CISCO CERTIFIED NETWORK ASSOCIATE ROUTING & SWITCHING 200-120 CCNAX CCNA R&S LAB MANUAL (2013) (NETW&RK ONLINE ACADEMY Sikandar Gouse Moinuddin CCIE (RES, SP} # 35012 sikandarccie(@gmail.com, sikandar@networkontineacademy.com Networkontineacademy com All contents are copyright (2013 - 2014 All rights reserved.INDEX CCNA exam information & Cisco career paths About Cisco exam: Contents for new CCNAX v2.0 Introduction to network devices Understanding LAN connectivity. WAN connections. Rules to assign the ip address on cisco routers Lab: basic IP configuration ...-.csoe-snror Troubleshooting Connectivity WAN protocols (PPP/HDIC).. Lab : Basic configuration using three ronters Introduction to Routing (static routing) Default routing: Dynamic routing. RIPvIWe Administrative distance. Autonomous system number EIGRP OSPF - Accoss control list : 3 ‘Notwork address translation. nz Basic switching. 7 M5 Design hierarchy M6 Initial configuration ofa switch 151 VIRTUAL LAN i : 152 (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCHE (R&S, SP) 4 35012 é (NETWERK rage 2 All contonts are copyright @2013 ~ 2014 All rights reserved.Trunking i DIP (dynamic trunking protocol) Inter-vian routing Spanning tree protocol Lab: verifying spanning-tree vs Static and Default IPV6 routing RIPng z osPra EIGRP FOR IPV6 Password reverting on cisco routers Lab: backup and restore IOS and configs Restore 10S Lab: router as DHCP server First hop redundancy protocols. Secure shell (SSH). AAA authentication .. WAN connections types Introduction to MPLS technology CABLE and DSI technology Virtual private network vSaT i he s9/tg a Troubleshooting Using CDP sven Troubleshooting user connectivity. Troubleshooting VLAN issues Troubleshooting tranking Troubleshooting Routing (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) #35012 /- ‘i conte ar coprigh 201-2014 igh cred. (NETWERK ragesCisco Certified Network Associate Exam Information Exam Number 200-120 CCNA Associated Certifications CCNA Routing and Switching Duration 90 Minutes (80-60 questions) Available Languages English Register Pearson VUE Exam Policies Read current policies and requirements Exam Tutorial Review type of exam questions CCNA Composite Exam: The 200-120 CCNAX is he composite exam associated with the Cisco CCNA Routing and Switching certification. Candidates can prepare for this exam by takang the interconnecting Cisco Networking Devices: Accelerated (CCNAX) v2 course. ‘This exam tests a candidate's knowledge and skills required to install eperate, and troubleshoot a sraall fo medium size enterprise branch network. The topics include all he areas covered under ICND I and ICNDA Exams. Cisco Bvolves Associate-Level Certifications, Redesigns CCNA Routing and Switching Certification to Support Next-Generation Job Roles Certification and Training Updates Meet Market Demand for Networking Talent Aligned With Changing Business Requirements The updates inclucie comprehensive woubleshooling, lechnologies such as IPV6, and updated soilware on Cisco routers and switches. (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ‘teontntarecopright G20L2_ 204 Al igtercered. (RETWGRK ragenet wark engineering skis maser of Ci pcs Associate {isco networking begins atthe Assoclate level. This isthe apprentice ot foundation level of networking certification. CCNA is alo a prerequisite forthe oer Cisco certifications Cisco Career Certifications Cisco offer five levels of network certification: Eitry, Associate, Professional, Expert and Architect, Wie highest Jevel of accreditation within the Cisto Career Certification program. Entry Both the CCENT andthe CCT Entry Certifications certifications serve as starting + CCEND (Ciseo Certifiod points for individuals interested Entry Networking linstarting a career as a Technician _networkang professional. nt ewcarined technician) CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 packesoptieed anmee (RETWRK roae sAssociate The Associate level of Cisco Associate Certifications Certifications can begin directly CCNA Routing and Switching with CCNA for network cops installation, operations andl cue tangas troubleshooting or CCDA for ie network design. Think ofthe oe Associate Level as the foundation SONA Semice Pronder ‘evel of networking certification. CCNA Service Provider Operations CCNA Video CCNA Voice CCNA Wireless Professional ‘The Professional level is an Professional Certifications advanced level of certification cepp that shows more expertise with CONP networking skaills. Each certification covers a different technology to meet the needs of varying job roles. CCNP Date Center CNP Security CCNP Sern CCNP Service Provider Operations CONP Voice CCNP Wireless Expert The Cisco Geraiied Internetwork Expert Certifications Expert (CCIE) certification is coDE accepted worldwide as the mest CCIE Collaboration Prestigious networking CCIE Data Center Sree et ENED COE Routing & Sentching CCH Securiy COR Service Provider CCIr Service Provider Operations CCl Storage Networlaney (Retwing July 1, 2013) CCI Vorce (Retiring February 13, 2014) CCH Wireless CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 [ll contnts are copyright 42012-2014 Al rights eroree (NETWERK ragesArchitect Cisco Certified Architect is the highest level of accreditation achievable and recognizes the architectural expertise of network designers who ‘can support the increasingly compiex networks of global organizations and eifectively translate business strategies into evoiutionary technical strategies. About CISCO Exam : Cisco exams are computer based, run and administered by VUE. There are many major testing centres duough the world.you can visit vue.com There are two different CCNA certification exam approaches. The Cisco CCNA exams are 90 minutes and between 40 to 50 questions. The number of questions varies dependmg on the how questions are answered — When the exam completes (any unanswered questions are automatically marked incorrect) you are acirised at the end of the exam of either pass or fail and how you scored in difierent areas. Cisco CCNA Exam Question Types Multiple choice (MC) Testlet Drag-and-drop (DND) Simulated lab (SIM) ‘Simiet MULTIPLE-CHOICE format simply requires that you point and click a circle beside the correct answer's). Cisco tells you haw many answers you need to choose, and the festing software prevents you from choosing too many. TESTLETS are questions with one general scenario and several multiple-choice questions about the overall scenario. DRAG and DROP questions require you to click and hold, move a button or icon to ancther area, and release the mouse button to place the object somewhere else typically in a list. For some questions, to get the question correct, you might need to put alist of five things in the proper order. SIM questions generally describe a problem, and your task is to configure one or more routers and switches lo fix it The exam then grades the question based on the configuration you changed or acided. Interestingly, sim questions are the only questions (to date} for which Cisco has openly confirmed it gives partial credit for Sav psi ny wl i a a iii" gas ua hl siesta bur ireed having yor trary ching iy cockprton hn oer ncn eo Sr isa tea assess aici eae Wa Sec oa os ace Oana ramen SL nekagir eacaeg cabal afar me men poe cee Foose Bee ocdon Wheteus cin guns cote jac @ cocblahos prams Peds scadpaion Cileg require you to analyze both working networks and networks with problems, CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 dbcakiam appa Qui aii paceearrsl (QETWORK ragecorrelating show command output with your knowledge of networking theory and configuration commands. Examples of CCNA exam questions and the testing interface can be found -cisco.com/go/prepcenter You will need fo register to gain access Booking Exams To find your nearest testing centre or to book your exam go lo www.vue.com/cisco How the CCNA Exam Works You can only progress forwards in the exam, questions can NOT be reviewed! Each persons exam ts different and it's also different each time you take the exam For each individual exam about 75 questions are pulled from a central database of which you only see 40 ta 50 questions. Ifyou get a question wrong you get more questions on the same subject The longer you hesitate on a question even if you get it correct the more questions you get on that subject! Time is very short for most people, some of the SIM or SIMLET questions can take # long time to complete, may be 18 minutes or more for some people Questions are asked in a random order. You might get a SIM question as the first or last question wich when pushed for time is very bad news. You might get given questions which don\ provide any marks! You are unable to tell which these questions are. Cisco does this for new question to collect metric information, Example: how many people getit right or wrang and time taken io answer the question. ‘Any incorrecily answered questions also led fo more questions on the same subject! 10.In short, the exam can smell fear! So make sure that you are well prepared before you go, dont cross you fingers and hope that a certain subject will not come up, because it wil, CONTENTS FOR WEW CCNA2.0 (200-120) Operation of IP Data Networks Operation of IP Data Networks Recognize the purpose’and fanctions of vartous network clevices such as Routers, Switches, Bridges and Hubs Select the componenis required to meet a given network specification. entify common applications and their impact on the networit Describe the purpase and basic operation of the protacols in the OSI and TCP/IP madels. Predict the daia flow between two hosts across a network. Identify the appropriate media, cables, ports, and connectors to cannect Cisco network devices to otter network devices and hosts in a LAN LAN Switching Technologies + Determine the technology and media access control method for Ethernet networks «Identity basic switching concepts and the operation of Cisco switches. © Collision Domains » Broadcast Domains o Types of switching (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [A conmata are copyright @2013-2014 rights raseree (NETWGRK rageso CAM Table Configure and verify initial switch configuration including remote access management. © Cisco 10S commands to perform basic switch setup Verify network status and switch operation using basic utilities stich as ping, telnet and ssh Identify enhanced switching technologies o RSTP PYSTP Btherchannels Descnibe how VLANs create logically separate networks and the need for routing between them, © Explain network segmentation and basic traffic management concepts Configure and verity VEANS Configure and verity tmindang on Cisco switches DIP Auto negotiation Configure and verity PUSTP operation describe root bridge election © Spanning tree mode IP addressing (IPv4 / IPv6} Describe the operation and necessity of using private and public IP addresses for [Pv addressing Héentily the appropriate IPv6 addressing scheme (o satisty addressing requirements in a LAN/WAN environment. entity the appropriate [Prt addressing’scheme using VLSM and summarigation to satisly addressing requirements in a LAN/WAN environment. Describe the technological requifemehs for running IPv8 in conjunction with [Pes sch as cital stack Describe IPvé addresses Global unicast Multicast Link local Unique iocal eui 64 © autogentiguration BP Routing Technologies += -Desenbe basic routing concepts CF » Packet forwarding 1 Router lookup process + Describe the boot process of Cisco 10S routers POST Router bootup process CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ‘teontntarecoprightQE0L2_ 204 Al righrrcered. (RETWGRK rage 9Configure and venty utilising the CLIto set basic Router configuration © Cisco 10S commands ta perform basic router setup Configure and verify operation status ofa device interface, both serial and ethernet Verify router configuration and network connectinity 9 Cisco 10S commands to review basic router information and network connectity Configure and verify routing configuration for a static or default route given specific rowting requirements Manage Cisco IOS Files © Bootpreferences © Cisco 10S image(s) © Licensing © Show license © Change license Differentiate methods of routing and routing protocols Static vs. Dynamic Link state vs. Distance Vector Administrative distance split horizon metric next hop Jp routing table o Passive Interfaces Configure and verify OSPF (single area) Benefit of single area neighbor adjacencies OSPF states Discuss Multi ares Configure OSPF v2 Configure OSPF v3 outer 1D, Passive interface LSA types Configure and verify EIGRP (single AS) ‘Feasible Distance / Feasible Successors /Administrative distance Feasibility condition Metric composition Router ID Auto summary Path selection Lead balancing (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ‘teontentsarecopight G2012 204 Al righercerd. RETWERK rage 10Equal > Unequal Passive interface «Configure and verify inter-VLAN routing (Router on a stick) sub interfaces © upstream routing encapsulation © Configure SVtinterfaces IP Services «Configure and verity DHCP (10S Router) ‘configuring router interfaces to use DHCP DHGP options excluded addresses Jease time Describe the types, features, and applications of ACLs Standard Sequence numbers Editing © Extended » Named Mambered Log option Configure and verity ACLs in a network environment » Named » Numbered Log option Féentily the basic operstan of NAT > Purpose e Pool Stati Ito} Overloading o. Source addressing © One way NAT Configure and verity NAT for given network requirements Configure and verify NTP as.a client Recognize High availability (FHRP) 0 VRRP © HSRP 9 GUBP (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 { contate ar capyight @2012 2014 ight rcered. (NETWGRK rage 11+ Configure and enily Systog © Utilize Spstog Ounput + Descnbe SNMP va & v3 Network Device Security «Configure and verily network device security features such as Device password security Enable secret vs enable ‘Transport Disable telnet SSH vI¥s Physical security Sernce password Describe extemal authentication methods Configure and verify Switch Port Secunty features such as Sticky MAC MAC address limitation Static / dynamic Violation modes © Errdisable > Shutdown Protect restrict, Shutdown unused ports Ent disable recovery Assign unused posts to an unused VLAN Setting native VLAN to other than VLAN 1 + Configure and verify ACLs to filter network tratite + Configure and verify an ACIs to limit telnet and SSH access to the router Troubleshooting dentily and correct common network problems Uiilize netilow data ‘Troubleshoot and correct common problems associated with IP addressing and hast configurations, ‘Troubleshootand Resolve VLAN problems ©. identify that VLAN are configured © portmembership correct 9. address configured ‘Troubleshoot and Resolve trunking problems on Cisco switches © correct irunk states correct encapsulation configured (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWERK rage 12 All contonts are copyright @2013 ~ 2014 All rights reserved.© comect wlans allowed ‘Troubleshoot and Resolve Spanning Tree operation issues © footswitch © priory © mode is correct © portstates ‘Troubleshoot and Resalve routing issues routing is enabled routing table is correct © correct path selection ‘Troubleshoot and Resolve OSPF problems © neighbor Aajancies Helio and Deed timers OSPF area Intertace MTU Network types Neighbor states © OSPF topology database ‘Troubleshoot and Resolve EIGRP problems neighbor adjancies AS number Lead balancing Split horizon ‘Troubleshoot and Resolve interVLAN routing problems 2 Connectivity © Encapsulation 0 Subnet Native VLAN © Port mode trunk status ‘Troubleshoot and Resolve ACL issues © Statistics ©. Permutied networks Direction © Interface ‘Troubleshoot and Resolve WAN Implementation issres © Serial interfaces o PPP o Frame relay ‘Troubleshoot and Resolve Layer | problems © Framing (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) mm (NETWRK All contonts aro copyright @2013 - 2014 All rights rasorved.crc Rants Giants Dropped packets ate collision Input / Output errors + Monitor NetFlow statistics + Troubleshoot etherchanne! problems WAN Technologies «© Kientiy different WAN Technologies Metro Ethernet vSAT Cellular 36/46 MPLS TI/s1 ISDN DSL Frame relay Cable VPN Configure and verity a basic WAN serial connection Configure and verify @ PPP connection between Cisco routers Configure and verity Frame Relay on Cisco routers Implement and troubleshoot PPPOE CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 4 contonts ar copyright @2012 2014 Al right reserved. (NETWERK page 14INTRODUCTION TO NETWORK DEVICES Operation of IP Data Networks ‘Most ofthe enterprise computer network can be separated in to two general types of technology: + local area networks (LAN) + Wide-area networks (WAN). Ee B =e Network: interconnections of devices in LAN or WAN LANs se! of devices connected with in the same Tocation ( office /butlding/campus of building). WAN set of LAN connected each other in different geographical locations. Together, LANs an d WANS creat ¢ a com plete enterprise compu er network, working togethertedo the job of acom pu tern etwork: delivering data from one dence to another. CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm G (NETWERK rage 15 All contents are copyright @2013 ~ 2014 All rights reserved.RJ 45 CONNECTOR: [JAS is a stanclerd type of connector for network cables. RJ4S connectors are most commenly seen with Ethernet cables and networks, R/S connectors feature eight pins to which the wire strands of 4 cable interface electrically Standard B)-45 pinouts define the arrangement of the individual mres needed when attaching connectors to a cable. Several other kinds of connectors closely resemble R/45 and can be easily confused for each other The RJ-1] connectors used with telephone cables, for example, are oniy slightly smaller (nasrower) than 8-45 connectors. (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ‘i contate ar cnpyright @2012 2014 Might rca (NETWGRK rage 16+ Also Known As: Registered Jack 45 (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) # 35012 askaineape page aired (QETWERK rage 17OSIREFERENCE MODEL Si was developed by the International Organization for Standardization (ISO) and introduced arounc! 1960. Itis a layered architecture (consists of seven layers) which defines and explains how the communication happens in between two or more network devices within the organization or internet Each layer defines a set of functions in data commmanication. User support Layers or Software Layers Core layer of the OSI Network support Layers or Hardware Layers Application Layer is responsible for providing an interface for the users to interact with application services or Networking Services. Exc Web browser etc, Identification of Services is done using Port Numbers, Portis a logical communication Channel Port number is a 16 bit identifier, + Total Na, Ports 0- 65535 "Reserved Ports 1- 1023 * Unreserved Ports 1024-65535 ‘Service| PortNo. ‘HTTP | 60 FIP [21 SMTP | 25 ‘TELNET | 23 ‘TFTP | 69 Presentation Layer (Layer 6) «Presentation Layer Is responsible for defining a standard format for the data. 1 Pcueatsasretaonice > Taetafr naire ceased alblerae. ncaa Becoacg © Be ASCH, EBCDIC (Text) eee (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 enkataeape pel gee ha peace (QETWERK rage 18© MID WAY (Voice) + MPEC.DAT.AV! (Vicieo) Eneryption - Decryption Ex DES, 3-DES, AES Compression - Decompression «© Bx Predictor, Stacker, MPPC Session Layer (Layer 5) «lis responsible for establishing, maintaining and terminating the sessions. + It deais with sessions or Interactions between the applications. + Session ID is used to identify a session or interaction © BE RPC, SQL, NFS ‘Transport Layer (hayes #) + Lis responsible for enci-tovend transportation of data between the appiications. + The major functions described at the Transport Layer are... Identifying Service Muliipiexing & De-multipiexing Segmentation Sequencing & Reassembling Error Correction Flow Control Identifying a Service: Services are icientified at this layer with the help of Port Na’s. The major protocols which takes care of Data Transportation at Transport layer are...7CP, UDP To UDF Transmission Control Protocol User Datagram Protocol Connection Oriented Connection Less Reliable communication( with Unreliable communication (no Ack’s) Ack) Slower data Transportation Faster data Transportation Protocol No is $ Protocol No is i? Eg: HTTP, FIP, SMTP Eg: DNS, DHCP, TFTP Network Layer (hayes 2) * itis responsible for end-to end Transportation of data across multiple networks. + Logical addressing & Path determination (Routing) are described at this layer. + The protocols works at Network layer are Routed Protocols: ‘+ Routed protocols acts as data carriers and defines logical acldressing. + IP PX, AppleTalk... Ete Routing Protocols: + Routing protocols performs Path determination (Routing), RIP, IGRP, EIGRP, OSPF. Bte + Devices works at Network Laper are Router, Multilayer swatch etc. (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 A connate copyright @2012-201 argh recrved. (RETWGRK rage 19Data-link Layer (Layer 2) + itis responsible for end-to-end delivery of data between the devices on a LAN Network segment Data link layer comprises of two sub-layers. 1) MAC (Media Access Control) It deals with hardware adciresses (MAC addresses) MAC addresses are 12 digit Hexa-decimai identifiers used to identify the devices uniquely on the network segment. Italso provides ERROR DETECTION using CRC (Cyclic Redundancy Check) and FRAMING (Encapsulation). Ex Ethernet, Token ring...elc 2) LEC (Logical Link Control) Ideals with Layer 3 (Network layer} Devices works at Data link layer are Switch, Bridge, MIC card, Physical Lay 1 * ideals with physical transmission of Binary data on the given media (copper, Fiber, wireless...) * italso deals ith electrical, Mechanical and fmctional specifications of the devices, media. etc * The major functions described at this layer are. Encoding/decoding: itis the process of converting the binary data into signals based on the type of the media. * Coppermedia : Electrical signals of different voltages + Fibermedia —: Light pulses of different wavelengths © Wireless media: Radio srequency waves Mode of transmissions of signals: Signal Communication happens in three different modes Simplex, Half- duplex, Fall-cuplex Devices works at physical layer are Hub, Modems, Repeater, and Transmission Media (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 A contnt aro copyright G2012-201 a righ recrved. (NETWGRK rage 20TCP/IP ‘The Transmission Contro! Protocol/Internet Protocol (TCP/IP) suit was created by the Department of Defense (DoD). The DoD Mode! The Process / Application Layer The Host-to-Host Layer The Intemet Layer The Neterorkeaccess Layer Comparing OSI & TCP/IP Model OSI Layers TCP/IP Layers Process/Application Layer ‘The Process/Application layer defines protoceis fer nede-to- node application communication and also contrals user interface specification. TCP/IP applicat ion layer protocol s provicie services to th e application software running on & computer. The application layer does not define the application itself, but if defines services tha applications need. For example, application protocol HTTP defines how web browsers can pull the contents of a webpage from a web server. In short, the application layer provides an interface between sollware running on a computer and the network itself. Examples for this layer are: * Telnet, FTP, TFTP, NFS, SMTP, SNMP, DNS, DHCP ete: HTTP + Allowto access WebPages Telnet + Telnet is used for Terminal Emulation + Itallows a user sitting on a remote machine to access the resources of another machine. CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 {i contate ar cnpyright @2012 2010 Might recere (NETWGRK rage 2!FIP (Filo Transfer Protacol) + Itallows you to transfer files from one machine to another, + Italso allows access to both directories and files. + Ituses TCP for data transfer and hence slow but reliable, TF TP (File Transfer Protocol) ‘Thus is stripped down version of FTP. © ithas no directory browsing abilities. itcan only send and receive files. 0 ituses UDP for data transfer and hence faster but not reliable. Simple Network Management Protocol SNMP enable a central management of Network. 0 Using SNMP an administrator can wach the entire network, 9 SNMP works with TCP/TP, 0 uses UDP for transportation of the data. DNS (Domain Name Service) «DNS resolves FODN with IP address. + DNS allows you to use a domain namo to specify and IP address. + Itmaintains a database for IP address and Hostnames. DHCP (Dynamic Host Configuration Protocol) + Dynamically assigns IP address to hosts, Host-to - Host layer TOP RAY UDP Transmission Control Protocol User Datagram Protocol Connection Oriented Connection Less Reliable commaunicattan( with Unreliable communication (no Ack’) Ack) Slower data Transportation Faster data Transportation Protocol Nois § Protocol No is 17 Eg: HTTP, FTP, SMTP Eg: DNS, DHCP, TFTP The Internet Layer Protocols oeeret owes!) 1 erat Conta Neage Protect (CE) «Address Resolution Proteco! (ARP) + deters ares Rea acct aR) Internet Protocol (IP) a Pa connate, estat toy rottg of iagrant S pilcraaeteedwnsecen anmenaente s rlsa ar uy eo ta cases oer Soma Interne Gant essoge Petco! ECB) NN cep cae tr cca ac a 0 The following are some common events and messages that ICMP relates to: * Destination Unreachabie (CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 connate ppg 2010201 ig rered (QETWERK rage 22= Ping © Traceroute Address Resolution Protocol (ARP) ARP works at Intemet Layer of DoD Model itis used to resolve MAC address with the help ofa known IP address, ARP (Reverse ARP) 0 This also works at Internet Layer. © itworks exactiy opposite of ARP. © itzesolves an iP address with the help of known MAC address. 0 DHCP 1s the example of an RARP implementation. (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 i contents arn copyright Q2012 2014 righ rzere (NETWGRK rage 23IPADDRESS © Address is Logical Address. Its a Network Layer acidress (Layer 3). © address is given to every device in the network and itis used to identify the device with in the network. ‘Two Versions of Il IP version 4 is a 32 bit address IP version 6 is a 128 bit address + Bit is represent by 0 or 4 (i.e. Binary) * IP address in binary form (32 bits): 01010101000001011011111100000001 + 32 bits are divided into 4 Octets: First Octet Second Octet Third Octet Forth Octet 01010101. 00000101. 10111111. 00000001 + IP address in decimal form: 85.5.191.1 IP version 6 Format + 128-bit address is divided along 16-bit boundaries, and each 16-bit block is converted to a 4-digit ‘hexadecimal number and separated by colons (Colon-Hex Notation) FD00: ODBS: 7654: 3210: 2C4C: BAI?: 7124: 0032 IETWGRK page 24 All contonts aro copyright @2013 - 2014 All rights rasorved. CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) “mGBinary to Decimal Conversion Taking Example for First Octet : Total 8 bits, Value will be 0’s and 1's i.e. 2° = 256 combination 27 28 28 24 2° 22 21 20 Unicast Unicast is the term used to descnibe communication where a piece of information is sent ‘rom one point fo another point, In this case there Js just one sendes, and one receiver. Unicast transmission, in which a packet is seat from a single source to a specified destination, is still the predominant form of transmission on LANs and within the intemet ALANS (e.g. Etiternet) and IP networks support the unicast transfer mode, and most users are familiar with the standard unicast applications (e.g. http, smip, tp and telnet) which employ the TCP transport protocol. Broadcast Broadcast is fhe term used fo describe communication where a piece of information is sent from one point to all other points. In this case there is Just one sender, but the information is sent to all connected receivers. (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [A eonmata ar copyright @2013 2014 irighteraseroed (NETWGRK rage 25Broadtcast transmission is supported on most LANs (o.g. Shernet), and may be used to send the same message to all computers on the LAN (e.g. the address resolution protoco! (am) uses this to send an address resolution query to all computers on @ LAR). ‘Network layer protocols (such as (Pv) also support a form of broadcast that allows the same packet ta be sent to every system ina logical network (in IPv4 this consists of the IP network ID and an all I's host number). Multicast © Multicast is the term used to describe communication where a piece of information is sent from one or more points (o a set of other points. «© Inthis case there is may be one or more senders, and the information is distributed to a set of receivers (there may he no receivers or any other number of receivers). ‘One example of an application which may use multicast is a video server sencing out networked TV channels, Simultaneous delivery of high quality video to each ofa large number of delivery platforms will exhaust the capabiliy of even a high bandwidth network with a powerful video clip server. ‘This poses a major salability issue for applications which required sustained high bandwidth. One way to significantly ease scaling to larger groups of clients iso employ multicast networking. The format of IP malticast packets are identical to that of unicast packets and are distinguished only by the use of a special class of destination address (class D [Pri address) which denotes a specific multicast group. Since TCP supports only the unicast mode, multicast applications must use the UDP wansport protocol. CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35017 A connate cppigh 2010201 lige rered (NETWERK rage 26(PVA address classifications Total IP Address Range af IPv4 is 0.0.0.0 255.255.255.255 IP Addresses are divided into § Classes CLASS Class Ranges No. Networks & Hosts 0090 - 127.286, 285.255 126 Networks & 16777814 Hosis per Network 728.0.0.0- WWE 16364 Networks & 65834 Hosls per Network 191.255.255.255. 192.0.0.0- WNW {OOTIBA Networks & 254 Hosts per Network (223,258.255.255 BHO0.0- Reserved for multicast trafic 239,255,255 255, HO00.0- 255.255.255.255 _| Reserved lor Research and development a specilic device in the network set ofdevices + Furst iP address ofthe range «represents the complete network and cannot be assigned to any device * The network acidress 1s represented with all bits as ZERO in the host portion of the address Broadcast Address + The last IP address of the range + Used to send the broadcast with the network and cannct be assigned to any device in the network «The broadcast address is represented with all bits as ONES in the host portion of the address Valid addresses: + Valid IP Addresses he between the Network Address and the Broadcast Address. + Only Valid IP Addresser are assigned to hosis/clients or any other device in the network All contonts aro copyright @2013 - 2014 All rights rasorved. (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) nm (NETWERK rage 27Class A 10,0,0,0—————> Network: Address 10.0.0. 10.0.0.2 ag Valid IP Addresses 110.255.255.254 10.255.255.255———>_ Broadcast Address Class B 172.16.0.0-————»_ Network Address 172.16.0.1 172,16.0.2 a7216-0:8 Valid IP Addresses 172.16.255.254 172,16.255.255———> Broadcast Address Class C 192,168.1.0————» Network Address 192,168.11 192,168.1.2 al Valid IP Addresses 192,168.1.254 192.168.1.255 ———> Broacicast Address Subnet Mask 1's an addvess which is used to identify the network and hast portion of an jp address. Class NHH — 255.0.0.0 ClassB N.NHH — 255.255.0.0 Class C N.N.N.H 255.255.2550 + Subnet Mask differentiates Network portion and Host Portion CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 See emer G ETW@RK rage 28Subnet Mask is been given for Network Identification of a Host Id. Represented with all I's in the neiwork portion and with ail 0's in the hest postion. ‘PRIVATE IP Used with the LAN or within the organization Not recognized on intemet Given by the administrator Unique within the network or organization Free Unregistered IP Private IP Address ‘PUBLIC IP Usect on public network (INTERNET) Recognized on internet Given by the service provider (from JANA) Globally unique Pag ta service provider (or JANA ) Registered There are certain addresses in each class of address that are reserved for Private Networies. These addresses are called private addresses. RANGE OF PRIVATE IP: ClassA 10.0.0.0 to ClassB 172,16.0.0 to Class 192,168.0.0 to Default Gateway:- 110.255.255.255 172,31.255,255 192.168.255.255 «The ip address of the router Ethernet address connecting to the LAN «© itisan entry and exit point ofthe network. CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35017 A contents arn copyright @2012 2014 rights rnere (WE TWBRK rage 27SUBNETTING Subnetting isthe process of Dividing a Single Network into Muluple smaller networes. Converting Host bits into Network Bits i.e, Converting 0's into I's © Subnetting helps in minimizing the wastage of P address Subnetting can be periorming in two ways. 1. FLSM (Fixed Length Subnet Mask 2, VISM (Variable Length subnet mask) Subnetting can be done based on requirement » Requirement of Hosts? 25-2 >= requirement © Requirement of Networks? Bs >= requirement LSM: Example—I CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 rental sop tiieae canmmepe me (RETWRK rage 30Rog = 40 hosts using C-class addross notwork 192.168.1.0/24 2h. 2 >= req Host bits required (h) = 6 Converted network Bits (n) = Total. H. Bits --req. H. Bits Ba 6=2 Converted network Bits (n) = 2 Total.W. Bits = default W bits + converted N bits = 28+2= /26 Hosts/Subet = n2 = 64-2 62 Hosts/Subet Subnets = 2*= 2" =4 Sabnots Customized subnet mask = (/26)= 255.255.255.192 Range: 25-" = 64 Network ID Broadcast ID 192.168.1.0/26 192,168.1.63/26 192.168. 1.84/26 192.188.1.127/28 198,168, 1,138/26 192,168.1.191/26 192.168.1,192/26 192, 168. 1.255/26 FLSM: Example—2 Req = 30 hosts using C-class address network 192.168.1.0/24 2-2 >= req 2-2 >=30 32-2>=30 30 >= 30 © Host bits required (h) = 5 © Converted network Bits (n) = Total. H. Bits - req. H. Bits (CCNA R&S Workbook by Sikandar Gouse Moinudidin CCLE (R&S, SP) nm (NETWRK rage 1 All contonts aro copyright @2013 - 2014 All rights reserved.=e Converted network Bits (n) = 2 Total... Bits = default N bits + converted N bits = 24+2= /27 Hosts/Subet = 2-2 = 2-2 = 32-2 0 Hosts/Subet Subnets = 8 Subnets Customized subnet mask = (/27) = 255.255.255.224 Range: 2-2! = 52 Notwork ID Broadcast ID 192.188.1.0/27 192.188.1.51/27 192,168.1.32/27 192.188,1.53/27 192.168.1,64/87 192.188,1.95/37 192, 168.1.98/87 192.188,1.187/87 192. 168.1.186/87 192.188.2.159/27 192,168.1,160/27 192.168.1.191/27 192,168.1,193/27 192,188,1.288/47 192.168.1.224/87 192.188.1.288/87 Req = 500 hosts using B-class address network 172.16.0.0/16 2. 2>=req 2-2>= 500 512-2 >= 500 510>= 500 Host bits required (h) = 9 Converted network Bits (n) = Total. H. Bits --req. H. Bits =16-—-9=7 Converted network Bits (n)=7 Total. NV. Bits = default N bits + converted N bits =16+7= 122 Hosts/Subet = 2-2 = 29-2 = 512-2 = 510 Hoste/Subet All contonts aro copyright @2013 - 2014 All rights rasorved. CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) mG (NETWERK rage 22Subnets = 2" =2/= 120 Subnets (Custornized subnet mask = (/23)= 255.255.254.0 Range: = 2" = $12 ‘Network ID <= Broadcast 1D © 172,16.0.0/23 so 172.16.1.255/23 © 172,16.2.0/23 172,16.3.255/23 © 172,16.4.0/23 172.16.5.255/23 172.16,5.0/23 172.16.7.255/23 172.16.254.0/23 172.16.255.255/23 FFLSM: Example—# Req = 4000 hosts using B-class address network 172,16.0.0/16 22 >=r0q ait-2>=4000 a0g6-2>= 4000 4094>= 4000 Host bits required (h) = 12 Converted network Bits (n) = Total, H, Bits - req, H, Bits 161228 Converted network Bits (a)= 4 Total. N. Bits = default N bits +comvestedN bits =16+¢= /20 fe. 2 = 2-2 = 4096-2 = 4094 Hosts/Subet Subnets = 2" = 2¢= 16 Subnets Custornized subnet mask = (/20)= 255.255.240.0 Range: 2=2"= 6096 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 4 cononts are copyright 2012 ~ 2014 ll rghts reserved. (NETWERK rage a2‘Network 1D Broadcast ID 172.16.0.0/20 172,16.15.255/20 172.16.16.0/20 172.16.31.255/20 172,16,32.0/20 172,16.97.255/20 172.16.48.0/20 172,16.63.255/20 172.16.68.0/20 172.16.79.255/20 172,16.260.0/20 172,16.255.255/20 FLSM: Example—5 Req = 2000 hosts using A-class address network 10.0.0.0/8 20-2 >=req au -2 >= 2000 2048-2>= 2000 2046 >= 2000 Host bits required (h)= 11 Converted network Bits (a) = Total. H. Bits - rog. H. Bits = 1=13 Converted network Bits (1) Total. N. Bits = default W bits + converted N bits = 8+ 13 = /21 Hosts/Submet =28-2 = 2'-2= 2088-2 = 7046 Hosts/Subnet Subnets = 2° =27= 8192 Subnets Customized subnet mask = (/21) = 255.255.248.0 Range: Network ID Broadcast ID + 10.0.0.0/21 ve 10,0.7.255721 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 i contents arn copyright Q2012 2014 rights rnered (NETWGRK rage 2410.0.8.0/21 10.0.16.0/21 10.0.248.0/21 10.1.0.0/21 10.1.8.0/21 10.1.16.0/21 10.1.248.0/21 10.2.0.0/21 10.2.8.0/21 10.2.16.0/21 10.2.248.0/21 10.255,0.0/21 10.255.8.0/21 10.0.15,255/21 10.0.23.258/21 10.0.255.255/22 10.1.7.255/21 10.1.15.255/21 10.1.23.255/21 10.1.255.255/21 10.2.7.258/21 10.2.15.255/21 10.2.23.255/21 10.2.255.255/21 10.0.2.255/21 10.0.15.255/21 10.255.16.0/21 10.0.23.255/22 + 10.255,268,0/22 ... — 10,255.255,255/21 FLSM: Example—§ ‘Rog = 12000 hosts using A-class addrass network 10.0.0.0/2 28.2 >= req 20-2 >= 32000 327682 >= 32000 30766 >= 32000 IETWGRK page 35 All contonts aro copyright @2013 - 2014 All rights rasorvod. CCNA R&S Workbook by Sikandar Gouse Moinudidin CCIE (R&S, SP) maaHost bits required (4)= 15 Converted network Bits (a) = Total. H. Bits -.xeq. H. Bits Converted network Bits (n) = 9 Total. N. Bits = default N bits + converted N hits = 8+9=/17 Hosts/Subnet = 2-2 = 2! ~2= 32768-2 = 92766 Hosts/Subnet Subnets = 2» = 2?= 512 Subnots * Customized subnet mask =(/17)= 255.255.128.0 Range: ® = 32769 Network ID Broadcast ID + 10.0.0.0/17 - 10.0.127.255/17 © 10.0.128.0/17 10.0.255.255/17 10.1.0.0/17 WO. d27.255/17 10.1.128.0/17 = 10,4.255.255/17 410.2.0.0/12 tae WO.2.ART.2S5/17 10.2,128.0/17 _ 10.2.255.255/17 10.2.0.0/17 = 10,3.427.255/1T 10.2.128.0/17 — 10.3.255.255/17 10.4.0.0/17 10.4.127.255/17 10.8.128,0/17 10.4.255.255/17 10.5.0.0/17 - 10.5.127.255/17 10.5.128.0/17 - 10.5.255.255/17 + 10.255.0.0/17 a 10.255.127.255/17 © 10.255.128.0117 v. 10,255.255.255/17 (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWERK rage 26 All contonts aro copyright @2013 - 2014 All rights rasorvod.Watue Subnetmask 120 . 255.255.260.0 ne 255.255.192.0 3 , 285.285.254.0 15 255.255.255.128 ns 255.255.224.0 8 8.8.8.4 255.255.255.260 7) 8.8.8.5 255.255.255.268 730 8.8.8.6 255.255.255.252 ne 8.8.6.0 255.255.252.0 Variable-Longth Subnet Mask (VLSM): *+ VISM is used for proper implementation of IP addresses which allows mare than one subnet mask for a given network according to the individual needs Logically dividing one network into smaller networks is called as Subnetting or VSM. ‘One subnet can be sub-netted for multipte times for efficient use. Requires Classless Routing Protocols. Advantages Efficient Use of IP addresses: Without VLSMs, networks would have to use the same subnet mask throughout the network. But all your networks don't have the same number of hosts requirement. (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) mG (NETWRK rage a7 All contonts aro copyright @2013 - 2014 All rights rasorved.Example of a VLSMs Networks 200,200.200.32/27 200.200.200.164/30 es 25 Hosts 5 Hosts : 80.200 200.1880 290.200.200.427 <—e 25 Hosts Cee —~\_20.200200.8627 200 200.200.1287 JS 25 Hosts 200.200 200.172/30 Subnetting Questions Find the following values for the Given examples below + subnetmask + Range (network ID and Broadcast ID), + Valid Host, Subnets 28.10.145.10/18 180.12.110.10/25 180,50.80.50/23 100.10.285.10/20 50.1,118.10/21 118.10.78.40/a8 172.16.281.10/19 All contonts aro copyright @2013 - 2014 All rights resorvod. (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) mm (NETWERK rage 28VLSM Design Examples Below you can find some of the sample scenario diagram where it mentions the reqguirments (le No of hosts) smeasa ares ies smaten B28 (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWORK Page 39 All contents are copyright @2013 ~ 2014 All righ¢s reserved.(CCNA R&S Workbook by Sikandar Gouse Moinuddin CCLE (R&S, SP) # 35012 ‘Afcounatare coprghtQ20d Po righs uae. (NETWORK. rage 402000 haste 172.16.0.0722 0.0 te 3.256 200 bests wes.6.0re4 20 he 172.16.93pRr27 9.128 96 9.199 Ss S D = F 50 hosts 20 hosts 172.16,9.64726 172,16.9.160/87 9.64 09.127 9.160 te 9.191 ETWERK page 41 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 38012 eeeerageepep ail ¢INTRODUCTION TO ROUTERS Whatis a Router? Router is a device which makes communication possible between two or mare different networks Presentin same or different geographical locations. ~ Itis an internetworking device used to connect two or mare different networks = Mtworks on layer 3 (Le. network layer.) It doos two basic things: = Select the best path from the routing table. Porward the packet on that path Other Vendors apart from Cisco Mary companies are manufacturing Router: = Nostol ‘Maiticom Juniper Dlink Linksys 3Com Router Classification FIXED ROUTER MODULAR ROUTER Fixed router (Non Upgradeable “Modular router (Upgradeable can ‘cannot acd and remove the ada and remove interfaces as per Bihemet or serial interfaces) the requirement) Doesn't have any slot Number of slots available depend on the seztes of the router (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [A conmats ar copyright Q2013 2014 rights rseree (RETWGRK rage a2Example of Fixed Router aur Attachment Unie tatertace Auxiliary ‘Aux 0 EXTERNAL PORTS OF ROUTER + LAN interfaces - Ethernet = AUT (Attachinent Unit Interface) (EO) 15 pin = 1ObaseT — R148 + WAN interfaces = Sennalinterface (50, S1, 30/0, 30/1, 30/0/0 etc) ~ 60 pin/26 pin(smart serial) ISDN interface(@Ri0 et) ~ R)45 (used for ISDN wan connections } ‘+ Administration interfaces = Console ~ RJ48— Local Administration Auxiliary —RY45 - Remote Administration 2621 Model Router (Modular Router) ‘Console Auxiliary Power Cord Port Part Connection CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [A conmsts ar copyright @2012~2014firighteraseree (RETWGRK rage asAttachment Unit Interface + AUIpin configuration is i$ pin female. + This known as Ethernet Port or LAIN port or Default Gateway. + Tasused for connecting LAN to the Router. + Transceiver is used for converting 8 wires to 1S wires. Le. JAS to 18 pin converter. Console Port tis known as Local Administrative Port Is generally used for Initial Condiguration, Password Recovery and Local Administration of the Router. itis R]45 Port IMP: [tis the most delicate port on the Router. So make less use of the Console Port, LAN 192,168.1.0/24 Console Connectivity = Connect a rollover cable to the router console port (Ry- 45 connector), ‘© Connect the other end of the roliover cable to zhe RJ- 48 10 DB-9 converter Attach the female DB-9 converter to a PC Serial Port © Open Emulation Software Serial Port ‘Arter ‘Serial pin configuration ts 60 pin configuration female (ie. 15 pins and 4 rows) and Smart Serial pin configuration ts 26 pin configurations female. + [us known as WAN Port Itis used for connecting to Remote Locations + V.95 cable ts having 60 pin configuration male at ‘one end and on the other end 18 pin configurations male. CCNA R&S Workbook by Sikandar Gouse Moinucdin CCIE (R&S, SP) “mq IETWGRK page 44 All contonts aro copyright @2013 - 2014 All rights reserved.Auxiliary Port — Its known s Remote Conmedir Administrative Port. Used for remote administration lis an RJ-45 port Aconsole or @ roliover cable be used. Risso 0029 Maem oer Jsa chip integrated on the motherboard which contains a Bootstrap program which tells howto Jead the IOS Used to start and maintain the router. Holds the POST and the bootstrap program, as well as fhe smant-i0S. POST (power-on selftest) + Stored in the microcode of the ROM, the POST is used to check the basic functionality of the ‘router harcluare and determines which interfaces ara present Mini-10s ‘* Also called the RXBOOT or boot loader by Cisco, the mini-IOS ts a small iOS in ROM that can be used fo bring up an interface and load a Cisco IOS into flash memory. * The mini-IOS can aiso perform a few other maintenance operations, RAM (random access memory) © Used to hold the temporary contig. recent packet butters information , ARP cache, routmg tables, and alse the software and data structures that allow the router to function, © Also called as Running-contigy © The 105 is loaded in to the RAM from the Flash at the time of booting. Flash memory © Stores the Cisco IOS by default. Flask memory Js nol erased when the router is reloaded. NVRAM (nonvolatile RAM) «Used to hold the router and switch configuration. NVRAM is not erased when the router or switch is reloaded, + will not store an 105. + The configuration register is stored in NVRAM. Configuration register file wrod iocontet hye rviar bootup Thivae canbe und thst In fe show varin comand oa CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 Braahisue appl gui cana mea med (Qe TWRK rage as+ By detautt is set to 0x2102, which telis the router to load the JOS from flash memory as well as to load the configuration érom NVRAM. 2. Locate 4. Lon the 108, FT. Enter Setup Mode 1. Performing the POST and Loading the Bootstrap Program + The power-on selftest (POST) isa process that occurs on almost every computer when it boots, The POST is used to test the router hardware, Alter the POST, the bootstrap program is loaded. The bootstrap program locates the Cisco [0S and loads it into RAM. 2. Locating and Loading the IOS Software The location of the 10S ile is specified by the value of the configuration register setting, Tie bits in this setting can instruct the device to Joad the JOS file from the following locations: + Flash memory * ATFIPserver To load the IOS normally from flash, the conliguration register setting should be set to 02102. Locating and Executing the Startup Configuration Fite or Entering Setup Mode Ater the [OS is loacled, the bootstrap program searches for the startup configuration file (startup- conlig) in NVRAM. This file contains the previously saved configuration commands and parameters, including Interface addresses, Routing information , Passwords, other configuration parameters Ifno configuration file 1s located, the router prompts the user to enter setup mode to begin the ‘configuration process. Ifa stastup configuration file is found, a prompt containing « hosiname will display. The router has successfully loaded the IOS and the configuration fle CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ‘teowtntsarecopigntG20L2_ 204 Al righerceed. (RETWERK rage asIntegrated Services Router (ISR). ‘+ Itgets its name because many of the services, like security, are built into it. It's a mochilar device like the 2600, ‘© butit's much faster and a Jot more sleek—it's elegantly designed to sup-pert a broad new range of interface options. ‘© 800,1800,2600,3809, 1900,2900,3800, CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 i contonas are copyright Q2012 2014 rights rnered (WE TW@RK rage 47Setup mode +The router enters in to setup mode ifthe NVRAM is blank User Mod + Only same basic monitoring + limited show commancts, ping, traceroute + Router> Privileged Mode:- + monitoring and some troubleshooting + allshow commands, ping, ace. copy, erase + Router Global Configuration mode:- + To make any changes that affect the routor ike hosiname, routing configurations. + All Configurations that affect the router globally + Rowter(condig)# Interface mode: Configurations done on the specific interface Rommon Mode:- Reverting Password Console Connectivity + Connect a roliover cable to the router cansole port (RJ-45 connector). Connect the other end of the rollover cable to the RJ-45 to DB-9 converter Attach the female DB-9 converter fo a PC Serial Part. Open emulation software on the FC. I WINDOWS Start > Programs > Accessories > Communications > HyperTerminal > HyperTerminal Give the Connection Name & Select Any icon Select Serial (Com) Port where Router is connected. In Port Settings > Click on Restore Defaults IN LINUX + ftminicom —s (used instead of HyperTerminal in Windows) CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 i contents arn copyright @2012 2014 right rzere (NETWERK rage 42(CCNA R&S Workbook by Sikandar Gouse Mo inudidin CCIE (R&S, SP) # 35012, ‘teontntaareoopigat Geld 204 rigtrrceed. (RETWERK rogerress RETUM te ov! started. BASIC COMMANDS User mode: Router > Router > show flash Router > show version Router > show ip interface brief Router >ping 11.1.1 Router >traceroute 0.1.1.1 Router > enable Privilege mode: Router #f show running-config Router # show startip-contig Router # show flash Router # showyersion Router #shovrip interface brief Rowlerd>ping 1.1.1.1 Router # traceroute 50.1. 1.1 Router # configure terminal (To enterin Global configuration mode) Router (config) # hostname Sikandar (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWERK rage so All contonts aro copyright @2013 - 2014 All rights reserved.Assigning ip address to Ethernet interface: Router(contig) # interlace Router(contig-if # ip address (interface Moe) Router(contigif) # no shutdown Assigning console password: Router(config) # line con 0 (To enter into Console line mode) Router(contig-line) # password Router(config-line) # login Router(contig-line) # exit Router(config) # exit Router(config) # line aux 0 (fo entor into Auniliary line modo) Router(config-line) # password Router(contig-line) # login Router(contig-line) # exit Router(contig) tt ext Assigning Telnet password: Router(contig) # line vty 04 (To enter into VT¥ line mode) Router(conlig-line} Hpassword Router(config-line} #logmn Router(config-line} #exit Router(config) text Assigning onablo password: Router(config) # enable password (The wall be password saved in clear text) OR Router(config) tenable secret (The password will be saved in encrypted text) To encrypt all passwords (contig) teervice pasrwordencerption CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 4 contonts are copyright 2012 ~ 2014 Al rights reserved. (NETWERK rage 51Commands to save the configuration: Router # copy running-config startup-config (OR) Router # write memory (OR) Router # write TO erase NVRAM configuration: Routert# erase startup-config (to erase the NVRAM } LAB; BASIC CONFIGURATIONS AND VERIFICATIC POWER on the router and observe the booting Process (sample Output shown below) System Bootstrap, WekI@H/I2M(BE)T2, RELEASE SOFTWARE (fc1) Cor ght (¢) 4000 by cisco Systems, Inc. Giseo BBE (MPCES0) processor (revnsion 02200) with BOMIBKISIZOR bytes of memory erated Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (©) of the Commercial Computer Software - Restricted Rights clause at FAR soc, 53.227-19 and subparagraph (©) () ti) of the Rights in Technical Data and Computer Software clause at DFARS sec. 258.287-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Oj iting System: Software {5 cam) ©2600 Sotare (C26 00-00), Version 2288), RELEASE SOFTWARE (5) Technical Support: htqp://www.cisco.camv/techsupport Copyright (¢) 1986-2005 by cisco Spstems, inc. Compiled Wed 27-Apr-04 19:01 by nuwang isco 2601 (WIPC860) BEOERESOE (revision x0) with BORTBRISIROR yes of memory Processor board ID JADOS190MTZ (4292891495) MB60 processor: part number 0, mask 4 Bridging software, CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 A contnt aro copyight @2012-201 argh recrved. (RETWGRK rage s2System Configuration Dialog ~ Continue with configuration dialog? [yes/no]: 96 Please answer Yes'or ‘no’ Continue with configuration dialog? (6 Router> Router>show flash System flash directory: File Length Name/status 3 5571564 (8827403 bytes used, 58188981 available, SHO163B41018!) 63488K bytes of processor board System flash (Read/Write) Routor>show version Cisco Internetwork Operating System Software 10S (im) C2600 Software (C2600--0), Version 12.2(28), RELEASE SOFTWARE (to8) Technical Support: htp://~www.cisco.carvtechsuppert Gopynigit (c) 1986-2005 by cisco Systems, inc. Compiied Wed 27-Apr-04 18:01 by miwang Image text-base: Ox9000806C, dlata-base: Gx0041FECC ROM: System Bootstrap, WeESIORUZIN(Cr)T2, RELEASE SOFTWARE (fel) Copyright (c) 2000 by cisco Systems, Inc. ROM: (C3600-L-M), Version 12.2(8), RELEASE SOFTWARE (fc5) System returned to ROM by reload Spot image ie Mashed 600-8 128-28:8i8" (Gis86\2621 (147260) processor (revision 0x200) with BORIGKISI2OK bytes of memory Processor board ID JADOS190MTZ (4492891495) (M@60 processor: part number 0, mask 49 Bridging software. .36 software, Version 3.0.0. Configuration register is 0x2 102 Router>sh ip interface brief Interface BP-Address OK? Method Status Protocol FastEthemet0/0 unassigned YES unset administratively down down (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 i contents arn copyright @2012 2014 righ rnered (NETWGRK rage s3Fastithemet0/1 unassigned YES unset administratively down down’ Router>ping 1.1.1.1 Type escape sequence to abort. Sending 8, 100-byte ICMP Echos to 1.1.1.1, timeouts 2 seconds: Success rale is 0 percent (0/3) Router>traceroute 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1 To enter in to privilege mode Router> enable By (yping the clock Fcommand, you'l get a list ofthe next possible parameters and what they do, Notice that you should just keep typing a command, a space, and then a question ‘marie until (carriage return) is your only option. Ifyou're typing commands and recetve To enters in to privilege mode Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Hosni Rouler(config)t hostname HYDERABAD HYDERABAD (config}t TO ASSIGN CONSOLE PASSWORD HYDERABAD(conlig) line console 0 HYDERABAD (config-line}# password ciscol23 HYDERABAD (config-line}i#login HYDERABAD (conlig-line}iiend ye CONC. Gontgured fom ons by canste HYDERABAD exit HYDERABAD con) is now available (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) mG (NETWERK rage s4 All contonts aro copyright @2013 - 2014 All rights rasorvod.Press RETURN to get started. User Access Verification (Enter the console password which was configured) HYDERABAD> HYDERABAD>enable HYDERABAD# conf terminal Enter configuration commands, one per ine, End with CNTL/Z. HYDERABAD (contig) line vty 08 HYDERABAD (config-lne}# password conal23 HYDERABAD (config-line}# login HYDERABAD (config-line}i# exit HYDERABAD (config) enable password ccnp123 HYDERABAD (config)! exit HYDERABAD exit HYDERABAD cond is now available Pross RETURN to got started, User Access Verification Password: (Enter the console password which was configured) HYDERABAD> enable HYDERABAD: (Enter the enable password which was configured) HYDERABAD: show running-contig Building configuration... Current configuration : 480 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-enctyplion ! hostname HYDERABAD ! CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 A contnnt aro copyight @2012-201 argh recrved. (CG: TWRK rage 55HYDERABAD configure terminal HYDERABAD(config)t! enable secret cciel23 HYDERABAD(config)# exit HYDERABAD! show sunning-config Building configuration... Curent configuration : $27 bytes ! version 12.2 no service timestamps fog datetime msec no service timestamps debug datetime msec no service password-encryption hostname HYDERABAD ! ! ’ enable secret: ‘enable password cenp!23. HYDERABAD erase staxtup-config Erasing the nvram filesystem will remove all configuration fies! CBRWHUE? [eombizea]) [Ox] Erase of nvram: complete HYDERABADIt reload Proceed with reload? (confirm) °6SYS-5-RELOAD: Reload requested by console, Reload Reason: Reload Command. System Bootstrap, Version 12. 1(3r)72, RELEASE SOFTWARE (tcl) Copyright (c) 2000 by cisco Systems. Inc. lse0 8621 (MPC850) processor (revision Qv200) with 60416K/5120K bytes of memory Self decompressing the image : LAGOS Abt Eb bE ESE RE et OAL faa a feasts [OK] Restricted Rights legend CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 A contnt aro copyight @2012-201 rights recrved. (NETWGRK rage 56Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (©) of the Commercial Computer Software - Restricted Rights clause at FAR sec. $2.227-19 and subparagraph (©) (1) (i) of the Rights in Technical Data and Computer Software clause at DPARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1708 Cisco Internetwork Operating System Software TOS (isn) C2600 Software (C2600-1-M), Version 12,2(28), RELEASE SOFTWARE ({c8) Technical Support: hite://www.cisco.convtechsuppart Copyright (c) 1988-2008 by cisco Systems, inc. Compiled Wed 27-Apr-04 19:01 by miwang cisco 2621 (MPC860) processor (revision 0x200) with 6041 6K/5120K bytes of memory Processor board ID JADOS190MT2 (4292691495) ‘M860 processor: pan number 0, mask 48 Briciging software. .28 software, Version 3.0.0. 2 FastEthemeW/IEEE 802.3 intertace(s) 32K bytes of non-volatile configuration memory. 63488K bytes of ATA Compactflash (Read/Write) router enters in to setup mode as the startup-config been erased CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 A contnt aro copyright @2012-201 a righ recrved. (NETWGRK rage 57PC STRAIGHT-THRU HUB CROSSOVER 1 re 1X 7 2 RX Ree 3 —— 4 ————s Fe 5 (TX: —=——7 2 RLS Plug sre ap ere ane ‘RI45 CONNECTOR: © BUMS is a standard type of connector for network cables. RMS connectors are most commonly seen with Etherne? cables and networks. RJS5 connectors fealure eight pins to which the wire strands of a cable interface electrically. Standard Rj-45 pinouts define the arrangement of the individual unres needed when attaching connectors to a cable. ‘Several other kinds of connectors closely resemble RJ¢S and can be easily confused for each other. The RJ-I] connectors used with telephone cables, for example, are only slightly smaller (narrower) than RJ-45 connectors, + Also Known As: Registered Jack 45 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [A conmats ar copyright @2012 2014 ieighterseree (NETWGRK rage 58(CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) # 35017 Dankiiaeape pager ani gated (QETWERK rage 59WAN CONNECTIONS WAN connections are divided into three types 1) Dedicated line 2) Curent switched 3) Packet switched Dedicated line:- Permanent connection for the destination Used for short or long distance Bandwidth is fixed Availability is 24/7 Charges are fixed whether used or not. Uses analog circuits Aiways same paih is used for destination Example is Leased Line “ ¥ ¥ “ ¥ a Cirenit switche ¥ Itisalso used fer short and medium distances. Y Bandwadth ts fixed ¥ Charges depend an usage of fine ¥. Also called as line on demand, Y Usually used for backup line ¥ Connects at BRI port of router ¥ ISDN and PSTN are the examples Packet switched: ¥ Used for medium or longer connections ¥ Bandwidth is shared ¥) Many virtual connections on one physical connection Example; - Frame Relay (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 Al contonts are copyright 2012 2014 A rights reserved. (NETWERK rage 60Leased line:- + Apermanent/dedicated physical connection which is used te connect + Two different geographical areas. This connection is provided by telecommunication companies like BSNL in India. «Leased line provides service 24/7 throughout the year, not like Dial-up Connection which can be connected when required. Leased Lines are obtained depenciing on the annual rental basis. Moreover, its rent depends on the distance between the sites. TEASED LINE IS OF TAREE TYPES 1) SHORT LEASED LINE 2) MEDIUM LEASED LINE 3) LONG LEASE LINE (PLC) Short leased line which is ased with in the city and cast is also less for i, ‘Medium leased line is used fo connect siles in two different slates like Hyderabad and Chennai. ‘Long Leased Line also called as IPLE: Islands for inlernational private lease circuit uses fo connect twe different countries. I's the most expensive among all + Leased Line provides excellent quality of service with high speed of data transmission. «© Asit'sa private physical connection assures compiete security and privacy even with voice. «Speed of the leased! line varies from 64 khps to 2 Mbps or more. Always Leased Line has fixed bandwidth Note:- Once leased line is setup not only we can sénd data but transmission of voice is also possible. In addition to this, both voice and data can be sent simultanecusly, (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 i contents are copyright @2012 2014 rights rnered (NETWERK rage siExample of Leased Line Lan 10.90.01 HYDERABAD BIE Daia Communication Equipment + Data Termination Bquipment Generate clocking (he. Speed). ‘+ Accept clocking (te. Speed), Example of DCE device in Leased line | + Example of DTE device in Leased setup : V.35 & G.703 Modem & line setup : Router Exchange (Moder & MUX) Example of DTE device in Dial up Example of DCE device in Dial up settip : Computer setup : Dialup Modem Coming to the hardware requirements J) Leased Line Modem 2) V.35 connector & cable 3) G.703 connector & cable Leased line Modem also called as CSU/DSU (Channel Service Unit and Data Service Unit). it acts as a DCE device which generates clock rate. (CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 {a contate ar cnpyright @2012 #010 ght rcere. (NETWGRK rage «2Lab Satup an Representation ‘SO _l V.35 Back to Back Cable A Back to Back Cable is used which emulates the copper wire, modems and MUX, the complete exchange setup, ‘© Without DCE & DTE device communication is not possible, [Wote:- while practicing labs we use V.36 cable for back to back connection with router where asin real time V.35 cable terminates at the Lease Line Modem. That's the reason we have to use clock rate command in the labs where as it's not require in the real scenario, CSU/DSU is used to generate the speed. In different countries different codes are used for Leased Line wath different speeds. in Europe its is identified as E whereas in UK its is identified with letter T Jn Europe, there are five pes of lines distinguished according to thew speed: 1. 0 (64Kbps), 2, E1=32 £0 lines (2Mbps), 3. El = 128 BO lines (@Mbps), 4, E3= 165! lines (34Mbps). 5. E4=64£! lines (140Mbps) Inthe United States, the concept is as follows: TI (1.544 Mops) TI lines (6 Mbps), 8 TI lines (#5 Mbps), 68 7! tines (275 Mops) DISADVANTAGES COMPLETE SECURE © EXPENSIVE HIGH BANDWIDTH © PERMANENT PHYSICAL HIGH SPEED CONNECTION CONNECTION SUPERIOR QUALITY RELIABLE (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 A contnt aro copyight @2012-201 al righ recrved. (NETWGRK rage esRules to assign the IP address to the router: |. All the LAN and WAN should be in different networks (or should not repeat the same networks). Rouler Ethernet P and the LAN network assigned should be in the same network . Both the interfaces of router facing each other should be in the same network. All the interfaces of routers should be in the different network. ‘The below diagram demonstrates the above rules: mo") | i ated *.%, anes sees wares wvaiesas smntesns = weasenat a4ee4a toasesia Wiweseat waacore All contents aro copyright @2013 ~ 2014 All rights reserved. ETWGRK rage 64 (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) # 35012 @LAB: BASIC IP CONFIGURATION: 192,168.24 192,169.22 192.165.2.0/24 1. Design the topology as per the above diagram 2. Configure Ip address as per the diagram and rules 3. Verify the Interface status using command ©) show ip interface brief ON ROUTER -1 Router> enable Router# configure terminal Router (config) # hostname R-I Rl (config)! interface fastEthernet 0/0 Rel(config-iDit ip address 192.168.1.100 255.258.255.0 R-l(config-i#t no shutdown R-1(Config-iit R-1(Config-iDitexit R-l(config)# intextace serial 0/0 R-1(conlig-i#ip address 10.0.0.1 255.0.0.0 ETW@RK rage 6s All confonts are copyright @2013 ~ 2014 All righes reserved. (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) “mGR-l(config-it no shutdown R-1(contig-i# clock rate 64000 NOTE: © clock rate is only required in the lab scenario as we are using @ back to back cable instead of the real exchange where the modems will be installed which will generate the clocking here clock rate has to be generated manually using clock rate corumand Re-liishow ip interface brief Interface [P-Address OK? Method Status Protecol Fastthemet0/1 me YES unset cM ‘down down Senal0/1 unassigned YES unset administratively clown ciown ON ROUTER-2 Router enable Router# configure terminal Router(config)## hostname R-2 R-2(contig)# interface fastEthernet 0/0 R-8(contig-ibit ip address 192.168.2.100 255.255.255.0 R-2(config-ibttno shutdown R-2(contig-ipitexit R-a(conlig)it interface serial 0/0 R-2¢conlig-iitip address 10.0.0.2 255.0.0.0 R-2¢conlig-ibi4ne. shutdown R-a(config-iN# clock rate 64000 R-2iishow ip interface brief Interface iP-Address OK? Method Status Protocol manual up up FastEtherme!0/] unassigned YES unset administratively down down SerialQ/1 unassigned YES unset administratively down down (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (( (NETWERK rage 66 All contonts aro copyright @2013 - 2014 All rights rasorved.R-litshow ip interface hrief Interface IP-Address OK? Method Status Protocol FastEthemnet0/0 192.168.1.100 YES manual up up FastBthernet0/1 ed YES unset administratively down down Serial0/1 unassigned YES unset administratively down down Retisping 10.0.0.1 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is @ seconds: 5), round-trip minvavg/max = 2/4/8 ms ‘Troubleshooting the connectivity: Router # show ip interface Brief 1) Serial is up, line protocol is up Connectivity is fine. 2) Serial is down, line protocol is down + remote device tumed off + remote port isin shutdown state interface on the remote router has to be configured problem with connectivity 3) Serial is administratively down, line protocol is down © local port is in shut down state ‘No Shutdown has te be given on ths local router intestace 4) Serial is up, line protocol is down * Encapsulation mismatch clock rate command not given on serial interface (anly applies in lab scenario ) ifusing PPP, then authentication mismatch CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 connote copyright 2011201 A ight ered (RETWERK rage 67WAN PROTOCOLS Leased Lines uses two types of WAN encapsulation protocols: 1) High Data Link Protocol (HDLC) 2) Point to Point Protocol (PPP) DLC ‘PPP Higher level data link Control protoco! Point to Point Protocol Default on serial lini: Standard Layer 3 WAN Protocol Cisco Propnetary Layer 2 WAN Protocol Supports Authentication Doesn't support Authentication Support error correction Doesn't support Compression and error conection R-Iitsh interfaces 50/0 Serial0/0is up, line protocol is up (connected) Hardware is HD64570 Internet address is 10.0.0.1/8 MTU 1800 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, toad 1/255, rxioad 1/255, Eheapsilation DEG. loopback not st. keepaiive set (10sec) Last mput never, ouipat never, output hang never Last clearing of "show interface” counters never ‘Input queue: 0/75/0 (size/max/eirops): Total eutput drops: O ‘Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwrdth 1158 kilabits/sec 5 minute input rate O bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec S packets input, 640 bytes, 0 no buffer Received 0 broadcasts, O runts, 0 giants, 0 throttles O input errors, 0 CRC, 0 frame, O overrun, 0 ignored, 0 abort S packets output, 640 bytes, Ouncermuns Ooutput errors, Ocollisions, | interface resets O output buffer failures: 0 output buffers swapped out Ocazrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up PPP supports two authentication protocols: + PAP (Password Authentication Protocol) «CHAP (Challenge Handshake Authentication Protocol) PAP (Password Authentication Protocol) + PAP provides a simple method for a remote node to estabiish its identity using a two-way handshake. + PAPis done only upon initial link establishment CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 i contents are copyright 2012-2014 rights rnered (NETWGRK rage oe+ PAPisnot a strang authentication protocol + Passwords are sent across the link in clear text. Passwords sent in cleartext {Pear in contro! of attempts ‘CHAP (Challenge Handshake Authentication Protocol) After the PPP link establishment phase is complete, the local router sends a unique “challenge” message to the remote node, The remote node responds with a vale (MDS) ‘The local router checks the response against its own calculation of the expected hash value. Ifthe values match, the authentication is acknowiediged. Otherwise, the connection is terminated ammediately. Use secret known only to authenticator and peer Configuration of HDLC:- Router(config)# interface serial 0/0 Router(config-i# encapsulation hlle (default is HDLC even itu don't configure this command!) Configuration of PPP: Router# configure terminal Router(config)t! interface serial 0/0 Router(config-i# encapsulation ppp CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 “A conmata ar copyright @2013 2014 ieighteracerve (RETWGRK rage e9To Enable CHAP Authentication Router(configy# Interface serial 0/0 Router(contig.ifit encapsulation ppp Router(config-if# ppp authentication chap To Enable PAP Authentication:- Router(config)i! interface serial 0/0 Router(config-if# encapsulation ppp Router(config-i ppp authentication pap (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWRK rage 70 All contonts aro copyright @2013 - 2014 All rights rasorved.LAB: BASIC CONFIGURATION USING THREE ROUTERS 192.168.1. HATE op 1684.4 192165.1.2 192.168.1.0/24 192.168.2.0/24 19246894 107.1582 sorscna4s 19946892 192.168.3.0/24 ROUTER -1 Router(config)#t hasmame RI R-l(config)# interface fastEthernet 0/0 Rel(config-iD# jp address 192.168.1100 255.255.2550 R-l(config-ipit no shutdown Rl(contig int °oLINK-S-CHANGED: Interface FastEthemei0/0, changed state to up °oLINEPROTO-S-UPDOWN: Lane protocol on Interface Fastéthemet0/0, changed state to up Rel (config-ibitexit R(contigyitinterface serial 0/0 R(config-ihitip address 10.0.0.1 256.0.0.0 Re(configupitno shutdown Rel(config-i# clock rate 66000 NOTE: * clock rate is only required in the lab scenario as we are using a back to back cable instead of the real exchange where the modems will be installed which will generate the clocking © here clock rate has to be generated manually using clock rate command R-lttshow ip interface brief (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCLE (R&S, SP) “mi ETW&RK page 71 All contonts are copyright @2013 ~ 2014 All righ¢s reserved.Interface [P-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES unset administratively down down ‘Senal0/? unassigned YES unset admuzustratively down down ROUTER -f R-2>enable R-2(config)i# interface fastEthernet 0/0 R-2(contig-if# ip address 192.168.2.100 255.259.255.0 R-2(config-iN#no shutdown R-2(config-ifitexit R-2(config)it interface serial 0/0 R-2(config-ib# ip address 10.0.0.2 255.0.0.0 R-2(config-ii#no shutdown R-&(contig-if#clock rate 64000 R-2(config)it interface serial 0/2 R-2(config-iN# jp address 11.0.0.1 255.0.0.0 R-2(config-iNet no shutdown R-2(config-iN#tclock rate 68000 R-2ttshow ip interface brief Interface iP-Address OK? Method Status Protecel up up Fastethemet0/0 — 193.168.2.100 YES manual Fastithemet0/1 ae YES unset administratively down cown ROUTER-3 Router>enable Routerteonft Router(configthostuame R-? (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ ETWGRK rage 72 All contonts aro copyright @2013 - 2014 All rights rasorved.R-S(config)#interface fastEthernet 0/0 R-2(contig-ib# ip address 192.168.3.100 255.255.255.0 R-3(config-iftno shutdown R-3(contig-ifitenit R-3(config)#interface serial 0/0 R-3(config-initip address 11.0.0.2 255.0.0.0 R-3(config-iN#no shutdown R-3(config-iN#clock rate 64000 R-3(config-ii# end R-3itshow ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 eae YES unset administratively down down Sental0/1 unassigned YES unset administratively down down R-2itping 10.0.0.1 Type escape sequence to abort Sending §, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Success Fal@iEUOOBSREHt (9/5), round-trip min/avg/max = 4/12/44 ms R-itping 1.0.0.2 ‘Type escape sequence to abort, Sending 8, 100-byte ICMP Echos to 1 1.0.0.2, timeout is 2 seconds: Success SIBUOOBERGOHL (6/5), roundl-tp man/ang/max = 4/7/20 ms NOTE: Once the interiaces are up you should be able to ping to the directly connected interfaces of the other routers, CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 A contnt aro copyright @2012-201 a rights recrved. (NETWGRK rage 73ROUTING Routing + Forwarding of packets from one network to another network choosing the best path from the routing table, + Routing makes possible for two or more different networks to communicate with each other. + Routing table consist of only the best routes for every destinations. Types of Routing I. Static Routing 2. Default Routing 3. Dynamic Routing Static Routing + itis configured manually by the Administrator. + Mandatory need for the Destination Network ID + For every destination routing has to be done manually + Used for Small organizations + Administrative distance for Static Route is 0 or I. Advantages: + There is no overhead on the router CPU + There is no bandadth usage between routers + Itadds secunty because the administrator can choose to allow routing access to certain networks only. Disadvantages of static routing:- Used for smail network. (t's not feasible in large networks } Each and every network has to be manually condigured The administrator must really understand the internetwork and how each router is connected in order to configure routes correctly. Any changes in the internetwork has to be updated in all routers Configuring Static Route Router(config)# ip route Or Rouler(conlig)#t ip route (CCNA R&S Workbook by Sikandar Gouse Moinucdin CCIE (R&S, SP) nm G (NETWRK rage 74 All contonts aro copyright @2013 - 2014 All rights rasorved.LAB: STATIC ROUTING eset 192.168.2.4 192,169.22 192.165.1.0/24 192.168.2.0/24 Pro-requiement for LAB (check previous labs) = Design the topology (connectivity ) ‘© Assign the IP address according to diagram © Make sure that interfaces used should be in UP UP state TASK: © Configure Static routing * Verify Routing table and reachability between the LAN's (using PING and TRACE commands } R-liishow ip route Gateway of last resort is not set oda 1s directiy connected, FasiEthernetd/0 Re2itshow ip route Gateway of last resort is not set ic 132004 aro come sno 41s directiy connected, FastBthernet6/0 NOTE: + The above routing table displays only the networks which are directly connected © By default router don't know about the networks which are not directly connected and that the reason there is no reachability ketween the two LAN's * Soto provide reachability we need to implement any type ofthe routing (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) “mG IETWGRK rage 75 All contents are copyright @2013 ~ 20/4 All righ¢s reserved.1 BSB. BS5, 255.0 Default Gateway. 192.188.1.100 Po>ping 192.168.2.1 Pinging 192.168.2.1 with 22 bytes of data: Reply Reply from 192.166.1100; Destination host unreachable. Reply from 192.166.1.100: Destination host unreachable. Ping statistics for 192, 168.2.1: Packets: * From the above output we can see there isna communication between 192.168.1.1 and 192.166.2.! and they are on different networks, in order to communicate we need to implement any of the routing (here in this we use static routing ) OnRd R-l(contig)# ip route 192.168.2.0 255.255.255.0 10.0.0.2 R-I(contig)# end Relish ip route Gateway of last resort is not set C 10.0.0.0/8is directly connected, Seriald/0 © 194.166.1.0/24 is aa comected, PasiEternet0/0 OnR? R-2(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.1 R-2¢confightend R2itshow ip route Gateway of last resort is not set C_10.0.0.0/8 is oe ae Serialo/o C 198.168.2.0/24 is chrectly connected, FastEthernet0/0 PC>ipconfig IPAddres Default Gateway, soot 192. 168.1,700 CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35017 Al contonts are copyright 2012 2014 Al right reserved. (NETWERK rage 76PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data Request timed out Reply’ Reply irom 192, 168.2.1; bytes=32 tm Reply from 192,168.21: byies=22 tim PO>ping 192.168.2.2 Pinging 192,168,2.2 with 32 bytes of data: Request timed out =32 time=2 lms TTL=126 Reply fram 192,166.2.2: bytes=32 Ume=19ms TTL=126 Reply from 193.166.2.2: bytes=33 time=14ms TTL=126 PC>tracert 192.168.2.1 Tracing route to 192,168.2.1 over a maximum of 30 hops: Reitping 192,168.11 ‘Type escape sequence to abart Sending §, 100-byte ICMP Echos to 192.168. 1.1, timeout is 2 seconds: Success rate is ISO BSHEHE (5/8), round-trip min/avg/max = 10/15/18 ms CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35017 Al cononts re copyright @2012 2014 rights reserved. (NETWEBRK page 77LAB : STATIC ROUTING USING THREE ROUTERS 19216821 192.198.22 19219834 19216832 192.108.1.2 192.168.2.0/24 192.168.1.0/24 192.165.2.0/24 Pre-requizement for LAB (check previous labs) * Design the topology (connectivity ) © Assign the iP address according to diagram + Make sure that interfaces used should be in UP UP state TASK: * Configure Static routing + Vetily Routing table and reachability between the LAN's (using PING and TRACE commands} Relish ip route Gateway of last resortis not set C 10.0.0.0/84s divectly connected, Seriald/0 C 192,188.1.0/24.8 directly connected, FastBthernet0/0 R-ifish ip route Gateway of last resort is not set © 19.0.0.0/8 ws directly connected, Sertai0/0 C_11.0.0.07 is directly connected. Seriaid/i C 198,168.2.0/24 is directly connected, FastEthernet0/0 R-iftsh ip route Gateway of last resort is not set C 11.0.0.0/8 is directly connected, Seriai0/0 C 192.168.3.0/24 1s directly connected, FastEthernet0/0 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 “A eonmata ar copyright @2012 2014 rights raseroed @ ETW&RK rage 7Router- 1 R-l(conlig)it ip route 192.168.2.0 255,255.255.0 10.0.0.2 R-1(config)tt ip route 192.168.3.0 255,255.255.0 10.0.0.2 R-1(config)#t ip ronte 1.0.0.0 255.0.0.0 10.0.0.2 Router-2 R-2(Config)#t jp route 192.168.1.0 255.255.255.0 10.0.0.1 R-2(config)#t ip route 192.168.3.0 255.255.255.0 11.0.0.2 Ronter-3 P-3(config)# ip route 192.168.2.0 255.255.255.0 11 R-S(config)# ip route 192.168.1.0 255.255.255.0 11 R-3(config)# ip route 10.0.0.0 288.0.0.0 11.0.0.1 Relitshow ip route Gateway of last resort is not sat connected, Serial0/0 0/24 is directly connected, FastBthernet0/O R-2#show ip route C 10.0.0.0/6 is directly connected, SerialO/0 C_11.0.0.0/8 is curectly connected, SerialO/? C_ 193.168.2.0/24 is se connected, FastEthernet0/0 R-Sitshow ip ronte CA ‘aaah connected, SevialO/o C 192.168.3.0/24 is directly connected, FastBthernetl/0 PC>ipcontig IP Address. 192,168.11 ‘Subnet Maske... 0.2 BB5.255.258.0 Defatilt Gateway corenee! 298.168.1.100 PC>ping 192.168.2.1 Pinging 192,168.2.1 with 32 bytes of data: (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCHE (R&S, SP) # 35012 @ IETWGRK age 79 All contonts aro copyright @2013 - 2014 All rights rasorved.pigisa ist aie Reply on 198 188 2.422 i Reply from 192. 168.2.1- byies=32 time Reply from 192, 168.2.1: bytes=32 tir PO>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data Feet umedcat Reais 192 LOOSUBHGS-92tine-27me TH 125 Reply from 192.188.3.1: bytes=32 time=22ms TTL=125 Reply irom 182,168.3.1; bytes=32 time=25ms TTL=125 PC> tracert 192.168.3-1 Tracing route to 193.168.3.1 over a maximum of 30 hops: 1 Sms ems a ‘Trace complete. Rilitping 192.168.3.1 Type escape soquonce to abort Sending §, 100-byte ICMP Echos to 192.166.3.1. timeout is @ seconds: Success rate is JOOBSRG@ht (5/5), round-trip min/avg/max = 9/18/31 ms Resitping 192.168.1.1 Type escape sequence to abort. Sending 8, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rato is JOO BERGHE (6/5), round-tnp min/ang/max = 10/15/18 m= (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 6 (NETWERK rage a0 All contonts aro copyright @2013 - 2014 All rights rasorved.STATIC DEFAULT ROUTING: Default route is used when destination is unknown (internet ) Also can be used ai end locations where there is only one exit path for any destination Default routes help in reclucing the size of your routing table. Ifthe routers donot found an enty for the destination networkin a routing table, the router will forward the packet to its default route. Last preferred route mn the routing table Lan a92.168,10/24 Tr202.54.20./24 Configuring Default Route Ronter(configy# ip route Or Router(config)it ip route (NETWERK All contents are copyright @2013 ~ 2014 All righes reserved. (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) nmLAB : DEFAULT ROUTING Es ~ ee ‘swe Ss = 6831.2, S B i» es eae r9etes24 19218822 aw21sssa Ze 192.168.1.2 192.168.1.0/24 102.168.2.0/24 192.165.3.0/24 Pre-requirement for LAB (check previons labs) + Design the topology (connectivity ) + Assign the IP address according to diagram + Make sure that interfaces used should be in UP UP state TASK: + Configure Default route used on Ri and RS . static routing on RE + Venty Routing table and reachability between the LAN's (using PING and TRACE commands ) Relitsh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serialo/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 Re2ish ip route Gateway of last resort is not set C 10.0.0.0/6 is directly connected, Sexial0-0 C 11.0.0.0/8 is directly connected, Serial0/! © 192.168.2.0/24 is directly connected, FastEthernet0/0 Rodish ip route Gateway of lest resort is not set © 11.0.0.0/8 is directly connected, Serialo/0 © 192.168.3.0/24 is direcily connected, FastEthernet0/0 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [A conmata ar copyright @2013-2014 rights raseree @ IETWERK page a2Routor- 1 R-l(contightip route 0.0.0.0 0.0.0.0 10.0.0.2 Ronter-2 R-2(config)#tip route 192.168.1.0 255.255.255.0 10.0.0.1 R-O(config)tip route 192.168.3.0 255.255.255.0 11.0.0.2 On Router-3 R-3(config)# ip route 0.0.0.0 0.0.0.0 1.0.0.2 Rulitsh ip route Gateway of last resort C 10.0.0.0/8 is directly connected, Seriald/0 C_ 192.168. 1.0/24 is directly connected, FastEthernet0/0 R2itsh ip routo Gateway of last resort is not set © 10.0.0.0/8 is directly connected, Serial0/a C_11.0.0.0/8 is connected, Serial0/! C 192.168.2.0/24 is a ‘connected, FastEthernet0/0 R-Siish ip route Gateway of last resort is © 11.0.0,0/8 is directly connected, Senal0/0 C_ 192.1683 gs is an connected, FastEthernet0/0 192,188.11. vu! Q55, 255, 268.0 Default Gateway... : 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.8.1 with 32 bytes of data: Request timed out. 7-32 time=J9ms TTL=126 Reply from 198. 168.2.1- bytes=32 time=20ms TTL=126 Reply from 198, 168.2.1:bytes=32 time=14ms TTL=126 PC>ping 192.168.3.1 Pinging 192,168.3.1 with 32 bytes of data: Request timed out, CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 i contents are copyright Q2012 2014 righ rnered (NETWERK rage asREP IROMSRUOTINMBHES=32 time =27ms TTL=125 Reply trom 192, 168,3.1: bytes=22 time=a@ms TTL=125 Reply rom 192, 168.3.1: bytes=3? time=25ms TTL=125 PC>tracert 192.168.3.1 Tracing route to 192,168.3.1 over a maximum of 30 hops: 1 Sms &ms éms 2 1ams 9ms &ms |} a iTms 6ms [ams 4 24ms a7ms 25 ms Trace compiete. Relitping 192.168.3.1 Type escape sequence to abort. Sending §, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate is 1O0/Bereeht (5/5), round-trip min/avg/max = 9/16/31 ms R-Siping 192.168.1.1 Type escape sequence to abort. Sending §, 100-byte ICMP Echos to 192.168. 1.1, timeout is 2 seconds: Success rate is NOO)BGREGh (5/5), round-trip min/avg/max = 10/15/18 ms (CCNA R&S Workbook by Sikandar Gouse Moinudidin CCIE (R&S, SP) nm (NETWGRK rage 4 All contonts aro copyright @2013 - 2014 All rights rasorved.DYNAMIC ROUTING Advantages of Dynamic over static: There is no need to know the destination networks, Need fo advertise the directiy connected networks, Updates the topology changes dynamically. Administrative work is reduced Used for large organizations. Neighbor routers exchange routing information and build the routing table autornatically, this is easier than using static or default routing Types of Dynamic Routing Protocols * Distance Vector Protocol © Link State Protocol + Hybrid Protocol ‘DISTANCE VECTOR | LINK STATE PROTOCOL | HYBRID PROTOCOL PROTOCOL, (Advarce Distance vector ! Protocol) Works with Bellman Works with Dykstra | Works with DUAL Ford algoritam algorithm algorithm Periodic updates Incremental updates Incremental updates ull Routing tabies Messing routes are + Missing routes are are exchanged exchanged exchanged Classful routing Classless routing (Classless routing protocol protocol protocol Updates are through Updates are through Updates are through broadcast muiticast multicast Example: RIP v1, Example : OSPF, ISS + Example i EIGRP RIPva, IGRP dink state updates + Also called as Less overhead More overhead Advance Distance Easy (o conigure Difficult to configure vector Protocol + Less overhead Easy to configure Classful Protocols: * Classful routing protocol do not carry the subnet mask information along with updates «which means that all devices in the network must use the sare subnet mask (FLSM or default ) + Be: RP rl, IGRP Classless Protocols: * Classless routing protocol carry the subnet mask information along with updates ‘© That's wiy they support sub networks( VLSM and FISM) and default networks also Ex: RiPva , EIGRP, OSPF, 15-IS (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 4 contonts are copyright 2012 2014 ll rights reserved. (NETWERK rage 8sROUTING INFORMATION PROTOCOL VI Open Standard Protocol ( Cisco and non-Cisco ) Classful routing proteco! Updates are broadcasted via 255.255.255.255 Administrative distance is 120 ‘Metric : Hop count (deast hops is the best) ‘Max Hop counts: 15 ‘Max routers: 16 16 th hop is unreachable Load Balancing of 4 equal paths Used for small organizations Periodic updates and Exchange entire routing table for every 30 seconds Rip Timers ‘+ Update timer : 30 sec = Time between consecutive updates + Knvalid timer :180 sec = Time a router waits to hear updates ~The route is marked unreachable if there is no update during this interval. + Flush timer : 240 sec = Time before the invalid route ts removed from the routing table ‘+ Hold down timer 180see = Stabilizes routing information and helps preventing routing loops during periods when the topology is converging on new information. = Once a route ismarked as unreachable, it must stay in helddown long enough for all routers in the topology to learn about the unreachable network Convergence time is the time taken by the rouler {0 use alternate roule ifthe best route is down. RIP Version? + Classless routing protocol (support default and sub networks } + Supports VLSI + Supports authentication + Uses multicast address 274.0.0.9 Advantages of RIP Easy to configure No design constraints like OSPF protocat No complexity Less overkoad Disadvantage of RIP Bandvadth utization is very high as broadcast for every 30 second Works only on hop count (not consider the Bandwidth) Not scalable as hop count s oniy 15 — Slowconvergence Two steps in dynamic protocols 1. Select protocol (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 i contoncs arn copyright @2012 2014 rights ranered (NETWERK rage 262. Advertise directly connected networks Configuring RIPv 1 Router(config)#t ronter rip Router(config-router)# network Configuring RIP v2 Router (config) ftreuter mp Router (config-router)# network Router (Config-router)#t version 2 (CCNA R&S Workbook by Sikandar Gouse Moinucdin CCIE (R&S, SP) nm (NETWERK rage a7 All contonts aro copyright @2013 - 2014 All rights rasorved.IC ROUTING USING. tthe . Sq ~ o a Sa-5 J s92.108.4. ‘ve2t09.44 r9216s.2.1 192.1082.2 192A ZTE 192.168.1.2 192.168.1.0/24 192.168.2.0/24 192.108.3.0/24 STEPS: Pre-requirement for LAB (check previous labs) D) Design the topology (connectivity) 2) Assign the IP address according to diagram 3) Make sure that interfaces used shouid be m UP UP state What we do in this lab 4) Dynamic routing using RiPv2 5). Verity Routing tabie and reachability between the LAN's (using PING and TRACE commands) Relish ip route Gateway of last resort is not set directly connected, Senial0/0 4 is directly connected, FastBthernet0/0 Retitsh ip route Gateway of last resort is not set irectly connected, Serial0/0 cirectly connected, Serial0/1 4 is directly connected, FastEthernet0/0 R-Sitsh ip route Gateway of last resort is not set ‘connected, Serial0v0 0/24 is direc connected, FastEthernet0/O (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) nm (NETWRK rage 8 All confonts are copyright @2013 ~ 2014 All righ¢s reserved.Router- 1 R-l(configh#router rip R-l(config-router)#version 2 R-1(Config-router) #tmetwork 192.168.1.0 Re (Config-router)#metwork 10.0.0.0 R-1(config-router)#tend Ronter-2 R-2(contig)#trouter rip R-2(conlig-router)tHwersion 2 R-2(config-router) tmetwork 192.168.2.0 R-2(config-router) #metwork 10.0.0.0 R-2(config-router) #network 11.0.0.0 R-2(contig-router)tend Router-3 R-3(conlig)#router rip R-3(config-router)#version 2 R-3(config-router)#metwork 192.168.3.0 R-3(Config-router) #metwork 12.0.0.0 R-3(config-router)Hend Relitsh ip route Gateway of last resort is not sat C_10.0.0.0/8 is directly connected, Serial9’0 C_198.188.1.0/24 is directly connected, FastEternet0/0 Reitsh ip route Gateway of last resort is not set C 10.0.0.0/8 1s directly connected, Serial0/0 C 110.0085 me connected, SerialO/? C 192.168.2.0/24 is ate connected, FastEthernet0/0 CCNA R&S Workbook by Sikandar Gouse Moinucdin CCIE (R&S, SP) # 35012 6 (NETWERK rage 29 All contonts aro copyright @2013 - 2014 All rights rasorved.R-Sitsh ip route Gateway of last resort is not set cot sesame Serial0/0 C 192.168-3,0/24 is chrectly connected, FastEthernet0/0 R-litshow ip protocols Routing Protocol is Sending updates eve: Outgoing update filter list for all interfaces is not set Incoming update filter list for alf interfaces is not set Redisiributing: sip Default version control: send version 2, receive 2 Interface Send Racy Triggered RIP Key-chain Automatic network summarization isin effect ‘Maximum path: 4 Routing for Networks: Passive Interface(s): Routing information Sources: Gateway Distance Last Update 10.0.0.2 120 00-0008 Distance: (default is 120) R.litshow ip route rip R 11.0.0,0/8 [120/1] via 10.0.0.2, 09:00:24, Serial0/0 R 192,168.2.0/84 [120/1] via 10.0.0,2, 00:00:24, Sorial0/0 RB 192,168.3,0/24 [120/2} via 10.0.0.2, 00:00:24, Serial0/0 PC>ipconfig IP Addres Subnet Mase... su! 255 255.258.0 Default Gateway... : 198.168.1.100 PC>ping 192.168.2.1 Pinging 198,168.2.1 with 32 bytes of data: est timed out. 32 time=19ms TTL=126 Reply from 192, 166.21: bytes=32 tirie=20ms TTL=126 Reply from 192.168,2.|: bytes=32 time=]4ms TTL=126 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 fi connate cppigh 2010201 lige recarved (REWORK rage 90PC>ping 192.168.3.1 Pinging 192.168.3.1 oth 32 bytes of data Request timed out 5-32 time=B7ms TTL=125 Reply srom 192,168.3.1: bytes=32 time=22ms TTL= 125 Reply from 192.188.8.1: bytes=32 time=25ms TTL=123 PC>tracert 192.168.3.1 Tracing route fo 192,188.3.1 over a maximum of 30 hops: 1 Sms @ms @ms 198,166.1.100 2 12ms Gms Sms 10.0.0.2 3.17ms ms I2ms 11.002 4 24ms 27ms 25ms 192,168.31 Trace complete. Relitping 192.168.3.1 Type escape sequence to abort. Sending 8, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds; Success rate is WOOB6REOh (5/5), round: trp min/avg/max = 9/16/31 ms R-Sitping 192.168.1.1 ‘Type escape sequence to abort, Sending §, 100-byte ICMP Eckos to 192.168. 1.1, timeout is 3 seconds: Success rate 1s JOOBSREOH (5/6), roundl-tnp min/avg/max = 10/15/18 ms (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) mm ETW&RK page 91 All contonts aro copyright @2013 - 2014 All rights resorved.Administrative Distance tis the trustworthiness of the information received by the router. The Number is between 0 and 255 Least value is more preferred. + show ip protocols Default administrative distances are as follows ‘Directly Connected = 0 EIGRP = 90/170 isis = US Autonomous System Number An autonomous system is collection of networies under a commen administrative domain Auunique number identifying the Routing domain of the routers. Ranges from 1- 65835 Public 1- 64812 Private ~ 64513 - 65535 Private AS: used within the same service providers Public AS: used in between multiple service proviciers Routing Protocol Classification cP EGP Interior Gateway Protocol Exterior Gateway Protocol Routing protocols used within te same Routing protocol used between autonomous system number different autonomous systems All routers wll be routing within the Routers in different AS need an same Autonomous boundary EGP Ex: RIP, IGRP, EIGRP, OSPE, IS-IS Ex: Border Gateway Protocol © IGPs_ operate within an autonomous system ‘© EGPs connect different autonomous systems (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 A contents arn copyright 2012-2014 rights rnered (NETWERK rage 22IGPs; RIP, OSPF, IGPs: RIP, OSPF, IGRP, EIGRP Eeps:pep TGR, EIGRP [interior Gateway Protocol BGP [Pitace Vector] | Li Sate ETW&RK rage 93 All contonts are copyright @2013 ~ 2014 All righ¢s reserved. (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCLE (R&S, SP) # 35012 @ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL Cisco calls EIGRP a distance-vector routing protocol or sometimes an advanced distance-vector or even a hybrid routing protocel Cisco proprietary protocol Classless routing protocol Includes all features of IGRP Metric (38 bit) : Composite Metric (BW + Delay + Joad + MTU + reliability ) Administrative distance is 90 Updates are through Multicast (224.0.0.10) ‘Max Hop count is 268 (100 by default} Supports IP, IPX and Apple Talk protocols (Obviously we won't use IPX and AppleTalk, but EIGRP does support them.) Hello packets are sent every 5 seconds (dead interval 15 sec) Convergence rate is very fast Ituses DUAL (diftusion update algorithm) Supports equal and unequal cast joad balancing lam router A, who is. on the fink? card i Holl, 1am router B. my compete routing information. eer ‘Thanks forth infrmationt Here is my complete route information. a ry comp tela ote into aE Thanks fort ntormsaton! — S| ice aca __ oe EIGRP maintains three tables ‘Neighbor table = Contains list of directly connected routers # show ip eigrp neighbor + Topology table List ofall the best routes leamed from each neighbor -_ #Show ip eigrp topology + Routing table The bes! route to the destination — #show ip route (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [A eonmats ar copyright @2012 2014 firighterasereed (RETWGRK rage 94The neighbor and topology tables are stored in RAM and maintained through the use of Hello and update packets. The routing table is also stored in RAM, but that information is gathered only from the topology table. Successor + Successor is the best route used to forward packet to destination network. + Present in Routing table and Topology table Feasible successor + Afeasible successor is a second bes! route to a destination network + Hisconsidered a backup route + Present in Topology table + Used when the primary route (successor) qoes down EIGRP uses Diffusing Update Algorithm (DUAL} for selecting and maintaining the best path to each remote network, This algorithm allows for the following: + Backup soute determination if one is available ‘Support of VISMs + Dynamic route recoveries + Queries for an alternate route ifne route can be found Disadvantages of EIGRP © Works only on Cisco Reuters Configuring EIGRP Router(config)# router eigrp Router(config-router)# network NOTE: EIGRP uses autonomous system numbers to identify the collection of routers that share route information. ‘Only routers that have the same autonomous system numbers share routes. Sno should be same on all routers to becoms neighbors and exchange the routes. EIGRP routers that belong to different autonomous systems (ASes) don’t automatically share routing information and they don't become neighbors. By default, EIGRP can provide equal-cost load balancing af up to four links (actually, all routing protocols do this) However, you can have EIGRP actually load-balance across up to sux links (equal or unequal) by using the following command: R-l(config)i#router eigrp 10 Ri aimee ? Maximum Paths and Hop Count EIGRP has a maximum hop count of 100, but it can be set up to 258. Pod Ri(contighttrouter eigrp 100 Pod RI(config-rcuter)smetric maxirum-hops ? CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 A contnnt aro copyright @2012-201 argh recrved. (NETWGRK rage 95‘Shows the entire routing table #tshow ip route oigzp ‘Shows only EIGRP entries in the routing table Hshow ip eigrp neighbors Shows all EIGRP neighbors #show ip eigrp topology ‘Shows entries in the EIGRP topology table LAB: DYNAMIC ROUTING USING EIGRP 192168.2.4 192,188.22 AGS3.1 192:168.32 192,168.12 12. 168.3.0/24 192.168.1.0/24 192.188.2.0/24 Pre-requirement for LAB (check previous labs) * Design the topology (connectmty } © Assign the JP address according to diagram ‘© Make sure that intexfaces used skould be in UP UP state TASK '* Configure Dynamic routing using EIGRP 100 '* Verify Routing table and reachability between the LAN's (using PING and TRACE commands } R-Iiish ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Sevial0/0 C 192.168. 1.0/24 is directly connected, FastEthernet0/0 Re2sh ip route Gateway of last resort is not set © 10.0.0.0/8 is directly connected, Serialt/0 C 11.0.0.0/8 is directly connected, Serial0/? © 192.168.2.0/24 is direcily connected, FastEthernet0/0 R-3itsh ip route Gateway of last resort is not set C 11.0.0.0/8 is directly connected, Serial0/0 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) nm (NETWERK rage 96 All confonts are copyright @2013 ~ 2014 All righ¢s reserved.C 192.168.3.0/24 is directly connected, FastEthernet0/0 ROUTER-I R-l(contigy# router eigep 100 R-l(contig-router)# network 192.168.1.0 R-l(config-router)# network 10.0.0.0 ROUTER -2 R-a(configy#router eigrp 100 R-2(config-router)# network 192.168.2.0 R-2(config-router)# network 11.0.0.0 R-2(config-router)# network 10.0.0.0 ROUTER-3 R-3(config)# router eigrp 100 R-3(config-router)# network 192.168:3.0 R-3(config-rouler)#. network 11.0.0.0 R-2itshaw ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRIT RTO Q Seq (sec) (ms) Cat Num R-litshow ip route Gateway of last resort is not set © 10, ae Serial9/0 C 192.168 1.0/24 is sai ‘connected, FastEthernett/0 Relitshow ip route eigrp D 11.0.0.0/8 [90/2881856] via 10-0.0.2, 00:06:08, Sertalo/o D_ 192.168.2.0/24 (90/2172416] via 10.0.0.2, 00:08:08, Semal0/0 D_ 192.168.3.0/24 (90/2684416] via 10.0.0.2, 00:03:09, SenialvO R.2itshow ip route eigrp D_ 192,168.1.0/24 {90/21 78416] via 10.0.0, 1, 00:07:26, Seriall/0 D_ 192,168.3.0/24 [90/2172416] via 11.0.0.2, 00:04:52, SenalO/? (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) # 2 (NETWRK rage 97 All contonts aro copyright @2013 - 2014 All rights rasorvod.R-Siish ip route eigrp D_ 10.0.0.0/8 (90/2681886] via 1.0.0.1, 00:04:32, Serial0/0 D_ 192.168.1.0/24 [90/2684416] via 11.0.0.1, 00:04:32, Serial®/O D_ 192.168,2.0/24 [90/2172416] via 11.0.0.1, 00:04:32, Senial0/0 R-titsh ip protocols Routing Protocol 1s "6iGTBI0O” uigoing update iller lis forall interfaces is not set Incoming update filler lis for all sterfaces is notset Default networks flagged in ouigomg updates Default networks accepted from incoming updates HIGHP mettic weight E11, X2=0, KB=1, K4-0, KB-0 EIGRP maximum EIGRP maximum mewic variance 1 Redisinibuting: eigrp 100 ‘Automatic network summarization i in effect ‘Automatic address summarization: Maximum path: ¢ Routing for Networks: Routing information Sources: Gateway Distance Last Update 10.002 90 18606786 Distance: internal 80 extemal 170 R.titsh ip eignp topology IP-EIGRP Topology Table for AS 100 Codes: P - Passive, A - Active, U- Update, Q- Query, R - Reply, r+ Reply status P 192.168.1.0/24, 1 successors, FD is 28160 via Connected, FastEthernet0/0 P 10.0.0.0/, | successors. FD is 2159656 via Connected, Serial0/0 P 198.188.3.0/84, | successors, FD ts 2178418 ia 10,0.0.2 (3172416/28160), Soriala/0 P11.0.0.0/6, | successors, FD is 2681856 via 10.0.0.2 (268 1856/2 169856), Serial0/0 P 192.188.3.0/24, | successors, FD ts 2664416 via 10.0.0.2 (2684416/2 172416), Serial0/0 PC>ipconig IP Address. 4 Subnet MASK eevee! BSS BSS. 255.0 Default Gateway... : 192.168.1.100 PO>ping 192.168.2.1 Pinging 192,168.2.1 with 32 bytes of data: (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 A contain copyight @2012-201 a righ recrved. (NETWGRK rage 98acoso opi an Ln. 16a bpter=22 tr Reply Srom 192,168.2.1: bytes=32 tire Reply rom 192.188.2.1: bytes=32 time PC>ping 192.168.3.1 Pinging 192,168.3.] with 32 bytes of data Request timed out. 5-82 time=27ms TTL=125 Reply irom 192,168.3.1: bytes=32 time=22ms TTL=125, Reply from 192.188.3.!: bytes=22 time=25ms TTL=128 PC>tracert 192.168.3.1 Tracing route to 192.188.3.1 over a maximum of 30 hops: [Sms 8ms @ms 192,166.1.100 2 12ms 9ms Sms 10.008 31?ms @ms 12ms 11.0.0.2 4 24ms afms 28ms 192.168.3.1 Trace completo. Relitping 192.168.3.1 ‘Type escape sequence to abort. Sending §, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate 1s FOOBSREO (5/6), roundl-tnp min/avg/max = 9/16/91 ms R-Sitping 192.168.1.1 Type escape sequence to abort. a ding 8, 100-byle ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is JOO Bereent (5/5), round-tnp min/avg/max = 10/15/18 ms (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (( (NETWRK All contonts aro copyright @2013 - 2014 All rights rasorved.OSPF OSPF stand for Open Shortest path first OSPF is an open standard routing protocal that's been implemented by a wide variety of network vendors, inchacing Cisco It's a ink state protocol OSPF works by using ihe Dijkstra algorithm , First, a shortest path tree is constructed, and Then the routing table is populated with the resulting best paths. Unlimited hop count Metric 1s cost (cost=10 48/B.W.) Administrative distance is 110 Itusa classless routing protocol It supporis VLSM and CIDR Itsupporis only equal cost load balancing Introduces the concept of Area's to ease management and contro! traffic Provides hierarchical network design with multiple diferent areas ‘Must have one area called as area O All the areas must connect to area 0 Scales beiter than Distance Vector Routing protocols. Supports Authentication Updates are sent through multicast address 224.0.0.5 Faster convergence. Sends Hello packet every 10 seconds Trgger/incremental updates +» Router’s send only changes in updates and not the entire routing tables in periodic updates Router 1D © The highest IP address of the active pliyscal interlace ofthe router s Router ID. + logical interface is configured, the highest IP address of the logical utertace is Router 1D 1ZZ.10.0.4.10 202.15.32224 + Manual router-is most preferred £0 10.00.18 (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWERK rage 100 All contonts aro copyright @2013 - 2014 All rights rasorved.OSPF SEVEN STAGE PROCESS J) Establishing Bidirectional Communication 172.185.1724 172.165.2724 0 a = [Coown state) [Wig |___tam router 472.1651, and tes noone. a400.s Py pe} Lam router 10 172.1852, and see 172.105. Unicast to& "Ree elsnbors List, [arate 2%, im eo 2) Discovering the Network Routes e9| EO. 172.165.1 72.16.53 J Sep | will start exchange bocause | have routor ID 172.16.5.4 1 = Dub Here is 2 summary of my LSDB. a6. LH Hore te a summary of my LSOB. +560 No, | will start exchange because | hava a higher router 1D. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [A conmots ar copyright Q2012 2014 firighteraseeed (NETWGRK rage 1019) Adding the Link State Entries | E9 A728. 172.1653 hal] <_tanetroaitomaton oe ([eaatng State} Ts need the complete entry for network 172:6.6.0/24 TSR. Horo Is the ontry for network 172,16.6.0124. Ca 2 TRIER OAs } ‘Thanks for the information! LHe OSPF maintains three tables: Neighbor Table + Also known as the adjacency database ‘* Contains list of directly connected routers (neighbors) «© # Show ip ospf neighbor Database Table © Typicaliy referred to as LSDB (link state database) © Contains information about ail the possible routes to the networks with in the area © show ip ospf database Routing Table © Contains iist of best paths to each destination © #show ip route All the routers should Lave common datahase Link-State Data Stracture: Network Hierarchy Link state routing can have hierarchical network This two-level hierarchy consists of the following: ~ Transit area (backbone or area 0) — Regular areas (non-backbone areas) (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (( (NETWGRK rage 102 All contonts aro copyright @2013 - 2014 All rights rasorved.Issue of Maintaining of large OSPF network 1am receivins 4 The SPF is running too toomany LSA: often for me to route. My routing table Is too big, and | am running low on memory.| 2 OSPF Hierarchical Routing Autonomous System + OSPPis supposed to be designed in a hierarchical fashion, which basically means that you can separate the larger ntemetwort into smaller internetworks called areas. + The following are reasons for creating OSPF in a hierarchical design: + Te decrease routing overhead + To speed up convergence + To confine network instability to single areas of the networle All contents aro copyright @2013 ~ 2014 All rights reserved. ETWG@RK rage 103 (CCNA R&S Workbook by Sikandar Gouse Moinudidin CCIE (R&S, SP) aacThis does not make configuring OSPF easier, but more elaborate and difficult. ‘Types of OSPF Routers Area Backbone Area 0 ABR and Backbone! Internal Routers Backbone Autonomous Backbone Router “\ System Router OSPF Networking Hierarchy: «OSPF is hierarchical routing protocol. It enables better aciministration and smaller routing tables due to segmentation of entire network into smaller areas. OSPF consists of a backbone (Area 0) network that links all other smaller areas within the hierarchy. The following are the important components of an OSPF network Areas: An area consists of routers that have been administratively grouped together. Usualiy, an area as a collection of contiguous IP subnetted networks. Routers that are totally within an area are called intemal routers, All interfaces on intemal routers are directly connected to networks within the area. Within ar: area, all routers have identical topological databases. Area Border Routers: Routers that belong to more than one area are called area border routers (ABRs). ABRs maintain a separate topological database for each area to which they are connected. Backbone Area: An OSPF backbone area consists of all routers in area 0, and all area border routers (ABRs). The backbone distributes routing information between different areas. ‘Autonomous System Boundary Routers (ASBRs): Routers that exchange routing information with routers in other Autonomous Spstoms are called ASBRs. They advertise extomally leamed routes throughout the AS. Intornal Routers are routers witase interfaces all belong to the same area. These routers have a single Link State Database. Advantages of OSPF © Openstandard + No hop count limitations «Loop free + Faster convergence Disadvantages Coins ora cou sauces «Compl oder and implement + Simon equcos broncey (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 Eaahas ve copped gett anti ec ome (QETWERK rage 104Support only IP protocol clon't work on IPX and APPLE Talk Configuring OSPF Rouler(confi)#t router ospf Rouler(config-router)## network area LAB: DYNAMIC ROUTING USING OSPF IN SINGLE AREA X, “he ae ' Seles 19216814 IWS 69.68.14 17 BS r92.168.024 Pre-requirement for LAB (check previous labs) ‘+ Design the topology (connectivity ) © Assign the iP address according to diagram © Make sure that interfaces used should he in UP UP state Task © Configure Dynamic routing using OSPF single area as per the diagram * Venfy Routing table and reachability between the LAN's ( using PING and TRACE commands ) Relitsh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial9/0 C 192.168 1.0/24 is curectly connected, FastEthernet0/0 Reditsh ip route Gateway of lest resort isnot sat C 10.0.0.0/8 is directly connected, SerialO/0 C_ 11.0.0.0/8 is directly connected, Serial0/? (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # mG ETWORK page 105 All contents are copyright @2013 ~ 2014 All righes reserved.C 192.168.2,0/24 is directly connected, FastEthernet0/0 R-Siish ip route Gateway of last resort is not set € 11.0.0.0/8is directly connected, SerialO/0 © 192.168.3,0/24 is chrectly connected, FastEthernet0/0 Ronter-1 R-1(config)#router ospf 1 R-1(config-router)#metwork 192.168.1.0 0.0.0.255 area 0 R-1(config-router)#network 10.0.0.0 0.255.255.255 area 0 Router-2 R-2(config)#router ospf I R-2(config-router) network 192.168.2.0 0.0.0.255 area 0 R-2(config-router)#network 11.0.0.0 0.255.255.255 area 0 R-2(conlig-router)timetwork 10.0.0.0 0.255.255.2558 area 0 ee —— Router-3 R-3(config)#router ospf I R-3(config-router)#network 192.168.3.0 0.0.0.255 aread R-3(config-router)#metwork 11.0.0.0 0.255.255.255 area 0 hee Re2tshow ip ospfneighbor Neighbor ID Pri State Dead Time Address interface 198:168.1.100 @ FULL’ - 00:00:38 10.0.0. Sariald/o 192.168.3.100 @ FULL/- 00:00:37 11.0.02 — Serfal0/! R.litshow ip route Gateway of last resort is not set C_ 10.0.0.0/8 ts me Seriatoro C_ 192.168:1.0/24 is ion ‘connected, FastEthernet0/O lish ip route ospf O 11.0.0.6 [110/126] via 10.0.0.2, 00:04:25, Sexiala/o CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) # 35012 @ IETWDRK page 106 All contonts aro copyright @2013 - 2014 All rights rasorved.© 198.168.2.0{1 10/65] via 10.0.0.8, 00:04:25, Serial0/0 © 198. 188.3.0{110/189] via 10.0.0.2, 09:03:23, SertalO/0 R-2ishow ip route ospt © 192.188.1.0 {110/65} via 10.0.0.1, 00:08:08, Serial0/0 © 192.168.3.0{110/65} via 1.0.0.8, 00:64:24, Serial0/T RJitshow ip route ospt O 10.0.0.6 [110/128] via 11.0.0. 1, 00:04:49, SerialO/0 O 192.168.1.0 [110/129] via 11.0.0.1, 00:04:49, Senal0/0 192,188.20 [110/65} via 11.0.0.1, 00:04:49, SerialO/0 R.litshow ip protocols: Routing Protocol is "SSE? Cutgoing update ite list forall interfaces is not set Incoming update Glter lis (or all suerfaces is not set Router! Mamber of areas in this router is 1. J normal 0 stub 0 nssa Maximum path: 4 ‘Routing for Networks: Routing information Sources: Gateway Distance Last Update 10.002 110 00:05:48 Distance: (default is 110) R-litshow ip ospf database ST su ca panies D3) otter nt Sale) Lien canes Chasis taaicses 192.168.1.100 192.168.1.100 468 0x60000003 Oxd0dl #4 3 192.168.2.100 192.168.2.100 411 0x80000008 Gx00S4e6 § 192.168.3100 192.168.3100 £11 0x80000003 0x0010ad ¢ PC>ipconig IPAddress.. Subnet Mask.. Default Gateway. PC>ping 192.168.2.1 Pinging 1.98.168.2.1 with 22 bytes of data: 32 time Reply from 192.168.2.1: bytes=32 time=B0ms TTL=126 Reply irom 192.188.2.1: bytes~#2 tme=J4ms TTL=126 PC>ping 192.168.3.1 Pinging 192.168.3.] with 32 bytes of data: Requesi timed out. 5-92 time=27ms TTL=125 Reply rom 192,168.31; bytes=32 time=22ms TTL=125 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) nm (NETWERK rage 107 All contonts aro copyright @2013 - 2014 All rights rasorved.Reply irom 198,168.3.1: bytes=32 time=B5ms TTL=125, PC>tracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 1 Sms ms @ms 198,168.1.100 2 i2ms 9ms Sms 10.0.0.2 S17ms @ms 12ms 11.002 4 24ms 27ms 25ms 192.1683.) Trace complete. Retiping 192.168.3.1 Type escape sequence o abort Sending 8 100-byle ICMP Echos fo 192.1663. timeout is 2 seconds Success rats NSOBGREWA (5/5), round-trip min/avg/max = 9/18/81 mis Re3iping 192.168.1.1 yp anceps oa ance abt Sending §100-Byle ICMP Echos to 192.168.1.1, timeout is 2 seconds; Success rate is WOOB6RCOH (5/5), round: trp min/avg/mair = 10/15/18 ms (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) nm G (NETWGRK rage 108 All contonts aro copyright @2013 - 2014 All rights resorved.LAB: DYNAMIC ROUTING USING OSPF MULTIPLE AREA SeZZ ee ee gears abies 9268.21 192.4 1ORAGS.24 192.168.22 ‘92808.4.2 192.168.1,.0/24 192.168.2.0/24 192.163.3.0/24 Pre-requirement for LAB (check previons !abs) + Design the topology (connectivity ) Assign the IP address acearding to diagram + Make sure that interfaces used should be in UP UP state TASK: Dynamic routing using OSPF multiple area * Ventfy Routing table and reachability between the LAN's (using PING and TRACE commands ) Relish ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, SerialO/0 C 198.168 1.0/24 is directly connected, FastEthernet0/0 Retitsh ip route Gateway of last resort is not set © 10.0.0.0/R is directly connected, SerialO/0 C 11.0.0.0/8is directly connected SerialO/1 C 192.168.2,0/24 is directly connected, FastEthernet0/0 R-aish ip route Gateway of last resort is not set C 11.0.0.0/8 is directly connected, Serialo/0 C 192,168.3.0/24 is directly connected, FastEthernet0/0 ETWGRK page 109 All contents are copyright @2013 ~ 2014 All righ¢s reserved. (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCLE (R&S, SP) # =Routor-I R-l(contig)#router ospf I R-(Config-router)#metwork 192.168-1.0 0.0.0.255 area 10 R-l(Config-router)#network 10.0.0.0 0.255.255.255 area 10 Router-2 R-2(config)#ronter ospf 1 R-8(config-router)#metwork 192.168.2.0 0.0.0.255 area 0 R-2(config-router)#network 11.0.0.0 0.255.255.255 area 20 R-2(config-router)#network 10.0.0.0 0.255.255.255 area 10 eee Ronter~3 R-3(config)#router ospl 1 R-3(config-router)#network 192.168.3.0 0.0.0.255. area 20 F-3(config-router)#metwork 11.0.0.0 0.255.255.2855 area 20 _ eee R-2itshow ip ospf neighbor Neighbor ID Pri State Dead Time Address _intextace 192.168.3100. @ FULL/- 00:00:39 11.0.0.8 Serial0/1 192.168.1106 @ FULL’- 00:00:39 10.0.0.1 Serial0/0 Relitshow ip route Gateway of last resort is not set © 10.0.0.078 is directly connected, SerialO/0 1K 11.00.0768 (Horii T0004 00899, Soriiv0 C__ 192.1681 0/24 is directly connected, FastEthernet0/0 R-liishow ip ronte ospt (O14 11.0.0.0 {110/128} via 10.0.0.2, 00:08:24, Serial0/0 O1K 192, 168.2.0 [110/65] a 10.0.0.2, 00:06:26, Serial0/0 O1K 192.168.3.0 [110/129] via 10.9.0.2, 0:05.53, Serial0/0 R.Bitshow ip route ospt © 192.188.1,0 {110/85} via 10.0,0,, 00:08:31, Serial0/0 © 192.168.3.0 (110/65) via 11.0.0.2, 00:08:04, Serial0/1 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ IETWGRK rage 110 All contonts aro copyright @2013 - 2014 All rights rasorved.R-Sishow ip route ospt 1A 10.0.0.0 {1 10/128] via 11.0.0.1, 00:08:21, Serial0/0 1A 192.168. 1.0 [110/129] via 11.9.0.1, 0:08.21, Serial0/0 O1A 192,168.2.0 [110/65] va 11.0.0, 1, 00:08:21, SerialQ“O R-litsh ip ospf database OSPF Router with ID (192. 168.1.100) (Process ID 1) Router Link States LinkID ADV Router Age SegH — Checksum Link count 192.168.1.100 192.168.1100 902 0x80000003 x003b8b 3 192.168.2100 192.168.2,100 902 0x80000002 Ox000758 2 Summary Net Link States (78810) LinkID ADVRouter Age — Seqit Checksum 192.168.2.0 192.188.2.100 908 — Gx80000001 Ox00STcb 110.00. 182.168.2.100 368 — Ox80060002 Ox00083d 192,168.3,0 192.168.2.100 870 0x80000008 Ox0dcalS R2iishow ip ospf database (OSPF Router with ID (192. 168:3.100) (Process ID 1) Power nk Sats LinkID ADVRouter Age — Seqit__ Checksum Link count 192.168.2.100 192.168.2.100 708 Oxé0900002 axoOTOaS I Surnmary Net Link States (Area 0) LinkID ADVRouter Age Seqi’ Checksum 11.0.0.0 —192.188.2.109 698 Ox80000001 Ox00083c 10.0.0.0 192.188.2.100 §89 Oxe0000002 Ox00I33i 192.188.1.0 192.188.2.100 689 0x80000005 Oxd0e00i 192.168.3.0 198.168,2.100 663 Ox80000004 Ox00c816 Router Link Stator (P60) LinkID ADV Router Age Seq — Checisum Link count 192.168.2100 192.168.2.100 684 0x80000002 Ox00e758 2 192,168.1.100 192.188.1.100 694 0x80600003 dx003b8b 3 Summary Not Link States (Area 10) link ID ADVRouter Age — Seqit Checksum 192.168.2.0 198.188.2.100 697 — Ox80090001 Ox0057cb 11.0.0.0 192.188.2.100 697 Ox80060003 oxooDE3a 192.168.3.0 198.168.2.100 664 0x80090003 OxoGcalS Router Lani States (AxeH 20) LinkID ADV Router Age — Seq# — Checksum Link count 192,168.2.100 192.168.2100 668 Ox20000002 Ox000823 2 192.188.3.100 192.168.3.100 668 0x80000003 Ox0010ad 3 ‘Summary Net Link StBE(A7@8120) CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 i contents arn copyright 2012-2014 righ rnered (NETWERK rage 111LinkID _ ADVRouter Age — Seqit Checksum 192.168.8.0 198.168.2.109 703 0x80090001 Oxa057¢b 10.0.0.0 192.188.2.100 $89 — Ox0000002 Ox001331 192.188.1.0 192.188.2.100 689 0x80000003 Ox00e001 PC>ipconfig Address... ‘Subnet Mask.. sve! B55, B55,255.0 Default Gateway... 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 onith 32 bytes of data: Requesi timed out. “82 time=19ms TTL=126 Reply from 192,168.2.1: bytes=32 time=20ms TTL=126 Reply from 192,168.2.1; bytes=32 time=I4ms TTL=126 PC>ping 192.168.3.1 Pinging 192.168.3.1 with $2 bytes of data: Roquest timed out, 2 time Reply from 192. 168.3.1: bytes=32 time Reply from 192. 168.3.1: bytes=32 time=25ms TTL=125 PC>tracort 192.168.3.1 Tracing route to 192,168.3.1 over a maximum of 30 hops: 1Sms &ms @ms 192.168.1.100 2 12ms 9ms 8ms 10.002 3.17ms ms i2ms 11.002 4 2dms 27ms 25ms 1921683.1 Trace complete, Relitping 192.168.3-1 ‘Type escape sequence to abort. Sending 8, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate 1s JOOBEIG@h (6/5), zound-trp min/avg/max = 9/16/81 ms ReSitping 192.168.1.1 ‘Type escape sequence to abort. Sending §, 100-byte ICMP Echos to 192.168.1.1, timeout is @ seconds: Success rate 1s NOOBEIGGH (5/6), xoundl-trp mun/avg/max = 10/15/18 ms CCNA R&S Workbook by Sikandar Gouse Moinucdin CCIE (R&S, SP) # 35012 A connate cppigh 2010201 igen (RETW@RK rage 112ACCESS CONTROL LIST ACLis a set of rules which mil allow or deny the specitic traffic moving through the router itis a Layer 3 security which controls the flow of tratfic from one router to another. itis also called as Packet Futering Firewall ‘The access-list number range is I~ The access-list number range is 100-199 99 We can allow or deny a Network, Host Can block a Network, Host and Subnet and Service Subnet Selected services can be blockod, Allservices are blocked, Implemented closast to the source. Implemented closest to the Billering is done based.on source IP. destination, destination IP, protocol port no Filtering is done based on only source IP address Three Things are very imaportant (o know before writing any ACL statement I. Selecting appropriate router to configure ACL 2. Decide who ts Source and destination 3. Understand In /out and Decide the right direction to implement ACI Rules of Access List + Works in Sequential order. (i'l always start with the first line of the access list then go to line 2, then line 2, and s0 on) All deny statements have to be given First (preferable mosi cases) ‘There should be at Jeast one Permit statement (mandatory ) An implicit deny blocks all waif by default when there is no match (an invisible statement). ‘Can have one access-list per interface per direction. (i.e.) Two access-lists per interface, one in inbound direction and one in outbound direction. Any time a new entry is added to the access list, i wall be placed at the bottom of the list. Using a text editor for access lists is highly seggested. You cannot remove one tine from an access list Ifyou try fo do this, you will remove the entire list. is best io copy tke access list o 2 toxt editor before trying to edit the lis. The only exception is when using named access lists. Wild Card Mask Tells the router which portion of the bits to match or ignore. Is the inverse of the subnet mask, hence is also called as laverse mask. ‘A bit value of 0 indicates MUST MATCH (Check Bits) A bit value of I indicates IGNORE (Ignore Bits) Wild Card Mask for a Host will be always 0.0.0.0 Auwild card mask can be calculated using formula CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 Al contonts ar copyright 2012 ~ 2014 Alright reserved. (NETWRK rage 113Global Subnet Mask Customized Subnet Mask Wild Card Mask 285.258.285.285 Global Subnet Mask ~255,285.285,0 Customized Subnet Mask 0 0. 0. 255 — Wild Card Mask 255.255.955.255 253,258,258.240 00. 018 255.258, 986.285 255.256.265.224 00. 0.31 + Wildcards are used with the host or network address to tell the router a range of available Addresses to filter. + To specify @ host, the address would iook like this: 172.16.30.5 0.0.0.0 Creation of Standard Access List Router(config)# access-list Implementation of Standard Access List Rouler(config)# interface Rouler(config-i0e ip access-group To Verity : Routerli show access-list Pouterti show access-list Creation of Extended Access List Router(conlig)it access-list (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 i contents arn copyright @2012 2014 righ rnered (WE TWERK rage 114Implementation of Extended Access List Router(configyitinterface Router(contig-iitip access-group Operators: eq (e-qual to) neg (not equal io) 1 dess than) gi (greater than) ifyou want to filter by Application layer protocol, pou have to choose the appropriate layer 4 transport protocol afier the permit or deny statement. For example, to filter Tetne! or FTP, you choose TCP since both Teinet and FTP use TCP at the Transport dager. if you were to choose IP, you wouldn't be allowed to specify @ specific application protocol later (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [ATcounnt are coprght 20d fo eighr uae. IETWRK rage 115Named Access List © Named access lists are just another way to creste standard and extended access lists. Access-lists are identified using Names rather than Numbers. Names are Caso-Sensitive No limitation of Numbers here. ‘One Main Advantage is Editing of ACL is Passible (.¢) Removing @ specille statement from the ACleis possibie. © 10S version 11.2 or later allows Named ACL Creation of Standard Named Access List Router(config)# ip access-list standard Router(config-sid-necl}# Implementation of Standard Named Access List Router(config)itintextace Router(config-if#ip access-group Creation of Extended Named Access List Rouier(config)t ip access-list extended Router(config-ext-nacl)#t source wildcard mask> < destination wildcard mask> Implementation of Extended Named Access List Router(contig)#interface Router(config-ifip access-group (CCNA R&S Workbook by Sikandar Gouse Moinucdin CCIE (R&S, SP) nm G (NETWERK rage 116 All contonts aro copyright @2013 - 2014 All rights rasorved.subs a 192.168.1.2, ‘te2tcsat Poarerenrrarted aw218s Ze 192.168.1.2 192.165.3.0/24 192.168.1.0/24 192.168.2.0/24 Pre-requirement for LAB (check previous labs) 2). Design the topology (connectivity ) 2) Assign the IP address accarding to diagram 2) Make sure that interfaces used should be in UP UP state 4) Any dynamic routing Protocol or static routing 8) Verily Routing table and reachability between the LAN's (using PING and TRACE commands) TASK: Configure the Appropriate router as per the rules given Deng the host 192.168.1.1 communicating with 192.168.2.0 Deng the host 192.168.1.2 communicating with 192.168.2.0 Deny the network 192.168.3.0 communicating wath 192.168.2.0 Pormit all the remaining traffic NOTE! the Above ACL rules should not affect the other communication NOTE: Before creating the ACL, make sure that the routing configured is comect and all the three LAN devices are able to commitnicate with each other using PING command ‘PC>ipconfig PP Address... Subnet Maske 255,255.285.0 Default Gateway. os PC>ping 192.168.2.1 Pinging 192,168.2.1 with 32 byles of data: Reply from 162.168.2.1: bytes=32 time=17ms TTL=126 Reply trom 192.168.2.1: bytes=22 time=20ms TTL=126 Reply from 192.168.2.1; bytes=82 time=16ms TTL=126 Reply from 192. 168.2.1: bytes=32 time=17ms TTL=126 CCNA RES Workbook by Sikandar Gouse Moinuddin CCHE (R&S, SP) # 35012 @ ETWGRK Page 117 All contonts are copyright @2013 ~ 2014 All righ¢s reserved.PCP ipconfig IP Address... ves! 192,168, 1.2 ‘Subnet Mask... 2 B55.285.258.9 Default Gateway. cre vonn.! 192.188.1100 PC>ping 192.168.2.1 Pinging 192,168.81 with 32 bytes of data Reply irom 192.168.2.1: bytes=22 time Reply irom 192.183.2.1: bytes=82 time Reply irom 192,168.2.1: bytes=32 time=23ms TTL=126 Reply from 192.188.2.1: bytes=22 tme=J Ims TTL=126 2 192.168.3.1 255,255.255.0 198.168.3.100 PC>ping 192.168.2.1 Pinging 198.168.2.1 with 32 bytes of data: Roply from 192, 168.2.1: bytos=32 time=21ms TTL=126 Reply from 193,168.21; bytes=82 time=asms TTL=126 Reply from 192. 168.2.!: bytes=32 time=22ms TTL=126 Reply from 192.168.2.1: bytes=22 time=23ms TTL=126 ROUTER -2 Creating the ACL rules according to requirement: R-a(contig)# access-list 15 deny 192.168.1.1 0.0.0.0 R-a(contightaccess-list 15 deny host 192.168.1.2 R-a(contigy#access-list 15 deny 192.168.3.0 0.0.0.255 R-a{contigy#access-tist 15 permit any Implementation: R-2(conlig)ilinterface fastEthernet 0/0 R-2(contig-iN tip access-group 15 out Verification: Relish accoss-lists Standard IP access list 18 deny host 192.168.1.1 deny host 192.168.1.2 deny 192.168.3.00.0.0.285 permit any CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 Aconnatarecppigh 2010 201 A ig acered (QETWERK rage 118PCP ipconfig IP Address... at ‘Subnet Mask... 255,255.258.9 Default Gateway. revovr.! 192.168.1100 Pinging 198.160.) with St bytes of dt Pepiy rom 10008: Destination host unreachable Bay jon ntti ee Reply from 10.0.0.2: Destination host unreachable. Fooly dom 10004 Destaon host unrenchable PC>ping 192.168.3.1 Pinging 192,168.3.1 with 32 byles of data Roply rom 192, 168.3.1- bytes=$2 tim Roply from 182, 186.3.1: bytes~32 tim Reply from 192, 168.3.1: bytes=32 ti Reply from 162.168.3.1: bytes=39 time=13ms TTL=125 PC>ipconiig IP Address 255.255.2559 vent 198.168, 1.100 PC>ping 192.168.2.1 Pinging 192.168.2.) with 32 bytes of data Reply Reply from 10.0.0.2: Destination host unreachable Reply trom 10.0.0.2: Destination host unreachable. Reply srom 10.0.0.2: Destination host unreachable. 255.288,258.0 192.168.1.100 Pinging 198.168.2.1 with 22 bytes of data: Reply from 192, 168.2.1: bytes=32 time=3!ms TTL=126 Reply from 192, 168.21: bytes=32 time=17ms TTL=126 Reply from 198, 168.2.1: bytes=39 time=a3ms TTL=126 Reply from 198, 168.2.1: bytes=32 time=24ms TTL=126 PC>ipconig IP Adare Subnet Mask ves n! BSS B55. 285.9 Default Gateway. vont 198.168.3.100 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 i contents arn copyright @2012 2014 rights rzered (NETWGRK rage 119PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply Reply irom 11.0.0.1: Destination host unreachable, Reply from 1.0.0.1: Destination host unreachable. Reply irom 11-0.0.1: Destination hest unreachable. PC>ping 192.168.1.1 Pinging 192,168.1.1 with 32 bytes of data: Reply from 192.168.1.1: bytes-32 time=16ms TTL=125 Reply from 182.168, 1.1: bytes=32 time=29ms TTL=125 Reply drom 192,168.1.1: bytes=$2 tin Reply from 192.168, 1.1: bytes=32 time (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWERK rage 120 All contonts aro copyright @2013 - 2014 All rights rasorvod.r9ztes24 1921882 aw21ssa Ze 192.168.1.2 192.168.3.0/24 192.168.1.0/24 192.168.2.0/24 Pre-requirement for LAB (check previous tabs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 9) Make sure that interfaces used should be m UP UP. state ® Any dynamuc routing Protocol or static routings 8) Verily Routing table and reachability between the LANs ( using PING and TRACE commands) TASK: Configure the Appropriate router as per the rules given below Deng the users on LAN 192,168.3.0 should not access 192,168. 1.3 HTTP service Deny the users on LAN 192,168.3.0 should not access 192.165.14 FTP service 1. Deny the users on LAN 192.168.3.1 should not access 192.168.1.3 HTTP service Deny the users on LAN 192.188.2.0 should not get DNS service from DNS server 192.188.1.4 Deny the users from the host between 192.168.3.2 and 192.188. 1.2 should not be able to senc! [MP (ping /trace ) messages Remaining hosts and services should be permitted NOTE: the Above ACL rules should not affect the other communication Ronter-1 Rei (Conlig)taccess-list 185 deny tep 192.168.2.0 0.0.0.255 host 192.168.1.3 eq www Rei(conlig)Haccess-list 185 deny tcp 192.168.3.0 0.0.0.255 host 192.168.1.¢ eq fip ei(conilg)Haccess-list 185 deny tcp host 192.168.3.1 host 192.168.1.3 eq www R-i(conilg) Haccess-list 145 deny udp 192.168.2.0 0.0.0.255 host 192.168.1.80q ? sii, ether rons” mace Pte! BOOTE) chen (9 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 Dankusaeapepel gui wirreetearrd (RETWERK rage 12pias joe Protocol goon server (67) isakmp __Intemet Secunty Association and Key Management Protocol (500) nonS00-isakmp Internet Secuniy Association and Key Management Protocol (4500) snmp _ Simple Network Management Protocol (151) itp Trivial File Transfer Protocol (69) R-i(confightaccess-list 145 deny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq domain Rei(config)taccess-list 185 deny icmp host 192.168.3.1 host 192.168.1.1 ? <0-256> hostunreachable —host-unreachable net-unreachable —_net-unreachabie port-unreachable port-unreachable protocol-unreachable protocol-unreachable W-exceeded —t-exveeded unreachable unreachable Rl (config)Haccess-list 185 deny icmp host 192.168.3.2 host 192.168.1.2 echo R-i (config)#access-list 145 deny icmp host 192.168.3.2 host 192.168.1.2 echo-reply Rei(config)#access-list 145 pormit ip any any Implementation: R-I(contig)# interface fastkthernet 0/0 R-l(contigift ip access-group 145 ont OR R-1(contigy# interface serial 0/0 R-I(contig-i# ip access-group 145 in Verification: PC>ipconiig IP Address. Subnet Mask.. nnd BS5.855.255.0 Default Gateway... 1198. 168.3.100 PC>ping 192.168.1.2 Begin 192,168.12 with 32 byles of data. Regios tinea Pena timeout Po>ping 192.160.11 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 A contents are copyright @2012 2014 righ rnered (NETWERK rage 122Pinging 198.168.1.1 with 32 bytes of data Reply from 198. 168.1.1: bytes=32 tir Reply from 192, 168.1-1: bytes=32 time Reply from 192 168.1-1- bytes=32 time Reply from 192, 168.1.1: bytes=32 tim CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 4 contonts ar copyright 2012 — 2014 Al rights reserved. (NETWRK rage 123tontes.2-4 192,158.22 9216834 19216822 192.168.1.2 192.168.3.0/24 192.168.1.0/24 192.168.2.0/24 TASK: + Configure Standard Named ACL + Use the same Rules as Lab-1 Before creating the ACL, make sure that the routing configured is correct and all the three LAN devices are able to communicate with each other using PING command 1 B55,255,258.0 Default Gateway. PC>ping 192.168.2.1 Pinging 192.166.2.1 with 22 bytes of data: Reply from 192.168.2.1: bytes=38 time=17ms TTL=126 Reply from 192. 168.2.1: bytes=32 time=20ms TTL=126 Reply trom 192.166.2.1; bytes=82 lime=16ms TTL=126 Reply from 192.168.2.1; bytes=32 time=17ms TTL=126 ‘PC>ipconfig PP Red. cnat 198: 188,12 Subnet Maske. su-n! B65.255.288.0 Default Gateway... 1 192.168. 1.100 PC>ping 192.168.2.1 Pinging 198,168.2.1 with 32 bytes of data: CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 Paka aapanaltlyeinbinpaparmalaael (RETWERK rage 124Reply trom 198,168.2.1: bytes=32 time=I6ms TTL=126 Reply from 192.168.2.1: bytes=32 tire Reply from 192.168.2.1: bytes=32 tire Reply irom 192.188.2.1: bytes=32 time PC>ipconfig IP Address. 192,188.3.1 Subnet Mask wevnrsne! BSS B55,285.0 Default Gateway... 192.168.3.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 onith 32 bytes of data: Reply irom 192, 168.2.1; bytes=32 time=@lms TTL=126 Reply from 198, 168.2.1: bytes~32 time=23ms TTL=126 Reply from 192,168.2.1: bytes=32 time=22ms TTL=126 Reply from 192,168.2.1: bytes=32 tme=28ms TTL=126 Creating an Access-list as per the given rules R-2(config)itip access-list standard CCNA R-2(config-std-nacl)#dony 192.168.1.1 0.0.0.0 R-2(config-std-nacl)#dony host 192.168.1.2 R-2(config-std-nacl}i#demy 192.168.3.0 0.0.0.255 R-2(config-std-nacl}#permit any R-2(contig-std-nacl)#exit Implementation: R-2(conlig)#t interface fastEthernet 0/0 R-2(conlig-iDit ip access-group CCNA out Re2itsh access-lists ‘Standard IP access list deny host 192.162.1.1 deny host 192.168.1.2 dony 192. 168.3.00.0.0,255 permit any PC>ipconfig IP Address. 2 Subnet Mask. / BS5.255.255.0 Default Gatewapeevcn.! 192.188.1.100 Opin 192:188.2.1 Pinging 192168.2.| with $2 bys of date: Pepi om 10.00 2: Destinaton host reachable CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 i contents are copyright @2012 2014 righ rnered (NETWERK rage 125Reply irom 10.0.0.8: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. PC>ping 192.168.3.1 Pinging 192,168.3.1 with 32 bytes of data: Reply irom 192.188.8.1: bytes=32 time Reply from 192,168.3.1: bytes=22 tir Reply srom 192.188.3.1: bytes=22 time Reply irom 192.188.3.1: bytes=82 time PC>ipconig IP Addres Subnet Mask sevneen vse! B55, B55.285.0 Default Gateway. vont 192.168, 1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply’ Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable, Reply from 10.0.0.2: Destination host unreachable, SERVER>ipcontig IP Address. BENS ‘Subnet Mask... zs (858.255.255.0 Dofautt Gateway. 1 198.168, 1.100 SERVER>ping 1926822 Pinging 1921602 | with 32 byte f date: Repay hom 192 168.21 byleced9 Groen ims PTL=126 Reply from 192.168.2.1: bytes=32 time rms TTL=126 Reply from 192,168.2.1; bytes=32 time=23ms TTL=126 Feply fom 192 186.2. bytes=02 me=ddms TTL=126 PC>ipconig IP Addres Subnet Mask.. Default Gateway. PC>ping 192.168.2.1 Pinging 192.168.2.1 with 22 bytes of data: Reply om 11.09: Desinaton host enresebe Reply from 11.0.0.1: Destination host unreachable. Reply from 1.0.0.1: Destination host unreachable. Reply from 1.0.0.1: Destination hest unreachable. PC>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply irom 192,188.1.1: bytes=32 tme=Jéms TTL=125 Reply irom 192,183.11: bytes=32 time=29ms TTL=125 Reply rom 192.166.1.1: bytes=32 time=J6ms TTL=125 CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 i conte arn copyright Q2012 2014 righ rnere (WE TWGRK rage 126Reply rom 192,168.1.1: bytes=32 time=@ lms TTL=125 CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWERK rage 127 All contonts aro copyright @2013 - 2014 All rights reserved.2 5 a 192.168.2.1 192,168.22 192.1683.1 192,168.32 192.168.1.2 192 165.3.0/24 192.168.1.0/24 192.168.2.0/24 Configure Standard Named ACL Use the same Rules as Lab-2 R-l(conlig)itip access-list extended CCNP R-l(contig-ext-nacl)#deny tcp 192.168.2.0 0.0.0.255 host 192.168.1.3 eq www Rel(config-ext-naci)t deny tep 192.168.3.0 0.0.0.255 hast 192.168.1.4 eq ftp Rl(config-ext-naci)tt deny tcp host 192.168.3.1 host 192.168.1.3 eq www Rilonfig-ext-nacl)tideny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq domain Rul (Config-ext-nacl)t deny icrnip host 192.168.3.1 host 192.168.1.1 echo Rl(config-ext-nac)ideny icmp host 192.168.3.1 host 192.168.1.1 echo-reply Rel(Config-ext-naci)# permit ip any any Implementatio: R-l(contig)# interface fastEthomet 0/0 Rl (contig? ip access-group CCNP out OR (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ‘teonntareoopight G22 204 Al rigtercered. RETWERK rage 128R-l(contig)# interface serial 0/0 R-1(contig-1# ip access-group CCNP in Relish access-lists Extended IP access! deny tcp 192 166.2.00.0.0.285 host 192. 166.1.3 eq www deny icp 198. 168.9.0 0.0.0,255 host 192.166. i.4 eq ftp deny tcp host 192,168.3.1 host 192.168. 1.3 eq waw deny udp 192, 166,2.0 0.0.0.255 host 192.166.1.4.eq domain deny icmp host 192.168,3.1 host 198.166.1.1 ecko deny icmp host 192.168.2.! host 192.168.1.1 echo-reply permit ip any any Verification: PC>ipconfig IP Address... ‘Subnet Mask... snus! BSB, 255. 255.0 Default Gateway... : 198.168.3.100 PC>ping 192.168.1.2 198.168.1.2 with 32 bytes of data: Request timed out Request timed out. Request timed out PC>ping 192.168.1.1 Pinging 192,168.!.1 ath 22 bytes of data: Reply from 192, 168.1.1; bytos=32 time=20ms TTL=125 Reply from 192.166.1.1: bytes=22 time Roply from 193,168.11: bytes=22 time=J 3ms TTL=125 Reply from 192.166. 1.1; bytes=32 time=25ms TTL=125 All contonts aro copyright @2013 - 2014 All rights rasorved. (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWGRK rage 129LAB-5: Restricting Telnet Access To The Router To Specified Networks Ox Hosts Should You Secure Your Telnet Lines on a Router? + You're monitoring your network and notice that someone has telnetted into your core router by using the shew users command. You use the disconnect command and they are disconnected from the router, but you notice they are back info the router a few minutes later. You are thinking about putting an access list on the router interfaces, but you don’t want to-add a lot of latency on each interface since your router ts already pushing a lot of packets. ‘The access-class command illustrated in this lab is the best way to do restrict the users who can telne! and who should not Because it doesn't use an access list that just sits on an interface looking at every packet that is coming and going. This can cause overiiead on the packets trying to be routed. When you put the access-class command on the VTY lines, only packets trying to felnet into the router will be looked at and compared. This provides nice, easy-to-configure security for your router. TASK: Allow only the hosts 192,168.11 and 192.168.1.2 10 teinet R1. any other host should be denied of they by to telnet Ri Creating ACL which permits only hosts 192,168.1.1 and 192,168.1.2 (means by default deny all the other hests) Rel (Config)#access-list 20 permit host 192.168.2.1 Rel (config)#access-list 20 permit host 192.168.1.2 Implementation R-l(contig)s#fine vty 04 P-I(contig-ine}itpassword cisco Rel¢contigrine}#login R(config-ling}# access-class 20 in F-l(conlig-ineji#end Verification: PC>ipconfig ‘Subnet Mask... BS5.255.256.0 Default Gateway... 192.188.1.100 PC>telnet 192.168.1-100 ‘Trying 192. 168.1.100...Open User Access Verification CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 A conta aro copyright @2012-201 argh recrved. (RETWGRK rage 130PC>ipcontig PAdare Subnet Mask... 55,255,258.0 Default Gateway... 192.188.1.100 PC>telnet 192.168.1.100 ‘Trying 192.168, 1.100 ..Qpen User Access Verification NOTE: From both the host (192. 168.1.1 and 192.168, 1.2) telnet fo RI is successfil (from above outputs) Telnet from any other users should be denied aulamatically as per ourrequirement (verily below oulputs) ‘Try Telnet from 192.168.1.3 to RI PC>ipcontig IP Addres Subnet Mask... 2 B55.255.258.0 Default Gateway. .ee! 198-168.1.100 PC>telnet 192.168.1.100 ia 192.168. 1.100.. ‘Try Telnet from 192.168.1.4 to RI PC>ipconiig IP Address... 4 Subnet Mask... “B55 255.255.0 Default Gateway... 198-168. 1.100 PC>telnet 192.168.1.100 Trying 192.1681. 100 56 Connection refused by remote host Try Telnet from R2 to RI Rea>enable Re2ittelnet 10.0.0.1 ea Rat CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 conus ar copigh! Q20 20144 igh cred (QETWERK rage 13lish accoss-lists Standard IP access ist 12 permit host 192.168.1.] (2 maich(es)) permit host 192.168.1.8 (2 match(es)) deny any (13 match(es)) Rlitsh users dine User Host(s) idle Location * Ocond idle 00:00:00 idle 00:00:55 lle 00:00:39 (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWGRK rage 122 All contonts aro copyright @2013 - 2014 All rights rasorvod.WETWORK ADDRESS TRANSLATION NAT is the method of Translation of private IP address into public IP address " Inorder to communicate with inemet we must have registered public IP address. Address translation was originally developed to solve two problems: J. to handle a shortage of [Pv addresses 2. Hide network addressing schemes. ‘Small companies typically get their public IP addresses directly from their ISPs, which have a limited number. Large companies can sometimes get their public IP addresses from a registration authority, such as the Intemet Assigned Numbers Authonity (IANA). Common devices that can perform address translation inchrde firewalls, routers, and servers. Typically adciress translation 1s done at the perimeter of the network by either a firewall (more commonly) or a router ‘There are certain addresses in each class of IP address that are reserved lor Private Networks. These adkiresses are called private addresses. ClassA ——10.0.0.0t0 110.255.255.255 ClassB 172, 16.0.0 to 172,31.255.255 ClassC 192. 168.0.0 to 192.168.285.255 Here's a list of situations when is best to have NAT on your side: ‘+ Founeed to connect to the Internet and your hosts don't have globally unique IP addresses. + Youchange to a new ISP that requires you to renumber your network. + Youneed fo merge two intranets with duplicate addresses. Advantages + Conserves legally registered addresses. ¢ Reduces address overlap occurence. Increases flexibility when connecting to Intemet. ‘+ Eliminates address renumbering as network changes Disadvantages ‘* Translation introduces switching path delays. + Loss of end-to-end PP traceability + Ceriain applications wll not function with NAT enabled. NAT Terminology Inside Local Addresses ~ Name of inside source address before translation ( private IP ) Inside Global Address — Name of inside host after translation (public IP ) ‘Outside Local Address - Name of destination host before translation ‘Outside Global Address = Name of outside destination host after translation Types of NAT:- 41, Dynamic NAT 2. Static NAT 3. PAT (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 i contents arn copyright @2012 2014 rights rnered (NETWERK rage 138ic NAT ‘This type of NAT is designed to allow one-to-one mapping between local and global addresses. ‘Keep in mund that the static version requires pou to have one real Internet IP address for every host on your network. 5 sas 5 cae Syntax: (Contig) IP nat inside somce static Implementation (Contig) # interface 10/0 (Contig: Nf ip nat inside (imtertace facing towards LAN) (Contigytt imerfaco 0/0 (Contig-i# ip nat outside. (interface facing towards ISP) Dynamic NAT + This version gives you the ability to map an unregistered IP address to a registered iP address trom out of a pool of registered IP addresses. You con't have to statically configure your router to map an insicie to an outside adress as your Would use static NAT, bul you do have to have enough real iP addresses for everyone who's going to be sending packets to and receiving them from the Internet. 203.48, 429.119 [192 108.32.31) 2v3.a0 423.104 (192 460. 32.7) 203.06. 42a.448 (192 108.32.11) 243.10.123.146 (192.160.32.101 CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 connate nn copyright 2014 201 A ight ered (RETWGRK rage 124Syntax: (Contig)tt accass-list < ACL-NO> pormit (Conig)itip nat pool netmask (Cong) ip nat inside source list pool Implementation : (Contig) # interface 10/0 (Contig-ifi ip nat inside (interface facing towards LAN) (Config)# interface 0/0 (Contig-ifis ip nat outside (interface facing towards ISP) Dynamic NAT Overload This is the most popular type of NAT configuration. Understand that overioading really is @ form of dynamic NAT that maps multiple untegistered IP addresses lo a single registered IP address— many-to-one—by using difforont ports. {is also known as Port Address Translation (PAT), and by using PAT (NAT Overload), you get to have thousands of users connect to the Internet using only one real global IP address. NAT Overload is the veal reason we haven’t run out of valid IP address on the Intemet ‘2000 Mow SUNT Works (Contig) access-list < ACL-NO> permit (Contig)tiip nat inside pool netmask < mask> (Conlig)tt ip nat inside source list pool overload Implementation : (Config) # interface 10/0 (Contig itt ip nat inside (imerface facing towards LAN) (Contig) interfaco 0/0 (Contig-ipis ip nat outside (interface facing towards ISP) CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 connate are copyright 044-2014 gis ecred (RETWERK rage 135LAB -I STATIC NAT ‘TASK: Configure Static Nat using the following translations PRIVATE IP 192,168.1.1 192.168.1.2 192.168.1.4 yy 200.1.1.1 200.1.1.2 / ‘Servers om the A tater Configure IP address according to the diagram ‘Configure default route on both routers to Provide Reachability. Configure NAT (static NAT accarding to the requirement } Implementation Verify by generating some traffic from LAN to ousicle servers © show ip nat translations RVish ip int brief Interface IP-Address OK? Method Siatus Protocol ‘FastEthernet0/0 — 192.168.2.109 YES manual yp up FastEthemet0/] unas YES unset administratively dawn down ‘Serial0/1 unassigned YES unset administratively down down (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) “mi ETWRK page 136 All contents are copyright @2013 ~ 2014 All righes reserved.R-l(config)# ip route 0.0.0.0 0.0.0.0 100.1.1.2 ISPiish ip int brief Interface IP-Address OK? Method Status Protocol YES manuel up up FastEtherne!0/] unassigned YES unset administratively down down YES manual up up Serial0/1 unassigned — YES manual administratively down down ISP#conf terminal ISP{config)# ip route 0.0.0.0 0.0.0.0 100-1.1.1 Configuration of static NAT R-1(config)itip nat inside source static 192.168.1.1 R-1(config)i#ip nat inside source static 192.168.1.2 R-l(config)ip nat inside source static 192.168.1.3 Implementation Rel(contig)#interface fastEthernet 0/0 Rel (Config-iO ip nat inside R-I(©ontfig-ibitenit (interface facing towards LAN) R-l(onfig)#intertace serial 0/0 R-l(config-ibitip nat outside (interface facing towards ISP ) Generate Traffic from Inside User PC (192.168.1.1) 255.255.2550 tovnt 199.168, 1.100 LL with 32 bytes of datar ‘bytes=32 time=|2me TTL=126 Reply from 200.1.1.1: bytes=32 time =20ns TTL: PC>ping 200.1.1.2 Pinging 200, 1.1.2 with 32 bytes of data: Request timed out, Reply from 260.1.1.2: byles=32 time=16ms TTL=126 Reply from 260 1.1.2: bytes=32 time=IIms TTL=126 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) nm (NETWERK rage 137 All contonts aro copyright @2013 - 2014 All rights reserved.Reply from 200,1.1.2: bytes=32 time =38ns TTL=186 ‘Subnet Mask. 255.255.258.0 Default Gatewaysn.oeu: 192:168.1.100 PC>ping 200.1.1.1 Pinging 200.1.1.1 with 32 bytes of data: Reply irom 200. 1.1.1: bytes=32 time=25ms TTL=126 Reply irom 200.1, 1.1; bytes=32 time=1 Ims TTL=126 Reply from 200. 1.1.1: bytes=38 time=8 lms TTL=186 Reply from 200.1. 1.1: bytes=32 time=22ms TTL=126 y Subnet Masi .nonn! 255,255,258.0 Default Gateway vcore? 292.168.1,100 PC>ping 200.1.1.1 Pinging 200, 1.1.1 with 32 bytes of data: Reply irom 200. 1.1.1: bytes=32 time=84ms TTL=186 Roply from 200.1. 1.1: bytes=32 tim Reply from 200.1. 1.1: bytes=32 time=10ms TTL= 126 Reply irom 200. 1.1.1: bytes=92 ume=20ms TTL=. R-litsh ip nat translations Pro Inside global Inside local Outside local Outside global icmp SOMNURIGUNSANSEN:22 © 200.1.1.9:21 200.1.1.2:21 demp $0.1.1.1:22 198.168.1.1-22 200.1.1.2:22 — 200.1.1.8:22 femp 50.11.23” 192,168.1.1:28 200.1.1.2:88 fomp $01.11: © 192.168.1.1:24 200.1.1.2:24 sep Souk gen ngain@au2:1 eh 200.1 icmp 50.1.1. 198.168.1.2:3 3 400.118 fempsalias I92tea 123 Bolts jemp 50.1.1.2:4 — 192.168.1.2:4 bd QOL LEA femp 501151 190168181 goonntt —g00.1 temp 501133 192.1581.8:3 8 BOOLTTD a ees gotta ev aiae ieatesten iy peut S011. 192.168.1.1 BOLL2 — 192.168.1.2 50.113 192,168.1,9 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 A conta aro copyright @2012-201 rights recrved. (RETWERK rage 138To verify generate telnet traffic From Inside User PC's © 192.168.1.1 + 192,168.1.2 + 192.168.1.3 PC>telnot 100.112 Trying 100,1.1.2..Open User Access Verification R.liish ip nat translations Pro Inside global Inside iocal Outside locel_ Outsicie global BOLL) 192,188.13 50.112 192,168.12 BO113 192.168.1.3 CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) # 35012 @ ETWG@RK page 139 All contonts aro copyright @2013 - 2014 All rights reserved.7 A g=3. 2a=. , 192.168:14 Neacaee: \ 200444 2001.12 / Inide users 192.168.1.0/24 TASK: = Remove the NAT Configurations done in the previous Lab. © Configure Dynamic NAT and make cure thai the inside LAN usors (192.168.1.0/24) got translated to public IP with the range of §0.1.1.1~50.1.1.200/24 Continue with the same pre-configurations in the LAB = 1 Remove the static NAT configurations. Implementation is same as previous lab ‘-Iitclear ip nat translation * NOTE: © Make sure that you clear the translation table before you edit or remove the any NAT configurations Rel(conlig}# no ip nat inside source static 192.168.1.1 90.1.1. Rel(conlig)#t no ip nat inside source static 192,168.12 90.112 R-l(configh#t no ip nat inside sourco static 192,168.1.2 50.1.1.3 ETW@RK rage 140 All contonts are copyright @2013 ~ 2014 All righ¢s reserved. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # aSConfiguration of DYNAMIC NAT Rel(conlig)i#access-list 55 permit 192.168.1.0 0.0.0.255 R-l(config)ifip nat pool CCNA 50.1.1.1 $0.1.1.200 netmask 255,255.255.0 R-l(confightip nat inside somree list 55 pool CCNA Implementation R-l(configyi#interface fastEthernet 0/0 R-l(contig-ipitip nat inside R-l(contig-itexit (Mnterface facing towards LAN) R-l(Confighinterface serial 0/0 R-l(config-if tip nat outside (Interface facing towards ISP) Verification: Generate some telnet traffic from inside LAN devices 192,168.11 192.168.1.2 192.168.1.3 192.168. PC>telnet 100.1.1.2 ‘Trying 100.1.1.2..Open User Access Verification IsP> Relitsh ip nat translations Pro Inside globa? Inside iocal Outside local Quitside global tcp 1027 1087 100.1,1,2:28 — 100.1.1.2:88 tcp 1025 1085 100.1.1.2:23 100.1.1.2:23 tcp 1025 1925 100.1,1,2:28 100.1.1.2:33 tep 1025 1085 100.1.1.2:23 — 100.1.1.283 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 i contents are copyright 2012-2014 rights rnered (NETWERK rage 141LAB-3 PORT ADDRESS TRANSLATION i / C 192.1681, ee RA (pena ‘seataa Servers on the | XA Internet / 192.168.4.2 Inide users 192.168.1.0/24 oe TASK: Remove the NAT Configurations done in the previous Lab. Configure PAT (Dynamic NAT Overload) and mak cure that the inside LAN users (4192.168.1.0/24) get translated to single public IP (50.1.1.1/32) given by service provider Continue with the same pre-configurations in the LAB - 2 Remove the dynamic NAT configurations. Implementation is same as previous lab ‘-1clear ip nat translation * NOTE: © Make sure that you clear the translation table before you edit or remove the any NAT configurations ‘R-1(contig) #no ip nat inside source list 55 pool CCNA Rel(contig) tno ip nat pool CCNA. $0.1.1.1 50.1.1,200 netmask 255.255.255,0 -I(contig) tno access-list $5 PAT Configuration CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [A eonmats ar copyright @2013-2014 sights rasereed @ ETWRK page 142R-l(config)#access-list 55 permit 192.162.1.0 0.0.0.255 R-l (Contig)i#ip nat pool CCNA 50.1.J.1 50.1.1.1 netmask 255.255.255.255 R-L(contig)#tip nat inside source list 55 pool CCNA 6¥eHOaa Implementation R-1 (Contig) #interface fastEthernet 0/0 R-1(contig-10 #ip nat inside R-I(contig-if) #exit (Interface facing towards LAN) R-I{(config)#interface serial 0/0 R-I(contig-if)#ip nat outside (Interface facing towards ISP ) Verification: © Gonerate some telnet traffic from inside LAN devices (192.168.1.1 //192.168.1.2 //192.168.1.3 11192,168.1.4/1) PC>telnet 100.1.1.2 ‘Trying 100.1.1.2..Open User Access Verification RWish ip nat transtations Pro Inside global Inside local Outside local Outside global ep 60.1.1.1:1029 192.168,1.1:1029 100.1.1,2:23 100.1.1.2:8 top 50.1.1 11088 192.168.1.2:1026 100.1.1.2:23 100.1183 top 50.1.21:1084 198.68.1.3:1086 100.1.1.2:23 100.1.1.8:89 ep 60.1.1.1:1085 192.168.1.4:1026 100.1.1.2:28 — 100.1.1.2:38 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 i contents arn copyright @2012 2014 rights rnered (NETWGRK rage 148LAB-4 PORT ADDRESS TRANSLATION using Exit Interface B f ‘ay 192.168.1. B=. eens 2001.1.1 2001.12 / rete Sars one Internet 192.163.1.0/24 ——, st PAK: + Remove the NAT Configurations done-in the previous Lab. * Configure PAT (Dynamic NAT Overload) and make sure that the inside LAN users (292.168.1.0/24) get translated to single public IP on the sutsidle interface (200222) given by service provider. STEPS: + Continue with the same pre-configurations in the LAB - 3 + Remove the PAT configurations, + Implementations same as previous lab ‘-Itelear ip nat translation * NOTE: + Make sure that you clear the translation table before you edit orremove the any NAT configurations eI (ontig)#tno ip nat inside source list 55 pool CCNA overload R-1(Gonfig)#no ip nat pool CCNAS0.1.11 §0.1.1.1 notmask 255.255.255.248 El (contig}#no access-list 55 PAT Configuration CCINA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) nm G ETWGRK page 144 All confonts are copyright @2013 ~ 2014 All righ¢s reserved.Rel (Config)#access-list 55 permit 192.168.1.0 0.0.0.255 R-l(contig)#ip nat inside source interface serial 0/0 overload Implementation R-1(contig)#interface fastEthernet 0/0 R-I (contig. #ip nat inside R-l(config-i#exit (interface facing towards LAN) R-I{(config)#interface serial 0/0 R-1(contig-il#ip nat outside (Anterface facing towards ISP ) Verification: + Generate some telnet traffic from inside LAN devices (192.168.1.1 /192.168.1.2 //192.168. 1A192,168.1.411) PC>telnet 100.112 ‘Trying 100.1.1.2..Open User Access Verification Rulitsh ip nat translations Pro Inside global Inside lecsl Outside local Outside glabal tep 1029 1029 100.1.1,2:23 — 100.1.1.2:23 tep 1026 1026 100.1.1,2:88 — 100.1.1.8:28 tep P1024 106 100.1.1.2:88 10.1.1. tp 1025 lows 100.1.1.2:48 — 100.1.1.2:28 All contonts aro copyright @2013 - 2014 All rights reserved. (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) # 35012 6 (NETWGRK rage 145‘Hub ‘Switch is a Physical layer device Cayer 1} Ttis Data-link layer device (layer 2) thas no intelligence. Its is An Imelligent device ‘it works with O's andl J's (Bits) Itwories with Physical addresses (i.e. MAC It always do broadcasts addresses) ltworks with shared bandwidth uses broadeas! and Unicast Ithas I Broadcast Domain Ieovorks with fixed bandwidth Ithas I Collision Domain Ithas 1 Broadcast domain by default Collisions are identified using Access INuraber of Collision domains depends Methods called CSMA/CD and CSMA/CA upon the number of parts. maintains a MAC address table Broadcast Domain ‘* Set ofall devices that receive broadcast frames originating from any device within the set. ‘+ In Bihemet, the network area within which frames that have collided are propagated is called a colision demain, '* Acallision domain is a network segment ath two or more devices sharing the same bandwidth, (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWERK rage 146 All contents are copyright @2013 ~ 2014 All rights reserved.Address resolution protocol «ARP protocol helos the switch to resolve the IP address in to respective MAC address, * isinbuilt protocol in TCPAP Note: + Switches sencis broadcasts (food ) franves out ofall the ports if it receives a fraine with the destination (MAC adress is not present in the MAC table of suntch (sends wath destination address FE-FE-FF-FF) ifthe destination MAC address is present them it will be send only on specific port as per Mac-table Update of the Mac-table happens based on the source actress of the frames. By default Mac-address-table aging time ts 200 seconds (§ minutes) of the traffic inactivity with that Mac-address. Types of Switches + Unmanageable switches © These suntches are pst plug and play * No configurations ancl verifications can be done * There isno console port. + Manageable switches + These suitches are also plug and piay * Ithas console port and Cif access. © We canventy and modify configurations and can implement and test some advance switching technologies ( VAN, trunking , STP) Hierarchical network design (Cisco) model involves divicing the network into discrete layers. Bach layer provides specific functions thal define its role within the overall network ‘The typical hierarchical design model is broken up in to three layers: ° access Distribution © Core. (CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 “i contate ar cnpyright @2012 2014 Might rcere. (NETWGRK rage 147An example ofa three-layer hierarchical network clesign is displayed in the figure. ~ = = = crossover Distribution ‘Sraight- through a WAN Linke Access Layer © provide a means of connecting devices tc the network and controlling which devices are aliowed to ‘communicate on the network Devices: PCs, printers, and IP phones, routers, switches, bridges, hubs, and wireless access points (AP) Distribution Layer Aggregates the data received rom the access layer switches before itis transrtled to the core layer for routing to its final destination. ‘The distribution layer controls the flow of network trailic using policies and delineates broadcast domains by performing routing fenctions between virtual LANs (VLANs) defined at the access layer. Devices: high-performance switches to ensure reliability (CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 ‘teontntareoopight G20ld_ 20M A rigtercered. (RETWERK rage 148Core Layer «high-speed backbone of the intemetwork * Devices: reuters, switches capable of forwarding large amounts of data quickly Benofits of a Hiorarchical Network Scalability / Hierarchical networks scale very well ‘Redundancy / Double distribution and core switches Performance / High-pertormance distribution and core switches guarantee wire speed between all, devices Secuntty / Various polictes at access, advanced security policies at distribution. Manageability / Fast new deployment and simplified troubleshaoting ‘Maintainability / Scale very easily Network Design Principles Network Diameter - the number of devices that a packet has to cross before it reaches its destination, Keeping the network diameter low ensures low and predictable latency between devices. © Bandwidth Aggregation - allows multiple switch port links fo be combined so as to achieve higher throughput between switches (called EtherChannel trom Cisco). © Redundancy - doubie up the network connections between devices, or you can double the devices themselves, © Convergence is the process of cambining voice and video communications on a data network. Acces layer switch features: + port security + VANS * FastEthemet / GigabitEthemet + Power over Ethemet (PoE) + dink aggregation * Quality of Services (QoS) Distribution/ Core layer switch features: 43 (IP) support High/VeryHiigh forwarding rate GigabitEthemet / Ten GigabitEthernet Redundant components Security policies / Acces Control Lists (ACL) Link aggregation ‘Quality of Services (QoS) Switch Form Factors Fixed Configuration Switches Features or options cannot be added to the switch beyond those that originally came with the switch © Modular Switches Otter dexibiliy in their configuration (Installation of different numbers of modular ine cards) All contonts aro copyright @2013 - 2014 All rights rasorved. (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWGRK rage 149+ Stackable Switches Can be interconnected using a special cable (backplane - physical connection between CPU/card and data/power buses into a Cisco switch chasis} that provides high-bandwidth throughput between the switches, effectively operate as one large switch. (StackWise technology allows up to nine switches to be interconnected) Cisco's Hierarchical Design Modo! Ciseo divided the Swntches info 3 layers 1. Accoss Layer Switches Suntches Sens: 1900 & 2900 (L2 switches) 2. Distribution Layer Switches Suntches Sens: 3880, 3560 (13 switches or multi-layer switches) 3. Core Layer Switches Switches Series: 4500, 8500 (L8 switches or multi-layer switches) Access Layer Switch Catalyst 1900 3550 switch CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ‘teontntsarecopight GE0L2_ 204 Al righercerd. RETWERK rage 120Core Layer Switches (4500, 6500) SWITCHING MODES Three types of Suntehing Mode: + ‘Store & Forward = A Default switching method for distribution layer switches. = bateney: High = Error Checking: Yes + Fragment Free = Itisalso referred to as Modified Cut-Through = A Default Switching method for access Jayer switches, = Latency: Mediam ~_ Brror Checking: On 64 bytes of Frame + Cutthrough = A Default switching method for the core layer switches = batency :Low = Brrr Checking: No Latency is the (otal time taken for a Frame to pass through the Switch. Latency depends on the switching mode and the hardware capabilities of the Switch, Console Connectivity Connect a rollover cable to the Swatch console port (RJ-45 connector). _ Connect the other end of the rollaver cable to the RJ-45 to DB-9 adapter Attach the female DB-9 adapter to a PC Serial Port Tl cr Open emulsion software onthe PC BOa5 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) #35012 7~ conus ar copight Q20G 2010 igh rcrred (QETWERK rage 181Emulation Software IN WINDOWS Start 0 Programs 0Accessories Communications 0 HyperTerminal 0 HyperTerminal Give the Connection Name & Select Any icon Select Serial (Com) Port where Suntch is Connected, In Port Settings Click on Restore Defaults IN LINUX # minicom-s LITIAL CONFIGURATION OF A SWITCH: Connect one end of console cable to console port of switch and other end of cable to your computer's com port Now open hyper terminal andl power on the switch ‘Would you like to enter into initial configuration dialog (yes/no): no switch>enable switchitconfig terminal TO assign telnet Password suntch(contig) # Fine vty 04 suntch(config-lne) # password switeh(contig-line) # login To assign Console Password switch (contig) # tine con 0 switch(canfig-hne) # password switch (canfig-ne) # login To assign Enable Password switch(config) #enable secret < password> OR switch(config) #tenable password < password> switch(config) #exit switchs Show mac-address-table (To see the entries of the MAC table) switch# Show interface status To assign IP to a Switch switch(config)# Interface Vian 1 switch(cong-iD't ip address switch(conhig-ifit no shutdown To assign Default Gatoway to a Switch switch(coniig)# ip default-gateway 192.168.1.100 (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWERK rage 152 All contonts aro copyright @2013 - 2014 All rights rasorved.VIRTUALLAN Dindes 2 Single Broadcast domain into Multiple Broadcast domains. A layer 2 Security By default all ports of the switch are in VLANT. This VLANT is known as Administrative VLAN or ‘Management VLAN VLAN can be created from 3 ~ 1001 Can be Configured on a Manageable switch only 2 Types of VLAN Configuration = Static VLAN = Dynamic VLAN ———___ + VLANs can enhance network security + VLANs increase the number of broadcast domains while decreasing their size. 2 Breadcest Domains 4 Collision Domains Static VLAN * Static VAN's are based on port numbers ‘+ Need to manually assign a port on a sunteh to a VLAN ‘* Also called Port-Based VANS CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35017 oa fi connate cppigh 2010 01 igen (RETWERK rage 153‘© One portcan be amember of only one VLAN & There are two different ways of creating viens 1) VLAN Creation in config Mode: ‘Swatch (config)it vlan ‘Swnich(config-Vlan)i name “name> ‘Switch (config: Vlan}# Exit Assigning ports in Vian Switch(config)it interlace Switch config-i9'# switchport mode access ‘Sunteh(config-iN# switchport access Vian 2) Static VLAN using Database command: Creation of VLAN: Switch # vlan database Switch(vlan)it vlan name ‘Switch(vian)# ext Assigning pott in VLAN: Swaitchtcontigt ‘Swatch(contig) int fastethernet ‘Switch(contig-iN# switchport mode access Switch(condig-i9t switchport access vlan Verify using ‘Switch # show vlan CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 {i conteate re capyright @2012 2014 Might rcere. (NETWGRK rage 154The range command (Assigning multiple ports at same time) The range command, you can use on switches te help you configure multiple ports at the same time. Switch (config)# interface range fa 0/1 - 5, 0/12, 40/17 Dynamic VLAN ‘Dynamic VLAN’s are based on the MAC address ofa PC Switch automatically assigns the port to 8 VLAN Hach port can be a member of multiple VLAN's For Dynamic VLAN configuration, a software called VMPS{ VLAN Membership Policy Server) is needed ‘LAB —Verify VLAN \ / | Sa? S11 192.168.1.2 192.168,1.0/24 192.168. STEPS: I. Ping between 192.168.1.1 and 192.268.1.3 &. (they can communicate with each other and they are on the same network (logically) and same VLAN (default vian 1) 2, Create VLAN 20 4. Shift port 10/3, f0/6 ino VLAN 20 4. Ping between 192.168.1.1 and 192.168.1.3 a. they cannot communicate with each other and they are on the same network (logically) but on different VLAN (LAN! and vian 20) All contonts are copyright @2013 ~ 20 All rights reserved. ETWERK page 155 (CCNA R&S Workbook by Sikandar Gouse Moinucdin CCIE (R&S, SP) #35012 @active FaO/I, Fa0/2, FaQ/3, Fa0/4 Fa0/5, Fa/6, Fa0/7, Fa0/é Fa0/8, Fa0/I0, Fa0/11, PaQ/12 Fa0/13, FaO/I4, FaQ/18, Fa/16 Fa0/17, Fa0/18, Fa0/18, FaQ/20 Fa0/2!, PaQ/22, Fa0/23, Fa0/24 Gigl/l, Gigh/2 1002 fdds-cefault act/unsup 1003 token-ring-ipconfig IP Address} Subnet Mask.. nent 58,285. 285.0 Default Gateway. 192.168.1.100 PC>ping 192.168.1.2 Pinging 198.168.1.2 with 32 bytes of dat Reply’ } bytes=32 time=19msTTL=128 Reply from 192.166, 1.2: bytes=32 time=6ms TTL=128 Reply irom 192, 168, .2: bytes=32 time=8ms TTL=!28 Reply from 192.168. 1.2: bytes=32 time=Tms TTL= 126 PC>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of date: Reply. 32 time=I dns TTL=128 Reply from 193,168. 1.3: bytes=32 time=8ms TTL=128 abby tom 19 181 3: ter=98tne= One FE=T98 PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: ‘bytes=32 time=I0ms TTL=128 Reply from 192. 168. 1.4: bytes=32 time=8ms TTL=126 Reply from 192. 168.1-4: bytes=30 time=8ms TTL=128 Reply from 192, 168.1.4: bytes=32 time=9ms TTL=126 All the Four devices in the LAN can communicate with each other and they are on the same network (logically) and same VLAN ( default vian 1) TASK: Create Vian 20 And Shift The Ports 3 And 4 In To Vian 20 Suntch (config) vlan 20 Suntech (config-vian}#name SALES Swatch (config-vian}tiexit (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [ll contnts are copyright 42013-2014 Al rights eroren (NETWERK rage 156Switch config) #intertace fastEthornet 0/3 Switch (conig-iDiswitchport mode access Switch (config-i#switchport access vian 20 Switch (config-iNvtexit Smntch (config) #interface fastEthernet 0/4 Swntch (contig-iswitchport mode access Switch (config-i#switehport access vian 20 ‘Suitehttsh vlan VLAN Name 8, Fa/6 Fu0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, FaQ/12, FaQ/13, Fa0/14 Fa0/15, FaQ/16, FaQ/I7, Fa0/16 Fa0/19, Fa0/20, Fa0val, FaQ/22 F20/23, Fa0/24, Gigl/1, Gigl/? 1003 fdai-efauit acvunsup 1003 token-ring-default act/unsup 1004 fadinet-iefantt act/tunsup 1008 trnet-default act/unsup PC>ipconfig IP Adares Subnet Mask... 255.255.255.0 Default Gateway. vii 198.168, 1.100 PC>ping 192.168.1.2 Pinging 192.160.1.2 with 32 bytes of data: Reply’ byios=82 time=] 1ms TTL=128 Reply from 192, 168. 1.2: bytes=32 time=$ms TT=128 Reply from 192. 168,1.2: bytes-32 time-Tms TTL=128 Reply from 192. 168.1.2: bytes=32 tme=Tms TTL=128 PC>ping 192.168.1.3 198.168.1.3 with 22 bytes of data: Request timed out. Request timed out. Request timed out. PC>ping 192.168.1.4 Pinging 198.168.1.4 with 32 bytes of data: Request umed out (CCNA R&S Workbook by Sikandar Gouse Moinudidin CCIE (R&S, SP) nm (NETWERK rage 157 All contonts aro copyright @2013 - 2014 All rights reserved.Recuiest timed out. Recuest timed out TASK: * Greate four VLANs (VLAN 10,20,30,40) + Configure port fa0/@ into vian 10 * Configure multiple ports ( #-7 and 10) to vlan 20 Suntch (config)#vlan 10 Suntch (config-vian}#name sales Suite (conig-vian}ttvlan 20 ‘Switch (config-vian}#name marketing ‘Suntch (config-vian}Hivian 30 Suntch (config-vian}#vlan 40 Switch (config-vian}iiend ‘Suitehtsh vian VLAN Name Status Ports active Fa0/1, Fa0/2, FaQ/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/, Fa0/10, FaQ/I!, Fa0/12 Fa0/13, FaQ/14, FaQ/15, Fa0/16 Fa0/I7, FaQ/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/a3, Fa0/24 Gigi, Gigh2 There are no active ports in the new vian which we created (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 é (NETWERK rage 158 All contonts are copyright @2013 ~ 2014 All rights reserved.To shift the ports Suntch (contig) tint f0/8 Suntch(conig-iptswitehport mode access Suntch contig initswitehport access vlan 10 Sontch(conig-i exit Sontch contig) #interface range f0/4 -7, 10/10 Suatch (contg-it-range}i'switehport mode access Suntch config-itrange)#switchport access vlan 20 Switchiish vlan VLAN Name 1 default active Fa0/I, Fa0/2, Fa0/3, Fa0/9, Fa0/I1, Fa0/12, Fa0/13 Fa0/14, Fa0/15, FaQ/16, Fa0/17 Fa0/18, FaQ/19, Fa0/20, Fa/22 Fa0/22, Fa0/23, Fa0/24 (CCNA R&S Workbook by Sikandar Gouse Moinucdin CCIE (R&S, SP) nm G (NETWERK rage 159 All contonts aro copyright @2013 - 2014 All rights rasorvod.Types of links/ ports ‘Access links = This type of link is only part of one VLAN - Ang device attached to an access link 1s unaware of a VLAN membership.the device just assumes it’s part of a broadcast domam, = “ithas no understanding of the physical network. Switches remove any VLAN information from the frame before it's sent fo an access link device, ‘Trunk links ‘Trunks can carry multiple VLANs traffic. A trunk link is 2 100- oF 1000Mbps point-to-point link between two switches, between a switch and router, or between a switch and server ‘These cany the traffic of multiple VLANs—trom| to 1005 ata time. Trunking allows you fo make a single port part of multiple VLANs at the same time, Boo. FetViall Ele VLAM Gren VLAN wircemnemmimncm = Fy blac FedVLAN EREVAN Steen MAN VLAN Identification Methods (Frame Tagging) Single VLAN can span over multiple svatehes In eder to make sure thatsame vian users on different switches communicate with each other there is a method of tagging happens on trunk links Tag is added before a frame is send and removed once itis received on tunk link Frame tagging happens only on the trunk links VLAN identification is what switches use to keep tack ofall thase frames moving through the trunk nes The below two trunking protocols responsible for frame tagging process — Inter-Switch Link (ISL) ~ TEBE 302.10 (CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35012 {a contate ar capyight @2012 2014 Might rcered (NETWERK rage 140IEEE 602.1 Ws a Cisco proprietary Open standard, we can use works with Ethernet, Token ‘on different vendors ring, FDDI smitches. Itadds 30 bytes oftag ‘It works only on Ethemet Al VLAN traffic is taggect Oniy 4 Byte tag will be Frame is not modified added fo original frame. Uniike ISL, 602.1¢ does not encapsulate the frame. It modifies the existing theme! frame to include the VLAN ID Trunking Configuration Switch (config interface ipcontig IP Address. Subnet Maskvonnnsnninns B55.855,258,0 Default Gateway. sent 198.1 68.1.100 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) mG (NETWGRK rage 143 All contonts aro copyright @2013 - 2014 All rights rasorved.Pinging 192.168.1.8 wth 32 bytes of data Request timed out. Request umed out. Request timed out Request timed out. PO>ping 192.168.1.2 Pinging 192,168.1.2 with 32 bytes of data: Reply from 182,168.1.2; bytes=82 time=J3ms TTL=128 Reply from 192.166.1.2: bytes=32 time=9ms TTL=126 Reply from 182.188.1.2: bytes=32 time=8ms TTL=128 Reply from 192,168.1.2; bytes=$2 time=8ms TTL=128 PC>ping 192.168.1.4 Pinging 192.168.1.¢ with $2 bytes of data: Roquest timed out. ‘Request timed out. Request timed out. Request timed out. From PC 192.168.2.1 PG> ipconfig PC>ping 192.168.2.2 Pinging 192.168.9.2 with 32 bytes of data: Reply from 192.168.2.2: bytes82 time=17ms TTL=128 Reply from 192. 168.2.2: bytes=32 ume=Tms TTL=128 Roply from 182 168.2.2: bytes=82 time=9ms TTL=26 Reply from 192, 168,2.2: bytes=32 time=8ms TTL=126 SERVER>ping 192.168.2.3 Pinging 198.168.8.3 with 32 bytes of data: Request timed out. Request timed out Recuest timed out. Request timed out. SERVER>ping 192.168.2.4 Pinging 192,168.2.4 with 32 bytes of data: (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 6 (NETWGRK rage 164 All contonts aro copyright @2013 - 2014 All rights rasorved.Recuiest timed out. Request timed out. Request timed out. Request timed out NOTE: «= Fromthe above verification «Users of the same VLAN connected on the same switch can ping each other * Same vlan users on different switches are not able to ping each other * inoderto communicate between same vian on different switches there should be trunking configured (on link (10/20) between the switches To configure trunking SW-I(config)#intertace fastEthernet 0/20 SW-1(config-if)#switchport mode trunk SW-1(contig-if)#switchport frank encapsulation dotig SW-2(config)itint 40/20 ‘SW-2(config-if)#switchport mode trunk ‘SW-2(config-if)#switchport trank encapsulation dotlg ‘SW-1#sh intorfaces trunk Port Mode —_Encapeulation Status Nattve vlan trunking 1 Port Vians allowed on trunk Fag/20 +1008 Port Vians allowed and active in management domain F220 1,10,20 Port Vians in spanning tree forwarding state and not pruned 20/20 1.10,20 ‘SW-2#sh interfaces trunk ee a Face on aoa Ig unin 1 Port — Vians allowed on trunk Pa0/20 1-108 Fort Vlas alowed and aie in management domain provso “iat (CCNA R&S Workbook by Sikandar Gouse Mo inuddin CCIE (R&S, SP) # 35017 connate are copyright 040-2014 gs acred. RETWERK rage 148Port Vian in spanning tree forwarding state and not pruned Feov20 1.1020 From PC 192,168,161 PC>ipcontig 192.168. 1.1 255, 255,255.0 192.168.1.100 PC>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply from 182. 168.1.3: bytes=32 tim Reply from 182, 168.1.3: bytes=32 time Reply from 162. 168.1.3: bytes=39 time=10ms TTL=128 PC>ping 192,168.1.4 Pinging 198.168.1.4 with 32 bytes of data: F=92 tim Reply irom 192, 168,.4: bytos=32 tim Reply from 192. 168.1-4: bytes=32 tm Reply from 192, 168.1.4: bytes=32 time 192.1 PC>ipcontig IP Adare: stent 192,168.21 Subnet Maske! BB5.255.258.0 Defaalt Gateway. conven? 192.168.2.100 PC>ping 192,168.2.3 Pinging 192,168.2.3 with 32 byles of data: Reply from 192, 168.2.3: bytes=32 time=13ms TTL=128 Reply from 192, 168.2.3: bytes=32 time=J@ms TTL=126 Reply from 198, 168.2.3: bytes=39 times ]3ms TTL=128 Reply from 192, 168.2.3: bytes=32 time=13ms TTL=128 PC>ping 192.168.2.4 Pinging 192.168.2.4 with 32 byles of data: Reply from 192,106.24; bytes=32 time=26ms TTL=128 (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm (NETWERK rage 166 All contonts aro copyright @2013 - 2014 All rights rasorved.Reply irom 192,168.24: bytes=32 time=I2ms TTL=128 Reply from 192,168.24: bytes=32 time= ms TTL=128 Reply from 192,168.24: bytes=32 tme=J3ms TTL=128 TASK: + Configure The Trunk Link Such That If Only Allow The Vian 10 , 20, 30, 40 Traflic Should Only Be Allowed (No Other Vian Traffic Should Be Send) On Both switches (SW1/SW2) SW-x(conlighitint 10720 ‘SW-x(config-i tswitchport frank allowed vlan ? WORD VLAN IDs of the allowed VLANs when this port is in trunking mode add add VLANS to the current list all all VLANs except all VLANs except the following none no VLANs remove remove VLANs from the current lst SW-x(conlig-itswitchport trunk alfowod vian 10,20,30,40 SW-1#sh interfaces trunk Port Mede — Eneapsulation Status Native vian Fa/a0 on = 802.1q— trunking Port Vlans allowed on trunk Port Vlans allowed and active in management domain Faa/20 10.20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 10,20 SW-2#sh interfaces trunk Part Mode Encapsulation Status Native lan Fs0/20 on —-802.q trunking I Port Vians allowed on trunk Port — Vians allowed and active in management domain Fa0/20 10,20 Port — Vians in spanning tree forwarding stato and not pruned Fa0/20 10,20 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 A conta aro copyright @2012-201 al righ recrved. (NETWGRK roge 167TASK: + Create vian 50, 60,70,80 on both switches © Configure the trunk link f0/20 to add vian 50 ,60,70,80 to the existing trunk allowed list On hoth switches (SW1/SW2) ‘SW-x(config)itvlan 50 SW-x(config-vian)#vlan 60 ‘SW-x(config-vian)tvlan 70 ‘SW-x(config-vian)#vlan 80 SW-x(config-vian)#end SW-x(config if tswitehport trunk allowed vian add §0,60,70,80 ‘SW-1¥sh interfaces trunk Port Mode Encapsulation Status Native vlan e020 on = 802iq trunking! Port Vians allowed on trunk Port Vians allowed and active in management domain Fa0/20 10,20,50,60 Port Vins in spanning tree forwarding state and not pruned F20/20 10,20,50,60 ‘SW-2#sh interfaces trunk Port Mode. Encapsulation Status Nattve vlan Faov2o on 8021q trunking 1 Port Vians allowed on trunk Port Vians allowed and active in management domain Fs0/20 10,20,50,60 Port Vians in spanning tree forwarding state and not pruned Fagve20 10,20,50,60 TASK © Configure the trunk link f0/20 to remove vian 70,80 to the existing trunk allowed list SWI (config) Hint 0120 SWI (config-i)#switchpost trunk allowed vlan remove 70,80 SW-1#sh interfaces trunk (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCLE (R&S, SP) nm (NETWERK rage 148 All contonts aro copyright @2013 - 2014 All rights rasorved.Port Mode Encapsulation Status Native vian Fao/20 on = 802.1q = trunking I Port Vians allowed on trunk Port Vians allowed and active in management domain Fa0/20 10,20,50,60 Post Vians in spanning tree forwarding state and! not pruned Fa0/20 — 10,20,50,60 SW-2#sh interfaces trunk Pot Mode Encapsulation Status Native vlan Fa0/20 on = 802.Iq trunking 3 Port Vians allowed on trunk Port — Vians allowed and active in management domain F20/20 10,20,50,60 Port Vans in spanning tree forwarding state and not pruned Fa0/20 10,20,50,60 (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) mm (NETWGRK rage 169 All contonts aro copyright @2013 - 2014 All rights rasorved.DIP (DYNAMIC TRUNKING PROTOCOL} Trunking can be done dynamically through negatiation process Switehiish dep Global DTP information ‘Sending DTP Helio packets every $0 seconds Dynamic Trink timeout is 300 seconds Ointerfaces using DTP DESIRABLE: desires to become trunk (always want to becorne trunk) Sends and reply to DTP messages Ji becomes a trunk: the port on the other switch is sotto trunk, dynamic desirable or dynamic aute mode. Only reply (o DTP messages (not send ) Defaulll node on most of the modern switches It becomes 2 trunk if the other end is set to trunk or dynamic desirable mode. Configuring trunk manually The port still negotiates trunking with the port on the other end of the link Configuring access manually The port is @ user port in a single VLAN. NO-NEGOTIATE + Tum off DIP messages (disable DTP). The portis a runk and does not do DTP negotiation with the other side of the link, Brn nie euncicecar) Dynamic Dynamic a ina cate Trunk Trunk Wot Fecommendled Note: Table assumes DTP Is enabled at both ends. show dlp terface to determine current setting CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 1 contate re cnpyright @2012 #014 Might rcere (NETWGRK rage 170{0/20 To/2 sWwl sw2 TASK: Configure £0/20 of SW1 To actively negotiate the dtp messages and SW2 {0/20 port should only reply to the dtp messges ‘Configure (0/21 of SWI and SW? should not negotiate any DTP essages ‘Sw-I# sh interfaces fa0/20 switchport Nome: Fad/20 Switehports Enabled ‘Administrative Mode: dynamic auto ‘Operational Mode: stati access (Renate Tete Beare ai ath Operational Trinking Eheapeation native onswr Sw-I(config)tint (0/20 Sw-I(config-if)#switchport mode ? ccrvar Sotrunking mode fo ACCESS unconditionally pram Set trunking red to dysamicaly negotiate access or ursemode trunk Set trunking mode to TRUNK unconditionally ‘Sw-1(conlig-i) tswitchpart mode dynamic desirable ‘SW-L#tsh interfaces fa0/20 switchport Name: Fa0/20 ‘Switchport: Enabled ‘Administrative Trunking Encapsulation: dotiq ‘SW-1# sh interfaces trunk Port Mode Encapsulation Status Native vlan Port Vians allowed on trunk Fa0/20 1-108 Switctoh interfaces tronk Por Neds. Eneapauiaten Sut are an FaO2ONMRHS = n-802.1q trunking 1 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) #35012 /- A connate cppigh 2010201 A igh rared (QETWERK rage 171Port Vians allowed on trunk 20/20 1-1008 Port Vians allowed and active in management domain Faorz0 1 Port Vians in spanning tree forwarding state and not pruned Faovzo 1 TASK: Configure SWI and SW? to Configure Manaul Trunk and Disable the DTP negotiation Process On SWI/Sw2 ‘Surax{contig)tint 0/21 Sw-x(config-if)#switchport mode trunk Swex(config-i) #switchport trunk encapsulation dotiq Sw-x(contig-i)#switchport nonegotiate Sw-tiish interfaces trank Port Mode Encapsulation Status Native vlan Fa0/20 auto n-802.1q trunking 1 Fa/@l on = 80R1q trunking 2 Port Vians allowed on trunk Fa0/20 1-100 Fa0/21 1-103 Port Vians allowed and active in management domain Fag/20 1 Fava] 1 Port Viansin spanning tree forwarding state and not pruned Fa0/20 1 Fav/al 1 ‘Sw-2tish interfaces trunk Port Mode — Encapsuiation Status Native vlan Fa0/20 auto. n-802.1q trunking 1 Fa0/al on 802.1q trunking 1 Port Vians allowed on trunk Fao/e0 1-105 Fa0/21 1-108 Port — Vians allowed and active in management domain Faoe0 1 Feoal 1 Port Vians in spanning tree forwarding siale and not pruned Fa0@0 1 Fa0/2l none (CCNA R&S Workbook by Sikandar Gouse Moinucidin CCIE (R&S, SP) nm G (NETWRK rage 172 All contonts aro copyright @2013 - 2014 All rights resorved.