CCNA Study Notes for Exam 640-607

OSI Model
LAN Design
Network Devices
Bridging/Switching
VLANs
Lan Protocols
TCP/IP
IPX/SPX
WAN Protocols
Frame Relay
ISDN
ATM
PPP
Cisco IOS
Security
Routing
RIP
OSPF
IGRP and EIGRP
Other Routing Info
Additional Links

OSI Model:
The OSI model is a layered model and a conceptual standard used for
defining standards to promote multi-vendor integration as well as maintain
constant interfaces and isolate changes of implementation to a single layer.
It is NOT application or protocol specific. In order to pass any Cisco exam,
you need to know the OSI model inside and out.

The OSI Model consists of 7 layers.

Layer Description Device Protocol
Provides network access for applications, flow
control and error recovery. Provides NCP, SMB,
communications services to applications by SMTP, FTP,
Applicati
identifying and establishing the availability of Gateway SNMP,
on
other computers as well as to determine if Telnet,
sufficient resources exist for communication Appletalk
purposes.
Gateway
Presenta Performs protocol conversion, encryption and and NCP, AFP,
tion data compression redirecto TDI
rs
Session Allows 2 applications to communicate over a Gateway NetBios
 network by opening a session and
synchronizing the involved computers.
Handles connection establishment, data
transfer and connection release
NetBEUI,
Repackages messages into smaller formats,
Transpo TCP, SPX,
provides error free delivery and error handling Gateway
rt and
functions
NWLink

Handles addressing, translates logical Router IP, IPX,

Network addresses and names to physical addresses, and NWLink,
routing and traffic management. brouter NetBEUI
Packages raw bits into frames making it
transmitable across a network link and
includes a cyclical redundancy check(CRC). It
consists of the LLC sublayer and the MAC
Switch,
sublayer. The MAC sublayer is important to
**Data bridge
remember, as it is responsible for appending None
Link and
the MAC address of the next hop to the frame
brouter
header. On the contrary, LLC sublayer uses
Destination Service Access Points and Source
Service Access Points to create links for the
MAC sublayers.
Physical layer works with the physical media
for transmitting and receiving data bits via
Multiplex
certain encoding schemes. It also includes
Physical er and None
specifications for certain mechanical
repeater
connection features, such as the adaptor
connector.

Here is an easy way to memorize the order of the layers:

All People Seem To Need Data Processing. The first letter of each word
corresponds to the first letter of one of the layers. It is a little corny, but it
works.

The table above mentions the term "MAC Address". A MAC address is a 48 bit
address for uniquely identifying devices on the network. Something likes 00-
00-12-33-FA-BC, we call this way of presenting the address a 12 hexadecimal
digits format. The first 6 digits specify the manufacture, while the remainders
are for the host itself. ARP Protocol is used to determine the IP to MAC
mapping. And of course, MAC addresses cannot be duplicated in the network
or problems will occur.
Data encapsulation takes place in the OSI model. It is the process in which
the information in a protocol is wrapped in the data section of another
protocol. The process can be broken down into the following steps:

User information -> data -> segments -> packets/datagrams -> frames ->
bits.

When discussing the OSI model it is important to keep in mind the

differences between "Connection-oriented" and "Connectionless"
communications. A connection oriented communication has the following
characteristics:

 A session is guaranteed.
 Acknowledgements are issued and received at the transport layer,
meaning if the sender does not receive an acknowledgement before the
timer expires, the packet is retransmitted.
 Phrases in a connection-oriented service involves Call Setup, Data
transfer and Call termination.
 All traffic must travel along the same static path.
 A failure along the static communication path can fail the connection.
 A guaranteed rate of throughput occupies resources without the flexibility
of dynamic allocation.
 Reliable = SLOW (this is always the case in networking).

In contrast, a connectionless communication has the following

characteristics:

 Often used for voice and video applications.

 NO guarantee nor acknowledgement.
 Dynamic path selection.
 Dynamic bandwidth allocation.
 Unreliable = FAST.

(Note: Connectionless communication does have some reliability PROVIDED

by upper layer Protocols.)

LAN Design:
Ethernet
When we talk about a LAN, Ethernet is the most popular physical layer LAN
technology today. Its standard is defined by the Institute for Electrical and
Electronic Engineers as IEEE Standard 802.3, but was originally created by
Digital Intel Xerox (DIX). According to IEEE, information for configuring an
Ethernet as well as specifying how elements in an Ethernet network interact
with one another is clearly defined in 802.3.

For half-duplex Ethernet 10BaseT topologies, data transmissions occur in one

direction at a time, leading to frequent collisions and data retransmission. In
contrast, full-duplex devices use separate circuits for transmitting and
receiving data and as a result, collisions are largely avoided. A collision is
when two nodes are trying to send data at the same time. On an Ethernet
network, the node will stop sending when it detects a collision, and will wait
for a random amount of time before attempting to resend, known as a jam
signal. Also, with full-duplex transmissions the available bandwidth is
effectively doubled, as we are using both directions simultaneously. You
MUST remember: to enjoy full-duplex transmission, we need a switch port,
not a hub, and NICs that are capable of handling full duplex. Ethernet?s
media access control method is called Carrier sense multiple access/ collision
dectect (CSMA/CD). Because of Ethernets collision habits it is also known as
the ?best effort delivery system.? Ethernet cannot carry data over 1518
bytes, anything over that is broken down into ?travel size packets.?

Click here for a website with tons of information related to ethernet.

Fast Ethernet
For networks that need higher transmission speeds, there is the Fast
Ethernet standard called IEEE 802.3u that raises the Ethernet speed limit to
100 Mbps! Of course, we need new cabling to support this high speed. In
10BaseT network we use Cat3 cable, but in 100BaseT network we need Cat 5
cables. The three types of Fast Ethernet standards are 100BASE-TX for use
with level 5 UTP cable, 100BASE-FX for use with fiber-optic cable, and
100BASE-T4 which utilizes an extra two wires for use with level 3 UTP cable.

Gigabit Ethernet
Gigabit Ethernet is an emerging technology that will provide transmission
speeds of 1000mbps. It is defined by the IEEE standard The 1000BASE-X
(IEEE 802.3z). Just like all other 802.3 transmission types, it uses Ethernet
frame format, full-duplex and media access control technology.

Token Ring
Token Ring is an older standard that isn't very widely used anymore as most
have migrated to some form of Ethernet or other advanced technology. Ring
topologies can have transmission rates of either 4 or 16mbps. Token passing
is the access method used by token ring networks, whereby, a 3bit packet
called a token is passed around the network. A computer that wishes to
transmit must wait until it can take control of the token, allowing only one
computer to transmit at a time. This method of communication aims to
prevent collisions. Token Ring networks use multistation access units
(MSAUs) instead of hubs on an Ethernet network. For extensive information
on Token Ring, visit Cisco's website.

Network Devices:
In a typical LAN, there are various types of network devices available as
outlined below.
• Hub Repeat signals received on each port by broadcasting to all the
other connected ports.

• Repeaters Used to connect two or more Ethernet segments of any

media type, and to provide signal amplification for a segment to be
extended. In a network that uses repeater, all members are contending
for transmission of data onto a single network. We like to call this
single network a collision domain. Effectively, every user can only
enjoy a percentage of the available bandwidth. Ethernet is subject to
the "5-4-3" rule regarding repeater placement, meaning we can only
have five segments connected using four repeaters with only three
segments capable of accommodating hosts.
• Bridge A layer 2 device used to connect different networks types or
networks of the same type. It maps the Ethernet addresses of the
nodes residing on each segment and allows only the necessary traffic
to pass through the bridge. Packet destined to the same segment is
dropped. This "store-and-forward" mechanism inspects the whole
Ethernet packet before making a decision. Unfortunately, it cannot
filter out broadcast traffic. Also, it introduces a 20 to 30 percent
latency when processing the frame. Only 2 networks can be linked with
a bridge.

• Switch Can link up four, six, eight or even more networks. Cut-through
switches run faster because when a packet comes in, it forwards it
right after looking at the destination address only. A store-and-forward
switch inspects the entire packet before forwarding. Most switches
cannot stop broadcast traffic. Switches are layer 2 devices.

• Routers Can filter out network traffic also. However, they filter based
on the protocol addresses defined in OSI layer 3(the network layer),
not based on the Ethernet packet addresses. Note that protocols must
be routable in order to pass through the routers. A router can
determine the most efficient path for a packet to take and send
packets around failed segments.

• Brouter Has the best features of both routers and bridges in that it
can be configured to pass the unroutable protocols by imitating a
bridge, while not passing broadcast storms by acting as a router for
other protocols.

• Gateway Often used as a connection to a mainframe or the internet.

Gateways enable communications between different protocols, data
types and environments. This is achieved via protocol conversion,
whereby the gateway strips the protocol stack off of the packet and
 adds the appropriate stack for the other side. Gateways operate at all
layers of the OSI model without making any forwarding decisions.
The goal of LAN segmentation is to effectively reduce traffic and collisions by
segmenting the network. In a LAN segmentation plan, we do not consider the
use of gateways and hubs at all and the focus turns to device such as
switches and routers.

Bridging/Switching:
 Bridge - A layer 2 device used to connect different networks types or
networks of the same type. It maps the Ethernet addresses of the nodes
residing on each segment and allows only the necessary traffic to pass
through the bridge. Packet destined to the same segment is dropped. This
"store-and-forward" mechanism inspects the whole Ethernet packet before
making a decision. Unfortunately, it cannot filter out broadcast traffic. Also, it
introduces a 20 to 30 percent latency when processing the frame. Only 2
networks can be linked with a bridge.
 Switch - Switches are layer 2 devices that can link up four, six, eight or
even more networks. Switches are the only devices that allow for
microsegmentation. Cut-through switches run faster because when a packet
comes in, it forwards it right after looking at the destination address only. A
store-and-forward switch inspects the entire packet before forwarding. Most
switches cannot stop broadcast traffic. Switches are considered dedicated
data link device because they are close to a 100 % of the bandwidth. While
bridging does most of its work by hardware, switches use fabric/software to
handle most of its work.

Store-and-forward - The entire frame is received before any forwarding

takes place. The destination and/or the source addresses are read and filters
are applied before the frame is forwarded. Latency occurs while the frame is
being received; the latency is greater with larger frames because the entire
frame takes longer to read. Error detection is high because of the time
available to the switch to check for errors while waiting for the entire frame
to be received. This method discards frames smaller than 64 bytes (runts)
and frames larger than 1518 bytes (giants).

Cut-Through - The switch reads the destination address before receiving

the entire frame. The frame is then forwarded before the entire frame
arrives. This mode decreases the latency of the transmission and has poor
error detection. This method has two forms, Fast-forward and fragment-free.
• Fast-forward switching - Fast-forward switching offers the lowest
level of latency by immediately forwarding a packet after receiving the
destination address. Because fast-forward switching does not check for
errors, there may be times when frames are relayed with errors.
Although this occurs infrequently and the destination network adapter
 discards the fault frame upon receipt. In networks with high collision
rates, this can negatively affect available bandwidth.

• Fragment Free Switching - Use the fragment-free option to reduce

the number of collisions frames forwarded with errors. In fast-forward
mode, latency is measured from the first bit received to the first bit
transmitted, or first in, first out (FIFO). Fragment-free switching filters
out collision fragments, which are the majority of packets errors,
before forwarding begins. In a properly functioning network, collision
fragments must be smaller then 64 bytes. Anything greater than 64
byes is a valid packet and is usually received without error. Fragment-
free switching waits until the received packet has been determined not
to be a collision fragment before forwarding the packet. In fragment-
free, latency is measured as FIFO.
Spanning-Tree Protocol - Allows duplicate switched/bridged paths without
incurring the latency effects of loops in the network.

The Spanning-Tree Algorithm, implemented by the Spanning-Tree Protocol,

prevents loops by calculating stable spanning-tree network topology. When
creating a fault-tolerant network, a loop-free path must exist between all
nodes in the network The Spanning-Tree Algorithm is used to calculate a
loop-free paths. Spanning-tree frames, called bridge protocol data units
(BPDUs), are sent and received by all switches in the network at regular
intervals and are used to determine the spanning-tree topology. A switch
uses Spanning-Tree Protocol on all Ethernet-and Fast Ethernet-based VLANs.
Spanning-tree protocol detects and breaks loops by placing some
connections in standby mode, which are activated in the event of an active
connection failure. A separate instance Spanning-Tree Protocol runs within
each configured VLAN, ensuring topologies, mainly Ethernet topologies that
conform to industry standards throughout the network. These modes are as
follows:
• Blocking- NO frames forwarded, BPDUs heard.

• Listening ? No frames forwarded, listening for frames

• Learning- No frames forwarded, learning addresses.

• Forwarding- Frames forwarded, learning addresses.

• Disabled- No frames forwarded, no BPDUs heard.

The state for each VLAN is initially set by the configuration and later
modified by the Spanning-Tree Protocol process. You can determine the
status, cost and priority of ports and VLANs, by using the show spantree
command. After the port-to-VLAN state is set, Spanning-Tree Protocol
determines whether the port forwards or blocks frames.
VLANs:
A VLAN is a logical grouping of devices or users. These devices or users can
be grouped by function, department application and so on, regardless of
their physical segment location. VLAN configuration is done at the switch via
switching fabric. A VLAN can be used to reduce collisions by separating
broadcast domains within the switch. In other words, VLANs create separate
broadcast domains in a switched network. Frame tagging at layer 2 does
this. Frame tagging is a gaining recognition as the standard for implementing
VLANs, and is recognized by IEEE 802.1q. Frame tagging uniquely assigns a
VLAN ID to each frame. This identifier is understood and examined by each
switch prior to any broadcasts or transmissions to other switches, routers,
and end-stations devices. When the frame exits the network backbone, the
switch removes the identifier before the frame is transmitted to the target
end station. This effectively creates an environment with fewer collisions.
The key to this is that ports in a VLAN share broadcasts, while ports not in
that VLAN cannot share the broadcasts. Thus users in the same physical
location can be members of different VLANs. We can plug existing hubs into
a switch port and assign them a VLAN of their own to segregates users on
the hubs. Frame filtering examines particular information about each frame.
A filtering table is developed for each switch; this provides a high level of
administrative control because it can examine many attributes of each
frame. Frame filtering is slowly being erased and replaced by the frame
tagging method.

VLANs can be complicated to set up. VLANs use layer 2 addressing, meaning
that routers are required between separate VLANs. The advantage of
deploying layer 2 addresses is that layer 2 addressing is faster to process. It
is also quite common for administrators to set up multiple VLANs with
multiple access lists to control access. Layer 3 routing provides the ability for
multiple VLANs to communicate with each other, which means that users in
different locations can reside on the same VLAN. This is a flexible approach
to network design.

VLANs are configured on the switch three ways, port centric, static and
dynamically. In port-centric VLANs, all the nodes connected to ports in the
same VLAN are assigned the same VLAN ID. Packets do not ?leak? into other
domains, and are easily administered and provide great security between
VLANs. Some say that static configured VLANs are the same as port centric,
because static VLANs use the port centric method for assigning them to
switch ports. Dynamic VLANs are ports on a switch that can automatically
determine their VLAN assignments. Dynamic VLAN functions are based on
MAC addresses, logical addressing, or protocol type of the data packets.
When a station is initially connected to an unassigned switch port, the
appropriate switch checks the MAC entry in the management database and
dynamically configures the port with the corresponding VLAN configuration.
The major high points of this method are less administration overhead, of
course only after the first administration of the database within the VLAN
management software.
VLAN Switching
VLAN Considerations

Lan Protocols:
The following sections will introduce the core LAN protocols that you will
need to know for the exam.

TCP/IP:
Every IP address can be broken down into 2 parts, the Network ID(netid) and
the Host ID(hostid). All hosts on the same network must have the same
netid. Each of these hosts must have a hostid that is unique in relation to the
netid. IP addresses are divided into 4 octets with each having a maximum
value of 255. We view IP addresses in decimal notation such as
124.35.62.181, but it is actually utilized as binary data so one must be able
to convert addresses back and forth.

The following table explains how to convert binary into decimal and visa
versa:
Decimal Binary When converting binary data
128 10000000 to decimal, a "0" is equal to
64 01000000 0. "1" is equal to the number
that corresponds to the field
32 00100000
it is in. For example, the
16 00010000 number 213 would be
8 00001000 11010101 in binary notation.
4 00000100 This is calculated as follows:
2 00000010 128+64+0+16+0+4+0+1=
213. Remember that this
only represents 1 octet of 8
bits, while a full IP address is
32 bits made up of 4 octets.
1 00000001 This being true, the IP
address 213.128.68.130
would look like 11010101
10000000 01000100
10000010.

IP addresses are divided into 3 classes as shown below:

Class Range
A 1-126 IP addresses can be class A, B or C. Class A addresses are
B 128-191 for networks with a large number of hosts. The first octet
C 192-223
224-239
D
Multicasting
240-255 is the netid and the 3 remaining octets are the hostid.
E Experimenta Class B addresses are used in medium to large networks
l with the first 2 octets making up the netid and the
remaining 2 are the hostid. A class C is for smaller

A subnet mask blocks out a portion of an IP address and is used to

differentiate between the hostid and netid. The default subnet masks are as
follows:
# of
Clas Default # of Hosts Per
Subnet
s Subnet Subnet
s
Class
255.0.0.0 126 16,777,214
A
Class 255.255.0.
16,384 65,534
B 0
Class 255.255.2 2,097,15
254
C 55.0 2
In these cases, the part of the IP address blocked out by 255 is the netid.

In the table above, the it shows the default subnet masks. What subnet mask
do you use when you want more that 1 subnet? Lets say, for example, that
you want 8 subnets and will be using a class C address. The first thing you
want to do is convert the number of subnets into binary, so our example
would be 00001000. Moving from left to right, drop all zeros until you get to
the first "1". For us that would leave 1000. It takes 4 bits to make 8 in binary
so we add a "1" to the first 4 high order bits of the 4th octet of the subnet
mask(since it is class C) as follows:
11111111.11111111.11111111.11110000 = 255.255.255.240. There is our
subnet mask.
Lets try another one...Lets say that you own a chain of stores that sell
spatulas in New York and you have stores in 20 different neighborhoods and
you want to have a separate subnet on your network for each neighborhood.
It will be a class B network. First, we convert 20 to binary - 00010100. We
drop all zeros before the first "1" and that leaves 10100. It takes 5 bits to
make 20 in binary so we add a "1" to the first 5 high order bits which gives:
11111111.11111111.11111000.00000000 = 255.255.248.0. The following
table shows a comparison between the different subnet masks.
# of
Ma Class A Class B Class C
Subnet
sk Hosts Hosts Hosts
s
192 2 4,194,302 16,382 62
224 6 2,097,150 8,190 30
240 14 1,048,574 4,094 14
248 30 524,286 2,046 6
252 62 262,142 1,022 2
254 126 131,070 510 Invalid
255 254 65,534 254 Invalid

Note: 127.x.x.x is reserved for loopback testing on the local system and is
not used on live systems.

TCP/IP Ports - Ports are what an application uses when communicating

between a client and server computer. Some common TCP/IP ports are:
 20 FTP-DATA
 21 FTP
 23 TELNET
 25 SMTP
 69 TFTP
 70 GOPHER
 80 HTTP
 110 POP3
 137 NetBIOS name service
 138 NetBIOS datagram service
 139 NetBIOS
 161 SNMP

You need to understand Buffering, Source quench messages and Windowing.

Buffering allows devices to temporarily store bursts of excess data in
memory. However, if data keep arriving at high speed, buffers can go
overflow. In this case, we use source quench messages to request the sender
to slow down.

Windowing is for flow-control purpose. It requires the sending device to send

a few packets to the destination device and wait for the acknowledgment.
Once received, it sends the same amount of packets again. If there is a
problem on the receiving end, obviously no acknowledgement will ever come
back. The sending source will then retransmits at a slower speed. This is like
trial and error, and it works. Note that the window size should never be set to
0 - a zero window size means to stop transmittion completely.

3COM?s IP addressing tutorial is just superior. It covers basic IP addressing

options as well as subnetting and VLSM/CIDR.

IPX/SPX:
IPX will also be an important issue to consider in network management given
the fact there many companies still use Netware servers. There are two parts
to every IPX Network address - the Network ID and the Host ID. The first 8
hex digits represent the network ID, while the remaining hex digits represent
the host ID, which is most likely the same as the MAC address, meaning we
do not need to manually assign node addresses. Note that valid hexadecimal
digits range from 0 through 9, and hexadecimal letters range from A through
F. FFFFFFFF in hexadecimal notation = 4292967295 in decimal.

Sequenced Packet Exchange(SPX) belongs to the Transport layer, and is

connection-oriented. It creates virtual circuits between hosts, and that each
host is given a connection ID in the SPX header for identifying the
connection. Service Advertisement Protocol(SAP) is used by NetWare servers
to advertise network services via broadcast at an interval of every 60
minutes by default.

WAN Protocols:
In general, there are three broad types of WAN access technology. With
Leased Lines, we have point-to-point dedicated connection that uses pre-
established WAN path provided by the ISP. With Circuit Switching such as
ISDN, a dedicated circuit path exist only for the duration of the call. Compare
to traditional phone service, ISDN is more reliable and is faster. With Packet
Switching, all network devices share a single point-to-point link to transport
packets across the carrier network - this is known as virtual circuits.

When we talk about Customer premises equipment(CPE), we are referring to

devices physically located at the subscriber?s location. Demarcation is the
place where the CPE ends and the local loop begins. A Central Office(CO) has
switching facility that provides point of presence for its service. Data
Terminal Equipment(DTE) are devices where the switching application
resides, and Date Circuit-terminating Equipment(DCE) are devices that
convert user data from the DTE into the appropriate WAN protocol. A router
is a DTE, while a DSU/CSU device or modem are often being referred to as
DCEs.

Frame Relay:
Frame Relay has the following characteristics:
 successor to X.25
 has less overhead than X.25 because it relies on upper layer protocols to
perform error checking.
 Speed in between the range of 56 Kbps to 2.078 Mbps.
 uses Data Link Connection Identifiers(DLCI) to identify virtual circuits,
with DLCI number between 16 and 1007.
 uses Local Management Interfaces(LMI) to provide info on the DLCI values
as well as the status of virtual circuits. Cisco routers support Cisco(Default),
ANSI and Q933a.
 to set up frame relay, we need to set the encapsulation to frame-relay in
either the Cisco(Default) mode or the IETF mode, although Cisco
encapsulation is required to connect two Cisco devices.
 LMI type is configurable, but by default it is being auto-sensed.
 generally transfer data with permanent virtual circuits (PVCs), although
we can use switched virtual circuits (SVCs) as well.
 SVC is for transferring data intermittently.
 PVC does not have overhead of establishing and terminating a circuit
each time communication is needed.
 Committed Information Rate(CIR) is the guaranteed minimum transfer
rate of a connection

Cisco has a web page that describes the configuration and troubleshooting of
Frame relay at http://www.cisco.com/warp/public/125/13.html

ISDN:
ISDN has the following characteristics:
 Works at the Physical, Data Link, and Network Layers.
 Often used in backup DDR Dial on Demand Routing.
 Makes use of existing telephone.
 Supports simultaneous data and voice.
 Max speed at 125 Kbps with PPP Multilink.
 Call setup and data transfer is faster than typical modems.
 BRI has 2 x 64 1Kbps B Channels for data and one 16 Kbps D Channel for
control
 PRI has 23 x B Channels and one D Channel in the US, or 30 x B Channel
and one D Channel in Europe.
 E protocol specifies ISDN on existing telephone network
 I protocol specifies Concepts, terminology, and Services
 Q protocol specifies switching and signaling
 ISDN Reference Points include R(between non ISDN equipment and TA),
S(between user terminals and NT2), T(between NTI and NT2 devices) and
U(between NTI devices and Line Termination Equipment in North America)
 router always connected by the U interface into NT1
 BRI interface is considered Terminal Equipment type 1 TE1
 TE1 is built into the ISDN standards
 Needs to have Terminal Adapter TA to use TE2

Cisco has a web page with links about the configuration and troubleshooting
of ISDN here

ATM:
ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-
switching technique that uses short fixed length packets called cells which
are about 53 bits in length. ATM can transmit voice, video, and data over a
variable-speed LAN and WAN connections at speeds ranging from 1.544Mbps
to as high as 622Mbps. I recently read that the new standard may be 2Gbps.
ATM's speed is derived from the use of short fixed length cells, which reduce
delays, and the variance of delay for delay-sensitive services such as voice
and video. ATM is capable of supporting a wide range of traffic types such as
voice, video, image and data.

PPP:
As an improvement to Serial Line Internet Protocol (SLIP), Point-to-Point
Protocol (PPP) was mainly for the transfer of data over slower serial
interfaces. It is better than SLIP because it provides multiprotocol support,
error correction as well as password protection. It is a Data Link Layer
protocol used to encapsulate higher protocols to pass over synchronous or
asynchronous communication lines. PPP is capable of operating across any
DTE/DCE device, most commonly modems, as long as they support duplex
circuits. There are 3 components to PPP:

 HDLC(High-level Data Link Control) - Encapsulates the data during

transmission and is a link layer protocol which is also the default Cisco
encapsulation protocol for synchronous serial links. HDLC is supposed to be
an open standard, but Cisco's version is proprietary, meaning it can only
function with Cisco routers.
 LCP(Link Control Protocol) - Establishes, tests and configures the data link
connection.
 NCPs(Network Control Protocols) - Used to configure the different
communication protocols, allowing them on the same line simultaneously.
Microsoft uses 3 NCPs for the 3 protocols at the Network Layer (IP, IPX and
NetBEUI)

PPP communication occurs in the following manner: PPP sends LCP frames to
test and configure the data link. Next, authentication protocols are
negotiated to determine what sort of validation is used for security. Below
are 2 common authentication protocols:

 PAP is similar to a network login but passwords are sent as clear text. It is
normally only used on FTP sites.
 CHAP uses encryption and is a more secure way of sending passwords.

Then NCP frames are used to setup the network layer protocols to be used.
Finally, HDLC is used to encapsulate the data stream as it passes through
the PPP connection.

Point-to-Point Tunneling Protocol(PPTP) provides for the secure transfer of

data from a remote client to a private server by creating a multi-protocol
Virtual Private Network(VPN) by encapsulating PPP packets into IP
datagrams. There are 3 steps to setup a secure communication channel:
 1. PPP connection and communication to the remote network are
established.

2. PPTP creates a control connection between the client and remote PPTP
server

3. PPTP creates the IP datagrams for PPP to send.

The packets are encrypted by PPP and sent through the tunnel to the PPTP
server which decrypts the packets, disassembles the IP datagrams and
routes them to the host. Setting Up PPTP requires a PPTP Client, PPTP Server
and a Network Access Server(NAS).

There is a very helpful web site with detailed tutorials on ISDN, Frame Relay,
X.25, ATM and other serial WAN technologies located here.

Cisco IOS:
Cisco routers use the Internetworking Operating System(IOS) which stores
the configuration information in Non-Volatile RAM(NVRAM) and the IOS itself
is stored in flash. The IOS can be accessed via Telnet, console
connection(such as hyperterminal) or dialin connection. You can also
configure the router as a web server and then access a web-based
configuration panel via http.

There are a variety of sources for booting include Flash memory, TFTP and
ROM. It is always recommended that new image of IOS be loaded on a TFTP
server first, and then copy the image from the TFTP server to the flash
memory as a backup mechanism. The copy command such as "copy tftp
flash" allows us to copy the IOS image from TFTP server to the Flash
memory. And of course, we can always do the reverse. Now, we need to
inform the router to boot from the correct source. The following commands
are examples of what we should type in depending on the situation.
Typically, it is a good idea to specify multiple boot options as a fall back
mechanism.

 boot system flash {filename}

 boot system tftp {filename} {tftp server IP address}
 boot system rom

After the boot up process we can prepare to login. The User EXEC is the first
mode we encounter. It gives us a prompt of "Router>". To exit this mode
means to log out completely, this can be done with the logout command. If
we want to proceed to the Privileged EXEC, we need to use the enable EXEC
command. Once entered, the prompt will be changed to ?Router#". To go
back to user EXEC mode, we need to use the disable command. Note that all
the configuration works requires the administrator to be in the Privileged
mode first. Put it this way, Privileged EXEC mode includes support for all
commands in user mode plus those that provide access to global and system
settings.

The setup command facility is for making major changes to the existing
configurations, such as adding a protocol suite, modifying a major
addressing scheme changes, or configuring a newly installed interface.

If you aren't big on reading manuals, finding out the way to access help
information is a MUST. To display a list of commands available for each
command mode, we can type in a ? mark. IOS also provides context-
sensitive help feature to make life easier. In order to pass this exam, you will
need to be able to find your away around the IOS. We will list some the
information here, but there is too much to list all of it. You will definitely need
access to a router or get the software listed at the beginning of this study
guide so that you can practice.

Useful editing commands include:

Comma
Purpose
nd
Recall commands in the history
Crtl-P buffer starting with the most recent
command.
Return to more recent commands in
the history buffer after recalling
Crtl-N
commands with Crtl-P or the up
arrow key.
Crtl-B Move the cursor back one character
Move the cursor forward one
Crtl-F
character
Move the cursor to the beginning of
Crtl-A
the command line
Move the cursor to the end of the
Crtl-E
command line
Esc B Move the cursor back one word
Esc F Move the cursor forward one word
Crtl-R or
Redisplay the current command line
Crtl-L

You will find most of the IOS commands at the following 2 links:
Router and Switch Commands
http://www.cisco.com/warp/cpropub/45/tutorial.htm

Security:
Access Lists allow us to implement some level of security on the network by
inspecting and filtering traffic as it enters or exits an interface. Each router
can have many access lists of the same or different types. However, only one
can be applied in each direction of an interface at a time (keep in mind that
inbound and outbound traffic is determined from the router's perspective).
The two major types of access lists that deserve special attention are the IP
Access Lists and the IPX Access Lists.

Standard IP access lists can be configured to permit or deny passage through

a router based on the source host's IP address. Extended IP access list uses
destination address, IP protocol and port number to extend the filtering
capabilities. Access can be configured to be judged based on a specific
destination address or range of addresses, on an IP protocol such as TCP or
UDP, or on port information such as http, ftp, telnet or snmp. We use access
list number to differentiate the type of access list. In standard IP access lists
we have numbers from 1 through 99, and in extended IP access lists we have
numbers from 100 through 199:

1-99 Standard IP

100- Extended IP
199

200- Protocol type-code

299

300- DECnet
399

600- Appletalk
699

700- Standard 48-bit MAC

799 Address

800- Standard IPX

899

900- Extended IPX

999

1000- IPX SAP

1099

1100- Extended 48-bit MAC

1199 Address
1200- IPX Summary
1299 Address

When dealing with Access Control Lists or preparing for your CCNA exam,
you have to deal with a 32-bit wild card address in dotted-decimal form,
known as your inverse mask. By Cisco?s definition it is called inverse, but
you can think of it as the ?reverse? of your subnet mask in most cases. When
dealing with your wild card mask, you have two values that you are working
with. Like subnetting you have a 0 as "off" and a 1 as the "on" value. Wild
cards deal with the 0 value as ?match? and the 1 value as "ignore". What do
I mean by ignore or match? If you have studied ACLs you should know that
your goal is to set criteria to deny or permit and that is where your Inverse
mask comes into play. It tells the router which values to seek out when
trying to deny or permit in your definition. If you have dealt with subnetting
you know that most of your address ended with an even number. With your
inverse mask you will end up with an odd number. There are several
different ways to come up with your inverse mask; the easiest is to subtract
your subnet mask from the all routers broadcast address of
255.255.255.255.

Example: You have a subnet mask of 255.255.255.0. To get your wild card
mask all you have to do is:

255.255.255.255.
-255.255.255.0
0.0.0.255

Then you can apply it to the definition, whether using a standard or extended
ACL.

Standard example:
Router(config)# access-list 3 deny 170.10.1.0 0.0.0.255

How you would read this list. With this wild card you told the router to ?
match? the first three octets and you don?t care what?s going on in the last
octet.

Extended example:
Router(config)# access-list 103 permit 178.10.2.0 0.0.0.255 170.10.1.0
0.0.0.255 eq 80

How you would read this list? With this wild card you have told the router to
match The first three octets and you don?t care what?s going on in the last
octet.
Thank of it this way. If you had broken the decimal form down to binary. The
wild card mask would look like this.
00000000.00000000.00000000.11111111 As you know the ?1? means
ignore and ?0? means match. So in that last octet it could have been any
value on that subnet line ranging from 0-255.

For more information on IP Access Lists, read Configuring IP Access Lists

For IPX access list configuration, read Control Access to IPX Networks

Routing:
There are 2 main types of routing, which are static and dynamic, the third
type of routing is called Hybrid. Static routing involves the cumbersome
process of manually configuring and maintaining route tables by an
administrator. Dynamic routing enables routers to "talk" to each other and
automatically update their routing tables. This process occurs through the
use of broadcasts. Next is an explanation of the various routing protocols.

RIP:
Routing Information Protocol(RIP) is a distance vector dynamic routing
protocol. RIP measures the distance from source to destination by counting
the number of hops(routers or gateways) that the packets must travel over.
RIP sets a maximum of 15 hops and considers any larger number of hops
unreachable. RIP's real advantage is that if there are multiple possible paths
to a particular destination and the appropriate entries exist in the routing
table, it will choose the shortest route. Routers can talk to each other,
however, in the real routing world, there are so many different routing
technologies available, that it is not as simple as just enabling Routing
Information Protocol (RIP).

For information on RIP configuration, read Configuring RIP

OSPF:
Open Shortest Path First (OSPF) is a link-state routing protocol that
converges faster than a distance vector protocol such as RIP. What is
convergence? This is the time required for all routers to complete building
the routing tables. RIP uses ticks and hop counts as measurement, while
OSPF also uses metrics that takes bandwidth and network congestion into
making routing decisions. RIP transmits updates every 30 seconds, while
OSPF transmits updates only when there is a topology change. OSPF builds a
complete topology of the whole network, while RIP uses second handed
information from the neighboring routers. To summarize, RIP is easier to
configure, and is suitable for smaller networks. In contrast, OSPF requires
high processing power, and is suitable if scalability is the main concern.

We can tune the network by adjusting various timers. Areas that are tunable
include: the rate at which routing updates are sent, the interval of time after
which a route is declared invalid, the interval during which routing
information regarding better paths is suppressed, the amount of time that
must pass before a route is removed from the routing table, and the amount
of time for which routing updates will be postponed. Of course, different
setting is needed in different situation. In any case, we can use the "show ip
route" command to display the contents of routing table as well as how the
route was discovered.

For commands and methods to configure OSPF read Configuring OSPF on

Cisco Routers

IGRP and EIGRP:

RIP and OSPF are considered "open", while IGRP and EIGRP are Cisco
proprietary. Interior Gateway Routing Protocol(IGRP) is a distance vector
routing protocol for the interior networks, while Enhanced Interior Gateway
Routing Protocol (EIGRP) is a hybrid that combines distance vector and link-
state technologies. Do not confuse these with NLSP. Link Services Protocol
(NLSP) is a proprietary link-state routing protocol used on Novell NetWare 4.X
to replace SAP and RIP. For IGRP, the metric is a function of bandwidth,
reliability, delay and load. One of the characteristics of IGRP is the
deployment of hold down timers. A hold-down timer has a value of 280
seconds. It is used to prevent routing loops while router tables converge by
preventing routers from broadcasting another route to a router which is off-
line before all routing tables converge. For EIGRP, separate routing tables are
maintained for IP, IPX and AppleTalk protocols. However, routing update
information is still forwarded with a single protocol.

(Note: RIPv2, OSPF and EIGRP include the subnet mask in routing updates
which allows for VLSM (Variable Length Subnet Mask), hence VLSM is not
supported by RIP-1 or IGRP.)

For more information about IGRP, read Configuring IGRP

For a detailed guideline on configuring EIGRP, read Configuring IP Enhanced
IGRP

Other Routing Info:

In the routing world, we have the concept of autonomous system AS, which
represents a group of networks and routers under a common management
and share a common routing protocol. ASs are connected by the backbone to
other ASs. For a device to be part of an AS, it must be assigned an AS
number that belongs to the corresponding AS.

Route poisoning intentionally configure a router not to receive update

messages from a neighboring router, and sets the metric of an unreachable
network to 16. This way, other routers can no longer update the originating
router's routing tables with faulty information.

Hold-downs prevent routing loops by disallowing other routers to update

their routing tables too quickly after a route goes down. Instead, route can
be updated only when the hold-down timer expires, if another router
advertises a better metric, or if the router that originally advertised the
unreachable network advertises that the network has become reachable
again. Note that hold down timers need to work together with route
poisoning in order to be effective.

Split horizon simply prevents a packet from going out the same router
interface that it entered. Poison Reverse overrides split horizon by informing
the sending router that the destination is inaccessible, while Triggered
Updates send out updates whenever a change in the routing table occurs
without waiting for the preset time to expire.

Router and Switch Commands

By Jamison Schmidt

This reference guide provides router and switch commands to help you
prepare for Cisco's CCNA certification exam. This guide covers IOS version 11
and higher. We will try to get VLSM and Supernetting commands added for
the new 640-801 CCNA exam.

ROUTER COMMANDS
Router Commands
Show Commands
Catalyst Commands

TERMINAL CONTROLS:
 Config# terminal editing - allows for enhanced editing commands
 Config# terminal monitor - shows output on telnet session
 Config# terminal ip netmask-format hexadecimal|bit-count|decimal -
changes the format of subnet masks

HOST NAME:
 Config# hostname ROUTER_NAME

BANNER:
 Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for
any character, must start and finish the message

DESCRIPTIONS:
 Config# description THIS IS THE SOUTH ROUTER - can be entered at the
Config-if level

CLOCK:
 Config# clock timezone Central -6
# clock set hh:mm:ss dd month yyyy - Example: clock set 14:35:00 25
August 2003

CHANGING THE REGISTER:

 Config# config-register 0x2100 - ROM Monitor Mode
 Config# config-register 0x2101 - ROM boot
 Config# config-register 0x2102 - Boot from NVRAM

BOOT SYSTEM:
 Config# boot system tftp FILENAME SERVER_IP - Example: boot system
tftp 2600_ios.bin 192.168.14.2
 Config# boot system ROM
 Config# boot system flash - Then - Config# reload

CDP:
 Config# cdp run - Turns CDP on
 Config# cdp holdtime 180 - Sets the time that a device remains. Default
is 180
 Config# cdp timer 30 - Sets the update timer.The default is 60
 Config# int Ethernet 0
 Config-if# cdp enable - Enables cdp on the interface
 Config-if# no cdp enable - Disables CDP on the interface
 Config# no cdp run - Turns CDP off

HOST TABLE:
 Config# ip host ROUTER_NAME INT_Address - Example: ip host lab-a
192.168.5.1
-or-
 Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 - Example: ip
host lab-a 192.168.5.1 205.23.4.2 199.2.3.2 - (for e0, s0, s1)

DOMAIN NAME SERVICES:

 Config# ip domain-lookup - Tell router to lookup domain names
 Config# ip name-server 122.22.2.2 - Location of DNS server
 Config# ip domain-name cisco.com - Domain to append to end of names

CLEARING COUNTERS:
 # clear interface Ethernet 0 - Clears counters on the specified interface
 # clear counters - Clears all interface counters
 # clear cdp counters - Clears CDP counters

STATIC ROUTES:
 Config# ip route Net_Add SN_Mask Next_Hop_Add - Example: ip route
192.168.15.0 255.255.255.0 205.5.5.2
 Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add - Default route
-or-
 Config# ip default-network Net_Add - Gateway LAN network

IP ROUTING:
 Config# ip routing - Enabled by default
 Config# router rip
-or-
 Config# router igrp 100
 Config# interface Ethernet 0
 Config-if# ip address 122.2.3.2 255.255.255.0
 Config-if# no shutdown

IPX ROUTING:
 Config# ipx routing
 Config# interface Ethernet 0
 Config# ipx maximum-paths 2 - Maximum equal metric paths used
 Config-if# ipx network 222 encapsulation sap - Also Novell-Ether, SNAP,
ARPA on Ethernet. Encapsulation HDLC on serial
 Config-if# no shutdown

ACCESS LISTS:
IP
1-99
Standard
IP 100-
Extended 199
IPX 800-
Standard 899
IPX 900-
Extended 999
IPX SAP 1000-
Filters 1099

IP STANDARD:
 Config# access-list 10 permit 133.2.2.0 0.0.0.255 - allow all src ip?s on
network 133.2.2.0
-or-
 Config# access-list 10 permit host 133.2.2.2 - specifies a specific host
-or-
 Config# access-list 10 permit any - allows any address

 Config# int Ethernet 0

 Config-if# ip access-group 10 in - also available: out

IP EXTENDED:
 Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0
0.0.0.255 eq telnet
-protocols: tcp, udp, icmp, ip (no sockets then), among others
-source then destination address
-eq, gt, lt for comparison
-sockets can be numeric or name (23 or telnet, 21 or ftp, etc)
-or-
 Config# access-list 101 deny tcp any host 133.2.23.3 eq www
-or-
 Config# access-list 101 permit ip any any

 Config# interface Ethernet 0

 Config-if# ip access-group 101 out

IPX STANDARD:
 Config# access-list 801 permit 233 AA3 - source network/host then
destination network/host
-or-
 Config# access-list 801 permit -1 -1 - ?-1? is the same as ?any? with
network/host addresses

 Config# interface Ethernet 0

 Config-if# ipx access-group 801 out

IPX EXTENDED:
 Config# access-list 901 permit sap 4AA all 4BB all
- Permit protocol src_add socket dest_add socket
-?all? includes all sockets, or can use socket numbers
-or-
 Config# access-list 901 permit any any all any all
-Permits any protocol with any address on any socket to go anywhere

 Config# interface Ethernet 0

 Config-if# ipx access-group 901 in

IPX SAP FILTER:

 Config# access-list 1000 permit 4aa 3 - ?3? is the service type
-or-
 Config# access-list 1000 permit 4aa 0 - service type of ?0? matches all
services

 Config# interface Ethernet 0

 Config-if# ipx input-sap-filter 1000 - filter applied to incoming packets
-or-
 Config-if# ipx output-sap-filter 1000 - filter applied to outgoing packets

NAMED ACCESS LISTS:

 Config# ip access-list standard LISTNAME
-can be ip or ipx, standard or extended
-followed by the permit or deny list
 Config# permit any

 Config-if# ip access-group LISTNAME in

-use the list name instead of a list number
-allows for a larger amount of access-lists

PPP SETUP:
 Config-if# encapsulation ppp
 Config-if# ppp authentication chap pap
-order in which they will be used
-only attempted with the authentification listed
-if one fails, then connection is terminated
 Config-if# exit
 Config# username Lab-b password 123456
-username is the router that will be connecting to this one
-only specified routers can connect
-or-
 Config-if# ppp chap hostname ROUTER
 Config-if# ppp chap password 123456
-if this is set on all routers, then any of them can connect to any other
-set same on all for easy configuration

ISDN SETUP:
 Config# isdn switch-type basic-5ess - determined by telecom
 Config# interface serial 0
 Config-if# isdn spid1 2705554564 - isdn ?phonenumber? of line 1
 Config-if# isdn spid2 2705554565 - isdn ?phonenumber? of line 2
 Config-if# encapsulation PPP - or HDLC, LAPD

DDR - 4 Steps to setting up ISDN with DDR

1. Configure switch type
Config# isdn switch-type basic-5ess - can be done at interface config
 2. Configure static routes
Config# ip route 123.4.35.0 255.255.255.0 192.3.5.5 - sends traffic
destined for 123.4.35.0 to 192.3.5.5
Config# ip route 192.3.5.5 255.255.255.255 bri0 - specifies how to get
to network 192.3.5.5 (through bri0)

3. Configure Interface
Config-if# ip address 192.3.5.5 255.255.255.0
Config-if# no shutdown
Config-if# encapsulation ppp
Config-if# dialer-group 1 - applies dialer-list to this interface
Config-if# dialer map ip 192.3.5.6 name Lab-b 5551212
connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting
traffic
can also use ?dialer string 5551212? instead if there is only one
router to connect to

4. Specify interesting traffic

Config# dialer-list 1 ip permit any
-or-
Config# dialer-list 1 ip list 101 - use the access-list 101 as the dialer
list

5. Other Options
Config-if# hold-queue 75 - queue 75 packets before dialing
Config-if# dialer load-threshold 125 either
-load needed before second line is brought up
-?125? is any number 1-255, where % load is x/255 (ie 125/255 is
about 50%)
-can check by in, out, or either
Config-if# dialer idle-timeout 180
-determines how long to stay idle before terminating the session
-default is 120
FRAME RELAY SETUP:
 Config# interface serial 0
 Config-if# encapsulation frame-relay - cisco by default, can change to ietf
 Config-if# frame-relay lmi-type cisco - cisco by default, also ansi, q933a
 Config-if# bandwidth 56

 Config-if# interface serial 0.100 point-to-point - subinterface

 Config-if# ip address 122.1.1.1 255.255.255.0
 Config-if# frame-relay interface-dlci 100
-maps the dlci to the interface
-can add BROADCAST and/or IETF at the end
 Config-if# interface serial 1.100 multipoint
 Config-if# no inverse-arp - turns IARP off; good to do
 Config-if# frame-relay map ip 122.1.1.2 48 ietf broadcast
-maps an IP to a dlci (48 in this case)
-required if IARP is turned off
-ietf and broadcast are optional
 Config-if# frame-relay map ip 122.1.1.3 54 broadcast

SHOW COMMANDS

 Show access-lists - all access lists on the router

 Show cdp - cdp timer and holdtime frequency
 Show cdp entry * - same as next
 Show cdp neighbors detail - details of neighbor with ip add and ios
version
 Show cdp neighbors - id, local interface, holdtime, capability, platform
portid
 Show cdp interface - int?s running cdp and their encapsulation
 Show cdp traffic - cdp packets sent and received
 Show controllers serial 0 - DTE or DCE status
 Show dialer - number of times dialer string has been reached, other stats
 Show flash - files in flash
 Show frame-relay lmi - lmi stats
 Show frame-relay map - static and dynamic maps for PVC?s
 Show frame-relay pvc - pvc?s and dlci?s
 Show history - commands entered
 Show hosts - contents of host table
 Show int f0/26 - stats of f0/26
 Show interface Ethernet 0 - show stats of Ethernet 0
 Show ip - ip config of switch
 Show ip access-lists - ip access-lists on switch
 Show ip interface - ip config of interface
 Show ip protocols - routing protocols and timers
 Show ip route - Displays IP routing table
 Show ipx access-lists - same, only ipx
 Show ipx interfaces - RIP and SAP info being sent and received, IPX
addresses
 Show ipx route - ipx routes in the table
 Show ipx servers - SAP table
 Show ipx traffic - RIP and SAP info
 Show isdn active - number with active status
 Show isdn status - shows if SPIDs are valid, if connected
 Show mac-address-table - contents of the dynamic table
 Show protocols - routed protocols and net_addresses of interfaces
 Show running-config - dram config file
 Show sessions - connections via telnet to remote device
 Show startup-config - nvram config file
 Show terminal - shows history size
 Show trunk a/b - trunk stat of port 26/27
 Show version - ios info, uptime, address of switch
 Show vlan - all configured vlan?s
 Show vlan-membership - vlan assignments
 Show vtp - vtp configs

CATALYST COMMANDS
For Native IOS - Not CatOS

SWITCH ADDRESS:
 Config# ip address 192.168.10.2 255.255.255.0
 Config# ip default-gateway 192.168.10.1

DUPLEX MODE:
 Config# interface Ethernet 0/5 - ?fastethernet? for 100 Mbps ports
 Config-if# duplex full - also, half | auto | full-flow-control

SWITCHING MODE:
 Config# switching-mode store-and-forward - also, fragment-free

MAC ADDRESS CONFIGS:

 Config# mac-address-table permanent aaab.000f.ffef e0/2 - only this mac
will work on this port
 Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3
-port 3 can only send data out port 2 with that mac
-very restrictive security

 Config-if# port secure max-mac-count 5 - allows only 5 mac addresses

mapped to this port

VLANS:
 Config# vlan 10 name FINANCE
 Config# interface Ethernet 0/3
 Config-if# vlan-membership static 10

TRUNK LINKS:
 Config-if# trunk on - also, off | auto | desirable | nonegotiate
 Config-if# no trunk-vlan 2
-removes vlan 2 from the trunk port
-by default, all vlans are set on a trunk port

CONFIGURING VTP:
 Config# delete vtp - should be done prior to adding to a network
 Config# vtp server - the default is server, also client and transparent
 Config# vtp domain Camp - name doesn?t matter, just so all switches use
the same
 Config# vtp password 1234 - limited security
 Config# vtp pruning enable - limits vtp broadcasts to only switches
affected
 Config# vtp pruning disable

FLASH UPGRADE:
 Config# copy tftp://192.5.5.5/configname.ios opcode - ?opcode? for ios
upgrade, ?nvram? for startup config

DELETE STARTUP CONFIG:

 Config# delete nvram

Cisco IOS Command Line Interface Tutorial

Abstract

The focus of this document is to introduce a new Cisco

Internetworking Operating System (IOS) user to the IOS
command line interface (CLI). After reading this document, a new
user will understand how to use the IOS CLI to configure and
manage an IOS router. For easier reference, Table 1 displays a
collection of important terms and acronyms that are used
throughout the document.

Table 1 - Glossary Of Important Terms And Acronyms

Used In This Tutorial
Cisco
- Cisco Internetworking Operating System
IOS
CLI - Command Line Interface
- Command line session to the router (could be
EXEC
console, modem, or telnet)
- Non-Volatile Memory used to store IOS software
Flash
image
- Non-Volatile RAM used to store router
NVRAM
configuration
RAM - Random Access Memory
CLI Architecture
A Cisco IOS router command line interface can be accessed
through either a console connection, modem connection, or a
telnet session. Regardless of which connection method is used,
access to the IOS command line interface is generally referred to
as an EXEC session.

As a security feature, Cisco IOS separates EXEC sessions into two

different access levels - user EXEC level and privileged EXEC
level. User EXEC level allows a person to access only a limited
amount of basic monitoring commands. Privileged EXEC level
allows a person to access all router commands (e.g.
configuration and management) and can be password protected
to allow only authorized users the ability to configure or maintain
the router.
For example, when an EXEC session is started, the router will
display a "Router>" prompt. The right arrow (>) in the prompt
indicates that the router is at the user EXEC level. The user EXEC
level does not contain any commands that might control (e.g.
reload or configure) the operation of the router. To list the
commands available at the user EXEC level, type a question
mark (?) at the Router> prompt. (This feature is referred to as
context sensitive help.)

Critical commands (e.g. configuration and management) require

that the user be at the privileged EXEC level. To change to the
privileged EXEC level, type "enable" at the Router> prompt. If an
enable password is configured, the router will then prompt for
that password. When the correct enable password is entered, the
router prompt will change to "Router#" indicating that the user is
now at the privileged EXEC level. To switch back to user EXEC
level, type "disable" at the Router# prompt. Typing a question
mark (?) at the privileged EXEC level will now reveal many more
command options than those available at the user EXEC level.
The text below illustrates the process of changing EXEC levels.
Router> enable
Password: [enable password]
Router# disable
Router>
Note: For security reasons, the router will not echo the password
that is entered. Also, be advised that if configuring a router via
telnet, the password is sent in clear text. Telnet does not offer a
method to secure packets.

Once an EXEC session is established, commands within Cisco IOS

are hierarchically structured. In order to successfully configure
the router, it is important to understand this hierarchy. To
illustrate this hierarchy, Figure 1 provides a simple high-level
schematic diagram of some IOS commands.

Figure 1 - IOS CLI hierarchy

Command options and applications vary depending on position

within this hierarchy. Referring to the diagram in figure 1,
configuration command options will not be available until the
user has navigated to the configuration branch of the IOS CLI
structure. Once in the configuration branch, a user may enter
system level configuration commands that apply to the entire
router at the global configuration level. Interface specific
configuration commands are available once the user has
switched to the particular interface configuration level. More
 detailed information and examples on how to navigate through
the IOS CLI hierarchy are offered in the Router Configuration
section.

To assist users in navigation through IOS CLI, the command

prompt will change to reflect the position of a user within the
command hierarchy. This allows users to easily identify where
within the command structure they are at any given moment.
Table 2 is a summary of command prompts and the
corresponding location within the command structure.

Table 2 - IOS Command Prompt Summary

Router> - User EXEC mode
Router# - Privileged EXEC mode
Router(config) - Configuration mode (notice the # sign indicates this is
# only accessible at privileged EXEC mode.)
Router(config-
- Interface level within configuration mode.
if)#
Router(config-
- Routing engine level within configuration mode.
router)#
Router(config-
- Line level (vty, tty, async) within configuration mode.
line)#
CLI Editor Features

Context Sensitive Help

Cisco IOS CLI offers context sensitive help. This is a useful tool
for a new user because at any time during an EXEC session, a
user can type a question mark (?) to get help. Two types of
context sensitive help are available - word help and command
syntax help.

Word help can be used to obtain a list of commands that begin

with a particular character sequence. To use word help, type in
the characters in question followed immediately by the question
mark (?). Do not include a space before the question mark. The
router will then display a list of commands that start with the
characters that were entered. The following is an example of
word help:
Router# co?
configure connect
copy
Command syntax help can be used to obtain a list of command,
keyword, or argument options that are available based on the
syntax the user has already entered. To use command syntax
help, enter a question mark (?) in the place of a keyword or
argument. Include a space before the question mark. The router
will then display a list of available command options with <cr>
standing for carriage return. The following is an example of
command syntax help:
Router# configure ?
memory Configure from NV memory
network Configure from a TFTP network host
overwrite-network Overwrite NV memory from TFTP network
host=20
terminal Configure from the terminal
<cr>
Command Syntax Check
If a command is entered improperly (e.g. typo or invalid
command option), the router will inform the user and indicate
where the error has occurred. A caret symbol (^) will appear
underneath the incorrect command, keyword, or argument. The
following example displays what happens if the keyword
"ethernet" is spelled incorrectly.
Router(config)#interface ethernat
^
% Invalid input detected at '^' marker.
Command Abbreviation

Commands and keywords can be abbreviated to the minimum

number of characters that identifies a unique selection. For
example, you can abbreviate the "configure" command to "conf"
because "configure" is the only command that begins with
"conf". You could not abbreviate the command to "con" because
more than one command could fit this criteria. The router will
issue the following error message if you do not supply enough
characters.
cisco(config)#i
% Ambiguous command: "i"
Hot Keys

For many editing functions, the IOS CLI editor provides hot keys.
The following table lists some editing shortcuts that are
available.

Table 3 - Summary Of Hot Keys

Delete - Removes one character to the right of
 the cursor.
Backspa - Removes one character to the left of
ce the cursor.
TAB - Finishes a partial command.
- Moves the cursor to the beginning of
Ctrl-A
the current line.
Ctrl-R - Redisplays a line.
Ctrl-U - Erases a line.
Ctrl-W - Erases a word.
- Ends configuration mode and returns to
Ctrl-Z
the EXEC.
- Allows user to scroll forward through
Up Arrow
former commands.
Down - Allows user to scroll backward through
Arrow former commands.
Router Configuration

Entering Configurations

Perhaps the best way to illustrate IOS CLI navigation is by

walking through a simple router configuration. The comments in
the example do not attempt to explain the meaning of each
individual command, but rather intend to display where
configuration commands are entered within the IOS command
structure. Pay particular attention to how the command prompt
changes as the user navigates through the IOS CLI hierarchy.
Also notice that global parameters are configured at the global
configuration level (indicated by the "Router(config)#" prompt)
whereas interface specific commands are entered after switching
to the particular interface (indicated by the "Router(config-if)#"
prompt). Global parameters and interface parameters are
discussed further in the Displaying Configurations section
under Router Management.
- switches to privileged EXEC
Router> enable
level
- switches to global
Router# configure terminal
configuration level
- configures router with an
Router(config)# enable secret cisco
enable secret (global)
Router(config)# ip route 0.0.0.0 0.0.0.0 - configures a static IP route
20.2.2.3 (global)
- switches to configure the
Router(config)# interface ethernet0
ethernet0 interface
Router(config-if)# ip address 10.1.1.1 - configures an IP address on
255.0.0.0 ethernet0 (interface)
- activates ethernet0
Router(config-if)# no shutdown
(interface)
- exits back to global
Router(config-if)# exit
configuration level
- switches to configure the
Router(config)# interface serial0
serial0 interface
Router(config-if)# ip address 20.2.2.2 - configures an IP address on
255.0.0.0 serial0 (interface)
Router(config-if)# no shutdown - activates serial0 (interface)
- exits back to global
Router(config-if)# exit
configuration level
- switches to configure RIP
Router(config)# router rip
routing engine
- adds network 10.0.0.0 to RIP
Router(config-router)# network 10.0.0.0
engine (routing engine)
- adds network 20.0.0.0 to RIP
Router(config-router)# network 20.0.0.0
engine (routing engine)
- exits back to global
Router(config-router)# exit
configuration level
- exits out of configuration
Router(config)# exit
level
Router# copy running-config startup- - saves configuration into
config NVRAM
- disables privileged EXEC
Router# disable
level
- indicates user is back to user
Router>
EXEC level
In the above example, notice how the exit command is used to
back up a level within the IOS hierarchy. For example, if in the
interface configuration level (i.e. Router (config-if)# prompt),
typing exit will put the user back in the global configuration level
(i.e. Router (config)# prompt).

Taking Interfaces Out Of Shutdown

Routers ship from the factory with all interfaces deactivated.

Deactivated interfaces are referred to as being in a shutdown
state. Before an interface can be used, it must be taken out of
the shutdown state. To take an interface out of shutdown, type
"no shutdown" at the appropriate interface configuration level.
The example above includes these commands for both the
ethernet and serial interfaces.

Removing Commands / Resetting Default Values

IOS provides an easy way to remove commands from a
configuration. To remove a command from the configuration,
simply navigate to the proper location and type "no" followed by
the command to be removed. The following example displays
how to remove an IP address from the ethernet0 interface.
- switches to privileged EXEC
Router> enable
level
- switches to global configuration
Router# configure terminal
level
Router(config)# interface - switches to configure the
ethernet0 ethernet0 interface
Router(config-if)# no ip address - removes IP address
- exits back to global
Router(config-if)# exit
configuration level
Router(config)# exit - exits out of configuration level
Router# disable - disables privileged EXEC level
- prompt indicates user is back to
Router>
user EXEC level
Some configuration commands in IOS are enabled by default and
assigned a certain default value. When left at the default value,
these commands will not be displayed when the configuration is
listed. If the value is altered from the default setting, issuing a
"no" form of the command will restore the value to the default
setting.

Saving Configurations

A Cisco IOS router stores configurations in two locations - RAM

and NVRAM. The running configuration is stored in RAM and is
used by the router during operation. Any configuration changes
to the router are made to the running-configuration and take
effect immediately after the command is entered. The startup-
configuration is saved in NVRAM and is loaded into the router's
running-configuration when the router boots up. If a router loses
power or is reloaded, changes to the running configuration will
be lost unless they are saved to the startup-configuration. To
save the running-configuration to the startup configuration, type
the following from privileged EXEC mode (i.e. at the "Router#"
prompt.)

Router# copy running-config startup-config

Note: Prior to 11.x software, the command to save the running-

configuration to the startup-configuration was different. Use the
following command if your IOS version is prior to 11.x:

Router#write memory
 IMPORTANT: When editing a configuration, SAVE the
configuration often!

Router Management

IOS supports many different types of show commands. This

section covers a few of the common show commands used to
both manage and troubleshoot a router. The scope of this
document is not to instruct how to use these commands to
troubleshoot a router, but to make the user aware that these
management options exist. For specific information about
troubleshooting a network using these commands, refer to the
appropriate

troubleshooting document.
Displaying Configurations

To display the running-configuration, type the following

command in privileged EXEC mode:

Router#show running-config

To display the startup-configuration that is stored in NVRAM,

type the following command in privileged EXEC mode:

Router#show startup-config

The following is the show running-config output from the

example used in the Router Configuration section.
Current configuration:
!
version 11.2
!
hostname cisco
!
enable password cisco
!
interface Ethernet0
ip address 10.1.1.1 255.0.0.0
!
interface Serial0
ip address 20.2.2.2 255.0.0.0
!
router rip
network 10.0.0.0
network 20.0.0.0
!
ip route 0.0.0.0 0.0.0.0 20.2.2.3
!
line vty 0 4
password telnet
login
!
end
When displaying a configuration, the exclamation marks (!)
function as line separators to make reading easier. Referring to
the above example, notice how commands entered at the
interface configuration level appear indented underneath the
respective interface (e.g. interface Ethernet0). Likewise,
commands entered underneath the routing engine configuration
level appear indented underneath the routing engine (e.g. router
rip). Global level commands are not indented. This type of
display allows a user to easily identify which configuration
parameters are set at the global configuration level and which
are set at the various configuration sub-levels.

Note: If an interface was in a shutdown state, the word

'shutdown' would appear indented under the particular interface
in shutdown state. Also, commands that are enabled by default
are not displayed in the configuration listing.

Displaying Software Version And More

The show version command provides a lot of information in

addition to the version of software that is running on the router.
The following information can be collected with the show version
command:
- IOS software version (stored in
Software Version
flash)
- Bootstrap version (stored in Boot
Bootstrap Version
ROM)
System up-time - Time since last reboot
- Method of restart (e.g. power
System restart info
cycle, crash)
Software image name - IOS filename stored in flash
Router Type and Processor - Model number and processor
type type
Memory type and allocation - Main Processor RAM
(Shared/Main) - Shared Packet I/O buffering
- Supported protocols / feature
Software Features
sets
Hardware Interfaces - Interfaces available on router
- Bootup specifications, console
Configuration Register
speed setting, etc.
The following is a sample output of a show version command.
Router# show version
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-J-M), Version 11.2(6)P, SHARED
PLATFORM,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1997 by cisco Systems, Inc.
Compiled Mon 12-May-97 15:07 by tej
Image text-base: 0x600088A0, data-base: 0x6075C000

ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY

DEPLOYMENT
RELEASE SOFTWARE (fc2)

Router uptime is 1 week, 1 day, 38 minutes

System restarted by power-on
System image file is "flash:c3640-j-mz_112-6_P.bin", booted
via flash
Host configuration file is "3600_4-confg", booted via tftp
from 171.69.83.194

cisco 3640 (R4700) processor (revision 0x00) with

107520K/23552K bytes
of memory.
Processor board ID 03084730
R4700 processor, Implementation 33, Revision 1.0
Bridging software.
SuperLAT software copyright 1990 by Meridian Technology
Corp).
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
TN3270 Emulation software.
Primary Rate ISDN software, Version 1.0.
2 Ethernet/IEEE 802.3 interface(s)
97 Serial network interface(s)
4 Channelized T1/PRI port(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Displaying Interface States
To view information about a particular interface, use the show
interface command. The show interface command provides the
following list of important information:
Interface State (e.g. UP, DOWN,
LOOPED)
Protocol addresses
Bandwidth
Reliability and Load
Encapsulation type
Packet Rates
Error Rates
Signaling Status (i.e.
DCD,DSR,DTR,RTS,CTS)
The following is an example of a "show interface serial0" output:
Router#show interface serial 0
Serial0 is up, line protocol is down
Hardware is QUICC Serial
Internet address is 10.1.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255,
load 1/255
Encapsulation FRAME-RELAY, loopback not set, keepalive set (10
sec)
LMI enq sent 207603, LMI stat recvd 113715, LMI upd recvd 0,
DTE LMI
down
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface
broadcasts
62856
Last input 1w, output 00:00:08, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/64/0 (size/threshold/drops)
Conversations 0/1 (active/max active)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1012272 packets input, 91255488 bytes, 0 no buffer
Received 916 broadcasts, 0 runts, 0 giants
18519 input errors, 0 CRC, 17796 frame, 0 overrun, 0 ignored,
723 abort
283132 packets output, 13712011 bytes, 0 underruns
0 output errors, 0 collisions, 31317 interface resets
 0 output buffer failures, 0 output buffers swapped out
3 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

Gems – Hcl Router details as on 01-12-2003

gems_hcl>en
gems_hcl#sh int ser0
Serial0 is up, line protocol is up
Hardware is PowerQUICC Serial
Description: LL link to HCL infinet,Chennai
Internet address is 10.194.2.78/30
Backup interface BRI0, failure delay 5 sec, secondary disable delay 5 sec,
kickin load not set, kickout load not set
MTU 1500 bytes, BW 832 Kbit, DLY 20000 usec,
reliability 255/255, txload 75/255, rxload 28/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:03, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/11/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 624 kilobits/sec
5 minute input rate 92000 bits/sec, 44 packets/sec
5 minute output rate 246000 bits/sec, 54 packets/sec
75769 packets input, 27930029 bytes, 0 no buffer
Received 290 broadcasts, 0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort
88311 packets output, 42938899 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

gems_hcl#sh int bri0

BRI0 is standby mode, line protocol is down
Hardware is PQUICC BRI
Description: ISDN backup for LL link to HCl Infinet,Chennai
 Internet address will be negotiated using IPCP
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:31:27
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 48 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
gems_hcl#sh run
Building configuration...

Current configuration : 5578 bytes

!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname gems_hcl
!
enable secret 5 $1$GQ0j$VCuBojf50TF1LYaZOBUcc.
!
username all
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
ip host delhi 10.65.2.126
ip host mumbai 10.129.2.232
ip host kol 10.76.2.102
ip host pune 10.132.2.32
ip host ahm 10.130.2.34
ip host hyd 10.195.2.74
ip host ban 10.193.2.50
ip host rayala 10.194.2.82
!
isdn switch-type basic-net3
!
!
!
interface Loopback0
ip address 10.194.7.121 255.255.255.252
!
interface Tunnel0
description ISDNBACK TUNNEL TO CAMS@HCLROUTER
ip address 4.4.4.2 255.255.255.0
tunnel source BRI0
tunnel destination 10.194.2.58
!
interface Tunnel1
description Tunnel from Gems to Mumbai HDFC
ip address 100.100.100.1 255.255.255.252
tunnel source Loopback0
tunnel destination 10.129.6.217
!
interface Tunnel2
description tunnel to Chennai HDFC
ip address 100.100.100.5 255.255.255.252
tunnel source Loopback0
tunnel destination 10.194.7.97
!
interface Tunnel3
description Tunnel to delhi HDFC
ip address 100.100.100.9 255.255.255.252
tunnel source Loopback0
tunnel destination 10.65.7.57
!
interface Tunnel4
description Tunnel to Kolkatta HDFC
ip address 100.100.100.13 255.255.255.252
tunnel source Loopback0
tunnel destination 10.76.6.113
!
interface Tunnel5
description Tunnel to Bangalore HDFC
ip address 100.100.100.17 255.255.255.252
tunnel source Loopback0
tunnel destination 10.193.7.41
!
interface Tunnel6
 description Tunnel from GEMS to Jaipur HDFC
ip address 100.100.100.22 255.255.255.252
tunnel source Loopback0
tunnel destination 10.70.3.161
!
interface Tunnel7
description Tunnel to Ahemadabad HDFC
ip address 100.100.100.25 255.255.255.252
tunnel source Loopback0
tunnel destination 10.130.4.25
!
interface Tunnel8
description ***Tunnel To Surat HDFC***
ip address 100.100.100.29 255.255.255.252
tunnel source Loopback0
tunnel destination 10.131.3.113
!
interface BRI0
description ISDN backup for LL link to HCl Infinet,Chennai
ip address negotiated
encapsulation ppp
dialer idle-timeout 10000
dialer string 28517252
dialer string 28299339
dialer hold-queue 60
dialer load-threshold 10 either
dialer-group 1
isdn switch-type basic-net3
ppp chap hostname che1cam1@vpn
ppp chap password 7 1047070F00040606090A3E
ppp pap sent-username che1cam1@vpn password 7
0945401F1C16031F0E0210
ppp multilink
!
interface FastEthernet0
ip address 10.194.4.193 255.255.255.248 secondary
ip address 192.168.25.250 255.255.255.0
speed auto
!
interface Serial0
description LL link to HCL infinet,Chennai
bandwidth 832
backup delay 5 5
backup interface BRI0
ip address 10.194.2.78 255.255.255.252
down-when-looped
!
router rip
network 10.0.0.0
network 192.168.25.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.194.2.77
ip route 0.0.0.0 0.0.0.0 BRI0 100
ip route 10.2.5.0 255.255.255.0 Tunnel1
ip route 10.10.0.0 255.255.255.0 Tunnel1
ip route 10.16.0.0 255.255.255.0 Tunnel1
ip route 10.17.2.0 255.255.255.0 Tunnel1
ip route 10.41.1.0 255.255.255.0 Tunnel1
ip route 10.95.1.0 255.255.255.0 Tunnel1
ip route 10.97.6.0 255.255.255.0 Tunnel1
ip route 10.111.0.0 255.255.255.0 Tunnel1
ip route 10.114.14.0 255.255.255.0 Tunnel6
ip route 10.123.8.0 255.255.255.0 Tunnel3
ip route 10.129.6.32 255.255.255.224 10.194.2.77
ip route 10.153.1.0 255.255.255.0 Tunnel1
ip route 10.153.6.0 255.255.255.0 Tunnel1
ip route 10.153.11.0 255.255.255.0 Tunnel4
ip route 10.161.1.0 255.255.255.0 Tunnel1
ip route 10.161.7.0 255.255.255.0 Tunnel1
ip route 10.171.14.0 255.255.255.0 Tunnel7
ip route 10.195.14.0 255.255.255.0 Tunnel8
ip route 10.217.2.0 255.255.255.0 Tunnel1
ip route 10.217.7.0 255.255.255.0 Tunnel5
ip route 132.66.0.0 255.255.0.0 10.194.5.96 permanent
ip route 132.81.0.0 255.255.0.0 10.194.5.96 permanent
ip route 132.102.0.0 255.255.0.0 10.194.5.96 permanent
ip route 132.147.0.0 255.255.0.0 10.194.5.96 permanent
ip route 132.205.0.0 255.255.0.0 10.193.5.5 permanent
ip route 150.1.0.0 255.255.0.0 Tunnel1
ip route 172.16.0.0 255.255.0.0 Tunnel1
ip route 192.168.0.0 255.255.255.0 10.194.2.77
ip route 192.168.0.0 255.255.255.0 BRI0 50
ip route 192.168.1.0 255.255.255.0 10.194.2.77
ip route 192.168.1.0 255.255.255.0 BRI0 50
ip route 192.168.2.0 255.255.255.0 192.168.25.175
ip route 192.168.4.0 255.255.255.0 3.3.3.1
ip route 192.168.5.0 255.255.255.0 2.2.2.1
ip route 192.168.8.0 255.255.255.0 1.1.1.1
ip route 192.168.35.0 255.255.255.0 10.194.2.77
ip route 192.168.35.0 255.255.255.0 BRI0 50
ip route 200.1.2.0 255.255.255.0 Tunnel1
ip route 200.1.2.7 255.255.255.255 Tunnel1
ip route 200.1.6.0 255.255.255.0 Tunnel1
ip route 200.1.7.0 255.255.255.0 Tunnel1
ip route 200.1.8.0 255.255.255.0 Tunnel1
ip route 200.1.9.0 255.255.255.0 Tunnel1
ip route 200.1.11.0 255.255.255.0 Tunnel1
ip route 200.2.3.0 255.255.255.0 Tunnel1
ip route 200.2.4.0 255.255.255.0 Tunnel1
ip route 200.2.5.0 255.255.255.0 Tunnel1
ip route 200.2.6.0 255.255.255.0 Tunnel1
ip route 200.3.2.0 255.255.255.0 Tunnel2
ip route 200.3.4.0 255.255.255.0 Tunnel1
ip route 200.3.5.0 255.255.255.0 Tunnel1
ip route 200.3.6.0 255.255.255.0 Tunnel1
ip route 202.71.148.162 255.255.255.255 192.168.25.175
ip route 202.71.148.164 255.255.255.255 202.71.148.162
ip route 203.90.70.137 255.255.255.255 BRI0
ip route 203.90.87.134 255.255.255.255 BRI0
no ip http server
!
logging trap alerts
logging 192.168.2.174
access-list 1 permit any
dialer-list 1 protocol ip permit
!
line con 0
login
line aux 0
line vty 0 4
exec-timeout 3 0
password Gemhcl!@#25250
login
!
no scheduler allocate
end

Gems - Net4indiaRouter details as on 01-12-2003

User Access Verification

Password:
camsindia>en
Password:
camsindia#sh int bri0
BRI0 is standby mode, line protocol is down
Hardware is PQUICC BRI
Internet address will be negotiated using IPCP
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Last input 00:02:05, output never, output hang never
Last clearing of "show interface" counters 00:07:25
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
692 packets input, 5695 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
692 packets output, 5695 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
2 carrier transitions
camsindia#sh int ser0
Serial0 is up, line protocol is up
Hardware is PowerQUICC Serial
Internet address is 202.71.149.50/30
Backup interface BRI0, failure delay 10 sec, secondary disable delay 5 sec,
kickin load not set, kickout load not set
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 3/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/4/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 19000 bits/sec, 5 packets/sec
5 minute output rate 11000 bits/sec, 6 packets/sec
2074 packets input, 954775 bytes, 0 no buffer
Received 16 broadcasts, 0 runts, 0 giants, 0 throttles
 24762 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 24762 abort
2107 packets output, 461542 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
3 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

camsindia#sh run
Building configuration...

Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname camsindia
!
enable secret 5 $1$IpjB$rmQoorXaA8uJN35k2ULZF1
!
username camsindia password 7 1322121F0509107E6D757E6275
username gokulnath password 7 135743405B5B547D
username mvk password 7 0023160B0A5E1F5249701A1F
!
!
!
!
memory-size iomem 25
ip subnet-zero
ip name-server 202.71.144.67
ip name-server 202.71.128.225
ip name-server 202.71.128.33
ip name-server 202.71.136.167
!
isdn switch-type basic-net3
!
!
!
interface Serial0
backup delay 10 5
backup interface BRI0
ip address 202.71.149.50 255.255.255.252
!
interface BRI0
ip address negotiated
 ip nat outside
encapsulation ppp
no ip route-cache
dialer idle-timeout 3000
dialer string 52197877
dialer-group 1
isdn switch-type basic-net3
ppp pap sent-username camsisdn password 7
121A041A010509107E28252520
ppp multilink
!
interface FastEthernet0
ip address 202.71.148.161 255.255.255.240
ip nat inside
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.71.149.49
ip route 0.0.0.0 0.0.0.0 BRI0
ip route 192.168.0.0 255.255.255.0 202.71.148.162
ip route 202.71.148.163 255.255.255.255 202.71.148.162
ip route 202.71.148.164 255.255.255.255 202.71.148.162
ip route 202.71.148.165 255.255.255.255 202.71.148.162
no ip http server
!
access-list 1 permit any
access-list 101 permit icmp any any
access-list 101 permit tcp 202.71.149.0 0.0.0.255 host 202.71.149.50 eq
telnet
access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 202.71.149.50 eq
telnet
access-list 101 deny ip any host 202.71.149.50
access-list 101 permit ip any any
access-list 101 permit tcp host 202.71.148.162 any eq www
access-list 101 permit tcp any any
access-list 102 permit tcp 202.71.149.0 0.0.0.255 host 202.71.149.50 eq
telnet
access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 202.71.149.50 eq
telnet
access-list 105 permit icmp any any
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq smtp
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq pop3
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq www
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq domain
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq 443
access-list 105 permit udp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq
1604
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq
1494
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq
8080
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq
256
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq
900
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq
259
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq
18208
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq
18181
access-list 110 deny icmp any host 202.71.148.163 echo-reply
access-list 110 deny icmp any host 202.71.148.162 echo-reply
access-list 110 permit ip any any
access-list 130 deny ip 10.0.0.0 0.255.255.255 any
access-list 130 deny ip 172.16.0.0 0.15.255.255 any
access-list 130 deny ip 192.168.0.0 0.0.255.255 any
access-list 130 deny udp any host 202.71.148.162 eq 18264
access-list 130 deny tcp any host 202.71.148.162 eq 18264
access-list 130 permit tcp any host 202.71.148.162 eq domain
access-list 130 permit udp any host 202.71.148.162 eq domain
access-list 130 permit tcp any host 202.71.148.162 eq 18208
access-list 130 permit tcp any host 202.71.148.162 eq 18181
access-list 130 permit udp any host 202.71.148.162 eq 18208
access-list 130 permit udp any host 202.71.148.162 eq 18181
access-list 130 permit udp any host 202.71.148.162 eq 18234
access-list 130 permit udp any host 202.71.148.162 eq 18233
access-list 130 permit tcp any host 202.71.148.162 eq 18234
access-list 130 permit tcp any host 202.71.148.162 eq 18233
access-list 130 permit tcp any host 202.71.148.162 eq 18211
access-list 130 permit tcp any host 202.71.148.162 eq 18191
access-list 130 permit udp any host 202.71.148.162 eq 18211
access-list 130 permit udp any host 202.71.148.162 eq 18191
access-list 130 permit tcp any host 202.71.148.162 eq 500
access-list 130 permit tcp any host 202.71.148.162 eq 256
access-list 130 permit tcp any host 202.71.148.162 eq 900
access-list 130 permit tcp any host 202.71.148.162 eq 259
access-list 130 permit tcp any host 202.71.148.162 eq 257
access-list 130 permit tcp any host 202.71.148.162 eq 258
access-list 130 permit tcp any host 202.71.148.162 eq 1494
access-list 130 permit tcp any host 202.71.148.162 eq 9999
access-list 130 permit udp any host 202.71.148.162 eq 1604
access-list 130 permit tcp any host 202.71.148.162 eq 264
access-list 130 permit tcp any host 202.71.148.162 eq 265
access-list 130 permit tcp any host 202.71.148.162 eq 18231
access-list 130 permit udp any host 202.71.148.162 eq isakmp
access-list 130 permit udp any host 202.71.148.162 eq 259
access-list 130 permit tcp any host 202.71.148.162 eq 18263
access-list 130 permit tcp any host 202.71.148.162 eq 18262
access-list 130 permit udp any host 202.71.148.162 eq 18263
access-list 130 permit udp any host 202.71.148.162 eq 18262
access-list 130 permit tcp any host 202.71.148.162 eq smtp
access-list 130 permit tcp any host 202.71.148.163 eq smtp
access-list 130 permit tcp any host 202.71.148.162 eq pop3
access-list 130 permit tcp any host 202.71.148.162 eq www
access-list 130 permit tcp any host 202.71.148.162 eq 443
access-list 130 permit tcp any host 202.71.148.163 eq 443
access-list 130 permit tcp any host 202.71.148.162 eq 8443
access-list 130 permit tcp any host 202.71.148.163 eq 8443
access-list 130 permit icmp any any
access-list 130 permit ip any any
access-list 150 deny tcp any host 202.71.148.162 eq 165
access-list 150 permit tcp any any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 3 0
transport input none
line aux 0
line vty 0 4
exec-timeout 3 0
password 7 1322121F0509107E6A046B626373
login
!
end