
Sening #) 100-b$te *+,- .c/os to 1!2.16.%.%) timeout is 2 secons0
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 1#6/1#6/160 ms
Lab22&&2#
When we bring the /ast:thernet interface back up on ++*, you may notice that ++* still
prefers the routes ia (0. In order to influence ++* to prefer the serial interface, we can
ad6ust the bandwidth for the /ast:thernet interfaces.
Lab22&&1(config)#int fa0/0
Lab22&&1(config-if)#ban6it/ 1#""
20
Lab22R5(config-if)#ban6it/ 1#""
Now that we hae connectiity, lets take another look at section ,.#. We were told that
!at* should be able to telnet to (" by typing =(".. 4et.s see what happens now.
Lab22+at1#Lab22R4
'r$ing Lab22R4 (1!2.16.40.4)... >pen
-ass6or re(uire) but none set
G+onnection to Lab22R4 close b$ foreign /ostH
Lab22+at1#
We can see that !at* has IP connectiity to (", but was not able to log in, because a
password is not set on (". After adding a password on (", !at* will be able to connect
to (".
Lab22R4(config)#line vt$ 0 "
Lab22R4(config-line)#pass6or cisco
Lab22+at1#Lab22R4
'r$ing R4 (1!2.16.40.4)... >pen
9ser :ccess 7erification
-ass6or0
Lab22R4M
58P
0.1 ,'# & ,'1
Configure router R& in 3.& to peer with router R6 in 3.188. Configure router BB1 in 3.1( to peer with
router R6 in 3.188.
;ere, we are configuring (0 for +9P. /or now, we are 6ust configuring (0 for a peering
to (& in A% *$$. We will not be configuring (& at this time. We will also statically set
our bgp router ids with the bgp command bg$ router!id. %ince we hae redundancy in
our topology, we will configure our peerings between loopbacks. When peering between
loopbacks, we need to set the update source as the loopback, and configure ebg$
multi)o$ for the neighbor. With +9P, make sure that you read through the entire
section before you start configuring, to preent the need to change items configured for
earlier steps.
Lab22R5(config)#router bgp 5
Lab22R5(config-router)#bgp router-i 5.5.5.5
Lab22R5(config-router)#neig/bor 1!2.16.6.6 remote-as 100
Lab22R5(config-router)#neig/bor 1!2.16.6.6 upate-source loopbacE0
Lab22R5(config-router)#neig/bor 1!2.16.6.6 ebgp-multi/op
;ere, we are preparing ++* for an A% peering to (&.
Lab22&&1(config)#router bgp 1"
Lab22&&1(config-router)#bgp router-i %.%.%.%
Lab22&&1(config-router)#neig/bor 1!2.16.6.6 remote-as 100
Lab22&&1(config-router)#neig/bor 1!2.16.6.6 upate-source loop0
Lab22&&1(config-router)#neig/bor 1!2.16.6.6 ebgp-multi/op
21
0.2 ,'"%&& & Redundancy
Configure routers R65 R5 and R3 in 3.6(588. Routers R5 and R3 shou!d on!" ha4e one neighbor 7.7.7.7
re%ote-as 6(588 co%%and. If either router R5 or router R3 goes down5 BAP connecti4it" shou!d re%ain
acti4e.
/rom our diagram, we can see that (*, (", (#, and (& are part of a +9P confederation.
We are also gien the restriction that (# and (" can only hae one neighbor in
A%&'#$$.
We.ll start by configuring (& for the connections to (0 and ++*. When configuring a
confederation the number of the A% in the command router bg$ specifies the number of
the %ubA%. 7he number in the command bg$ confederation identifier identifies the
A% of the confederation. If the router has a peering to another %ubA% in the same
confederation, the command bg$ confederation $eers identifies the other %ubA% as
being in the same confederation.
Lab22R6(config)#router bgp 6"#00
Lab22R6(config-router)#bgp confeeration ientifier 100
Lab22R6(config-router)#neig/bor 1!2.16.5.5 remote-as 5
Lab22R6(config-router)#neig/bor 1!2.16.5.5 upate-source lo0
Lab22R6(config-router)#neig/bor 1!2.16.%.% remote-as 1"
Lab22R6(config-router)#neig/bor 1!2.16.%.% upate-source lo0
Lab22R6(config-router)#neig/bor 1!2.16.%.% ebgp-multi/op
At this point, we hae (0 and ++* as peers.
Lab2223#show i$ b+$ s%))ar1
&=- router ientifier 6.6.6.6) local :S number 6"#00
&=- table version is 1) main routing table version 1
8eig/bor 7 :S ,sgRcv ,sgSent 'bl7er *nK >utK 9p/?o6n State/-f2Rc
1!2.16.5.5 " 5 4 " 1 0 0 000000"4 0
1!2.16.%.% " 1" " " 1 0 0 0000001# 0
Lab22R6#
Within the same A%, a router will not pass an update learned from an internal neighbor
on to another neighbor in the same A%. +ecause of this, a full mesh is recommended
among routers in the same A%. !onfederations are one way to get around this, because
connections between two %ubA%es are treated similar to an :9P connection. (oute
reflectors are another way to aoid the need for a full mesh. With a route reflector, the
route reflector will reflect updates among the route reflector clients and preent the
clients from needing a full mesh. %ince (# and (" are only allowed one internal
neighbor for (" and (#, we will configure (& as a route reflector for (" and (#.
Lab22R6(config-router)#neig/bor 1!2.16.#.# remote-as 6"#00
Lab22R6(config-router)#neig/bor 1!2.16.#.# upate-source lo0
Lab22R6(config-router)#neig/bor 1!2.16.#.# route-reflector-client
Lab22R6(config-router)#neig/bor 1!2.16.40.4 remote-as 6"#00
22
Lab22R6(config-router)#neig/bor 1!2.16.40.4 route-reflector-client
(" and (# are configured with a peering to (&.
Lab22R#(config)#router bgp 6"#00
Lab22R#(config-router)#bgp confeeration ientifier 100
Lab22R#(config-router)#bgp router-i #.#.#.#
Lab22R#(config-router)#neig/bor 1!2.16.6.6 remote-as 6"#00
Lab22R#(config-router)#neig/bor 1!2.16.6.6 upate-source lo0
At this point, (& has peerings to (", (#, (0, ++*.
Lab22R6#s/o6 ip bgp summ
&=- router ientifier 6.6.6.6) local :S number 6"#00
1!2.16.#.# " 6"#00 12 12 1 0 0 000050"2 0
1!2.16.5.5 " 5 21 22 1 0 0 000150#6 0
1!2.16.%.% " 1" 22 22 1 0 0 00015025 0
1!2.16.40.4 " 6"#00 5 % 1 0 0 0000#0"" 0
Lab22R6#
We hae already configured redundancy by configuring peering from (& to both (" and
(#.
0.3 ,'"%&1 & ,' 13
Configure router R1 in 3.6(581 to peer with 3.6(588. Configure routers R( and BB* in 3.13(. Configure
router R( to peer with router R1 in 3.188.
;ere we are peering (* to A%&'#$$. We hae the option of peering to either (" or (#.
/or ma-imum redundancy, we will peer to both of them. As mentioned earlier, if a router
is peering to another %ubA%, that %ubA% needs to be identified in the command bg$
confederation $eers. +ecause the connections between %ubA%es are treated like
:9P connections, we also need the command ebg$!multi)o$.
Lab22R1(config-router)#bgp confeeration peers 6"#00
Lab22R1(config-router)#neig/bor 1!2.16.#.# remote-as 6"#00
Lab22R1(config-router)#neig/bor 1!2.16.#.# upate-source loop0
Lab22R1(config-router)#neig/bor 1!2.16.40.4 upate-source loop0
Lab22R1(config-router)#neig/bor 1!2.16.#.# ebgp-multi/op
Lab22R#(config)#router bgp 6"#00
Lab22R#(config-router)#bgp confeeration peers 6"#01
Lab22R#(config-router)#neig/bor 1!2.16.1.1 remote-as 6"#01
Lab22R#(config-router)#neig/bor 1!2.16.1.1 upate-source loop0
Lab22R#(config-router)#neig/bor 1!2.16.1.1 ebgp-multi/op
23
Lab22R4(config-router)#bgp confeeration peers 6"#01
Lab22R4(config-router)#neig/bor 1!2.16.1.1 upate-source loop0
We will configure the peerings to (* and ++, between loopback interfaces. %ince the
connection between A%*$$ and A%*"' is an :+9P connection, make sure that you
remember the command neig)bor 3.3.3.3 ebg$!multi)o$. If you enter ebgp-multihop
without specifying a hop count, the router will default to a hop count of ,##. Bou can set
a lower alue, but be careful about setting the alue too low. If you set the hop count to
", and your path is ' hops, you will not be able to establish a bgp peering, een though
you hae IP connectiity.
/irst, we will configure (* for the +9P peering to ('.
Lab22R1(config-router)#neig/bor 1!2.16."." remote-as 14"
Lab22R1(config-router)#neig/bor 1!2.16."." upate-source loop0
Lab22R1(config-router)#neig/bor 1!2.16."." ebgp-multi/op
+efore we configure (' and ++,, make sure to read carefully through the rest of the
+9P section to see if there is anything that will affect our configuration. (eading earlier
sections, we see that we need to hae synchroni>ation on and we hae two loopbacks
that we cannot redistribute into an I9P. With synchroni>ation on, the router will not send
an update to an +9P neighbor in the same A% unless there is an I9P path. We can.t
add the networks to an I9P, or turn off synchroni>ation. We can, howeer, trick the
router into thinking the other router is in a different A%. +y configuring (' and ++, as
two %ubA%es in a confederation, the connection between them is treated as an :+9P
connection, and the I9P reAuirement for synchroni>ation does not apply.
Lab22R"(config)#router bgp 6#00"
Lab22R"(config-router)#bgp router-i "."."."
Lab22R"(config-router)#bgp confeeration ientifier 14"
Lab22R"(config-router)#bgp confeeration peers 6#014
Lab22R"(config-router)#neig/bor 1!2.16.10.10 remote-as 6#014
Lab22R"(config-router)#neig/bor 1!2.16.10.10 upate-source loop0
Lab22R"(config-router)#neig/bor 1!2.16.10.10 ebgp-multi/op
Lab22R"(config-router)#neig/bor 1!2.16.1.1 remote-as 100
Lab22R"(config-router)#neig/bor 1!2.16.1.1 upate-source loop0
Lab22R"(config-router)#neig/bor 1!2.16.1.1 ebgp-multi/op
Lab22&&2(config)#router bgp 6#014
Lab22&&2(config-router)#bgp router-i 10.10.10.10
Lab22&&2(config-router)#bgp confeeration ientifier 14"
Lab22&&2(config-router)#bgp confeeration peers 6#00"
Lab22&&2(config-router)#neig/bor 1!2.16."." remote-as 6#00"
Lab22&&2(config-router)#neig/bor 1!2.16."." upate-source loop0
Lab22&&2(config-router)#neig/bor 1!2.16."." ebgp-multi/op
We can erify our peerings on ('.
Lab222!#show i$ b+$ s%))ar1
&=- router ientifier ".".".") local :S number 6#00"
24
1!2.16.1.1 " 100 % % 1 0 0 00002014 0
1!2.16.10.10 " 6#014 % 5 1 0 0 0000100! 0
Lab22R"#
0. Loo$bac1s & -et(or1 ,d.ertisement
Create two new 1oopbac's on BB*5 1oopbac' 1 and 1oopbac' *5 using the *88.*88.*88.89*5 and
*88.*88.*88.1*&9*5 networ's5 and ad4ertise the% into BAP. /he *88.*88.*88.89*5 and *88.*88.*88.1*&9*5
networ's shou!d be ad4ertised to a!! BAP routers as two separate networ's5 and s"nchroni<ation can not be
disab!ed on router R( or router BB*5 and "ou cannot inCect the networ's into an" IAP.
Cake sure that you configure the subnet masks when configuring the networks in +9P.
Lab22&&2(config)#int loop1
Lab22&&2(config-if)#ip aress 200.200.200.10 2##.2##.2##.125
Lab22&&2(config-if)#e2it
Lab22&&2(config)#int loop2
Lab22&&2(config)#router bgp 6#014
Lab22&&2(config-router)#net6orE 200.200.200.0 masE 2##.2##.2##.125
4et.s take a look at the +9P information on a few routers.
Lab222##show i$ b+$
&=- table version is !) local router *? is #.#.#.#
Status coes0 s suppresse) ampe) / /istor$) N vali) M best) i - internal
>rigin coes0 i - *=-) e - .=-) O - incomplete
8et6orE 8e2t Dop ,etric Loc-rf Ieig/t -at/
NM 200.200.200.0/2# 1!2.16."." 100 0 (6"#01) 14" i
NM 200.200.200.125/2#
1!2.16."." 100 0 (6"#01) 14" i
As shown aboe, (# shows both networks as best routes in +9P.
Lab2223#show i$ b+$
&=- table version is 1) local router *? is 6.6.6.6
N i200.200.200.0/2# 1!2.16."." 100 0 (6"#01) 14" i
N i 1!2.16."." 100 0 (6"#01) 14" i
N i200.200.200.125/2#
1!2.16."." 100 0 (6"#01) 14" i
N i 1!2.16."." 100 0 (6"#01) 14" i
Lab22R6#
(& shows the networks in +9P, but they don.t show as best. 4et.s take a closer look at
the information (& has for these networks. We will use the command s)o( i$ bg$
2&&.2&&.2&&.& for more detailed information.
Lab2223#show i$ b+$ 2006200620060
25
&=- routing table entr$ for 200.200.200.0/2#) version 0
-at/s0 (2 available) no best pat/)
8ot avertise to an$ peer
(6"#01) 14") (Receive from a RR-client)
1!2.16."." (metric %") from 1!2.16.40.4 (4.4.4.4)
>rigin *=-) localpref 100) vali) confe-internal) not s1nchroni>e-
(6"#01) 14") (Receive from a RR-client)
1!2.16."." (metric %") from 1!2.16.#.# (#.#.#.#)
>rigin *=-) localpref 100) vali) confe-internal) not s1nchroni>e-
Lab22R6#
2n (&, the network is shown as Enot synchroni>edF. With synchroni>ation on, +9P
looks for an I9P path. We are told that we cannot disable synchroni>ation on (' or
++,, but no restrictions are gien regarding (&. We will disable synchroni>ation on (&
with the bgp command no sync)roni/ation, and then take another look at the +9P
information for these two routes.
Lab22R6(config-router)#no s$nc/roniPation
Lab2223#show i$ b+$
NMi200.200.200.0/2# 1!2.16."." 100 0 (6"#01) 14" i
N i 1!2.16."." 100 0 (6"#01) 14" i
NMi200.200.200.125/2#
1!2.16."." 100 0 (6"#01) 14" i
N i 1!2.16."." 100 0 (6"#01) 14" i
Lab22R6#
Now that (& shows the networks as =best., let.s erify that (0 and ++* see these two
networks as =best..
Lab2228#show i$ b+$
NM 200.200.200.0/2# 1!2.16.6.6 0 100 14" i
NM 200.200.200.125/2#
1!2.16.6.6 0 100 14" i
Lab22R5#
Lab221#show i$ b+$
&=- table version is 4) local router *? is %.%.%.%
Status coes0 s suppresse) ampe) / /istor$) N vali) M best) i - internal)
r R*&-failure) S Stale
NM 200.200.200.0/2# 1!2.16.6.6 0 100 14" i
NM 200.200.200.125/2#
1!2.16.6.6 0 100 14" i
Lab22&&1#
26
0.% Pat) ,d.ertising
Create a new 1oopbac' on BB1 using the 188.188.188.89*( networ'. 3d4ertise the 188.188.188.8 networ'
as tra4ersing 3.185 3.*8 and 3.38 as we!! as 3.1(.
;ere we are asked to ad6ust the path of the network that ++* is adertising into +9P.
We can ad6ust the perceied +9P path with the command set as!$at) $re$end in a
route-map. We will apply this in an outbound route-map on ++*.
Lab22&&1(config)#access-list 1 permit 100.100.100.0
Lab22&&1(config)#route-map loop100 permit 10
Lab22&&1(config-route-map)#matc/ aress 1
Lab22&&1(config-route-map)#set as-pat/ prepen 10 20 40
Lab22&&1(config)#route-map loop100 permit 20
Lab22&&1(config-router)#neig/bor 1!2.16.6.6 route-map loop100 out
Any changes inoling filtering on a neighbor usually reAuire clearing the process to take
effect. After clearing the bgp neighbor relationship on (&, the +9P table reflects the
path ad6ustment that we hae made.
Lab2223#show i$ b+$
NM 100.100.100.0/2" 1!2.16.%.% 0 0 1" 10 20 40 i
NMi200.200.200.0/2# 1!2.16."." 100 0 (6"#01) 14" i
N i 1!2.16."." 100 0 (6"#01) 14" i
NMi200.200.200.125/2#
1!2.16."." 100 0 (6"#01) 14" i
N i 1!2.16."." 100 0 (6"#01) 14" i
Lab22R6#
0." -et(or1
3d4ertise the 188.188.188.8 networ' on router BB1 in BAP. Configure router R6 to pre4ent ad4ertising the
188.188.188.8 networ' outside of 3.6(588.
++* does not currently hae an interface in the *$$.*$$.*$$.$ network, so we will add a
loopback.
Lab22&&1(config)#int loopbacE1
2n (&, we are asked to preent the network from being adertised outside of A%&'#$$.
7o do this, we can set a community on (& before sending the route information on to (#
and (". We will set the community inbound on the neighbor statement for ++*. We will
then send the community information to (# and (" with the command neig)bor 3.3.3.3
send!community. We will use the community local-as. 7he local-as community allows
the route to pass throughout the A%, but the route will not leae the A%. When used in a
confederation, the route will not be allowed to leae the sub-A%.
27
/irst, we will set up our route map. We will use an access list to match the desired
network in our first permit clause, and set the community. +y setting the community as
EadditieF the community information will be added to any e-isting community information
and will not oerwrite. 7he second permit clause ?permit ,$@ will match any other routes
from ++*. ? In this lab, this is the only route being learned from ++*, and the second
permit clause is not reAuired for the lab to work. @ Without the second permit clause, if
++* had any other routes to adertise, they would be filtered and would not reach (&.s
+9P table.
Lab22R6(config)#access-list 1 permit 100.100.100.0
Lab22R6(config)#route-map loop100 permit 10
Lab22R6(config-route-map)#matc/ aress 1
Lab22R6(config-route-map)#set communit$ local-as aitive
Lab22R6(config)#route-map loop100 permit 20
Ne-t, we will apply the route-map inbound from ++*, and configure +9P to send
community information to (" and (# with the command neig)bor 3.3.3.3 send!
community. If we set the community information, but don.t send it, (# and (" will
receie the route, but not the community information.
Lab22R6(config-router)#neig/bor 1!2.16.%.% route-map loop100 in
Lab22R6(config-router)#neig/bor 1!2.16.40.4 sen-communit$
Lab22R6(config-router)#neig/bor 1!2.16.#.# sen-communit$
We can erify that the route was tagged with the local-A% community with the command
s)o( i$ bg$ 1&&.1&&.1&&.& on (&, (#, and (".
Lab2223#show i$ b+$ 1006100610060
&=- routing table entr$ for 100.100.100.0/2") version 2
-at/s0 (1 available) best #1) table ?efault-*--Routing-'able) not a-vertise- o%t
si-e local A5)
:vertise to non peer-group peers0
1!2.16.#.# 1!2.16.40.4
1"
1!2.16.%.% (metric 26515#6) from 1!2.16.%.% (%.%.%.%)
>rigin *=-) metric 0) localpref 100) vali) e2ternal) best
Co))%nit1* local?A5
Lab22R6#
Lab222"#show i$ b+$ 1006100610060
-at/s0 (1 available) best #1) table ?efault-*--Routing-'able) not a-vertise- o%t
si-e local A5)
Not a-vertise- to an1 $eer
1"
1!2.16.%.% (metric 5") from 1!2.16.6.6 (6.6.6.6)
>rigin *=-) metric 0) localpref 100) vali) internal) best
Co))%nit1* local?A5
Lab222##show i$ b+$ 1006100610060
-at/s0 (1 available) best #1) table ?efault-*--Routing-'able) not a-vertise-
o%tsi-e local A5)
Not a-vertise- to an1 $eer
1"
1!2.16.%.% (metric 5") from 1!2.16.6.6 (6.6.6.6)
>rigin *=-) metric 0) localpref 100) vali) confe-internal) best
28
Co))%nit1* local?A5
Lab22R##
0.0 Route summary
Configure router R6 to ad4ertise the *88.*88.*88.89*5 and *88.*88.*88.1*&9*5 networ's to router R& and
router BB1 as on!" one networ' (*88.*88.*88.89*() and ensure that the fu!! 3. path is retained (not on!"
3.188).
2rdinarily when you summari>e in +9P, all path information is lost, and the route
appears to hae originated in the A% where the summari>ation took place. In order to
keep the path information intact we will need to make a few ad6ustments with our
summari>ation. In +9P, summari>ation is done with the +9P command aggregate!
address.
Lab22R6(config-router)#aggregate-aress 200.200.200.0 2##.2##.2##.0 summar$-
onl$ as-set
7he keyword summary!only configures the router to only send the summary. +y
default, the router will summari>e, but will still send the more specific routes to the
neighbors. 7he reAuirements here are that (0 and ++* receie 6ust the summary.
Another option would be to do the summari>ation, and then apply an outbound prefi- list
filtering the more specific routes.
7he keyword as!set will presere e-isting A% path information. Without the as!set
option, the summary will appear to hae originated on (&. As shown below, (# is
adertising the network to (*. +ecause the A% path information is presered, (* sees
that the path includes its own %ubA% of &'#$*, and drops the update.
Lab222##show i$ b+$ 2006200620060 2##62##62##60
-at/s0 (1 available) best #1) table ?efault-*--Routing-'able)
:vertise to non peer-group peers0
1!2.16.1.1
.3!#01/ 14") (aggregate b$ 100 6.6.6.6)
1!2.16.6.6 (metric 6#) from 1!2.16.6.6 (6.6.6.6)
>rigin *=-) localpref 100) vali) confe-internal) best
-,+ Configuration
#.1 -,+
Configure R3 so that 1oopbac' 15 using the IP address 18.1.1.19*( can reach the entire networ' using the
IP address of the 8 interface on router R3.
NA7 allows an interface or network to hae its address translated to another address.
+y translating the loopback* address to the /ast:thernet interface, the other routers in
the topology do not need a route for the loopback. 7o the other routers, the traffic
appears to hae come from the /ast:thernet interface. 7he router tracks the traffic
returning, and can translate the destination to be the loopback interface. NA7 reAuires
an inside and an outside interface. 2nly traffic mo.ing from an inside interface to an
outside interface (ill be translated as s$ecified in t)e -,+ command. In this case,
we will use the loopback interface as the inside interface, and the /ast:thernet and
serial interfaces will be specified as outside interfaces.
29
Lab22R4(config)#int loop1
Lab22R4(config-if)#ip aress 10.1.1.1 2##.2##.2##.0
Lab22R4(config-if)#ip nat insie
Lab22R4(config-if)#ip nat outsie
Lab22R4(config-if)#ip nat outsie
Lab22R4(config)#access-list 1 permit 10.1.1.1
Lab22R4(config)#ip nat insie source list 1 interface <ast.t/ernet0/0 overloa
/or testing, we will use an e-tended ping to specify the source interface as the loopback,
and ping (&.s loopback.
Lab22R4#ping
-rotocol GipH0
'arget *- aress0 1!2.16.6.6
Repeat count G#H0
?atagram siPe G100H0
'imeout in secons G2H0
,@ten-e- co))an-s <n=* 1
5o%rce a--ress or interface* loo$bac01
'$pe of service G0H0
Set ?< bit in *- /eaerO GnoH0
7aliate repl$ ataO GnoH0
?ata pattern G02:&+?H0
Loose) Strict) Recor) 'imestamp) 7erboseGnoneH0
S6eep range of siPes GnH0
11111
Lab22R4#
2n (&, the command debug i$ icm$ shows that (& is sending the return packets to the
/ast:thernet address of (".
Lab2223#-eb%+ i$ ic)$
*+,- pacEet ebugging is on
Lab22R6#
>ct % 1"02"004.4%10 *+,-0 ec/o repl$ sent) src 1!2.16.6.6) st 1!2.16.14#.4
>ct % 1"02"004."#%0 *+,-0 ec/o repl$ sent) src 1!2.16.6.6) st 1!2.16.14#.4
>ct % 1"02"004.#2!0 *+,-0 ec/o repl$ sent) src 1!2.16.6.6) st 1!2.16.14#.4
>ct % 1"02"004.#%20 *+,-0 ec/o repl$ sent) src 1!2.16.6.6) st 1!2.16.14#.4
>ct % 1"02"004.6600 *+,-0 ec/o repl$ sent) src 1!2.16.6.6) st 1!2.16.14#.4
#.2 +imeout & 7ntry count
Configure the ti%eout period for d"na%ic trans!ations to 1 %inute. Configure the %a7i%u% nu%ber of )3/
entries to be 188.
;ere, we are 6ust configuring the timeout for NA7. 7he timeout alue is in seconds, so
we will set the alue to &$, using the command i$ nat translation timeout.
Lab22R4(config)#ip nat translation timeout 60
;ere, we are setting the ma-imum entries to *$$, with the command i$ nat translation
ma3!entries.
30
Lab22R4(config)#ip nat translation ma2-entries 100
6ulticast
9.1 6ulticast 8rou$
Configure the $astthernet interfaces on routers R15 R35 R5 and R& to be %e%bers of the **(.1.1.1
%u!ticast group.
;ere, we are asked to configure (*, (", (#, and (0 to be members of the ,,'.*.*.*
group. %ince we are also configuring an (P, we will use sparse mode. In addition to the
/ast:thernet interfaces, we will need to configure multicast for the interfaces that are
connecting to (&. 2n the frame relay interfaces connecting (& to (" and (#, we will
also configure N+CA mode. N+CA mode allows the router to treat each connection
oer the frame network as a point-to-point connection. It improes performance on the
router because the traffic is fast switched instead of process switched, and routers only
receie traffic for groups they hae 6oined.
Lab22R1(config)#ip multicast-routing
Lab22R1(config-if)#ip pim sparse-moe
Lab22R1(config-if)#ip igmp Join-group 22".1.1.1
Lab22R4(config-if)#int Serial0/0/0
Lab22R4(config-if)#ip pim nbma-moe
Lab22R#(config)#ip multicast-routing
Lab22R#(config)#int <ast.t/ernet0/0/0
Lab22R#(config-if)#ip pim sparse-moe
Lab22R#(config-if)#ip igmp Join-group 22".1.1.1
Lab22R#(config-if)#int Serial0/0/0
Lab22R#(config-if)#ip pim sparse-moe
Lab22R#(config-if)#ip pim nbma-moe
Lab22R#(config-if)#
9.2 RP configuration
Configure router R62s 1oopbac' 8 as the Rende<4ous Point.
2n (&, we need to add the loopback $ interface to multicast, and statically set the rp-
address.
31
Lab22R6(config-subif)#ip pim sparse-moe
Lab22R6(config-subif)#ip pim nbma-moe
Lab22R6(config)#int lo0
Lab22R6(config)#ip pim rp-aress 1!2.16.6.6
Lab22R#(config)#ip pim rp-aress 1!2.16.6.6
3erify your configuration by pinging the multicast address from router (&.
/or erification, we will use the commands s)o( i$ $im neig)bor, $ing, and s)o( i$
$im r$.
Lab2223#show i$ $i) nei+hbor
-*, 8eig/bor 'able
8eig/bor *nterface 9ptime/.2pires 7er ?R
:ress -rio/,oe
1!2.16.56.5 Serial0/0/0.65 000#1044/0000101# v2 1 / S
1!2.16.100.4 Serial0/0/0.2 000"%0"4/0000104" v2 1 / S
1!2.16.100.# Serial0/0/0.2 000"%0"4/00001046 v2 1 / S
Lab22R6#
Lab2223#$in+ 22!616161
Sening 1) 100-b$te *+,- .c/os to 22".1.1.1) timeout is 2 secons0
Repl$ to re(uest 0 from 1!2.16.56.5) #2 ms
Repl$ to re(uest 0 from 1!2.16.14#.1) 1!6 ms
Repl$ to re(uest 0 from 1!2.16.100.#) 160 ms
Repl$ to re(uest 0 from 1!2.16.100.4) 1"5 ms
Repl$ to re(uest 0 from 1!2.16.100.#) 125 ms
Repl$ to re(uest 0 from 1!2.16.14#.1) 112 ms
Repl$ to re(uest 0 from 1!2.16.14#.1) %2 ms
Repl$ to re(uest 0 from 1!2.16.100.#) !6 ms
Repl$ to re(uest 0 from 1!2.16.56.5) !2 ms
Lab22R6#
Lab222##show i$ $i) r$
=roup0 22".0.1."0) R-0 1!2.16.6.6) uptime 0001#0"0) e2pires never
=roup0 22".1.1.1) R-0 1!2.16.6.6) uptime 0001#0"0) e2pires never
+raffic ')a$ing
1&.1 5and(idt) Configuration
?n the sub-interfaces on router R65 set the bandwidth so that the connection to router BB1 has *5D of the
ph"sica! bandwidth5 and the connection to routers R3 E R5 has F5D of the ph"sica! bandwidth (assu%e the
ph"sica! bandwidth is 6('bs).
7his step is 6ust asking us to configure the bandwidth for the serial interfaces on (&.
Lab22R6(config-subif)#ban6it/ 16
Lab22R6(config-subif)#int Serial0/0/0.2
Lab22R6(config-subif)#ban6it/ "5
32
1&.2 CIR configuration
/he CIR for the P#C connecting to router BB1 shou!d be 1*'bs. /he CIR for the P#C connecting to router
R3 shou!d be *('bs. /he CIR for the P#C connecting to router R5 shou!d be 1*'bs.
;ere, we are going to configure traffic shaping parameters for the interface. We will start
by defining two map classes, one for *,k, and one for ,'k. %ince we are not gien a
specific time interal to use, we will use the *,#ms, and configure bc as *#$$ and "$$$
for the two classes.
Lab22R6(config)#map-class frame-rela$ 12E
Lab22R6(config-map-class)#frame-rela$ cir 12000
Lab22R6(config-map-class)#frame-rela$ bc 1#00
Lab22R6(config)#map-class frame-rela$ 2"E
Lab22R6(config-map-class)#frame-rela$ cir 2"000
Lab22R6(config-map-class)#frame-rela$ bc 4000
%ince ++* is the only connection on the %erial$)$)$.* interface, we can configure the
map class directly on the interface. 7he connection to (" and (#, howeer, is
multipoint. In order to differentiate between the two classes, we will assign the classes
to the dlcis using the frame-relay interface-dlci command.
Lab22R6(config-if)#frame-rela$ traffic-s/aping
Lab22R6(config-subif)#frame-rela$ class 12E
Lab22R6(config-subif)#frame-rela$ interface-lci 60#
Lab22R6(config-fr-lci)#class 12E
Lab22R6(config-fr-lci)#class 2"E
We can erify the traffic shaping configuration with the command s)o( traffic!s)a$e. If
you forget the command frame!relay traffic!s)a$ing on the interface, the output of this
command will be blank.
Lab2223#show traffic?sha$e
*nterface Se0/1.1
:ccess 'arget &$te Sustain .2cess *nterval *ncrement :apt
7+ List Rate Limit bits/int bits/int (ms) (b$tes) :ctive
60% 12000 15! 1#00 0 12# 15! -
*nterface Se0/1.2
604 2"000 4!# 4000 0 12# 4!# -
60# 12000 15! 1#00 0 12# 15! -
Lab22R6#
1&.3 & 1&. 57C- / $ea1 Rate configuration
If BC)s are recei4ed fro% the fra%e networ'5 router R6 shou!d thrott!e bac' to 58D of the CIR configured
for the P#C that the BC)s were recei4ed. /he pea' rate shou!d be 33D higher than the CIR for each
P#C.
33
;ere, we are asked to configure the interface to throttle back to #$G if +:!Ns are
receied. We are also told that the peak rate should be ""G higher than the !I( for
each P3!. Adaptie shaping is configured with the command frame!relay ada$ti.e!
s)a$ing becn. When configured, the router will throttle back to the alue configured
with the frame!relay mincir command. 7he peak rate includes !I( plus the burst
alues, and can be used to calculate be. 7he peak rate is one third higher than the !I(,
so the be alue will be one third of the be. 7he amount of data sent at the peak rate
oer the time interal is eAual to be H bc. +e is configured with the command frame!
relay be.
Lab22R6(config)#map-class frame-rela$ 2"E
Lab22R6(config-map-class)#frame-rela$ be 1000
Lab22R6(config-map-class)#frame-rela$ mincir 12000
Lab22R6(config-map-class)#frame-rela$ aaptive-s/aping becn
Lab22R6(config)#map-class frame-rela$ 12E
Lab22R6(config-map-class)#frame-rela$ be #00
Lab22R6(config-map-class)#frame-rela$ mincir 6000
Lab22R6(config-map-class)#frame-rela$ aaptive-s/aping becn
Again, we can erify the configuration with the command s)o( traffic!s)a$e.
Lab2223#show traffic?sha$e
*nterface Se0/1.1
60% 12000 2#0 1#00 #00 12# 15! &.+8
*nterface Se0/1.2
604 2"000 #00 4000 1000 12# 4!# &.+8
60# 12000 2#0 1#00 #00 12# 15! &.+8
Lab22R6#
Routing Policies
11.1 +raffic from R" to 552
Configure a!! IP traffic that originates fro% router R6 and is destined for router BB* to ta'e the path through
router R3.
In order to force the traffic to take a certain path, we will configure policy routing on (&.
Policy routing enables us to oerride the information in the routing table, and tell the
router where we want the specified traffic sent. Policy routing matches traffic with a
route map, and is applied with a policy statement. /or traffic that transits a router, policy
routing is configured on the inbound interface. /or locally originated traffic, policy
routing is applied globally with the configuration command i$ local $olicy route!ma$.
In this section, we are asked to match traffic destined for ++,. In order to match
destination addresses, we will use an e-tended access list.
++, has an /ast:thernet interface, and three loopbacks with the following networks:
*I,.*&.*$.*$ J 4oopback
,$$.,$$.,$$.* - 4oopback
,$$.,$$.,$$.*,< - 4oopback
*I,.*&.*"'.*$ J /ast:thernet interface.
34
We can match these four destinations with four lines in our access list.
Lab22R6(config)#access-list 102 permit ip an$ /ost 1!2.16.10.10
Lab22R6(config)#access-list 102 permit ip an$ /ost 200.200.200.10
Lab22R6(config)#access-list 102 permit ip an$ /ost 200.200.200.210
Lab22R6(config)#access-list 102 permit ip an$ /ost 1!2.16.14".10
/or our route-map, we will match this access-list and set the ne-t hop to (".s serial
interface.
Lab22R6(config)#route-map Lab22R6to&&2
Lab22R6(config-route-map)#set ip ne2t-/op 1!2.16.100.4
Now we can apply the route-map locally.
Lab22R6(config)#ip local polic$ route-map Lab22R6to&&2
We can erify the policy routing with the commands $ing and s)o( i$ local $olicy.
Lab2223#show i$ local $olic1
Local polic$ routing is enable) using route map Lab22R6to&&2
route-map Lab22R6to&&2) permit) se(uence 10
,atc/ clauses0
ip aress (access-lists)0 102
Set clauses0
ip ne2t-/op 1!2.16.100.4
-olic$ routing matc/es0 0 pacEets) 0 b$tes
Lab22R6#$in+ 1;261361"!610
Sening #) 100-b$te *+,- .c/os to 1!2.16.14".10) timeout is 2 secons0
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 125/144/1"# ms
Lab22R6#$in+ 1;2613610610
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 125/142/1"0 ms
Lab22R6#
Lab22R6#$in+ 20062006200610
Sening #) 100-b$te *+,- .c/os to 200.200.200.10) timeout is 2 secons0
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 121/12"/125 ms
Lab22R6#$in+ 200620062006210
Sening #) 100-b$te *+,- .c/os to 200.200.200.210) timeout is 2 secons0
11111
Lab22R6#
Local polic$ routing is enable) using route map Lab22R6to&&2
route-map Lab22R6to&&2) permit) se(uence 10
,atc/ clauses0
35
Set clauses0
ip ne2t-/op 1!2.16.100.4
'olic1 ro%tin+ )atches* 20 $ac0ets, 2000 b1tes
After pinging the four addresses on ++,, we see that the counters for our local policy
hae incremented.
11.2 +raffic from R1 to 551
Configure a!! IP traffic that passes through or is originated fro% router R1 and is destined for router BB1 to
ta'e the path through router R5.
;ere, we will use policy routing again. /irst, we will define our access list to match traffic
destined for ++*.
Lab22R1(config)#access-list 102 permit ip an$ /ost 1!2.16.50.%
Lab22R1(config)#access-list 102 permit ip an$ /ost 1!2.16.%.%
Lab22R1(config)#access-list 102 permit ip an$ /ost 1!2.16.1"6.%
Ne-t, we will configure our route-map to match the traffic and set the ne-t hop.
Lab22R1(config)#route-map to&&1
Lab22R1(config-route-map)#set ip ne2t-/op 1!2.16.#.#
7raffic destined for ++* would be coming in the %erial$)$)$ interface, so we will apply the
route-map inbound on the %erial$)$)$ interface. In order to catch locally originated
traffic, we will also apply the route-map locally. Again, we can test with s)o( i$ local
$olicy.
Lab22R1(config)#ip local polic$ route-map to&&1
Lab22R1(config-if)#ip polic$ route-map to&&1
Local polic$ routing is enable) using route map to&&1
route-map to&&1) permit) se(uence 10
,atc/ clauses0
Set clauses0
ip ne2t-/op 1!2.16.#.#
-olic$ routing matc/es0 0 pacEets) 0 b$tes
Local polic$ routing is enable) using route map to&&1
route-map to&&1) permit) se(uence 10
,atc/ clauses0
Set clauses0
ip ne2t-/op 1!2.16.#.#
-olic$ routing matc/es0 # pacEets) #00 b$tes
Lab22R1#
11.3 +raffic from 552
Configure a!! IP traffic that originates fro% router BB* to set the IP precedence to Critica!.
36
;ere, we are configuring traffic originated from ++, to set the precedence alue to
critical. %ince we want to match all traffic, we do not need to match anythingK we can
6ust set the precedence in our route-map.
Lab22&&2(config)#route-map critical
Lab22&&2(config-route-map)#set ip prec #
Lab22&&2(config-route-map)#e2it
Lab22&&2(config)#ip local polic$ route-map critical
2nce again, we can erify with the command s)o( i$ local $olicy.
Local polic$ routing is enable) using route map critical
route-map critical) permit) se(uence 10
,atc/ clauses0
Set clauses0
ip preceence critical
-olic$ routing matc/es0 " pacEets) 4#2 b$tes
Lab22&&2#ping 1!2.16.#.#
Sening #) 100-b$te *+,- .c/os to 1!2.16.#.#) timeout is 2 secons0
11111
Success rate is 100 percent (#/#)) roun-trip min/avg/ma2 3 !2/!6/5" ms
Local polic$ routing is enable) using route map critical
route-map critical) permit) se(uence 10
,atc/ clauses0
Set clauses0
ip preceence critical
-olic$ routing matc/es0 % pacEets) 5#2 b$tes
Lab22&&2#
:ueueing
12.1 R" :ueueing
3!! traffic !ea4ing router R62s .89898.6& interface that connects to router R& shou!d configured as fo!!owsG
$/P traffic shou!d get 58D of the bandwidth. (as configured in this !ab)
IP traffic shou!d get *5D of the bandwidth.
3!! other traffic shou!d get the re%aining *5D
;ere, we are asked to configure Aueueing for (&.s %erial$)$)$.&0 interface. 7o configure
the Aueueing, we will configure !+W/L. !onfiguring !+W/L consists of three steps:
Catch traffic in a class map
!onfigure parameters with a policy map
Apply to the interface with a serice policy
/irst, we will configure (& for the three class maps for our policy. /or IP, we can match
the protocol. /or /7P, we will match 7!P ports ,$ and ,* with an access-list.
Lab22R6(config)#access-list 1#0 permit tcp an$ e( 20 an$
Lab22R6(config)#access-list 1#0 permit tcp an$ an$ e( 20
37
Lab22R6(config)#access-list 1#0 permit tcp an$ e( 22 an$
Lab22R6(config)#access-list 1#0 permit tcp an$ an$ e( 22
Lab22R6(config)#class-map *-
Lab22R6(config-cmap)#matc/ protocol ip
Lab22R6(config)#class-map <'-
Lab22R6(config-cmap)#matc/ access-group 1#0
Now that we hae configured our classes, we can set the bandwidth parameters in our
policy map. /or this section, we will use the band(idt) $ercent command to specify
percentages for our traffic classes.
Lab22R6(config)#polic$-map K>S-->L*+B
Lab22R6(config-pmap)#class <'-
Lab22R6(config-pmap-c)#ban6it/ percent #0
Lab22R6(config-pmap)#class *-
Lab22R6(config-pmap-c)#ban6it/ percent 2#
Now, we can apply the policy to the interface. %ince we are using a frame-relay sub-
interface, we will need to create a frame-relay map-class, configure the policy inside it
and then configure this map-class under the interface-dlci statement in the sub-interface
configuration.
+elow is the needed configuration:
Lab22R6(config)#map-class frame-rela$ K>S-->L*+B
Lab22R6(config-map-class)#service-polic$ output K>S-->L*+B
Lab22R6(config-fr-lci)#class K>S-->L*+B
12.2 551 :ueueing
3!! traffic !ea4ing BB1 onto #13)=3 shou!d be configured as fo!!owsG
3!! IRC traffic shou!d not e7ceed 18D of $astthernet bandwidth
3!! Citri7 traffic shou!d be a!!owed up to *8D of $astthernet bandwidth
3!! 1otus )otes traffic shou!d be a!!owed up to *8D of $astthernet bandwidth
3!! ."%antec PC93n"where traffic shou!d be a!!owed up to 18D of $astthernet
bandwidth
3!! 6icrosoft #P) traffic shou!d be a!!owed up to 18D of $astthernet bandwidth
3!! co%%on app!ications using ..1 shou!d be a!!owed up to 5D of $astthernet
bandwidth
3pp!ications using ..1 shou!d be treated different!" depending on their /o. configuration
for Bueuing drops
;ere we are asked to limit bandwidth for arious types of traffic. ;ere, we will use
!+W/L
3!! ."%antec PC93n"where traffic shou!d be a!!owed up to 18D of $astthernet bandwidth
3!! co%%on app!ications using ..1 shou!d be a!!owed up to 5D of $astthernet bandwidth
3pp!ications using ..1 shou!d be treated different!" depending on their /o. configuration for
Bueuing drops
38
/irst, we will configure our class maps to match the arious traffic types.
Lab22&&1(config)#class-map irc
Lab22&&1(config-cmap)#matc/ protocol irc
Lab22&&1(config)#class-map citri2
Lab22&&1(config-cmap)#matc/ protocol citri2
Lab22&&1(config)#class-map notes
Lab22&&1(config-cmap)#matc/ protocol notes
Lab22&&1(config)#class-map pcan$6/ere
Lab22&&1(config-cmap)#matc/ protocol pcan$6/ere
Lab22&&1(config)#class-map pptp
Lab22&&1(config-cmap)#matc/ protocol pptp
/or the secure traffic we will configure a class-map with the match-any parameter. 7he
default for a class map is match all.
Lab22&&1(config)#class-map matc/-an$ secure
Lab22&&1(config-cmap)# ,atc/ protocol secure-ftp
Lab22&&1(config-cmap)# ,atc/ protocol secure-/ttp
Lab22&&1(config-cmap)# ,atc/ protocol secure-imap
Lab22&&1(config-cmap)# ,atc/ protocol secure-irc
Lab22&&1(config-cmap)# ,atc/ protocol secure-lap
Lab22&&1(config-cmap)# ,atc/ protocol secure-nntp
Lab22&&1(config-cmap)# ,atc/ protocol secure-pop4
Lab22&&1(config-cmap)# ,atc/ protocol secure-telnet
When configuring our policy map, we need to allocate bandwidth for our arious classes.
+e ery careful with the keywords that you are gien. In this section, we are asked to
allow up to a certain percentage. In step *".*, we were allocating bandwidth using the
bandwidth percent keyword. ;ere, we need to set an upper limit. We can set an upper
limit for a class with the police keyword. 7he police command will let you specify a rate
and actions to take when the rate is met or e-ceeded. 7he rate is gien in bits, and the
burst alues are gien in bytes.
Lab22&&1(config)#polic$-map &&1fastet/
Lab22&&1(config-pmap)#class irc
Lab22&&1(config-pmap-c)#police 10000000 412#00 412#00 conform-action transmit
e2cee-action rop
Lab22&&1(config-pmap)#class citri2
e2cee-action rop
Lab22&&1(config-pmap)#class notes
e2cee-action rop
3!! ."%antec PC93n"where traffic shou!d be a!!owed up to 18D of $astthernet bandwidth
39
Lab22&&1(config-pmap)#class pcan$6/ere
e2cee-action rop
Lab22&&1(config-pmap)#class pptp
e2cee-action rop
3!! co%%on app!ications using ..1 shou!d be a!!owed up to 5D of $astthernet bandwidth
3pp!ications using ..1 shou!d be treated different!" depending on their /o. configuration for
Bueuing drops
/or the %%4 traffic, we need to configure the %%4 to treat traffic differently depending on
the 7o% configuration. 7o do this, we will configure the class for W(:8.
Lab22&&1(config-pmap)#class secure
e2cee-action rop
Lab22&&1(config-pmap-c)#ban6it/ #000
Lab22&&1(config-pmap-c)#ranom-etect
/inally, we apply the policy to the interface.
Lab22&&1(config)#int fa0/0
Lab22&&1(config-if)#service-polic$ output &&1fastet/
Bou can erify that the policy is applied to the interface with the command s)o( $olicy!
ma$ interface fa&/& .
Lab221#show $olic1 int fa0/0
<ast.t/ernet0/0
Service-polic$ output0 &&1fastet/
+lass-map0 irc (matc/-all)
0 pacEets) 0 b$tes
# minute offere rate 0 bps) rop rate 0 bps
,atc/0 protocol irc
police0
cir 10000000 bps) bc 412#00 b$tes
conforme 0 pacEets) 0 b$tesC actions0
transmit
e2ceee 0 pacEets) 0 b$tesC actions0
rop
conforme 0 bps) e2cee 0 bps
+lass-map0 citri2 (matc/-all)
0 pacEets) 0 b$tes
,atc/0 protocol citri2
police0
cir 20000000 bps) bc 62#000 b$tes
transmit
rop
+lass-map0 notes (matc/-all)
0 pacEets) 0 b$tes
,atc/0 protocol notes
40
police0
cir 20000000 bps) bc 62#000 b$tes
transmit
rop
+lass-map0 pcan$6/ere (matc/-all)
0 pacEets) 0 b$tes
,atc/0 protocol pcan$6/ere
police0
cir 10000000 bps) bc 412#00 b$tes
transmit
rop
+lass-map0 pptp (matc/-all)
0 pacEets) 0 b$tes
,atc/0 protocol pptp
police0
cir 10000000 bps) bc 412#00 b$tes
transmit
rop
+lass-map0 secure (matc/-an$)
0 pacEets) 0 b$tes
,atc/0 protocol secure-ftp
0 pacEets) 0 b$tes
# minute rate 0 bps
,atc/0 protocol secure-/ttp
0 pacEets) 0 b$tes
# minute rate 0 bps
,atc/0 protocol secure-imap
0 pacEets) 0 b$tes
# minute rate 0 bps
,atc/0 protocol secure-irc
0 pacEets) 0 b$tes
# minute rate 0 bps
,atc/0 protocol secure-lap
0 pacEets) 0 b$tes
# minute rate 0 bps
,atc/0 protocol secure-nntp
0 pacEets) 0 b$tes
# minute rate 0 bps
,atc/0 protocol secure-pop4
0 pacEets) 0 b$tes
# minute rate 0 bps
,atc/0 protocol secure-telnet
0 pacEets) 0 b$tes
# minute rate 0 bps

police0
cir #000000 bps) bc 1#62#0 b$tes
transmit
rop
41
Kueueing
>utput Kueue0 +onversation 26#
&an6it/ #000 (Ebps)
(pEts matc/e/b$tes matc/e) 0/0
(ept//total rops/no-buffer rops) 0/0/0
e2ponential 6eig/t0 %
mean (ueue ept/0 0
class 'ransmitte Ranom rop 'ail rop ,inimum ,a2imum ,arE
pEts/b$tes pEts/b$tes pEts/b$tes t/res/ t/res/ prob
0 0/0 0/0 0/0 20 "0 1/10
1 0/0 0/0 0/0 22 "0 1/10
2 0/0 0/0 0/0 2" "0 1/10
4 0/0 0/0 0/0 26 "0 1/10
" 0/0 0/0 0/0 25 "0 1/10
# 0/0 0/0 0/0 40 "0 1/10
6 0/0 0/0 0/0 42 "0 1/10
! 0/0 0/0 0/0 4" "0 1/10
rsvp 0/0 0/0 0/0 46 "0 1/10
+lass-map0 class-efault (matc/-an$)
11! pacEets) %#"5 b$tes
,atc/0 an$
Lab22&&1#
I2' Features
13.1
Configure R1 so it reboots if the co%%and Hshow c!oc' detai!H was issued 3 ti%es in one second or !ess.
:mbedded :ent Canager ?::C@ is a new feature introduced in *,."?*'@7 and below is
the configuration. ;ere you can specify certain eents and then actions to be taken.
%elf e-planatory,
Lab22R1(config)#event manager applet cli-matc/
Lab22R1(config-applet)#event cli pattern Qs/o6 clocE etailQ s$nc $es occurs 4
perio 1
Lab22R1(config-applet)#action 1.0 reloa
4et1s test it,
Lab22R1#s/o6 clocE etail
N0101#0#5.624 9'+ '/u :pr 20 2006
'ime source is /ar6are calenar
N0101#0#5.50! 9'+ '/u :pr 20 2006
'ime source is /ar6are calenar
000010410 AD:;.,-6-<,S;R.L>:?;SBS'.,0 f/;io;msg0 -olic$ /as re(ueste a s$stem
reloaC
--rocess3 Q.., ServerQ) ipl3 0) pi3 216
000010420 ASBS-#-R.L>:?0 Reloa re(ueste b$ ..,. Reloa Reason0 .mbee .vent
,anager action.
42
S$stem &ootstrap) 7ersion 12."(1r) G/(luong 1rH) R.L.:S. S><'I:R. (fc1)
+op$rig/t (c) 200# b$ cisco S$stems) *nc.
G+onnection to Lab22R1 close b$ foreign /ostH
13.2
Configure R1 to disp!a" a %essage whene4er an 3d%in changes his pri4i!ege-!e4e! and showing which !e4e!
it was changed to.
Introduced in *,."7, the Mlogging userinfoM does e-actly that.
Lab22R1(config)#logging userinfo
4et1s try it,
Lab22R1Menable
Router#
0000100110 ASBS-#--R*7;:9'D;-:SS0 -rivilege level set to 1# b$ unEno6n)
;ou )a.e com$leted lab 22. Com$are your configurations to t)e ones (e
$ro.ided. 2ften t)ere is more t)an one (ay to com$lete a tas1 so your
configurations may be different t)an ours. If your configurations are different t)an
ours ma1e sure you understand )o( to com$lete t)e lab (it) our configurations.
43

11 Lab22CompanionGuide

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

11 Lab22CompanionGuide

Transféré par

Droits d'auteur :

Formats disponibles

Lab#22 For questions and support pertaining to this lab, please visit: www.RouterIE.

Vous aimerez peut-être aussi