NETMETRIC SOLUTIONS WWW.NETMETRIC-SOLUTIONS.COM CISCO CERTIFIED NETWORK ASSOCIATE CCNA R&S LAB MANUAL VER 2.0 Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 [email protected] All contents are copyright @2012 - 2014 All rights reserved. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]_, SikandarGénewmetric-solutions.comNETMETRIC| SOLUTIONS NETMETRIC SOLUTIONS PRUs Sikandar Shaik (eee) (ece) Sonior Technical Instructor Sikandar Shaik has been actively werking with data networking as a Network Engineer for over 6 years, and has been working with Cisco routers and switching technology. Sikandar has heen teaching and developing cantant for the CCIE R&S track since 2009. You will find Sikandar in Live Classroom of R&S classes here al Neimetric. Sikandar is responsible for updating, supporting and teaching Netmetric’s R&S-related courses. Over the past few years Sikandar has assisied more CCIE R&S engineers in passing the lab than any other Instructor, worldwide! Gore Networking Skills: Routing Static Routing, RIPV1, RIPv2, RIPnG, IGRP, EIGRP OSPF, IS-IS, BGPv4, ODR, GRE, MPLS, IPV6, Traffic Engineering, Policy Based Routing PBR, Route Filtering, Redistribution, Summarization Security Zone-Based Firewall, SSL VPN/IPsec VPN/OMVPN/GET VPN, VPN QoS, IPS Tuning, AAA, Firewall Recuciancy Switching Catalyst CatOS and IOS based Switches, VTP, STP, RSTP, Trunking, VLANs, Layer 3 Switches Logical Etherchanneis WAN Leased lines (PPP / HDLC), Channolized lines (Et /T1 / 3 / 73), Frame Relay, ATM, iSDN Soft Skills: Communication Skills: A clear speaker in English and comfortable speaking in front of audiance, he can easily facilitate classroom sessions and also address large gathering. Interpersonal Skills: With positive altitude he has proven ability to deal with difficult situations in a careful and considerate manner. Leaming Stills: Can easily pick up new skills and generally thrive on challenges, Problem Solving Skills: His analytical skills helps him troubleshoot problems & uncover rect causes Personal Details: Education —_—- Bachelors Degree in Computer Science CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved. [email protected]_, SikandarGnewmetrie-solutiNETMETRIC| TABLE OF CON’ PAGE NO SOLUTIONS} IP ADDRESS. SUBNETTING... OSI REFERENCE MODEL. TCP/IP. INTRODUCTION TO ROUTERS. MODES OF ROUTERS... BASIC COMMANDS.. WAN CONNECTIONS... WAN PROTOCOLS. i LAB: BASIC IP CONFIGURATION ... FRAME RELAY. INTRODUCTION TO ROUTING (STATIC ROUTING) DEFAULT ROUTIN DYNAMIC ROUTING. RIP EIGRP... OSPF .. ACC) CONTROL LIST. NETWORK ADDRESS TRANSLATION BASIC SWITCHING....... VIRTUAL LAN AND TRUNKING. V LAN TRUNKING PROTOCOL.. INTER VLAN-ROUTING USING ROUTER SPANNING TREE PROTOCOL Ipve PASSWORD REVERTING ON CISCO ROUTERS... BACKUP AND RESTORE IOS AND CONFIGS .. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| IP ADDRESS SOLUTIONS| © IP Address is Logical Addres Itis a Network Layer address (Layer 3) IP address is given to every device in the network and it is used to identify the device with in the network. ‘Two Versions of IP: IP version 4is a 32 bit address IP version 6 is a 128 bit address IP version 4 + Bitis represent by 0 or 4 (i.e. Binary) + IPaddress in binary form (32 bits): 01010101000001011011111100000001 * 32 bits are divided into 4 Octets: First Octet Second Octet Third Octet Forth Octet 01010101. 00000101. 10111111. 00000001 * IP address in decimal form: 85,5.191.1 IP version 6 Format 128-bit address is divided along 16-bit boundaries, and cach 16-bit block is converted to a 4- digit hexadecimal number and separated by colons (Colon-Hex Notation) FD00 : ODBS : 7654: 3210: 2C4C: BA17 : 7124: 0032 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| SOLUTIONS Binary to Decimal Conversion Taking Example for First Octet ; Total 8 bits, Value will be 0’s and 1’s . 2° = 256 combination 27 26 25 24 23 27 21 20 ° Ipva Total IP Address Range of IPv4 is 0.0.0.0 to 255.255.255.255 IP Addresses are divided into 5 Classes ‘Class Ranges No. Networks & Hosts 0.0.0.0 - 127.255.255.255 126 Networks & 16777214 Hosts per Network 128.0.0.0- 16384 Networks & 65504 Hosts per 191.255.255.255 Network 192.0.0.0 - 2097152. Networks & 254 Hosts per 203.255.255.255 Network 224.0.0.0- Reserved for multicast traffic 230.255.285.255 240.0.0.0 255.255.255.255 Reserved for Research and development CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| Host: - a specific device in the network SOLUTIONS) Network:- set of devices Network Address First IP address of the range It represents the complete network and cannot be assigned to any device The network address is represented with all bits as ZERO in the host portion of the address Broadcast Address ‘The last IP address of the range Used to send the broadcast with the network and cannot be assigned to any device in the network The broadcast address is represented with all bits as ONES in the host portion of the address Valid addresses: © Valid IP Addresses lie between the Network Address and the Broadcast Address. + Only Valid IP Addresses are assigned to hosts/dients or any other device in the network CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved. [email protected], [email protected]NETMETRIC| SOLUTIONS Subnet Mask It’s an address which is used to identify the network and host portion of an Ip address Class A. NHHH — 255.000 Chass B NNHH — 255.255.0.0 Class C NNNH — 255.255.255.0 + Subnet Mask differentiates Network portion and Host Portion ‘+ Subnet Mask is been given for Network Identification of a Host Id. + Represented with all 1's in the network portion and with all 0's in the host portion. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 AUl rights reserved, [email protected]_, Sikandar(netmetric-solutions.com,NETMETRIC| SOLUTIONS PRIVATE IP PUBLIC IP Used with the LAN or within the Used on public network ( INTERNET) organization Not recognized on internet Recognized on internet Given by the administrator Given by the service provider ( from Unique within the network or IANA) organization © Globally unique Free * Pay to service provider (or IANA } Unregistered IP Registered Private IP Address There are certain addresses in each class of IP address that are reserved for Private Networks. These addresses are called private addresses, RANGE OF PRIVATE IP: ClassA 1.0.0.0 110.255.255.255 Class B 172.16.0.0 172.31,255,255 ClassC ——-192.168.0.0 192.168.255.255 Default Gatewar * The ip address of the router Ethernet address connecting to the LAN * Itis an entry and exit point of the network. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC SUBNETTING SOLUTIONS| + Subnetting_ is the process of Dividing a Single Network into Multiple smaller networks. © Converting Fost bits into Network Bits ie. Converting 0's into 1's + Subnetting helps in minimizing the wastage of IP address Subnetting can be performing in two ways. 1. FLSM (Fixed Length Subnet Mask) 2. VLSM (Variable Length subnet mask) Subnetting can be done based on requirement. ‘+ Requirement of Hosts? 2h-2>= requirement © Requirement of Networks? 2n >= requirement POWER TABLE 237 = 131072 | 22> = 33554432 |21° = 1024 | 28 = 262144 | 226 = 67108864 [211 = 2048 | 2182524288 | 227 = 134217728 278 = 268435456 229 = 536870912 29° = 1073741824 231 = 2147483648 28 = 256| 216 = 65536| 274 = 16777216) 25? = 4294967296 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved.NETMETRIC| SOLUTIONS| VALUES IN SUBNET MASK 10000000 11000000 11100000 11110000 11111100 11111110 11111111 a 2 3 4 5 11111000 6 Z 8 FLSM: Example—1 Req = 40 hosts using C-class address network 192.168.1.0/24 Host bits required (h) = 6 Converted network Bits (n) = Total. H. Bits — req. H. Bits =8—6=2 Converted network Bits (n) = 2 Total. N. Bits = default N bits + converted N bits = 24+2= /26 Hosts/Subet = 2"-2 = 26-2 = 64-2 = 62 Hosts/Subet Subnets = 2n= 2: = 4 Subnets CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gma‘* Customized subnet mask = (/26) = 255.255.255.192 Range: 26% = 64 Network ID Broadcast ID © 192.168.1.0/26 ~~ 192168.1.63/26 © 192168:1.64/26 = 192168.1.127/26 © 192.168.1.128/26 a= 192.168.1191 /26 © 192.168:1.192/26 = 192,168.1.255/26 FLSM: Example—2 Req = 500 hosts using B-class address network 172.16.0.0/16 2h-2>=req 2 -2>=500 512-2>=500 510 >= 500 Host bits required (h) = 9 Converted network Bits (n) = Total. H. Bits ~ req. H. Bits =16-—9=7 Converted network Bits (n)=7 Total. N. Bits = default N bits + converted N bits =16+7= /23 HostySubet = 2-2 = 29-2 = 512-2 =510 Hosts/Subet Subnets = 2" =27= 128 Subnets Customized subnet mask = (/23)= 255.255.254.0 Range: 2"= 2? = 512 Network ID — Broadcast ID NETMETRIC| SOLUTIONS CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| SOLUTIONS 172.16.0.9/23 172.16.1.255/23 172.16.2.0/23 172.16.4./23 172.16.6.9/23 172.16.7.255/23 172.16.254.0/23 172.16.255,255/23 FLSM: Example—3 Req = 2000 hosts using A-class address network 10.0.0.0/3 2h-2 >= req 2-2 >= 2000 2048 - 2 >= 2000 2046 >= 2000 Host bits required (h)= 11 Converted network Bits (n) = Total. H. Bits — req. H. Bits =24 —-11=13 Converted network Bits (n) = 13 Total . N. Bits = default N bits + converted N bits =8+13=/21 Hosts/Subet = 28-2 = 201-2= 2048-2 = 2046 Hosts/Subet Subnets = 2n = 213 = 8192 Subnets Customized subnet mask = (/21) = 255.255.248.0 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNetwork ID = 10.00.0721 + 10.08.9/21 = 10.0.16.9/21 10.0.248.0/21 10.1.0.0/21 10.1.8.0/21 10.1.16.0/21 10.1.248.0/21 10.2,0.0/21 10.28.0/21 10.2.16,9/21 10.2.248.0/21 10.258.0.9/21 10.255.8.9/21 10.255.16.0/21 10.255.248.0/21 NETMETRIC| Broadcast ID SOLUTIONS| 10.0,7.255/21 10.0.15.255/21 10.0.23.255/21 10.0.255.255/21 10.1,7.255/21 10.1.15.255/21 10.1.23.255/21 10.1.255.255/21 10.2:7.255/21 10.2.15.255/21 10.2.23.255/21 10.2.255.255/21 10.0.7.255/21 10.0.15.255/21 10.0.23.255/21 10.255,255.255/21. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| SOLUTIONS Variable-Length Subnet Mask (VLSM): VLSM is used for proper implementation of IP addresses which allows more than one subnet mask for a given network according to the individual needs Logically dividing one network into smaller networks is called as Subnetting or VLSM. One subnet can be subnetted for multiple times for efficient use. Requires Classless Routing Protocols. Advantages Efficient Use of IP addresses: Without VLSMs, networks would have to use the same subnet mask throughout the network. But all your networks don’t have the same number of hosts requirement. Example of a VLSMs Networks 200.200.200.32/27 200, 200.200.164/30 25 Hosts 200.200.200.16830_ a9 so. 200.64/27 25 Hosts 200.200.200.98/27 200 200.200.128/27 200,200.200.172/30 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved.NETMETRIC| OSI REFERENCE MODEL SOLUTIONS, OSI was developed by the International Organization for Standardization (ISO) and introduced around 1980, Ibis a layered architecture (consists of seven layers) which defines and explains how the communication happens in between two or more network devices within the organization or internet, Each layer defines a set of functions in data communication. User support Layers or Software Layers Core layer of the OSI Network support Layers or Hardware Layers ication Layer (Layer ‘* Application Layer is responsible for providing an interface for the users to interact with application services or Networking Services. Ex: Web browser ete. Identification of Services is done using Port Numbers. Port is a logical communication Channel Port number is a'16 bit identifier * Total No. Ports 0- 65535 « Reserved Ports 1- 1023 = Unreserved Ports 1024 ~ 65535, Service Port No. HITP [80 FTP 21 SMTP [25 TELNET [23 TRIP [69 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@gmailNETMETRIC| SOLUTIONS Presentation Layer_(Layer 6) + Presentation Layer Is responsible for defining a standard format for the data. + Itdeals with data presentation. + The major functions described at this layer are. Encoding - Decoding * Ex: ASCIL, EBCDIC (Text) © JPEG,GIF,TIFF (Graphics) © MIDWAY (Voice) * MPEG,DAT,AVI (Video) Encryption - Decryption + Ex:DES,3.DES, AES Compression - Decompression «Ex: Predictor, Stacker, MPPC Session Layer (Layer 5) * [tis responsible for establishing, maintaining and terminating the sessions, * It deals witl sessions or Interactions between the applications. ‘* Session ID is used to identify a session or interaction Ex: RPC, SQL, NFS ‘Transport Layer (Laver 4) It is responsible for end-to-end transportation of data between the applications, ‘¢ The major functions described at the Transport Layer are. * Identifying Service = Multiplexing & De-multiplexing = Segmentation = Sequencing & Reassembling = Error Correction + Flow Control Identifying a Service: Services are identified at this layer with the help of Port No’s. The major protocols which takes care of Data Transportation at Transport layer are... TCP, UDP TCP UDP Transmission Control Protocol User Datagram Protocol Connection Oriented Connection Less Reliable communication with Unreliable communication (no ‘Ack’s } Ack’s) Slower data Transportation Faster data Transportation Protocol No is 6 Protocol No is 17 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved.NETMETRIC| SOLUTIONS HTTP, FIP, SMTP DNS, DHCP, TFIP Network Layer_(Layer 3) Itis responsible for end-to end Transportation of data across multiple networks. Logical addressing & Path determination (Routing) are described at this layer. The protocols works at Network layer are Routed Protocols: * Rauted protocols acts as data carriers and defines logical addressing, «IP, IPX, AppleTalk... Etc Routing Protocols: * Routing protocols performs Path determination (Routing). + RIP, IGRP, EIGRP, OSPE.. Ete * Devices works at Network Layer are Router, Multilayer switch ete. Data-link Layer (Layer 2) = Itis responsible for end-to-end delivery of data between the devices ona LAN Network segment, Data link layer comprises of two sub-layers, 1) MAC (Media Access Control) = Itdeals with hardware addresses (MAC addresses). + MAC addresses are 12 digit Hexa-decimal identifiers used to identify the devices uniquely on the network segment. Italso provides ERROR DETECTION using CRC (Cyclic Redundancy Check) and FRAMING (Encapsulation). Ex: Ethernet, Token ring, ..etc 2) LLC (Logical Link Control) = Itdeals with Layer 3 (Network layer) * Devices works at Data link layer are Switch, Bridge, NIC card, Physical Layer (Laver) Tt deals with physical transmission of Binary data on the given media (copper, Fiber, wireless...), It also deals with electrical, Mechanical and functional specifications of the devices, media. ete ‘The major functions described at this layer are.. Encoding/decoding: It is the process of converting the binary data into signals based on the type of the media, + Copper media: Electrical signals of different voltages * Fibermedia —; —_Light pulses of different wavelengths * Wireless media : Radio frequency wav CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@ ts lutionNETMETRIC| SOLUTIONS Mode of transmissions of signals: Signal Communication happens in three different modes Simplex, Half-duplex, Full-duplex Devices works at physical layer are Hub, Modems, Repeater, and Transmission Media CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 AU rights reserved. sikandarbuadshah@gmaNETMETRIC] Tepe SOLUTIONS The Transmission Control Protocol/Internet Protocol (TCP/IP) suit was created by the Department of Defense (DoD) The DoD Model The Process / Application Layer + The Host-to-Host Layer The Internet Layer * The Network-access Layer Comparing OSI & TCP/IP Model OSI Layers TCP/IP Layers Presentation Application Process/Application Layer + The Process / Application layer defines protocols for node-to- node application communication and also controls user interface specification. Examples for this layer are: + Telnet, FIP, TFTP, NFS, SMTP, SNMP, DNS, DHCP ete. Telnet * Telnet is used for Terminal Emulation, * Itallows a user sitting on a remote machine to access the resources of another machine. FTP (File Transfer Protocol) * Itallows you to transfer files from one machine to another. = Italso allows access to both directories and files. = Ituses TCP for data transfer and hence slow but reliable. TFT P (File Transfer Protocol) CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| This is stripped down version of FTP, SOLUTIONS) Ithas no directory browsing abilities. Itcan only send and receive files. 6. Ituses UDP for data transfer and hence faster but not reliable. Simple Network Management Protocol co SNMP enable a central management of Network. © Using SNMP an administrator can watch the entire network, © SNMP works with TCP/IP. © IT uses UDP for transportation of the data. DNS (Domain Name Service) * DNS resolves FODN with IP address. = DNS allows you to use a domain name to specify and IP address. = Itmaintains a database for IP address and Hostnames. DHCP (Dynamic Host Configuration Protocol) "Dynamically assigns IP address to hosts. Host- to= Host layer TCP UDP. Transmission Control Protocol User Datagram Protocol Connection Oriented © Connection Less Reliable communication( with © Unreliable communication (no Ack’s) Ack’s) Slower data Transportation Faster data Transportation Protocol No is 6 * Protocol No is 17 Eg: HTTP, FIP, SMTP © Eg:DNS, DHCP, TFTP The Internet Layer Protocols + Internet Protocol (IP) + Internet Control Message Protocol (ICMP) + Address Resolution Protocol (ARP) + Reverse Address Resolution Protocol (RARP) Internet Protocol (IP) ‘© Provides connectionless, best-effort delivery routing of datagram’s. © IP isnot concerned with the content of the datagram’s. ©. Itlooks fora way to move the datagram’s to their destination Internet Control Message Protocol (ICMP) © ICMP messages are carried in IP datagrams and used to send error and control messages. © The following are some common events and messages that ICMP relates to: CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@ ts lutionNETMETRIC| SOLUTIONS © Destination Unreachable © Ping © Traceroute Address Resolution Protocol (ARP) © ARP works at Internet Layer of DoD Model ©. It is used to resolve MAC address with the help of a known IP address. RARP (Reverse ARP) ‘©. This also works at Internet Layer. It works exactly opposite of ARP. 5 It resolves an IP address with the help of a known MAC address, © DHCP is the example of an RARP implementation. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@gmailNETMETRIC| INTRODUCTION TO ROUTERS SOLUTIONS What is a Router? Router is a device which makes communication possible between two or more different networks present in same or different geographical locations. Itis an internetworking device used to connect two or more different networks It works on layer 3 (i.e. network layer.) + Te does two basic thin, Select the best path from the routing table, Forward the packet on that path Other Vendors apart from Cisco Many companies are manufacturing Router: Nortel Multicom Juniper Diink Linksys 3Com Router Classification FIXED ROUTER MODULAR ROUTER Fixed router (Non Upgradeable Modular router Upgradeable cannot add and remove the can add and remove interfaces Ethernet or serial interfaces) as per the requirement) Doesn’thave any slot Number of slots available depend on the series of the router CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved.NETMETRIC| SOLUTIONS Example Modular Router Example of Fixed Router AUI Attachment Unit Interface EO EXTERNAL PORTS OF ROUTER * WAN interfaces ~ Serial interface (G0, $1, s0/0, s0/1 , s0/0/0 ete) - 60 pin/26 pin(smart serial) = ISDN interface(BRIO etc) - RJ45 ( used for ISDN wan connections ) + LAN interfaces - Ethernet = AUI (Attachment Unit Interface) (ED)- 15 pin’ ~ 1baseT - RIS CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved. SikandarGnewmetrie-solutiaNETMETRIC| SOLUTIONS * Administration interfaces - Console - RJ45 - Local Administration - Auxiliary - RJ45 - Remote Administration 2601 Model Router (Modular Router) Serial Ports Console Auxiliary Power Cord Port Port Connection Attachment Unit Interface + AUL pin configuration is 15 pin female. + Ibis known as Ethernet Port or LAN port or Default Gateway. + Iis used for connecting LAN to the Router. + Transceiver is used for converting 8 wires to 15 wires. ie. JAS to 15 pin converter. Console Port Itis known as Local Administrative Port Ibis generally used for Initial Configuration, Password Recovery and Local Administration of the Router. Itis R/45 Port IMP: Itis the most delicate port on the Router. So make less use of the Console Port. . LAN - 192.168.1.0/28 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| Console Connectivity SOLUTIONS © Connect a rollover cable to the router console port (RJ-45 connector). © Connect the other end of the rollover cable to the RJ-45 to DB-9 converter Attach the female DB-9 converter toa PC Serial Port. Open Emulation Software Ras ‘adepier Serial Port ‘* Serial pin configuration is 60 pin configuration female (i.c. 15 pins and 4 rows) and Smart Serial pin configuration is 26 pin configurations female. Itis knownas WAN Port Itis used for connecting to Remote Locations V.25 cable is having 60 pin configuration male at one end and on the other end 18 pin configurations male. Auxiliary Port pasacy Po It is known as Remote Administrative Port. Used for remote administration Its an RJ-45 port A console or a rollover cable is to be used. Bower 4500825. Madem Cable ‘ance! CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| SOLUTIONS INTERNAL COMPONENTS OF THE ROUTER ROM: + Isa chip integrated on the motherboard which contains a Bootstrap program which tells how to load the IOS + Used to start and maintain the router. Holds the POST and the bootstrap program, as well as the mini-IOS. POST (power-on self-test) * Stored in the microcode of the ROM, the POST is used to check the basic functionality of the router hardware and determines which interfaces are present. Mini-10S * Also called the RXBOOT or bootloader by Cisco, the mini-IOS is a small IOS in ROM that can be used to bring up an interface and load a Cisco IOS into flash memory, + The mini-IOS can also performa few other maintenance operations. RAM (random access memory) Used to hold the temporary config , recent packet buffers information , ARP cache, routing tables, and also the software and data structures that allow the router to function. Also called as Running-config, The IOS is loaded in to the RAM from the Flash at the time of booting Flash memory * Stores the Cisco 10S by default. Flash memory is not erased when the router is reloaded. NVRAM (nonvolatile RAM) © Used to hold the router and switch configuration, NVRAM is not erased when the router or switch is reloaded. [twill not store an 10S, + The configuration register is stored in NVRAM. Configuration register file ‘* Used to control how the router boots up. This value can be found as the last line of the show version command output + By default is set to 0x2102, which tells the router to load the IOS from flash memory as well as to load the configuration from NVRAM. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| SOLUTIONS ROUTER START-UP SEQUENCE 3, Locate the [OS 4, Load the 10S Locate ardicad —] 5 Locate the Conia fla ‘Configuration te or enter setup" mode | 6. Execute the Configuration fle or 7-Enter Setup Made 1, Performing the POST and Loading the Bootstrap Program + The power-on self test (POST) is a process that occurs on almost every computer when it dools. The POST is used to lest the router hardware. + After the POST, the bootstrap program is loaded. The bootstrap program locates the Cisco 108 and loads it into RAM. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved. SikandarGnewmetrie-solutiaNETMETRIC| SOLUTIONS 2. Locating and Loading the IOS Software The location of the 10S file is specified by the value of the configuration register setting, The bits in this setting can instruct the device to load the 10S file from the following locations: * Flash memory + ATFTP server To load the IOS normally from flash, the configuration register setting should be set to 02102 3. Locating and Executing the Startup Configuration File or Entering Setup Mode After the 1OS is loaded, the bootstrap program searches for the startup configuration file (startup-config) in NVRAM. This file contains the previously saved configuration commands and parameters, including Interface addresses, Routing information , Passwords , other configuration parameters If no configuration file is located, the router prompts the user to enter setup mode to begin the configuration process. Ifa startup configuration file is found, a prompt containing a hostname will display. The router has successfully loaded the [OS and the configuration file. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| SOLUTIONS MODES OF ROUTERS User Mode: + Only some basic monitoring + limited show commands , ping,, trace Privileged Mode:- + monitoring and some troubleshooting, + allshow commands , ping,, trace , copy, erase Global Configuration mode + Tomake any changes that affect the router like hostname, routing configurations. + All Configurations that affect the router globally Interface mode:- Configurations done on the specific interface Rommon Mode:- Reverting Password Setup mode + The router enters in to setup mode if the NVRAM is blank Console Connectivity Connect a rollover cable to the router console port (RJ-45 connector). Connect the other end of the rollover cable to the RJ-45 to DB- converter Atiach the female DB-9 converter to a PC Serial Port. Open emulation software on the PC IN WINDOWS + Start > Programs > Accessories > Communications > HyperTerminal > HyperTerminal. Give the Connection Name & Select Any Icon Select Serial (Com) Port where Router is connected. In Port Settings > Click on Restore Defaults LAN - 192,168,024 IN LINUX + # minicom -s ( used instead of HyperTerminal in Windows) CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| SOLUTIONS| Enis dh the soe robot wu wentodid, (9) Connection Descrspe ton “Favsaano | ] nt | sree a) (2) CGM Eropentice CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved. [email protected]_,SikandarGnemetric-soluioNETMETRIC| SOLUTIONS BASIC COMMANDS Router > Router > enable Privilege mod Router # show running-config Router # show startup-config Router # show flash Router # show version Router #show ip interface brief Router # configure terminal (To enter in Global configuration mode) Global configuration mode: Router (config) # hostname Sikandar Assigning ip address to Ethernet interface Router(config) # interface Router(config.if) # ip address (Interface Mode) Router(config-if) # no shutdown CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| Assigning Telnet password: SOLUTIONS| Router(config) # line vty 04 (Lo enter into VIY line mode) Router(config-line) #password Router(config-line) #login Router(config-line) #exit Router(config) #exit Assigning console password: Router(config) # line con 0 (Zo enter into Console line mode) Router(contig-line) # password Router(config-line) # login Router(config-line) # exit Router(config) # exit Auxiliary passwort Router(config) # line aux 0 (To enter into Auxiliary line mode) Router(config-line) # password Router(config-line) # login Router(config-line) # exit Router(config) # exit Assigning enable password: Router(config) # enable secret. (The password will be saved in encrypted text) Router(config) # enable password (the will be password saved in clear tex!) To encrypt all passwords (config) #service password-encryption Commands to save the configuration: CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| SOLUTIONS Router # copy running-config startup-config (OR) Router # write memory (OR) Router # write TO erase NVRAM configuration: Router erase startup-config (to erase the NVRAM ) LAB: BASIC CONFIGURATIONS AND VERIFICATIONS POWER on the router and observe the booting Process (sample Output shown below) System Bootstrap, Version 12.1@r)I2, RELEASE SOFTWARE (fel) Copyright (c) 2000 by cisco Systems, Inc. isco 2601 (MPC360) processor (revision 0200) with 60416K/5120K bytes of memory Self clecompressing the image: Restricted Righis Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (©) @) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013, cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software TOS (tm) RELEASE SOFTWARE (fc5) Technical Support: http: / / www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Wed 27-Apr-04 19:01 by miwang CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]_, [email protected]NETMETRIC| Ra ya vison 20 win oR “= SOLUTIONS bytes of memory Processor board ID JADOS190MTZ (4292891495) M860 processor: part number 0, mask 49 Bridging software, X.25 software, Version 3.0.0. -~- System Configuration Dialog — Continue with configuration dialog? [yes/no]: % Please answer 'yes' or no. Continue with configuration dialog? [yes/no AO Router> Router>show flash System flash directory: File Length Name/siatus 3. SS71584 [5827403 bytes used, 58188981 available, 63488K bytes of processor board System flash (Read/Write) Router>show version Cisco Internetwork Operating System Software 108 (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5) Technical Support: hitp:/ /www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Wed 27-Apr-04 19.01 by miwang Image text-base: 0x8000808C, data-base: 0x80A1FECC ROM: System Bootstrap, WeHSi68 1241(6r)T2, RELEASE SOFTWARE (fcl) Copyright (c) 2000 by cisco Systems, Inc. ROM (€2600-I-M), Version 12.2(28). RELEASE SOFTWARE (fe5) System returned to ROM by reload GSE6'2621 (MPC860) processor (revision 0x200) with 6OLI6K/S120K bytes of memory CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahProcessor board ID JADO5190MTZ (4292891495) M860 processor: part number 0, mask 49 Bridging software. 5 software, Version 3. figuration register is 0x2102 Router>sh ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES unset administratively down down’ Router>ping 1.1.1.1 Type escape sequence to abort, Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: Success rate is 0 percent (0/3) Router>traceroute 1.1.1.1 ‘Type escape sequence to abort. Tracing the route to 1.1.1.1 To enter in to privilege mode Router> enable To enter in to privilege mode Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. TO change the Hostname of the router Router(config}# hostname HYDERABAD HYDERABAD (config)# NETMETRIC| SOLUTIONS CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahTO ASSIGN CONSOLE PASSWORD HYDERABAD (config)#fline console 0 HYDERABAD (config-line}#password cisco123 HYDERABAD (config-line)#login HYDERABAD (config-line}#end Reece cosnngua eeaceneas yroreae HYDERABAD# exit HYDERABAD con0 is naw available Press RETURN to get started. User Access Verification NETMETRIC| SOLUTIONS (Enter the console password which was configured ) HYDERABAD> HYDERABAD>enable HYDERABAD# conf terminal Enter configuration commands, one per line. End with CNTL/Z. HYDERABAD(config)# line vty 04 HYDERABAD (config:line}# password ecnal23 HYDERABAD(config-line}# login HYDERABAD (config-line}# exit HYDERABAD (config)# enable password cenp123 HYDERABAD (contig)# exit HYDERABAD# exit HYDERABAD con0 is now available Press RETURN to get started. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS User Access Verification (Enter the console password which was configured) HYDERABAD> enable (enter the enable password which was configured ) HYDERABAD# HYDERABAD# sh running-contig Building configuration. Current configuration : 480 bytes 4 version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption hostname HYDERABAD HYDERABAD# configure terminal HYDERABAD (config)# enable secret cciel23 HYDERABAD(config)# exit HYDERABAD# show running-config Building configuration... Current configuration : 527 bytes CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| ! SOLUTIONS version 12: no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption fl hostname HYDERABAD ! ! enable secret, enable password ccnp 23 \ HYDERABAD# erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue?[confirm] [OK] Erase of nvram: complete HYDERABAD# reload Proceed with reload? [confirm] 2SYS-5-RELOAD; Reload requested by console. Reload Reason: Reload Command. System Bootstrap, Version 12.1(31)T2, RELEASE SOFTWARE (fc) Copyright (c) 2000 by cisco Systems, Inc. cisco 2621 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory Self decompressing the image : HHMHMTHERHR URES EH REA Aaa R EAR aaa ata aR aaa ES EES #444444 [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (6) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph {c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| San Jose, California 95134-1706 SOLUTIONS Cisco Internetwork Operating System Software TOS (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5) Technical Support: http:/ /www.cisco.com/techsup port Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Wed 27-Apr-04 19:01 by miwang cisco 2621 (MPC860) processor (revision 0x20) with 60416K/5120K bytes of memory Processor board 1D JADO5190MTZ. (4292891495) M860 processor: part number 0), mask 49 Bridging software. X.25 software, Version 3.0.0. 2 FastEithernet/ IEEE 802.3 interface(s) 32K bytes of non-volatile configuration memory. 63488K bytes of ATA CompactFlash (Read/Write) ~~ System Configuration Dialog, — NOTE: The router enters in to setup mode as the startup-config been erased CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| WAN CONNECTIONS SOLUTIONS) WAN connections are divided into three types 1) Dedicated line 2) Circuit switched 3) Packet switched Switched T Leased lines: Fractional T1/E1 Packet THVEt switched T3/E3 DSL I X25 Basic telephone service: con Frame Relay ATM Switched 56 pees Dedicated line:- Permanent connection for the destination Used for short or long distance Bandwidth is fixed Availability is 24/7 Charges are fixed whether used or not. Uses analog circuits Always same path is used for destination Example is Leased Line also used for short and medium distances. Bandwidth is fixed Charges depend on usage of line Also called as line on demand. Usually used for backup line Connects at BRI port of router ISDN and PSTN are the examples CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved.NETMETRIC| Packet switched: SOLUTIONS} ¥ Used for medium or longer connections ¥ Bandiwidth is shared ¥ Many virtual connections on one physical connection Example: - Frame Relay Leased line: - * A permanent/dedicated physical connection which is used to connect * two different geographical areas. This connection is provided by telecommunication companies like BSNL in India Leased line provides service 24/7 throughout the year, not like Dial-up Connection which can be connected when required. Leased Lines are obtained depending on the annual rental basis. Moreover, its rent depends on the distance between the sites. LEASED LINE IS OF THREE TYPES: 1) SHORT LEASED LINE 2) MEDIUM LEASED LINE 3) LONG LEASE LINE (IPLC) Short leased line whichis used with in the city and cost is also less for it Medium leased line is used to connect sites in two different states like Hyderabad and Chennai. Long Leased Line also called as IPLG, It stands for International private lease circuit uses to connect two different counties. It's the most expensive among all. Leased Line provides excellent quality of service with high speed of data transmission. As it's a private physical connection assures complete security and privacy even with voice. Speed of the leased line varies from 64 kbps to2 Mbps or more. Always Leased Line has fixed bandwidth. Once leased line is setup not only we can send data but tnansmission of voice is also possible, In addition to this, beth voice and date can be sent simultaneously. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved.Example of Leased Line NETMETRIC| SOLUTIONS EXCHANGE. ao.s.2.2/e Caw ~ 20.0.0.0/8 ico OFFICE Fiber Optic Cable DIE Data Communication Equipment Generate clocking (ie. Speed). Example of DCE device in Leased line setup : V.35 & G.703 Modem & Exchange (Modem & MUX) Example of DCE device in Dial up setup ; Dialup Modem Coming to the hardware requirements 1) Leased Line Modem 2) V.35 connector é& cable 3) G.703 connector & cable Data Termination Equipment Accept clocking (ie. Speed). Example of DTE device in Leased line setup : Router Example of DTE device in Dial up setup : Computer Leased line Modem also called as CSU/DSU (Channel Service Unit and Data Service Unit). It acts as a DCE device which generates clock rate. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadyhahiNETMETRIC| SOLUTIONS Wan Representation A Back to Back Cable is used which emulates the copper wire, modems and MUX, the complete exchange setup. © Without DCE & DIE device communication is not possible. V.35 Back to Back Cable Note: - while practicing labs we use V 35 cable for back to back connection with router where asin real time V.95 cable terminates at the Lease Line Modem, That's the reason we have to use clock rate command in the labs where as it’s not require in the real scenario. CSU /DSU is used to generate the speed, In different countries different codes are used for Leased Line with different speeds. In Europe its is identified as E whereas in UK its is identified with letter T In Europe, there are five types of lines distinguished according to their speed EO (64Kbps), E1=32 E0 lines (2Mbps), E1 = 128 EO lines (Mbps), 6 E1 lines (84Mbps), E4 = 64 El lines (140Mbps) In the United States, the concept is as follows: 1. TI (1.544 Mbps) 2. T2=4TI lines (6 Mbps), 3 8 TI lines (45 Mbps), 4. (68 T1 lines (275 Mbps) CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| SOLUTIONS "ADVANTAGES: DISADVANTAGES 0 COMPLETE SECURE © EXPENSIVE HIGH BANDWIDTH 0 PERMANENT PHYSICAL HIGH SPEED CONNECTION: CONNECTION: SUPERIOR QUALITY RELIABLE WAN Protocols Leased Lines uses two types of WAN encapsulation protocols: 1) High Data Link Protocol (HDLO) 2) Point to Point Protocol (PPP) HDLC Higher level data link Control Point to Point Protocol protocol Standard Layer 2 WAN Cisco Proprietary Layer 2 WAN Protocol Protocol Supports Authentication Doesn't support Authentication Support error correction Doesn’t support Compression and error correction PPP supports two authentication protocols: + PAP (Password Authentication Protocol) + CHAP (Challenge Handshake Authentication Protocol) PAP (Password Authentication Protocol) + PAP provides a simple method for a remote node to establish its identity using a two-way handshake. PAP is done only upon initial link establishment PAP is not a strong authentication protocol. Passwords are sent across the link in clear text. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| SOLUTIONS @ Passwords sent in cleartext @ Poor in control of attompie CHAP (Challenge Handshake Authentication Protocol) After the PPP link establishment phase is complete, the local router sends a unique “challenge” message to the remate node. The remote node responds with a value (MD5) The local router checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged. Otherwise, the connection is terminated immediately. Selecting a PPP Authentication Configuration of HDLC- Router(config}# interface serial 0/0 Router(config-if)# encapsulation hdle ( default is HDLC even if u don't configure this command ) Configuration of PPP: Router# configure terminal Router(config}# interface serial 0/0 Router(config-if)# encapsulation ppp CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved. sikandarbaadshah@gmuilcNETMETRIC| SOLUTIONS To Enable CHAP Authentication Rouler(config}# interface serial 0/0 Router(config-if)# encapsulation ppp Router(config-if}# ppp authentication chap To Enable PAP Authentication:- Router(config)# interface serial 0/0 Router(config-i}# encapsulation ppp Router(config-i# ppp authentication pap Rules to assign the IP address to the router: 1. All the LAN and WAN should be in different networks (or should not repeat the same network). 2. Router Ethernet IP and the LAN network assigned should be in the same network. 3. Both the interfaces of router facing each other should be in the same network. 4. All the interfaces of routers should be in the different network. The below diagram demonstrates the above rule: Se a v3 Feet po asp Feaggpen 192 168.1.100°" 0/0 Faoyfer3 5 PAT PCT beet Rca 192168.31 192.168.32 192.1684. 19216842 Pcrr “PC-FT 2.1 68.1.2 re 192.168. 192.168. rwnisez1 19216822 7c CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| LAB: BASIC IP CONFIGURATION : SOLUTIONS, @ Bore" “pert pe-pT 492.160.4.4 492,168.42 “foo s.1 192.168 2.2 192.168.1.0/24 192.198 20/24 ON ROUTER -1 Rouler> enable Router configure terminal Router(config)# hostname R-1 R-l(config)# interface fastEtheret 0/0 R-l(config-if}# ip address 192.168.1100 255.255.255.0 R+l(config-if}# no shutdown R-l(config-if) # R-l(config-if}#exit R-l(config)# interface serial 0/0 R(config-if)#ip address 10.0.0.1 255.0.0.0 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| R-1(config-if}# no shutdown SOLUTIONS R-l(config-if)# clock rate 64000 NOTE: © clock rate is only required in the lab scenario as we are using a back to back cable instead of the real exchange where the modems will be installed which will generate the clocking ©) here clock rate has to be generated manually using clock rate conumuand R-1#show ip interface brief Interface IP-Address OK? Method Status Protocol Sa seers ‘YES unset came own down Serial0/1 unassigned YES unset administratively down down ON ROUTER -2 Router> enable Router# configure terminal Router(config)# hostname R-2 R-2(config)# interface fastEthernet 0/0 R-2config-if}# ip address 192.168.2.100 255.255.255.0 R-2(config-if#no shutdown R-2(config-if) #exit R-2(config)# interface serial (0 RA(config-if}#ip address 10.0.0.2 255.0.0.0 R-2(config-if}#no shutdown R-2(config if) # clock rate 64000 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights res sikandarbaadshahNETMETRIC| _BuernorO-sUrDOWS tine protean, —_ R-2#show ip interface brief Interface IP-Address OK? Method Status Protocol up tratively down down Serial0/1 unassigned YES unset administratively down down R-1#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.100 YES manual up up FastEthernet()/1 a YES unset administratively down down Serial0/1 unassigned YES unset administratively down down Troubleshooting the connectivity: Router # show ip interface Brief 1) Serial is up, line protocol is up © Connectivity is fine. 2) Serial is administratively down, line protocol is down + local port isin shut down state + No Shutdown has to be given on the local router interface 3) Serial is down, line protocol is down + remote device turned off * remote port is in shutdown state * interface on the remote router has to be configured * connectivity 4) Serial is up, line protocol is down ‘+ Encapsulation mismatch + clock rate command not given on serial interface (only applies in lab scenario ) + if using PPP, then authentication mismatch CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@ ts lutionNETMETRIC| LAB : BASIC CONFIGURATION OF THREE ROUTERS SOLUTIONS) 10.0.0.4 10.0.02, pe 10.0.1 en 2 01000 eee pee _s———_ ss Fao/ghXm Rojfer2 262Feo/0 : 192.168.2100] Roufer3: 20 290) ray 29a Sez PC-PT —“PC-PT. = =. ; 3 192.168.1.1 192.168.1.2 “PC-PT PC-PT 192,168.22 J 192.168. 1.0/24 SSE ERE 292,168,3.1 492.1603. 192.168.2.0/24 19.168.3.0/24 On ROUTER-1 Router(config)# hostname R-1 R-l(config)# interface fastEthernet 0/0 R-l(config-if}# ip address 192.168.1100 255.255.255.0 R-l(config-if}# no shutdown R-l(config-if) # R-I(config-if} exit R-l(config)#interface serial (0 R-l(config-if}#ip address 10.0.0.1 255.0.0.0 R-(config-if}#no shutdown CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| R-l(config-if)# clock rate 64000 SOLUTIONS| NOTE: clock rate is only required in the lab scenario as we are using a back to back cable instead of the real exchange where the modents will be installed which will generate the clocking © here clock rate hus to be generated manually using clock rate conumand R-1#show ip interface brief Interface IP-Address OK? Method Status Protocol ae it ‘YES unset administra “— down Serial0/1 unassigned YES unset administratively down down ON ROUTER -2 R-2>enable R-2(config)# interface fastEthernet 0/0 R-2(config-if)# ip address 192.168.2100 255.255.255.0 R-2(config-if)#no shutdown R-2(configrif)texit R-2(config)# interface serial (/0 R-2(config-if)# ip address 10.0.0.2 255.0.0.0 R-2(config-if}#no shutdown R-2(config-if}#clock rate 64000 R-2(config)# interface serial 0/1 R-2configif# ip address 11.0.0.1 255.0.0.0 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| R-2(config-if}# no shutdown SOLUTIONS R-2Aconfig-ifjitelock rate 64000 R-2#show ip interface brief Interface IP-Address OK? Method Status Protocol up up FastEthernet0/1 unassigned YES unset administratively down down On ROUTER- 3 Router>enable Router#conf t Router(config)#hostname R-3 R-3(config)#interface fastEthernet 0/0 R-3(config-if)# ip address 192.168,3.100 255.255.255.0 R-3(config-if) #no shutdown R-3(config-if #exit R-3(config)#interface serial (/0 R-3(config-if}#ip address 11.0.0.2 255.0.0.0 R-3(config-if)#no shutdown, R-3(config-if)#elock rate 64000 ( R-3(config-if}# end R-3#show ip interface brief Interface IP-Address OK? Method Status FastEthernet0/1 unassigned YES unset administratively down down. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SENG SC soLUTIONs Serial0/1 ssigned YES unset administratively down down R-2#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Success fate S100 pereenEG /5), round-trip min/avg/max = 4/12/44 ms R-2#ping 11.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Fchos to 11.0.0.2, timeout is 2 seconds: Success Fate iS 100 percent (5/5), round-trip min/avg/max = 4/7/20 ms NOTE: Once the interfaces are up you should be able to ping to the directly connected interfaces of the other routers CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved.NETMETRIC| FRAME RELAY SOLUTIONS) Y Frame Relay is a connection oriented, standard NBMA layer 2 WAN protocol Y Connections in Frame Relay are provided by Virtual circuits. Y Virtual circuits are multiple logical connections on same physical connection 20 Frame Relay virtual connection types. a) PVC b) sve A) PVC (permanent virtual connection): V Similar to the dedicated leased line. Y Permanent connection is used. ¥ When constant data has to be sent to a particular destination. V Always use the same path. B) SVC (switched virtual connection) Y Virtual connection is dynamically built when data has to be send and torn down after use. It is similar to the cizcuit switched network like dial on demand. Also called as semi-permanent virtual dircuil. For periodic intervals of data with small quantity ¢ v “There are two types of Frame relay encapsulations 1. Cisco (default and Cisco proprietary) 2. IETF (when different vendor routers are used) DLCI (data link connection identifier): RTA 80 a2. peel Framo Relay CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| SOLUTIONS Address of Virtual connections For every VC there is one DLCI number. Locally significant and provided by Frame Relay service provider Inverse ARP (address resolution protocol) is used to map local DLCI to a remote IP. LMI (Local management interface):- LMI allows DTE (router) to send status enquiry messages (keep alive)to DCE (frame relay switch) to exchange status information about the virtual circuits devices for checking the connectivity. Frame relay LMI types? 1. CISCO (Default) 2. ANSI 3, Q9B3A Note:- On Cisco router LMI is auto sense able no need to configure Frame relay virtual connection status type: 1) Active: - Connection is up and operation between two DTE’s exist 2) Inactive: - Connection is functioning between at least between DTE and DCE 3) Deleted: - The local DTE/ DCE connection is not functioning. Frame relay network connections, 1)Point to Point 2)Point to Multipoint (NBMA) Congestion indicates traffic problem in the path when more packets are transmitted in one direction. Local Access Loop amt Local Access Loop = 64 kbps Congestion notifications 1) FECN (forward explicit congestion notification) CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]_, SikandarGnewnetric-solutioNETMETRIC| 2) BECN (backward explicit congestion notification) a FECN Indicates congestion as frame goes from source to destination Used this value inside frame relay frame header in forward direction FCEN =0 indicates no congestion Used by the destination (and send to source) to indicate that there is congestion. Used this value inside frame relay frame header in backward direction BCEN =0 indicates no congestion ADVANTAGES ¥ VC's overcome the scalability problem of leased line by providing the multiple logical circuits over the same physical connection Cheaper Best quality VCs are full duplex BASIC FR IMPLEMENTATION 1099./8 ma FEW soya Ra interface Serial0/0 nosh ip address 10,0.0.1 255.0.0.0 encapsulation frame-relay interface Serial0/0 nosh ip address 10.0.0.2 255.0.0.0 encapsulation frame-relay CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS # shun int s/0 Sh ip int brief On FRSW En Conf t frame-relay switching (to make the router to act as FR SWITCH) int s0/0 no shutdown encapsulation frame-relay frame-telay intf-type dee frame-relay Imi-type cisco frame-relay route 100 int 90/1200 int sO/1 no shutdown encapsulation frame-relay frame-relay intf-type dee frame-relay Imi-type cisco frame-relay route 200 int s0/0 100 VERIFY # sh run int s0/0 Ri#sh frame-relay map Serial0/0 (up): ip LOMO2AIENIO0(0x64,0x1840), dynamic, broadcast, CISCO, status defined, active FRSW#sh frame-relay route Input Inf Input Dici_ Output Intf OutputDici Status Serial0/0 100 Serial0/1 200 active CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| Serial0/1 200 Serial0/0 100 active SOLUTIONS Ritping 10.0.0.2 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max ~4/55/104 ms Ri #sh frame-relay Imi LMI Statistics for interface Serial0/0 (Frame Relay DTE) EMITYPE=!CIsco Invalid Unnumbered info 0 Invalid Prot Dise 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Eng, Sent 103 Num Status insgs Revd 32 Num Update Status Revd 0 Num Status Timeouts 70 Last Full Status Req 00:00:02 Last Full Status Revd 00:01:02 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC] ROUTING SOLUTIONS Routing Forwarding of packets from one network to another network choosing the best path from the routing table. Routing makes possible for two or more different networks to communicate with each other. Routing lable consist of only the best routes for every destinations. Types of Routing 1. Static Routing 2. Default Routing 3. Dynamic Routing Static Routing + tis configured manually by the Administrator. + Mandatory need for the Destination Network ID + Used for Small organizations + Administrative distance for Static Route is 0 or 1 Advantages: + There is no overhead on the router CPU + There is no bandwidth usage between routers + Itadds security because the administrator can chcose to allow routing access to certain networks only. Disadvantages of static routing Used for small network. (It's not feasible in large networks ) Each and every network has to be manually configured The administrator must really understand the internetwork and how each router is, connected in order to configure routes correctly. Any changes in the internetwork has to be updated in all routers Configuring Static Route Router(contig)# ip route Or Router(config)# ip route CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| SOLUTIONS LAB: STATIC ROUTING 10,0.0.4 ms Sseolo 10.0.0.2 20/0 26am e Fao/Ofert +492.168.4.400) PC-PT PC-PT econ 192. 168.1.1 192,108.12 192,168.24 192.168.2.2 192.168. 1.0/24 1092.468.2.0/24 STEPS: Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2), Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state What we doin this lab 4) Static routing 5) Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) R-lfshow ip route Gateway of last resort is not set ae is directly connected, FastEthernet0/0 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]_, [email protected]NETMETRIC| SOLUTIONS R-2#show ip route Gateway of last resort is not set @ ee onnected, FastEthernet0/0 NOTE: The above routing table displays only the networks which are directly connected By default router don’t know about the networks which are not directly connected and that the reason there is no reachability between the two LAN’s So to provide reachability we need to implement any of the routing PC> ipconfig IP Address. Subnet Mask. : 255.255.2550 Default Gateway. :192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reph Reply from 192.168.1100: Destination host unreachable. Reply from 192,168.1.100; Destination host unreachable. Ping statistics for 192.168,2.1: Packets: From the above output we can see there is no communication between 192.168.1.1 and 192.168.2.1 and they are on different networks. In order to communicate we need to implement any of the routing (here in this we use static routing) On RA R-lI(config)# ip route 192.168.2.0 255.255.255.0 10.0.0.2 R-l{config)# end R-l#tsh ip route CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| SOLUTIONS Gateway of last resort is not set C_ 10.0.0.0/8 is directly connected, Serial0/0 Cc 192.168.1. sha is sa connected, FastBthernet0/0 On R-2 R-2(config)#ip route 192.168.1.0 255.255.255.0 10.0.01 R-2(config)#end R-2#show ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/0 C 192.168.2.0/24 is directly connected, FastEthernet)/0 PC>ipconfig IP Adare: Default Gateway 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out Reply rons 152 1B 2 RE ps TTL“126 Reply from 192.168.2.1: bytes=32 time=21ms TTL=126 Reply from 192,168.21: bytes=32 time=21ms TTL=126 PC>ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data: Request timed out. Reply from 192.168.2.2: bytes= Reply from 192.168 2.2: bytes=: CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS PCotracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: Rlfping 192.168.2.1 Type escape sequence to abort Sending 5, 100-byle ICMP Echos to 192.168.2.1, timeout is 2 seconds Success rate is 5/5), round-trip min/avg/max = 9/16/31 ms P 8 R-2#ping 192.1681.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is TOO/percent (5/5), round-trip min/avg/max = 10/15/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| STATIC ROUTING WITH 3 ROUTERS SOLUTIONS 10.004 10.0.0.2 11.0.0.1 Fx 25010, Bseoit 262bxM Faojifert 192.168.1104 ecer “pcr = =: ; J 192.168, 1,1 192.168, 4.2 e PC-PT PEC-PT. 24 192.16822 192,168.1.0/24 Reteket 192.168.3.1 192,168.32 192.168,2.0/24 192.168,3.0724 Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state What we do in this lab 4) Static routing 5) Verify Routing table and reachability between the LAN's (using PING and TRACE commands ) R-1#sh ip route Gateway of last resort is not set C_ 10.0.0.0/8 is directly connected, Serial0/0, C 192.168.1.0/24 is directly connected, FastEthernet0/0 R-2fsh ip route Gateway of last resort is not set CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| SOLUTIONS C_ 10.0.0.0/8is directly connected, Serial0/0 C 11.0.0.0/8 is directly connected, Serial0/1 C 192.168.2.0/24 is directly connected, FastEthernet0/0 R3#sh ip route Gateway of last resort is not set C 11.0.0.0/8is directly connected, Serial0/0. C 192.168.3.0/24 is directly connected, FastEthemet0/0 On Router- 1 R-1(config)# ip route 192.168.2.0 255.255.255.0 10.0.0.2 R-l(config)# ip route 192.168.3.0 255.255.255.0 10.0.0.2 R-I(config)# ip route 11.0.0.0 255.0.0.0 10.0.0. On Router -2 R-2(config)# ip route 192.168.1.0 255.255.255.0 10.0.0.1 R-2(config)# ip route 192.168.3.0 255.255.255.0 1.0.0.2 On Router -3 R-3(config)# ip route 192,168.20 255.255,255.0 11.0.0.1 R-3(config)# ip route 192.168.1.0 255.255.255.0 1.0.0.1 R-3(config)# ip route 10.0.0.0 255.0.0.0 11.0.0.1 R-1ftshow ip route Gateway of last resort is not set C_ 10.0.0.0/8 is directly connected, Serial0/0 C 192.168, 0/8 is anaes FastEthernet0/0 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS 66 R-2#show ip route C_ 10.0.0.0/8 is directly connected, Serial0/0 C 11.0.0, a is directly connected, Serial0/1 C 192.168, rota is directly connected, FastEthernet0/0 R-3#show ip route c 11.0.0.0/8 is directly connected, Serial0/0 C 192.168.3.0/24 is directly connected, FastEthernet()/0 PC>ipcontig IP Address. 19216821 Subnet Mask, 255.255.255.0 Default Gateway. 192.168.1.100 PC>ping 192,168.21 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: byte s Reply from 192.168.2.1: bytes=32 time=14ms TTL=126 PC>ping 192.1683.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. 32 time=27ms TTL=125 Reply from 192 168.3.1: bytes=32 time=22ms TTL=125 Reply from 192.168.3.1; bytes=32 time=25ms TTL=125 PC>tracert 192.168.3.1 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS Tracing route to 192.168.3.1 over a maximum of 30 hops: 15ms 8ms 8 Trace complete Rlfping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Fchos to 192.168.3.L, timeout is 2 seconds: Success rate is TOO Percent (5/5), round-trip min/avg/ max = 9/16/31 ms R-3#ping 192.168.1.1 ‘Type escape sequence to abort: Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is 100/percent (5/5), round-trip min/avg/max = 10/15/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| DEFAULT ROUTING: SOLUTIONS} Default route is used when destination is unknown ( internet ) Also can be used at end locations where there is only one exit path for any destination Last preferred route in the routing table Default routes help in reducing the size of your routing table. If the routers do not found an entry for the destination network ina routing table, the router will forward the packet to its default route. | = Lan -392.368.3.0/24 3p 20254.30.1/24 Configuring Default Route Router(contig}# ip soute Or Router(config)# ip route CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| LAB : DEFAULT ROUTING SOLUTIONS, 10001 riooe, uta as race cae Rode r2 Faglifect 192.168.1.101 192.168.2.100 vce “PCat = , , son 168 ta 192-168.1.2 * Sr beat : 107 16822 192.168. 1.0/24 ACB 2t. 192,168.31 192,168.32 192.160.2024 aie STEPS: Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state What we do in this lab 4) Default route used on Ri and R3 , static routing on R2 5) Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) R-1#sh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/0, CC 192.168.1.0/24 is directly connected, FastEthernet)/0 R-2#sh ip route Gateway of last resort is not set CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| SOLUTIONS C 10.0.0.0/8 is directly connected, Serial0/0 C 11.0.0.0/8 is directly connected, Serial0/1 C 192.168.2.0/24 is directly connected, FastEthernet0/0 R3#sh ip route Gateway of last resort is not set C 11.0.0.0/8is directly connected, Serial0/0. C 192.168,3.0/24 is directly connected, FastEthernet0/0 ON ROUTER-1 R-1(config)#ip route 0.0.0.0 0.0.0.0 10.0.02 ON ROUTER - 2 R-2(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.1 R-2(config)#ip route 192.168.3.0 255.255.255.0 11.0.0.2 On Router -3 R-3(config)# ip route 0.0.0.0 0.0.00 11.001 R-l#sh ip route Galeray of ast eso TOO TSREETSRROTO C_ 10.0.0.0/8is directly connected, Serial0/0 Cc 192.168.1. i directly connected, FastEthernet0/0 R-2#sh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/0 C 11.0.0.0/8is directly connected, Serial0/1 S$ 192.168.1.0/24 [1/0] via 10.0.0.1 C 192.168.2.0/24 is directly connected, FastEthernet()/0 S 192.168.3.0/24 [1/0] via 11.0.0.2 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS a R.3ttsh ip route Gateway of last resort is MMOOANSRENSROOOG C 11.0.0.0/8 is directly connected, Serial0/0, C_ 192.168, connected, FastEthernet0/0 PC>ipconfig IP Address. Subnet Mask... 55,2550 Default Gateway. 192.168.1100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168.2.1: byte Reply from 192.168.2.1: bytes PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. Reply from 192.16833.1: byte Reply from 192.168.3.1: bytes PC>tracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 15ms &ms Sms 212ms 9ms 8ms_ 1 3.17ms 6ms 12ms 424ms 27ms 25 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS Trace complete Relfping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-bylte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate is 160 percent (5/5), round-trip min/avg/max = 9/16/31 ms R-3#ping 192,168.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 10/15/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| DYNAMIC ROUTING SOLUTIONS, vantages of Dynamic over static: There is no need to know the destination networks. Need to advertise the directly connected networks. Updates the topology changes dynamically. Administrative work is reduced Used for large organizations, Neighbor routers exchange routing information and build the routing table automatically, this is easier than using static or default routing, Types of Dynamic Routing Protocols + Distance Vector Protocel + Link State Protocol * Hybrid Protocol DISTANCE VECTOR LINK STATE PROTOCOL HYBRID PROTOCOL PROTOCOL (Advance Distance vector Protocol) Works with Works with Dijkstra Works with DUAL Bellman Ford algorithm algorithm algorithm Incremental updates Incremental Periodic updates Classless routing updates Classful routing protocol Classless routing protocol Missing routes are protocol Full Routing tables exchanged Missing routes are are exchanged Updates are through exchanged Updates are multicast Updates are through broadcast Example : OSPE, IS-IS through multicast Example: RIP v1, Link state updates Example : EICRP RIPy2, IGRP Also called as Advance Distance vector Protocol Classful Protocols: © Classful routing protocol do not carry the subnet mask information along with updates © which means that all devices in the network must use the same subnet mask * Ex: RIPV1, IGRP CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@gmailNETMETRIC| Classless Protocols: SOLUTIONS} * Classful routing protocol carry the subnet mask information along with updates * That's why they support sub networks and default networks also + Ex: RIPv2, EIGRP , OSPF, ISIS Administrative Distance It is the trustworthiness of the information received by the router. The Number is between 0 and 255 Least value is more preferred. Default administrative distances are as follows : Directly Connected = 0 Static Route =1 IGRP = 100 OSPE RIP EIGRP = 90/170 ISIS =115 ROUTING INFORMATION PROTOCOL V1 Open Standard Protocol Classful routing protocol Updates are broadcasted via 255.255.255.255 Administrative distance is 120 Metric: Hop count Max Hop counts: 15 Max routers: 16 Load Balancing of 4 equal paths Used for small organizations Periodic updates and Exchange entire routing table for every 30 seconds Rip Timers + Update timer : 30 sec = Time between consecutive updates * Invalid timer : 180 sec = Timea router waits to hear updates - The route is marked unreachable if there is no update during this interval. «Flush timer : 240 sec = Time belore the invalid route is removed from the routing table * Hold down timer 180sec =. Stabilizes routing information and helps preventing routing loops during periods when the topology is converging on new information. = Oncea route is marked as unreachable, it must stay in holddewn long enough for all routers in the topology to learn about the unreachable network CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@ ts lutionNETMETRIC| SOLUTIONS Convergence time is the time taken by the router to use alternate route if the best route is down. RIP Version 2 + Classless routing protocol + Supports VLSM + Supports authentication + Uses multicast address 224.0.0.9. Advantages of RIP Easy to configure No design constraints like OSPF protocol No complexity Less overhead Disadvantage of RIP Bandwidth utilization is very high as broadcast for every 30 second Works only on hop count (not consider the Bandwidth) Not scalable as hop count is only 15 Slow convergence Configuring RIPV 1 Router(config)# router rip Router(config-router)# network Configuring RIP v2 Router(contig}# router rip Router(config-router)# network Router(contig-router}# version 2 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved.NETMETRIC| LAB: DYNAMIC ROUTING USING RIPV2 SOLUTIONS 10.0.0. 10,0.0.2 eee 2 2A Fa0/0h XM Faciefert 192.168. 110 192.168.1.1 192.1 _ PC-PT PC-PT 192.108 10/24 a 192,166,3.1 192,168.32 192.168.0724 197.168. 3.0/24 STEPS: Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state What we do in this lab 4) Dynamic routing using RIPV2 5) Verify Routing table and reachability between the LAN's (using PING and TRACE commands ) R-lfish ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/0 C 192.168,1.0/24 is directly connected, FastEthernet0/0 R-2#sh ip route Gateway of last resort is not set C 10.0.0.0/8is directly connected, Serial0/0 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahC 11.0.0.0/8is directly connected, Serial0/1 CC 192.168,2.0/24 is directly connected, FastEthernet0/0 R-3#sh ip route Gateway of last resort is not set C_ 11.0.0.0/8 is directly connected, Serial0/0 C 192.168,3.0/24 is directly connected, FastEthernet0/0 ON ROUTER-1 R-l(config)#router rip R-1(config-router)#version 2 R-l(config-router)#network 192.168.1.0 R-1(config-router)#network 10.0.0.0 R-1(config-router)#end ON ROUTER -2 R-2(config)#router rip R-2(config-router)#version 2 R-2(config-router)#network 192.168.2.0 R-2(config-router)#network 10.0.0.0 R-2(config-route:)# network 1.0.0.0 R-2(config-route:)#tend On Router =3 R-3(config)#router rip R-3(config-router)#version 2 R-3(config-router)#network 192.168.3.0 R-3(config-router)#network 11.0.0.0 R-3(config-router)#end R-l#sh ip route Gateway of last resort is not set NETMETRIC| SOLUTIONS CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gma& ee is directly connected, eeu Cc 192.168, a is directly connected, FastEthernet0, i R-2#sh ip route Gateway of last resort is not set C 10.0.0.0/8is directly connected, Serial0/0 C_11.0.0.0/8is directly connected, Serial0/1 C_ 192.168, ae is directly connected, gaa R-3#sh ip route Gateway of last resort is not set C_ 11.0.0.0/B is directly connected, Serial0/0, C 192.168,3.0/24 is directly connected, FastEthernet0/0 R-lftshow ip protocols Routing Protocol is Sending updates every next due in8 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: rip Default version control: send version 2, receive 2 Interface Send Recv Triggered RIP Key-chain FastEthernet0, ser Automatic network summarization is in effect Maximum path: 4 Routing for Networks: Passive Interface(s) Routing Information Sources: Gateway Distance Last Update 10.002 120 00:00:02 Distance: (default is 120) NETMETRIC| SOLUTIONS CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| R-lfshow ip route rip SOLUTIONS| R_ 11.0.0.0/8 [120/1] via 10.0.0.2, 00:00:24, Serial0/0 R_ 192.168.2.0/24 [120/1] via 10.0.0.2, 00:00:24, Serial0/0 R_ 192.168.3.0/24 [120/2] via 10.0.0.2, 00:00:24, Serial0/0 PC>ipcontig IP Address. 192.1680.1 Subnet Mask. .. Default Gateway. 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. =19ms TIL=126 Reply from 192.168 .2.1: bytes ms TTL=126 Reply from 192. 168.21: byte i PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. Reply from 192.1683.1: byte Reply from 192.168.3.1: byte PCotracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 15ms 8ms 8ms 192,168.1.100 212ms 9ms 8ms 10.002 3.17ms 6ms 12ms 11.002 4 24ms 27ms ms 1921683.1 Trace complete R-1#ping 192.168.3.1 Type escape sequence to abort. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: SOLUTIONS, Success rate is 100)pereent (5/5), round-trip min/avg/max = 9/16/31 ms 80 R-3#ping 192.168.1.1 Type escape sequence to abort. ending 5, 100-byie ICMP Echos to 192.1681.1, timeout is 2 seconds: Success rate is WOOpEreent (5/5), round-trip min/avg/ max = 10/15/18 ms Autonomous System Number An autonomous system is a collection of networks under a common administrative domain A unique number identifying the Routing domain of the routers. Ranges from 1- 65535 Public ~1- 64512 Private ~ 64513 ~ 65535 Private AS: used within the same service providers Public AS: used in between multiple service providers Routing Protocol Classification IGP EGP Interior Gateway Protocol * Exterior Gateway Protocol Routing protocols used within the * Routing protocol used same autonomous system number between different All routers will be routing within autonomous systems the same Autonomous boundary Routers in different AS need Ex: RIP, (GRP, EIGRP, OSPF, IS-IS an EGP Ex: Border Gateway Protocol ~ IGPs operate within an autonomous system ~- EGPs connect different autonomous systems CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved.NETMETRIC| IGPs: RIP, OSPF, IGPs: RIP, OSPF, SOLUTIONS, | Routing = Se Routing Protocols Routed Protocols Dynamic Route [ EGP ioF Exterior Gatoway Protocol Interior Gateway Protoce! Distance Vector Link State CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved.NETMETRIC| ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL SOLUTIONS) Cisco calls EIGRP a distance-vector routing protocol or sometimes an advanced distance-vector or even a hybrid routing protocol Cisco proprietary protocol Classless routing protocal Includes all features of IGRP Metric (32 bit) : Composite Metric (BW + Delay + load + MTU + reliability ) Administrative distance is 90 Updates are through Multicast (224.0.0.10) Max Hop count is 255 (100 by default) Supports IP, IPX and Apple Talk protocols (Obviously we won't use IPX and AppleTalk, ut EIGRP does support them.) Hello packets are sent every 5 seconds ( dead interval 15 sec) Convergence rate is fast Ituses DUAL (diffusion update algorithm) Summarization can be done on every router Supports equal and unequal cost load balancing 1am router A, who is on the ink? ae Hello, lam router B. my complete routing information. Thanks for the information! Here is my completo route information. Tia ECL Panserbettomate TL @ ym cones G2 EIGRP maintains three tables Neighbor table + Contains list of directly connected routers CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| When a newly discovered neighbor is learned, the SOLUTIONS} address and interface of the neighbor are recorded, and this information is held in the neighbor table, stored in RAM. + # show ip cigrp neighbor Topology table + List of all the best routes learned from each neighbor + # Show ip eigrp topology Routing table + The best route to the destination + #show ip route The neighbor and topology tables are stored in RAM and maintained through the use of Hello and update packets, Yes, the routing table is also stored in RAM, but that information is gathered only from the topology table. Successor + Successor is the best route to a remote destination network. + A successor route is used by EIGRP to forward traffic to a destination and is stored in the routing table. Feasible successor + A feasible successor is a second best route to a remote destination network and it is, considered a backup route EIGRP uses Diffusing Update Algorithm (DUAL) for selecting and maintaining the best path to each remote network. This algorithm allows for the following: + Backup route determination if one is available + Support of VLSMs + Dynamic route recoveries + Queries for an alternate route if no route can be found Disadvantages of EIGRP * Works only on Cisco Routers Configuring EIGRP Router(contig}# router eigrp Router(config-router)# network NOTE: © EIGRP uses autonomous system numbers to identify the collection of routers that stare route information. Only routers that have the same autonoinous system numbers share routes, © AS no should be same on all reuters to become neighbors and exchange the routes. © EIGRP routers that belong to different autonomous systems (ASes) don't automatically share routing information and they don't become neighbors. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| Maximum Paths and Hop Count SOLUTIONS By default, EIGRP can provide equal-cost load balancing of up to four links (actually, all routing protocols do this). However, you can have EIGRP actually load-balance across up to six links (equal or unequal) by using the following command: R-l(config)#router eigrp 10 Ra oe ae aths ? EIGRP has a maximum hop count of 100, but it can be set up to 255. Pod1R1(config)#router eigrp 10 ee oe maximum-hops ? #show ip route Shows the entire routing table #show ip route eigrp Shows only EIGRP entries in the routing table #show ip eigrp neighbors Shows all EIGRP neighbors #show ip eigrp topology Shows entries in the EIGRP topology table CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| SOLUTIONS LAB: DYNAMIC ROUTING USING EIGRP 1.0.0.1 11.0.0.2 20/0) 2620/0 Rollers af 2 0/3 : SHraal3 poet | ec er ¥ . : \, io al PC-PT PC-PT é 192, 168.1.1 192.168.1.2 Bs PC-PT PC-PI| 192, 198.2.2 192,168.1.0/24 AS see 192.168.3.1 192-168.4)2 192.168.2.0/24 192.168.3.0/24 STEPS: Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state What we do in this lab 4) Dynamic routing using EIGRP 5) Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) R-1#sh ip route Gateway of last resort is not set € 10.0.0.0/8is directly connected, Serial/0, C 192.168.1.0/24 is directly connected, FastEthernet()/0 R-2#sh ip route CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| Gateway of last resort is not sct SOLUTIONS, C_ 10.0.0.0/8is directly connected, Serial0/0 C 11.0.0.0/8 is directly connected, Serial0/1 C 192.168,2.0/24 is directly connected, FastEthernet0/0 R-3#sh ip route Gateway of last resort is not set C 11.0.0.0/8is directly connected, Serial0/0 C 192.1683.0/24 is directly connected, FastEthernet0/0 ON ROUTER-1 R-l(config)# router eigrp 100 R-I(config-router)# network 192.168.1.0 RA(config-router)# network 10.0.0.0 ON ROUTER - 2 R-2(config)#router eigrp 100 R-2(config-route:)# network 192.168.2.0 R-2(config-route:)# network 1.0.0.0 R-2(config-router)# network 10.0.0.0 ON ROUTER - 3 R-3(config)# router eigrp 100 R-3(config-router)# network 192.168.3.0 R-3(config-router)# network 11.0.0.0 R-2#show ip eigrp neighbors IP-EIGRP neighbors for process 100 H_ Address Interface Hold Uptime SRTT RTO Q Seq sec) (ms) Cnt Num CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]_, [email protected]NETMETRIC| SOLUTIONS R-lfshow ip route Gateway of last resort is not set & 0.0/8 is di R-1#show ip route eigrp D__ 11.0.0.0/8 [90/2681856] via 10.0.0.2, 00:06:05, Serial0/0 D_ 192.168.2.0/24 [90/2172416] via 10.0.0.2, 00:06:08, Serial0/0 D_ 192.168.3.0/24 [90/2684416] via 10.0.0.2, 00:03:09, Serial0/0 R-2#show ip route eigrp D_ 192.168.1.0/24 [90/2172416] via 10.0.0.1, 00:07:26, Serial0/0 D_ 192.168.3.0/24 [90/2172416] via 11.0.0.2, 00:04:52, Serial0/1 R-3#sh ip route eigrp D_ 10.0.0.0/8 [90/2681856] via 11.0.0.1, 00:01:32, Serial0/0 D_ 192.168.1.0/24 [90/2684416] via 11.0.0.1, 00:04:32, Serial0/0 D_ 192.168.2.0/24 [90/2172416] via 11.0.0.1, 00:04:32, Serial0/0 R-lfsh ip protocols Routing Protocol is Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5-0 EIGRP maximum Se EIGRP maximum metric variance 1 Redistributing: eigrp 100 Automatic network summarization is in effect Automatic address summarization: CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| Maximum path: 4 SOLUTIONS 1g Information Sources Gateway Distance _ Last Update 100.02 9 18606786 Distance: internal 90 external 170 R-1#sh ip eigrp topology IP-EIGRP Topology Table for AS 100 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r- Reply status P192.168.1.0/24, 1 successors, FD is 28160 via Connected, FastEthernet0/0 P10.0.0.0/8, 1 successors, FD is 2169856 via Connected, SerialD/0 P192.168.2.0/24, 1 successors, FD is 2172416 via 10,0.0.2 (2172416/28160), Serial0/0 P'11.0.0.0/8,1 successors, FD is 2681856 via 10.0.0.2 (2681856/2169856), Serial0/0 P'192.1683.0/24, 1 successors, FD is 2684416 via 10.0.0.2 (2684416/2172416), Serial0/0 PC>ipconfig IP Address. Subnet Mask. 255,255.255.0 Defauilt Gateway... 192.168.1100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. 32 time=19ms TTL=126 Reply from 192.168.2.1: byte Reply from 192.168.2.1: byte: PC>ping 192.168.3.1 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| Pinging 192.168.3.1 with 32 bytes of data: SOLUTIONS| 89, Request timed out 32 time=27ms TIL=125 Reply from 192.168.3.1: byte Reply from 192.1683.1: bytes=32 time=25ms TTL=125, PCotracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 1 5ms Sms &ms 192.168.1100 212ms 9ms 8ms 100.02 3 17ms 6ms 12ms 11.0.0.2 4.24ms 27ms 25ms 19216831 Trace complete. R-1#ping 192.168.3.1 Type escape sequence to abort: Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate is 100 'percent (5/5), round-trip min/avg/max = 9/16/31 ms R-S#ping 192.168.1.1 Type escape sequence to abort: Sending 5, 100-byle ICMP Echos to 192.168.1.1, timeout is 2 seconds Success rate is 100 percent (5/5), round-trip min/avg/max = 10/15/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| OSPF SOLUTIONS OSPF stand for Open Shortest path first OSPF is an open standard routing protocol that’s been implemented by a wide variety of network vendors, including Cisco It's a link state protocol OSPF works by using the Dijkstra algorithm , First, a shortest path tree is constructed, and then the routing table is populated with the resulting best paths. Unlimited hop count Metric is cost (cost=10 48/B.W.) Administrative distance is 110 Itisa classless routing protocol It supports VLSM and CIDR It supports only equal cost load balancing Introduces the concept of Area's to ease management and control traffic Provides hierarchical network design with multiple different areas Must have one area called as area 0 All the areas must connect to area 0 Seales better than Distance Vector Routing protocols. Supports Authentication Updates are sent through multicast address 224.0.05 Faster convergence. Sends Hello packet every 10 scconds Trigger/Incremental updates oy Router’s send only changes in updates and not the entire routing tables in periodic updates Router ID © The highest IP address of the active physical interface of the router is Router st ID. 202.15.32.2/04 If logical interface is configured, the highest IP address of the logical interface is Router [D =O 10.0.0.118: CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| OSPF SEVEN STAGE PROCESS SOLUTIONS, 1) Establishing Bidirectional Communication 172.16.8.4124 172.16.5.2/24) EO Bt am router ID 172.16.5.1, and | see no one. > to 2480.05 Lam router ID 172,16.6.2, and | 900 172.16.6.4. Unicast to A Router A Neighbors List 172.16.5.2/24, Int £0 2) Discovering the Network Routes 0 172.465.3 De | will start exchange because | have router ID 172.16.5.1. DBD No, I will start exchange because | have a higher router ID. Here is a summary of my LSDB. Here is a summary of my LSDB. = DBI CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]_, SikandarGénewmetric-solutions.comNETMETRIC| 3) Adding the Link-State Entries SOLUTIONS, 92 £5] Eo 172.4654 172.1653. a ‘Thanks for the information! = eC eee=m: LSE Ineed the complete entry for network 172.16.6.0/24. a aoe sR Here is the entry for network 172.16.6.0/24. 3g HEHRIE the nin Tor network ESBS Thanks for the information! OSPF maintains three tables: Neighbor Table + Also known as the adjacency database © Contains list of directly connected routers (neighbors) © 4 Show ip ospf neighbor Database Table * Typically referred to as LSDB ( link state database) * Contains information about all the possible routes to the networks with in the area * 4 show ip ospf database Routing Table ‘* Contains list of best paths to each destination © # show ip route Link-State Data Structure: Network Hierarchy Link-state routing can have hierarchical network This two-level hierarchy consists of the following: ~ Transit area (backbone or area 0) ~ Regular areas (non-backbone areas) CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| SOLUTIONS| Issue of Maintaining of large OSPF network OSPF Multi Area + OSPF is supposed to be designed in a hierarchical fashion, which basically means that you can separate the larger internetwork into smaller internetworks called areas, CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved. [email protected] , SikandarGnemetric-solutions.comNETMETRIC| SOLUTIONS + The following are reasons for creating OSPF in a hicrarchical design: + Todecrease routing overhead + Tospeed up convergence + Toconfine network instability to single areas of the network 4 This does not make configuring OSPF easier, but more elaborate and difficult. OSPF Networking Hierarchy: © OSPF is a hierarchical routing protocol. It enables belter administration and smaller routing tables due to segmentation of entire network into smaller areas. OSPF consists of a backbone (Area 0) network that links all other smaller areas within the hierarchy. The following are the important components of an OSPF network: Areas: An area consists of routers that have been administratively grouped together. Usually, an area as a collection of contiguous IP subnetted networks. Routers that are totally within an area are called internal routers. All interfaces on internal routers are directly connected to networks within the area, Within an area, all routers have identical topological databases, ‘Area Border Routers: Routers that belong to more than one area are called area border routers (ABRs). ABRs maintain a separate topological database for each area to which they are connected. Backbone Area: An OSPF backbone area consists of all routers in area 0, and all area border routers (ABRs). The backbone distributes routing information between different areas. Autonomous System Boundary Routers (ASBRs): Routers that exchange routing information with routers in other Autonomous Systems are called ASBRs. They advertise externally learned routes throughout the AS. Internal Routers are routers whose interfaces all belong to the same area. These routers have a single Link State Database. Advantages of OSPF * Open standard © Nohop count limitations © Loop free «Faster convergence Disadvantages ‘* Consume more CPU resources ‘* Support only equal cost balancing * Support only IP protocol don't work on IPX and APPLE Talk CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| Configuring OSPF SOLUTIONS| Router(contig)# router ospf Router(config-router)# network area LAB : DYNAMIC ROUTING USING OSPF IN SINGLE AREA asniens PoPr PC-PT ecer veers ——- ee STEPS: Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state What we do in this lab 4) Dynamic routing using OSPF single area 5) Verify Routing table and reachability between the LAN's (using PING and TRACE commands ) R-1#sh ip route Gateway of last resort is not set CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 —2014 AU rights reserved. sikandarbaudshahiNETMETRIC| SOLUTIONS C_ 10.0.0.0/8 is directly connected, Serial0/0, = C 192.168,1.0/24 is directly connected, FastEthernet0/0 R-2#sh ip route Gateway of last resort is not set C_ 10.0.0.0/8 is directly connected, Serial0/0 C 11.0.0.0/8is directly connected, Serial0/1 C 192.168.2.0/24 is directly connected, FastEthemet0/0 R-3#sh ip route Gateway of last resort is not set C_11.0.0.0/8 is directly connected, Serial0/0 C 192.1683.0/24 is directly connected, FastEthernet0)/0 On Router- 1 R-l(config)#router ospf 1 R-l(config-router)#network 192.168.1.0 0.0.0.255 area 0 R-A(config-router)#network 10.0.0.0 0.255.255.255 area 0 On Router -2 R-2(config)#router ospf 1 R-2(config-router)#network 192.168.2.0 0.0.0,255 area 0 R-2(config-route:)#network 1.0.0.0 0,255.255.255 area 0 R-2(config-route:)#network 10.0.0.0 0.255,255.255 area 0 a ee On Router -3 R-3(config)#router ospf 1 R-3(config-router)#network 192.168.3.0 0.0.0.255 area 0 R-3(config-router)#network 1.0.0.0 0.255.255.255 area 0 es CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| R-2#show ip ospf neighbor SOLUTIONS NeighborID Pri State Dead Time Address Interface 192.168.1100 0 FULL/- 00,0035 10.001 — Serial0/0 192.168.3100 0 FULL/ - — 00:0037 11.002 Serial0/1 R-lfshow ip route Gateway of last resort is not set C_ 10.0.0.0/8is direct R-l#sh ip route ospf © 11.0.:0.0 [110/128] via 10.0.0, 00:04:25, Serial /0 O 192,168.2.0 [110/65] via 10.0.0.2, 00:04:25, Serial0/0 Q. 192.168.3.0 [110/129] via 10.0.0.2, 00:03:23, SerialD/0 R-2#show ip route ospf © 192,168.1.0 [110/65] via 1.0.0.1, 00:05:09, Serial0/0 © 192,168.3.0 [110/65] via 11.0.0.2, 00:04:14, Serial0/1 R.3#show ip route ospf O 10.0.0.0 [110/128] via 11.0.0.1, 00:04:49, Seriald/0 © 192.168.1.0 [110/129] via 11.0.0.1, 00:04:49, SerialD/0 © 192,168.2.0 [110/65] via 11.0.0.1, 00:04:49, Serial0/0 R-lftshow ip protocols Routing Protocol is "spr 1! Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 192.168.1100 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Ro ia tworl Routing Information Sources: Gateway Distance _ Last Update 10.0.0.2 110 00:05:46 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| Distance: (default is 110) SOLUTIONS R-1#show ip ospf database OSPF Router with ID (192.168.1.100) (Process ID 1) Router Link States (Area 0) LinkID ADVRouter Age — Seq# — Checksum Link count 192.168.1.100 1921681100 468 0x80000003 Oxood#4 3 192.168.2100 192.168.2100 411 Ox80000005 0x0054e6 5 192.168.3.100 192.168.3.100 411 0x80000003 0x0010ad 3 PC>ipconfig IP Address... ven! COAST Subnet Mask, 255.255,.255.0 Default Gateway......0t 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168.2.1: byte Reply from 192.168.2.1: bytes~32 time~14ms TTL~126 PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. Reply oi ISAACS SARGIE-92 ine 27ins TL 125 Reply from 192.1683.1: bytes=32 time=22ms TTL=125 Reply from 192.168.3.1: bytes=32 time=25ms TTL=125, PC>tracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 1 5ms 8ms Sms 192.168.1100 212ms 9ms 8ms 10.002 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| 6ms 12ms 11.0.0.2 SOLUTIONS| ms Bms 19216831 99 Trace complete. Rel#ping 192.168.3.1 Type escape sequence to abort, Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate is 100\pErcent (5/5), round-trip min/avg/max = 9/16/31 ms R-3#ping 192.168.1.1 Type escape sequence to abort: Sending.5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds Success rate is 160)parcént (5/5), round-trip min/avg/max = 10/15/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| SOLUTIONS Ty LAB: DYNAMIC ROUTING USING OSPF MULTIPLE AREA AREA 110.041 1.0.0.2 FC-PT | PC-PT PC-PT 92.168.1.2 192.168.3.1 Heeaeeiaed 192.168.2.1 192,168.2.2 192. 168.1.0/24 192 168.2.0/24 PC-PT 192.168.3 182,158.3.0/24 STEPS: Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state What we do in this lab 4) Dynamic routing using OSPF multiple area 5) Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) R-1#sh ip route Gateway of last resort is not set C_ 10.0.0.0/8 is directly connected, Serial0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaudshah@,NETMETRIC| R-2#sh ip route SOLUTIONS Gateway of last resort is not set C_ 10.0.0.0/8is directly connected, Serial0/0 C 11.0.0.0/8is directly connected, Serial0/1 C 192168.2.0/24 is directly connected, FastEthemet0/0 101 R3#sh ip route Gateway of last resort is not set C_ 11.0.0.0/8is directly connected, Serial0/0 C 1921683.0/24 is directly connected, FastEthernet0/0 On Router-1 R-l(config)#router ospf 1 R-l(config-router)#network 192.168.1.0 0.0.0.255 area 10 R-1(config-router)#network 10.0.0.0 0.255.255.255 area 10 ON ROUTER - 2 R-2(config)#router ospf 1 R-2(config-router)#network 192.168.2.0 0.0.0.255 area 0 R.2(config-router)#network 11.0.0.0 0.255.255.255 area 20 R-2(config-router)#network 10.0.0.0 0.255.255.255 area 10 Rear I ON ROUTER -3 R-3(config)#router ospf 1 R-3(config-route:)#network 192.168.3.0 0.0.0.255 area 20 R-3(config-router)#network 1.0.0.0 0.255.255,255 area 20 ee teen R-2#show ip ospf neighbor NeighborID Pri State Dead Time Address Interface CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah192.168.3100 0 FULL/- 000039 11.0.02 SerialD/1 192.168.1100 0 FULL/- 00:00:39 10.0.01 — Serial/o R-l#show ip route Gateway of last resort is not set C_ 10.0.0.0/8 is direct R-l#show ip route ospf OIA 11.0.0 [110/128] via 10.0.0.2, 00:06:24, Serial /0 OIA 192.168.2.0 [110/65] via 10.0.0.2, 00:06:24, Serial /0 OIA 192.168.3.0 [110/129] via 10.0.0.2, 00:05:53, SerialD/0 R-2#show ip route ospf © 192.168.1.0 [110/65] via 10.0.0.1, 00:08:31, Serial0/0 © 192,168.3.0 [110/65] via 11.0.0.2, 00:08:04, Serial0/1 R.3#show ip route ospf OIA 10.0.0 [110/128] via 11.0.0.1, 00:08:21, Serial /0 OIA 192.168.1.0 [110/129] via 11.0.0.1, 00:08:21, Serial0/0 OIA 192.168.2.0 [110/65] via 11 }08:21, Serial0/0 R-lfsh ip ospf database OSPF Router with ID (192.168.1.100) (Process ID 1) Router Link States (AR@210) LinkID ADVRouter Age — Seq# — Checksum Link count 192.168.1100 192.168.1100 902 —0x80000003 0x003b8b 3 192.168.2100 192.168.2.100 902 0x80000002 0x00e758 2 Summary Net Link States Link ID ADVRouter Age — Seq# — Checksum 192.168.2.0 192.168.2100 905 Ox80000001 Ox0057eb 110.00 192.168.2100 905 —_Ox80000002 0000634 192.168.3.0 192.168.2100 870 080000003 Ox00cal5, NETMETRIC| SOLUTIONS CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahR-2#show ip ospf database OSPF Router with ID (192.168.2.100) (Process ID 1) Router Link States (Aiea) LinkID ADV Router Age 192.168.2.100 192.168.2100 708 Seq# — Checksum Link count 0x80000002 0x0070d6 1 Summary Net Link States (Area 0) Link ID 1.0.00 10.0.0.0 192.168,1.0 192.168.3.0 ADV Router Age 192.168.2100 698 192.168.2.100 689 192.168.2.100 689 192.168.2.100 663 Seq# Checksum ‘0x80000001 000083 ‘0x80000002 0x001331 0x80000003 0x00e001 Ox80000004 Ox000816 Router Link States (Aréa'T0) LinkID ADV Router Age 192.168.2.100 192.168.2100 694 192.168.1.100 1921681100 694 Seq# Checksum Link count Qx80000002 0x00e758 2 0x80000003 0x003b8 3 Summary Net Link Slates (Area 10) LinkID ADV Router Age 192.168.2.0 192.168.2100 697 11.0.0.0 — 192,168.2.100 697 192.168.3.0 192.168.2100. 662 Seq# — Checksum 080000001 0x0057cb 080000002 0.000634 0x80000003 0x00ca15 Router Link SS (AEE) LinkID ADV Router 192.168,2.100 192.168.3.100 Age 192.168.2.100 668 192.168.3100 668 Summary Net Link ADV Router Age 192.168.2.0 192.168.2.100 703 10.0.00 192.168.2100 689 192.168.1.0 192.168.2.100 689 Link ID PC>ipcontig IP Address, Subnet Mask. 255.25: CCNA R&S Workbook by Sikandar Gouse Moinuddin Seq# Checksum Link count 0x80000002 0x000a33 2 @x80000003 Ox0010ad 3 Seq# Checksum 0x80000001 0x0057cb (0x80000002 0001331 080000003 0x00e001 5.0 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadyhahi NETMETRIC| SOLUTIONS CCIE (R&S, SP) # 35012NETMETRIC| Default Gateway... ..: 192.168.1.100 SOLUTIONS, a PC>ping 192.168.2.1 Pinging 192,168.21 with 32 bytes of data: Request timed o 32 time=19ms TTL=126 Reply from 192.168 .2.1: bytes=32 time=20ms TTL=126 Reply from 192.168.2.1: bytes=32 time=14ms TTL=126 PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. Reply from 192.16833.1: byte Reply from 192.1683.1: bytes PCtracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 15ms §8ms §ms 192.168.1100 212ms 9ms 8ms_ 10.0.02 3.17ms 6ms 12ms 1.0.0.2 424ms 27ms 25ms 19216831 Trace complete. Rfping 19216831 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate is 100/percent (5/5), round-trip min/avg/max = 9/16/31 ms R-3#ping 192.168.1.1 ‘Type escape sequence to abort. nding, 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is 100/percent (5/5), round-trip min/avg/max = 10/15/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS ACCESS CONTROL LIST is ACL is asset of rules which will allow or deny the specific traffic moving through the router Itisa Layer 3 security which controls the flow of traffic from one router to another. It isalso called as Packet Filtering Firewall. STANDARD ACCESS LIST EXTENDED ACCESS LIST ‘The access-list number range is 1 - The access-list number range is 9 100 - 199 Can block a Network, Host and Can block a Network, Host, Subnet Subnet and Service All services are blocked. * Selected services can be blocked. Implemented closest to the * Implemented closest to the destination. source. Filtering is done based on only Filtering is done based an source source IP address IP,, destination IP , protocol, port no Rules of Access List * Works in Sequential order (It's always compared with each line of the access list in sequential order—that is, il always start with the first line of the access list, then go to line 2, then line 3, and so on) All deny statements have to be given First ( preferable most cases ) There should be at least one Permit statement ( mandatory ) An implicit deny blocks all traffic by default when there is no match (an invisible statement). Can have one access-list per interface per direction, (i.e.) Two access-lists per interface, one in inbound direction and one in outbound direction. Any time a new entry is added to the access list, it will be placed at the bottom of the list, Using a text editor for access lists is highly suggested, You cannot remove one line from an access list. If you try to do this, you will remove the entire list. It is best to copy the access list to a text editor before trying to edit the list. The only exception is when using named access lists. Wild Card Mask © Tells the router which portion of the bits to match or ignore. * It's the inverse of the subnet mask, hence is also called as Inverse mask, «A bit value of 0 indicates MUST MATCH (Check Bits) CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved.NETMETRIC| A bit value of 1 indicates IGNORE (Ignore Bits) SOLUTIONS| Wild Card Mesk for a Host will be always 0.0.0.0 A wild card mask can be calculated using formula : Global Subnet Mask Customized Subnet Mask 106 255.255.255.255 255.255.2585. 0. 0. 0. 0. 255 255.255.255.255 255.255.255.240 255.255.255.255 255.255.255.224 0. 0. 0 31 + Wildcards are used with the host or network address to tell the router a range of available Addresses to filter. * Tospecify a host, the address would look like this: 172.16.30.5 0.0.0.0 Creation of Standard Access List Router(contig)# access-list Implementation of Standard Access List Router(config)# interface Router(config-if}# ip access-group To Verify : Router# show access-list Router# show access-list CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| SOLUTIONS) 107 Creation of Extended Access List Router(config)# access-list destination address> < destination wildcard mask> Implementation of Extended Access List Router(config}#interface Router(config-ii)fip access-group Operators : eg (equal to) neq (not equal to) It (less than) gt (greater than) If you want to filter by Application layer protocol, you have to choose the appropriate layer 4 transport protocol after the permit or deny statement. For example, ta filter Telnet or FTP, you chonse TCP since bath Telnet and FTP use TCP at the Transport layer. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved. [email protected] , SikandarGnemetric-solutions.comNETMETRIC| SOLUTIONS + Ifyou were to choose IP, you wouldn't be allowed to specify a specific application protocol later Named Access List ¢ Named access lists are just another way to create standard and extended access lists. Access-lists are identified using Names rather than Numbers. Names are Case-Sensitive No limitation of Numbers here. One Main Advantage is Editing of ACL is Possible (ie) Removing a specific statement from the ACL is possible. 10S version 11.2 or later allows Named ACL. Creation of Standard Named Access List Router(config)# ip access-list standard Router(contig-std-nacl) # Implementation of Standard Named Access List Router(config)#interface Router(config-if)#ip access-group Creation of Extended Named Access List Router(contig}# ip access-list extended Router(config-ext-nacl)# < destination wildcard mask> Implementation of Extended Named Access List Router(config)#interface Router(config-if) #ip access-group CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| LAB -1:_ IMPLEMENTING STANDARD ACCESS-LIST. SOLUTIONS 109 to0.0.2 19.002 had 992 740K rod xm Faojfert 192.108.2109 oa tes.1 y POF ah oo. “PcPT cer iene a 192,168.31 192.160.32 12.108.1.0/24 197.158.2.024 192.168.3.024 Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state 4) Any dynamic routing Protocol or static routing 5). Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) Let's say the Requirement in this LAB is to Deny the host 192 168.1.1 communicating with 192.168.2.0 Deny the host 192 168.1.2 communicating with 192.168.2.0 Deny the network 192,168.3.0 communicating with 192.168.2.0 Permit all the remaining traffic NOTE: the Above ACL rules should not affect the other communication Before creating the ACL, make sure that the routing configured is correct and all the three LAN devices are able to conununicate with each other using PING command PC>ipcontig IP Address... 2 192,168.11 Subnet Mask. 255.255,255.0, Default Gateway. 192.168.1.100 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS 10) PC>ping 192.168.2.1 Pinging 192,168.21 with 32 bytes of data: Reply from 192:168.2.1: byte Reply from 192.168.2.1: byte Reply from 192.168.2.1: byte Reply from 192.168.2.1: bytes=: PCipcontig IP Address, 192.168.1.2 Subnet Mask, 255.255.255.0 Default Gateway. cot 192.168.1100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168 2.1: bytes=32 time=16ms TTL=126 Reply from 192.168.2.1: bytes=32 time=22ms TTL=126 Reply from 192.168.2.1: bytes=32 time=23ms TTL=126 Reply from 192.168.2.1: bytes=32 time=11ms TTL=126 PCipcontig IP Address, 192.1683. Subnet Mask, 255.255,255.0 Default Gateway. :192.168.3.100 PCoping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 time=21ms TTL=126 Reply from 192.168,2.1: bytes=32 tim S 126 Reply from 192.168.2.1: byte: Reply from 192.168 21: bytes=32 time=23ms TTL=126 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS ON ROUTER - 2 Creating the ACL rules according to requirement: R-2(config)# access-list 15 deny 192.168.1.1 0.0.0.0 R-(config)faccess-list 15 deny host 192.168.1.2 R-2Aconfig)#access-list 15 deny 192.168.3.0 0.0.0.255 R-2(config)#access-list 15 permit any Implementation: R-2(config)#interface fastEthernet 0/0 R-2(config-if}#ip access-group 15 out Verification: R-2#sh access-lists Standard IP access list 15 deny host 192.168.1.1 deny host 192.168.1.2 deny 192.168.3.0 0.0.0.255 permit any PC>ipcontig IP Address, . Subnet Mask, .285.255.0 Default Gateway. 2 192.168.1.100 PcopiigapE6si2a Pinging 192.168.2.1 with 32 bytes of data: Reply from Reply from 10.0.0.2: Destination host unreachable Reply from 10.0.0.2: Destination host unreachable Reply from 10.0.0.2: Destination host unreachable PCoping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahReply from 192.168. Reply from 192.1683, Reply from 192.168.3.1: by Reply from 192.168.3.1: byte PCipcontig IP Addre Subnet Mask... Default Gateway... 2 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply Reply from 10.0.0.2: Destination host unreachable Reply from 10.0.0.2: Destination host unreachable Reply from 10.0.0.2: Destination host unreachable. SERVER> ipconfig IP Address, Subnet Mask... 255.255.255.0 Default Gateway. 2 192.168.1.100 SERVER> ping 19246824 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168 2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 time Reply from 192.168 2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 time PC>ipconfig IP Addr Subnet Mask, 255.255,255.0 Default Gateway. 192.168.3.100 NETMETRIC| SOLUTIONS} CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahPC>ping 192.168.2.1 Pinging 192,168.21 with 32 bytes of data: Reply ist Reply from 11.0.0.1: Destination host unreachable Reply from 11.0.0.1: Destination host unreachable Reply from 11.0.0.1: Destination host unreachable PC>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1.1: bytes=32 time=16ms TTL=125 Reply from 192.168.1.1: bytes Reply from 192.168.1.1: bytes NETMETRIC| SOLUTIONS} CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC] LAB 2: SOLUTIONS RESTRICTING TELNET ACCESS TO THE ROUTER TO SPECIFIED NETWORKS OR HOST! wy Should You Secure Your Telnet Lines on a Router? + You're monitoring your network and notice that someone has telnetted into your core router by using the show users command. You use the disconnect command and they are disconnected from the router, but you notice they are back into the router a few minutes later. You are thinking about putting an access list on the router interfaces, but you don't want to add a lot of latency on each interface since your router is already pushing a lot of packets. The access-class command illustrated in this lab is the best way to do restrict the users who can telnet and who should not Because it doesn’t use an access list that just sits on an interface looking at every packet that is coming and going. This can cause overhead on the packets trying to be routed. When you put the access-class command on the VTY lines, only packets trying to telnet into the router will be looked at and compared. This provides nice, easy-to-configure security for your router, Requirement: «Continue with the previous lab and use the same diagram only remove the ACL and implementation + Allow only the hosts 192.168.1.1 and 192,168.1.2 to telnet RI. any other host should be denied of they try to telnet RL Remove the ACL which was created the previous lab R-2config)# no access-list 15 R-2(config)# interface fastEthernet 0/0 R-2Aconfig-if}# no ip access-group 15 out R-2(config-if}# end Creation of ACL which permits only hosts 192.168.1.1 and 192.168.1.2 : R-1(config)#access-list 20 permit host 192.168.1.1 R-1(config)#access-list 20 permit host 192.168.1.2 Implementation R-I(config)#line vty 04 R-1(config-line}#password cisco R-I(config-line)#login R-l(config-line)# access-class 20 in R-A(config-line)#end CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| Verification: SOLUTIONS PCripcontig Subnet Mask, 255.255,255.0 Default Gateway, 192.168.1.100 PC>telnet 192.168.1.100 Trying 192.168.1100 .. Open User Access Verification PCipcontig IP Addri Subnet Mask. 255.255,255.0 Default Gateway. 192.168.1.100 PCtelnet 192.168.1.100 Trying 192,168.1.100 .. Open User Access Verification SERVER>ipconfig IP Address... 192.168.1.3 Subnet Mask. 255.255,255.0 Default Gateway. : 192.168.1100 SERVER> telnet 192.168.1100 ee gz 192.168.1.100. SERVER> SERVER> ipconfig CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| 192,168.14 SOLUTIONS| .255.255.0 192.168.1.100 mg SERVER> telnet 192.168.1.100 Trying 192.168.1100... % Connection refused by remote host SERVER> R-2>enable R-2#telnet 10.0.0.1 a af 10.0.0.1 RF CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 ~ 2014 All rights rey sikandarbuadshah@gmaNETMETRIC| SOLUTIONS|| IMPLEMENTING EXTENDED ACCESS-LIST a 11.0.0 eget at 11.002 Bests uote — = aot Rofler2 262 e0v0 192.168.2.109 Rollers Sfrasl2 02 4" 2 server PF 2 ten ise. 1.4 PcPr “pc-Pr er y a 192.10B.1.1 192.168.1.2 192.108.1.3 rrr or PC-rT % 192.166.2.2 192.168.24 192.166.3.4 192.168.32 192.168.1021 192.158.2024 392.168.3.0/24 Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state 4) Any dynamic routing Protocol or static routing 5) Verify Routing table and reachability between the LAN’s ( using PING and TRACE commands ) Let’s say the Requirement in this LAB is to © Deny the users on LAN 192.168.2.0 should not access 192.168.1.3 HTTP service Deny the users on LAN 192.168.5.0 should not access 192.168.1.4 FTP serv’ o Deny the users on LAN 192.168.3.1 should not access 192.168.1.3 HTTP service o Deny the users on LAN 192.168.2.0 should not get DNS service from DNS server 192,168.14 © Deny ther users from the host between 192.168.3.2. and 192.168.1.2 should not be able to send ICMP (ping /trace ) messages Remaining hosts and services should be permitted NOTE: the Above ACL rules should not affect the other communication CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS On Router -1 R-l(config)#access-list 145 deny tep 192.168.2.0 0.0.0.255 host 192,168.1.3 eq www R-l(config)#access-list 145 deny tep 192.168.3.0 0.0.0.255 host 19216814 eq ftp R-l(config)#access-list 143 deny tep host 192.168.3.1 host 192.168.1.3 eq www R-l(config)#access-list 145 deny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq ? <0-68535> Port number bootpe _ Bootstrap Protocol (OOTP) client (68) bool Bootstrap Protocol (BOOTP) server (67) isakmp _ Internet Security Association and Key Management Protocol (500) non500-isakmp Internet Security Association and Key Management Protocol (4500) snmp _ Simple Network Management Protocol (161) titp Trivial File Transfer Protocol (69) R-l(config)#access-list 145 deny udp 19216820 0,0.0.255 host 19216814 eq domain R-1(config)#access-list 145 deny icmp host 192.168.3.1 host 192.168.1.1 ? <0-256> type-num host-unreachable —host-unreachable net-unreachable _net-unreachable port-unreachable —_port-unreachable protoccl-unreachable protocol-unreachable thexceeded tt exceaded unreachable unreachable R-1(config) #access-list 145 deny icmp host 192.168.3.2 host 192.168.1.2 echo R-l(config) access-list 145 deny icmp host 192.168.3.2. host 192.168.1.2 echo-reply R-l(config)access-list 145 permit ip any any CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| Implementation: SOLUTIONS ” R-l(config)# interface fastEthernet 0/0 R-(config-if)# ip access-group 145 out OR R-l(config)# interface serial 0/0 Rl(config-if}# ip access-group 145 in Verification: PC ipconfig IP Address, Subnet Mask. .255.255.0 Default Gateway. 192.168.3.100 PCoping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Request timed out. Request timed out. Request timed out. PC>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192:168.1.1: bytes=32 time=20ms TTL=125 Reply from 192.168.1.1: bytes=32 tis Reply fom 192.168.1.1: byte Reply from 192.168.1.1; bytes=32 time=25ms TTL=125 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC] LAB-&: SOLUTIONS IMPLEMENT THE STANDARD ACL WITH THE SAME RULES AS LAB -1 USING NAMED ACL 1a001 28003 11002 ge he 2644 _ fagjifert porr “pct ,, A 192,168.11 192,168.12 102,168.13 PPT PCPT to coo. 192 168.22 Peet PoPr 192,168.3.1 192.168.9.2 192,160.1.0728 192.168.2004 192.168.3.074 NOTE: Refer LAB - 3 for the specific rules which are used in this lab R-2(config)#ip access-list standard CCNA R-2(config-std-nacl)#deny 192,168.11 0.0.0.0 R-2(config-std-nacl)#deny host 192.168.1.2 R-2(config-std-nacl)#deny 192.168.3.0 0.0.0.255 ) y R-2(config-std-nacl)#permit any ) R-2(config-std-nacl)#exit Implementation : R-2(config)# interface fastEthernet 0/0 R-2A(config-if)# ip access-group CCNA out Verification is same as lab -1 R-2#sh access-lists Standard IP access list deny host 192.168.1.1 deny host 192.168.1.2 deny 192.168 ,3.0 0.0.0.255 permit any CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC] LAB-5 SOLUTIONS IMPLEMENT THE EXTENDED ACL WITH THE SAME RULES AS LAB -2 USING NAMED ACL ea to00.1 0.0.02, pam ip thet noe2 CBee tn Fk re 2520/0, Server-PT ree “econ ? ; 192,168.11 192,168.12 102,168.13 °r pert PCT 192.168.3.2 192.158.2.2 192.160.1.0724 s92.1682.0024 192 168.3.974 NOTE: Refer LAB - 3 for the specific rules which are used iu this lab R-l(config)#ip access-list extended CCNP R-l(config-ext-nacl)#deny tep 192.168.2.0 0.0.0.255 host 192.168.1.3 eq www R-l(config-ext-nacl)# deny tep 192.168.3.0 0.0.0.255 host 192.168.1.4.eq ftp R-l(config-ext-nacl}# deny tep host 192.168.3.1 host 192.168.1.3 eq www R-I(config-ext-nacl)#deny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq domain R-1(config-ext-nacl)# deny icmp host 192.168.3.1 host 192.168.1.1 echo R-1(config-ext-nacl)#deny icmp host 192.168.3.1 host 192.168.1.1 echo-reply R-l(config-ext-nadl)# permit ip any any CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| Implementation: SOLUTIONS R-l(config)# interface fastEthernet 0/0 R(config-if# ip access-group CCNP out OR R-l(config)# interface serial 0/0 R-l(config-if}# ip access-group CCNP in Verification is same as lab - 3 Relfsh accesslists Extended IP access deny tep 192.168.2.0 0,0.0.255 host 192.168.13 eq www deny tep 192.168.3.0 0.0.0.255 host 192.168.1.4 eq ftp deny tcp host 192.168.3.1 host 192.168.1.3 eq www deny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq domain deny icmp host 192.168,3.1 hast 192.168.1.1 echo deny icmp host 192.168.3.1 hast 192.168.1.1 echo-reply permit ip any any CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| NETWORK ADDRESS TRANSLATION SOLUTIONS + NATis the method of Translation of private IP address into public IP address ". + In order to communicate with internet we must have registered public IP address. Address translation was originally developed to solve two problems: 1. to handle a shortage of IPv4 addresses 2. Hide network addressing schemes. Small companies typically get their public IP addresses directly from their ISPs, which have a limited number. Large companies can sometimes get their public IP addresses from a registration authority, such as the Internet Assigned Numbers Authority (IANA), Common devices that can perform address translation include firewalls, routers, and servers Typically address translation is done at the perimeter of the network by either a firewall (more commonly) or a router. There are certain addresses in each class of IP address that are reserved for Private Networks. ‘These addresses are called private addresses. ClassA ——10.0.0.0 to 10.255,255.255, Class B 172.16.0.0 to 172.31.255.255 ClassC 192,168.00 to 192.168.255.255 Here's a list of situations when it's best to have NAT on your side: * You need to connect to the Internet and your hosts don’t have globally unique IP addresses. You change to a new ISP that requires you to renumber your network. You need to merge two intranets with duplicate addresses. Advantages © Conserves legally registered addresses, + Reduces address overlap occurrence. Increases flexibility when connecting to Internet. + Eliminates address renumbering as network changes Disadvantages * Translation introduces switching path delays. * Loss of end-to-end IP traceability. Certain applications will not function with NAT enabled. NAT Terminology Inside Local Addresses - Name of inside source address before translation ( private IP ) Inside Global Address - Name of inside host after translation ( public IP) Outside Local Address - Name of destination host before translation Outside Global Address - Name of outside destination host after translation CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC Types of NAT: SOLUTIONS} 1. Dynamic NAT = 2. Static NAT 3.PAT Static NAT + This type of NAT is designed to allow one-to-one mapping between local and global addresses. + Keep in mind that the static version requires you to have one real Internet IP address for every host on your network.. welll sili = se és ai Syntax: (Config)# IP nat inside source static Implementation : (Config) # interface £0/0 (Config-if}# ip nat inside interface facing towards LAN) (Config)# interface s0/0 (Config-if# ip nat outside Cinterface facing towards ISP ) Dynamic NAT + This version gives you the ability to map an unregistered IP address to a registered IP address from out of a pool of registered IP addresses. You don't have to statically configure your router to map an inside to an outside address as you would use static NAT, but you do have to have enough real IP addresses for everyone who's going to be sending packets to and receiving, them from the Internet. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@ ts lutionNETMETRIC| SOLUTIONS Winiweastaeateo se Tail 213.18 123.115 1132106. 31) BAG eR a4 1992.16.32 7) 213.1. 123.118 [192.168 2.11) B13 18.regit6 1992.1 6002 43) 2000 Wow Set Works (Config)# access-list < ACL-NO> permit (Config)#ip nat pool netmask (Config)# ip nat inside source list. pool Implementation : (Config) # interface £0/0 (Config-if# ip nat inside (interface facing towards LAN) (Config)# interface 30/0 (Config-if)# ip nat outside (interface facing towards ISP) Dynamic NAT Overload + This is the most popular type of NAT configuration. Understand that overloading really is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address—many-to-one—by using different ports. It isalsa known as Port Address Translation (PAT), and by using PAT (NAT Overload), you get to have thousands of users connect to the Internet using only one real global IP address, * NAT Overload is the real reason we haven't run out of valid IP address on the Internet CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| SOLUTIONS 599 215.18.123.100: 243.18,123.100;103 5221503 dies Syntax: 52000 Howe Staff Works (Config)# access-list < ACL-NO> permit (Config)#ip nat inside pool netmask < mask> (Config)# ip nat inside source list pool overload Implementation : (Config) # interface £0/0 (Config-if)# ip nat inside (interface facing towards LAN) (Config)# interface s0/0 (Config-if)# ip nat outside (interface facing towards ISP ) CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| LAB - 1 Implementing STATIC NAT SOLUTIONS) 127 Configure the following translations PRIVATE IP PULICIP 192.168.1.1 50.114 192.168.1.2 50.1.1.2 192.168.1.3 50.1.1.3 100.4.4.4 Qseo/o Fa0/0b1xM Rqotert 192. 168.1. 100 Server-PT Server-PT 192,268.13 192,168.14 PCT 192,168.11 192,168,1.2 Server-PT —_Server-PT INSIDE USERS 200.1.1.1 200.1.1.2 192.468.1.0/24 ‘SERVERS on INTERNET STEPS © Configure IP address according to the diagram * Configure default route on both routers * Configure NAT ( static NAT according to the requirement ) + Implementation * Verify by generating some traffic from LAN to ouside servers © #show jp nat translations R-litsh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1100 YES manual up up CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| FastEthernet0/1 unassigned YES unset SOLUTIONS administratively down down Serial0/0 1001.11 YES manual up up Serial0/1 unassigned YES unset administratively down down R-l(config)# ip route 0.0.0.0 0.0.0.0 1001.1.2 ISP#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 200.1.1.100 YES manual up up FastEthernet0/1 unassigned YES unset administratively down down Serial0/0 100.1.1.2 YESmanual up up Serial0/1 unassigned YES manual administratively down down ISP#conf terminal ISP(config)# ip route 0.0.0.0 0.0.0.0 1001.11 Configuring static NAT R-1(config)#ip nat inside source static 192,168.11 50.1.1.1 R-l(config)#ip nat inside source static 192.168.1.2 5011.2 R-l(config)#ip nat inside source static 192.168.1.3 501.13 Implementation R-l(config)ifinterface fastEthernet (/0 R-l(config-if}#ip nat inside Rl(config-if#exit (interface facing towards LAN) R-l(config)#interface serial (/0 R-l(config-if}#ip nat outside (Interface facing towards ISP ) Generate Traffic from PC (192.168.1.1/ 192.168.1.2 / 192.168.1.3) CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC] PC>ipconfig SOLUTIONS IP Address. svete! 192.1681. §.255.255.0 192.168.1.100 PC>ping 2004.11 Pinging 200.1.1.1 with 32 bytes of data: Reply from 200.1.1.1: byte: Reply from 200.1.1.1: bytes= Reply from 200.1.1.1: byte: Reply from 200.1.1.1: byte: PC>ping 200.1.1.2 Pinging 200.1.1.2 with 32 bytes of data: Request timed out, Reply from 200.1.1.2: bytes=32 time=1éms TTL=126 Reply from 200.1 Reply from 200.1 PC>ipcontig IP Address, 192.168.1.2 Subnet Mask, 255.255,255.0 Default Gateway, :192.168.1.100 PC>ping 200.111 Pinging 200.1.1.1 with 32 bytes of data: Reply from 200.1.1.1: bytes Reply from 200.1.1.1: byte Reply from 200.1.1.1: byte Reply from 200.1.1.1: byte SERVER>ipconfig ~ 192.168.1.3 255.255,255.0 Default Gateway. 192.168.1.100 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS SERVER>ping 200.1.1.1 Pinging 20.1.1. with 32 bytes of data: Reply from 200.1 Reply from 200.1 Reply from 200.1.1.1: bytes=32 time=20ms TTL=126 R-1#sh ip nat translations Pro Inside global Inside local Qutside local_—_utside global icmp SOMERSET 21 200.11.2-21 200.1.1.221 icmp 50.11.1:22 192.168.11:22 20011222 200.11.2:22 icmp 50.11.1:23 192.168.11:23 2001.1.223 200.11.2:28 icmp 50.11.1:24 192.168.11:24 200.1.2:24 200.1.1.2:24 icmp 50TA24) \YH9DHE8T21 2001111 2001.14: icmp 50.1.1.2:2 — 192.168.1.2:2 200.1.1.1:2, icmp 50.1.1.2:3 192.168.1233 200.1113 200.1.11:3 icmp 5011.24 192.168. 2001.11:4 — 200.1.1.1:4 icmp 5041.9:1 192.1681: Adi 2001.11: icmp 0AM S:2H92T68192 200.11.1:2 200.1.1.1:2 icmp 5011.33 192168133 2001113 2001.11: iemp 5011.34 192168134 2001114 200.1114 S011. 192168.1.1 5011.2 — 192.168.1.2 SOLIS — 192.168.1.3 To verify generate telnet traffic From PC //192.168.11 // 192.168.1.2 // 192.168.1.3 PC>telnet 100.1.1.2 Trying 100.1.1.2 ..Open User Access Verification CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahR-1#sh ip nat translations Inside global _ Inside local 50111 192.168.1.1 50112 — 192168.1.2 501.13 — 192.168.1.3 Pro CCNA R&S Workbook by Sikandar Gouse Moinuddin All contents are copyright @: sikandarbaadshah@gma Outside local NETMETRIC| SOLUTIONS Outside global CCIE (R&S, SP) # 35012 012 — 2014 All rights reserved.NETMETRIC] LAB-2 SOLUTIONS Implement Dynamic NAT and make sure that the inside LAN users (192.168.1.0/24) get translated to public IP with the range of 50.1.1.1 - 50.1.1.200/24 * Continue with the same pre-configurations in the LAB -1 ‘* Remove the static NAT configurations. * Implementation is same as previous lab R-l#tclear ip nat translation * NOTE: Make sure that you clear the translation table before you edit or remove the any NAT configurations R-l(config)# no ip nat inside source static 192,168.11 50.1.1.1 R-l(config)# no ip nat inside source static 192.168.1.2 50.1.2 R-l(config)# no ip nat inside source static 192,168.13 50.1.1.3 Configuring DYNAMIC NAT R-I(config)#access-list 55 permit 192.168.1.0 0.0.0.255 R-(config)#ip nat pool CCNA 50.112 50.1.1.200 netmask 255.255.2550 R-l(config)#ip nat inside source list 55 pool CCNA Implementation R-1(config)#interface fastEthernet 0/0 R-l(config-if)#ip nat inside R(config-if)itexit (interface facing towards LAN) R-l(config)#interface serial (/0 R-l(config-if}#ip nat outside (Interface facing towards ISP ) CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| SOLUTIONS Verification: Generate some telnet traffic from inside LAN devices (192.168.1.1 //192.168.1.2 //192.168.1.3 /192.168.1.4/), PC>telnet 100. User Access Verification is R-1#sh ip nat translations Pro Inside global Inside local —_utside local Outside global tep 50.1.1.1:1027 192.168.1.1:1027 100.1.1223 — 100.1.1.223 tep 50.1.1.2:1025 192.168.1.21025 100.1.1.223 100.1.1.2:23 tep 50.1.1.3:1025 192.168.1.3:1025 100.1.1.223 — 100.1.1.2:23 tcp 50.1.1.451025 192.168.1.41025 100.1.1.223 — 100.1.1.2:23 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC] LAB-3 SOLUTIONS Implement PAT (Dynamic NAT Overload) and make sure that the inside LAN users (192,168.1.0/24) get translated to single public IP (50.1:1.1/29) given by service provider Continue with the same pre-configurations in the LAB -2 Remove the dynamic NAT configurations. Implementation is same as previous lab R-l#clear ip nat translation * NOTE: Make sure that you clear the translation table before you edit or remove the any NAT configurations R-1(config)#no ip nat inside source list 55 pool CCNA R-1(config)#no ip nat pool CCNA. 50.1.1.1 50.1.1.200 netmask 255.255.255.0 R-l(config)#no access-list 55 Configuring PAT R-I(config)#access-list 55 permit 192.168.1.0 0.0.0.255 R-I(config)#ip nat pool CCNA 50.1.1.1 50.1.1.1 netmask 255.255.253.248 R-1(config)#ip nat inside source list 55 pool CCNA overload Implementation R-1(config)#interface fastEthernet (/0 R-l(config-if)#ip nat inside R-(config-if}itexit (interface facing towards LAN) R-l(config)#interface serial (/0 R-l(config-if}#ip nat outside Unterface facing towards ISP ) CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| SOLUTIONS Verification: Generate some telnet traffic from inside LAN devices (192.168.1.1 //192.168.1.2 //192.168.1.3 //192.168.1.4/) PC>telnet 100.1.1.2 Trying 100.1.1.2 .. Open User Access Verification R-l#sh ip nat translations Pro Inside global Inside local Outside local Outside global tep 50.1.1.1;1029 ~-192,168.1.1:1029 100.1.1.223 100.1.1.2:23 top 50.1.1.1:1026 192.168.1.2:1026 100.1.1.223 — 100.1.1,2:23 tep 50.1.1.1:1024 — 192.168.1.3:1026 100.1.1.223 100.11.2:23 top 50.1.1.1:1025 192.168.1.41026 100.1.1.223 100.1.1.2:23 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC] LAB-4 SOLUTIONS Implement PAT (Dynamic NAT Overload) and make sure that the inside LAN users (192.168.1.0/24) get translated to the public IP used on the outside interface (100.1.1.1) given by service provider. Continue with the same pre-configurations in the LAB - 3 Remove the PAT configurations. Implementation is same as previous lab R-l#clear ip nat translation * NOTE: Make sure that you clear the translation table before you edit or remove the any NAT configurations R-1(config)#no ip nat inside source list 55 pool CCNA overload R-l(config)#no ip nat pool CCNA 50.1.1.1 50.1.1.1 netmask 255.255.255.248 R-l(config)#no access-list 55 Configuring PAT R-l(config)#access-list 55 permit 192.168.1.0 0.0.0.255, R-1(config)#ip nat inside source interface serial (/0 overload Implementation R-l(config)#interface fastEthernet (/0 R-l(config-if}#ip nat inside R-(config-if)itexit (interface facing towards LAN) R-l(config)ifinterface serial (/0 R-l(config-if}#ip nat outside Unterface facing towards ISP ) Verification: CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| SOLUTIONS Generate some telnet traffic from inside LAN devices (192.168.1.1 //192.168.1.2 //192.168.1. //192.168.1.4/) PC>telnet 100.1.1.2 Trying 100.1.1.2 ..Open User Access Verification R-1fsh ip nat translations Pro Inside global Inside local Outside local Outside global top 100.1.1.1:1029 192.168.1.1:1029 100.1.1.2:23 100.1.1.2:23 192.168.1.2:1026 100.1.1.2:23 100.1.1.2:23 192.168.1.3:1026 100.1.1.2:23 100.1.1.2:23 192.168.1.4:1026 100.1.1.2:23 100.1.1.2:23 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaBASIC SWITCHING Hub NETMETRIC| SOLUTIONS ‘Switch Trisa Ph 1) It has no intelligence. It works with ('s and 1's (Bits) It always do broadeasts cal layer device (Layer It works with shared bandwidth It has 1 Broadcast Domain It has 1 Collision Domain Collisions are identified using Access Methods called CSMA/CD and CSMA/CA Broadcast Domain Set of all devices that receive broadcast frames originating from any device within the set. Collision domain In Ethernet, the network area within which frames that have collided are propagated is called a collision domain. A collision domain i bandwidth. Broadcast Domains CCNA R&S Workbook by Sikandar Gouse Moinuddin Ttis Datalink layer device (Layer 2 Its is An Intelligent device It works with Physical addresses (ie. MAC addresses) Tt uses broadcast and Unicast It works with fixed bandwidth It has 1 Broadcast domain Number of Collision domains depends upon the number of ports. It maintains a MAC address table a network segment with two or more devices sharing the same CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved.NETMETRIC| Collision Domains SOLUTIONS) aottanm rote, Address resolution protocol ARP protocol helps the switch to resolve the IP address in to respective MAC address. It is inbuilt protocol in TCP/IP woah Es stent CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| How do Switches Work? SOLUTIONS, - After taking a switch out the box, plugging it in, and connecting devices to it, the switch goes through the follawing processes: 1) Leaming process: A switch begins learning the local MAC addresses as soon as itis connected to other devices or toa network. This learning capability makes switches easy to use on a network. Sitch toshup ete 2 a & E & % Fem? When device A sends out a frame to another SH” device, iis MAC address Is updated In the switen's lookup table —aa co A Davies Device MAC ~MBGOBS ROE MAC-GRIBRCAASED MACH DAedO ATG MAC -MORETHOSIe The switch learning process works like this * AsaPCor other networked device sends a frame to another device through the switch, the switch captures the source MAC address of the frame and the interface that received it. The switch confirms or adds the MAC address and the port to the lookup table. A switch also keeps a timer for each of the MAC address entries in its lookup table, By default, many vendors set this time to hold an address entry to 300 seconds (5 minutes) of the traffic inactivity with that Mac-address This can be changed if you want. The timer lets the switch get rid of old entries to keep the lookup process short and fast. 2) Learning Flooding: As part of the learning process, a switch will flood the single frame out all of its other ports when it cannot find the destination MAC address in the switch’s lookup table. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved. [email protected]NETMETRIC| SOLUTIONS I Ethernet frame This flooding process is necessary network overhead. One challenge is that any user at another system attached to the flooding switch that is running a protocol analyzer can see the flooded frame. 3) Forwarding and Filtering processes: When a switch has learned the locations of the devices connected to it, the switch is ready to either forward or filter frames based on the destination MAC address of the frame and the contents of the switch lookup table. The switch has already found the port of device A by its MAC address 02 60 8c 12 34 56 and switch port number 2. The switch recognizes device C with a MAC address 00 10 4c 39 47 6c when it replies to port 7 on the switch. The switch will receive the incaming frame, examine the destination address of the Ethernet frame, and check its lookup table. The switch will then make a decision to forward the frame out port 2, and only port 2 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved. [email protected] , SikandarGnemetric-solutions.comNETMETRIC| ‘Tie Switeh filtecs oul (Gr does nodeehd tie aihielio) ollick Goris oa the SOLUTIONS} switch since they do not have the target MAC address in the lookup table. That way, no one else can look at the contents of the frame. Switches sends broadcasts ( flood ) frames out of all the ports if it receives a frame with the destination MAC address is not present in the MAC table of switch (sends with destination address FF:FF:FF:FF) If the destination MAC address is present then it will be send only on specific port as per Mac-table Update of the Mac-table happens based on the source address of the frames Types of Switches ‘© Unmanageable switches * These switches are just plug and play © No configurations can be done «There is no console port. + Manageable switches + These switches are also plug and play + Ithas console port and CLI access * We can verify and modify configurations and can implement and test some advance switching technologies CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected] ESNETMETRIC| Cisco's Hierarchical Design Model SOLUTIONS) Cisco divided the Switches into 3 Layers 1. Access Layer Switches Switches Series: 1900 & 2900 2. Distribution Layer Switches Switches Series: 3550 , 3560 3. Core Layer Switches Switches Series ; 4500 , 6500 Access Layer Switch Catalyst 1900 Catalyst 2900 Distribution Laver Switch 3550 switch CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 All rights reserved. [email protected] , SikandarGnemetric-solutions.comNETMETRIC| Core Layer Switches (4500, 6500) SOLUTIONS) - Switching Modes Three types of Switching Mode: © Store & Forward ~ A Default switching method for distribution layer switches. = Latency : High - Error Checking: Yes © Fragment Free = Itis also referred to as Modified Cut-Through = A Default Switching method for access layer switches, = Latency : Medium = Error Checking : On 64 bytes of Frame © Cut through ~ A Default switching method for the core layer switches = Latency : Low ~ Error Checking : No Latency is the total time taken for a Frame to pass through the Switch. Latency depends on the switching mode and the hardware capabilities of the Switch. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 — 2014 AU rights reserved. sikandarbaadshah@gmuilcNETMETRIC| Console Connectivity SOLUTIONS Connect a rollover cable to the Switch console port (RJ-45 connecter). Ss Connect the other end of the rollover cable to the RJ-45 to DB-9 adapter | Attach the female DB-9 adapter to a PC Serial Port: cond gol Open emulation software on the PC os Emulation Software o IN WINDOWS: LAN ~ 10.0.00/6 145 Start 0 Programs ¢ Accessories 0 Communications HyperTerminal $ HyperTerminal. Give the Connection Name & Select Any Icon Select Serial (Com) Port where Switch is Connected. In Port Settings ¢ Click on Restore Defaults IN LINUX # minicam-s INITIAL CONFIGURATION OF A SWITCH: Connect ane end of console cable to console port of switch and other end of cable to your computer's cam port. Now open hyper terminal and power on the switch. Would you like to enter into initial configuration dialog (yes/no): no switch>enable switchitconfig terminal TO assign telnet Password switch config) # line vty 04 switch(config-line) # password switch(config-line) # login TO assign Console Password switch(config) # line con 0 switch(config-line) # password switch(config-line) # login CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| TO assign Enable Password SOLUTIONS, cera switch(config) #enable secret < password> ‘OR switch(config) #enable password < password> switch(config) #exit switch# Show mac-address-table ( to sec the entries of the MAC table) switch# Show interface status To assign IP toa Switch switch(config)# Interface Vlan 1 switch(config-if)# ip address switch (config-if)# no shutdown To assign Default Gateway to a Switch switch (config) ip default-gateway 192.168.1100 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| VIRTUALLAN SOLUTIONS} A Layer 2 Security Divides a Single Broadcast domain into Multiple Broadcast domains. By default all ports of the switch are in VLAN1. This VLAN] is known as Administrative VLAN or Management VLAN VLAN can be created from 2 - 1001 Can be Configured on a Manageable switch only 2'Types of VLAN Configuration Static VLAN ~ Dynamic VLAN i \. ‘4Colsion Domain By default, routers allow broadcasts only within the originating network, but switches forward broadcasts to all segments. The reason it's called a flat network is because it's one Broadcast domain, not because its design is physically flat. (Flat Network Structure) Network adds, moves, and changes are achieved by configuring a port into the appropriate VLAN. A group of users needing high security can be put intoa VLAN so that no users outside of the VLAN can communicate with them. Asa logical grouping of users by function, VLANs can be considered independent from their physical or geographic locations. VLANs can enhance network security. VLANs increase the number of broadcast domains while decreasing their size. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@Static VLAN © Static VLAN’s are based on port numbers * Need to manually assign a port on a switch to a VLAN ‘* Also called Port-Based VLANs One port can be a member of only one VLAN NETMETRIC| SOLUTIONS eo CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| There are two different ways of creating vlans SOLUTIONS Lye 1) VLAN Creation in config Mode: Switch(config}# vlan Switch(config-Vlan)# name Switch(config-Vlan)# Exit Assigning ports in Vian Switch(config}# interface Switch(config-ii)# switchport mode access Switch(contig-if)# switchport access Vian 2) Static VLAN using Database command: Creation of VLAN:- Switch # vlan database Switch(vlan)# vlan name Switch(vlan)# exit Assigning port in VLAN: Switch#config t Switch(config)# int fastethernet Switch(contig-ii)# switchport mode access Switch (config. if)# switchport access vlan Verify using Switch # show vlan The range command (Assigning multiple ports at same time) ‘The range command, you can use on switches to help you configure multiple ports at the same time Switch(config}# interface range fa/l - 5, 0/12, £0/17 Dynamic VLAN * Dynamic VLAN's are based on the MAC address of a PC + Switch automatically assigns the port toa VLAN + Each port can bea member of multiple VLAN's For Dynamic VLAN configuration, a software called VMPS( VLAN Membership Policy Server) is needed CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS Types of links/ports ‘© Access links =. This type of link is only part of one VLAN, and it’s referred to as the native VLAN of the port. Any device attached to an access link is unaware of a VLAN membership—the device just assumes it’s part of a broadcast domain, but it has no understanding of the physical network. Switches remove any VLAN information from the frame before it’s sent to an access link device ©) Trunk links = Trunks can carry multiple VLANs traffic, = Atrunk link is a 100- or 1000Mbps point-to-point link between two switches, between a switch and router, or between a switch and server, These carry the traffic of multiple VLANs— from to 1005 at a time. Trunking allows you to make a single port part of multiple VLANS at the same time. Trunk unk et VLAN Blue VLAN Green LAN Gibrennzeeniti nt ‘or mulupe VLANs ed VLAN Bue VLAN Green VLAN, VLAN Identification Methods (Frame Tagging) Single VLAN can span over multiple switches In oder to make sure that same vlan users on different switches communicate with each other there is a method of tagging happens on trunk links Tag isadded before a frame is send and removed once itis received on trunk link Frame tagging happens only on the trunk links VLAN identification is what switches use to keep track of all those frames: moving through the trunk links CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]NETMETRIC| SOLUTIONS + The below two trunking protocols responsible for frame tagging, process 151 = Inter-Switch Link (ISL) ~ IEEE 802.10 TEEE 802.1Q T's.a Cisco proprictary ‘Open standard, we can It works with Ethernet, use on different vendors Token ring, FDDI switches, Tadds 30 bytes of tag Itworks only on All VLAN taaffic is tagged Ethernet Frame is not modified Only 4 Byte tag will be added to original frame. Unlike ISL, 802.19 does not encapsulate the frame, It modifies the existing Ethernet frame to include the VLAN ID Trunking Configuration - Switch(config)# interface Switch(config-if}# switchport mode trunk Switch(config-if)# switchport trunk encapsulation dotlq/ISL CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| LAB -IMPLEMENTING VLAN SOLUTIONS) Server-PT PC PT 192.168.1.5 192, 168,1.2 Server-PT ‘ a 192.168.1.4 PC-PT 192.168.1.1 Steps: 1) Ping between 192.168.1.1 and 192.168.1.3 2) Create VLAN 20 3) Shift port 0/3, f0/4 in to VLAN 20 4) Ping, between 192.168.1.1 and 192.168.1.3 Switch#sh vlan VLAN Name Status Ports 1 default active Fa0/1,Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, FaQ/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gigl/1, Gig /2 1002 fldi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS}t 53 PCipconfig IP Address, 192.168.1.1 Subnet Mask, 55.255.255.0 Default Gateway... -£192.168.1.100 PC>ping 192:1681.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 time=19ms TTL Reply from 192.168.1.2: bytes=32 tim Reply from 192.168.1.2: bytes=32 ti Reply from 192.168.1.2: bytes=' PC>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply from 192.168.1.3: byte Reply from 192.168.1.3: byte Reply from 192.168.1.3: bytes Reply from 192.168.1.3: bytes~32 time~8ms TTL~128 PC>ping 192.1681.4 Pinging 192.168.1.4 with 32 bytes of data: Reply from 192.168.1.4: byte: Reply from 192.168.1.4: byte Reply from 192.168.1.4: byte Reply from 192.168.1.4: byte Create Vian 20 And Shift The Ports 3 And 4 In To Vlan 20 Switch(config)#vlan 20 Switch(config-vlan}#name SALES Switch(config-vlan}#exit Switch (config) #interface fastEthernet 0/3 Switch (config. if)#switchport mode access Switch (contig. if) #switchport access vlan 20 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| Switch(config-if)ttexit SOLUTIONS| - Switch (config) #interface fastEthernet 0/4 Switch (contig. if)#switchport mode access Switch(contig-if)#switchport access vlan 20 Switch#sh vlan VLAN Name Status Ports 1 default active Fa0/1,Fa0/2, Fa0/5, Fa0/6 Fa0/7, Fa/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, FaQ/14 Fa0/15, Fa/16, Fal/17, Fa0/18 Fa0/19, F: Fa(l/21, Fa0/22 1/1, Gig /2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fdldinet-default act/unsup 1005 trnet-default act/unsup PC>ipcontig IP Address. sve 192,168.11 Subnet Mask. 5,255.0 Default Gateway. : 192.168.1.100 Coping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1,2: bytes=32 tim Reply from 192.168.1.2: bytes=32 tim Reply from 192.168.1.2: bytes=32 tim Reply from 192.168.1.2: bytes=32 tim PC>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Request timed out. CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahLAB Request timed out. Request timed out Request timed out PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. CREATING BASIC VLAN CONFIGURATION ON SWITCHES Switch(config)#vlan 10 Switch(config-vlan}#name sales Switch (config-vlan)#vlan 20 Switch(config-vlan)#name marketing, Switch (config-vlan)i#vlan 30 Switch (config-vlan)#vlan 40 Switch(config-vlan)Hend Switch#sh vlan VLAN Name Status Ports 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, FaQ/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, FaQ/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig/1, Gig /2 NETMETRIC| SOLUTIONS CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS 33 g There are no active ports in that vlans 30 VLANO030 active TASK: * Configure port fa/8 into vlan 10 * Configure multiple ports (4-7 and10) to vlan 20 ch(contig)#int £0/8 ch(config-if}#switchport mode access Switch (contig. if)#switchport access vlan 10 Switch(config-if}#exit Switch (config)#interface range f0/4-7 , 0/10 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 20 Switch#sh vlan VLAN Name Status Ports 1 default active Fa0/1,Fa0/2, Fa0/3, Fa0/9, Fa0/11, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshah@gmaNETMETRIC| LAB: TRUNKING SOLUTIONS) Server-PT — VLAN20 192,168.2.1 serverot / 192,168.22 192.168, é x \ CPF \ / \ 192.168.24 wine 192,108.14 2 OnsWw-1 “Switch (config) #hostname SW-1 SW-1 (config) #interface range f0/1-2 SW-1(config-if-range)#switchport mode access SW-1 (config-if-range)#switchport access vlan 10 SW-1{config-if-range)#exit SW-1 (config) #intexface range f0/3- 4 SW-1(config-if-range)#switchport mode access SW-1(config-ii-range)#switchport access vlan 20 SW-l(config-if-range)#end SW-l#sh vlan VLAN Name Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, FaQ/10, Fa0/11, Fad /12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| Fa0/17, Fa0/18, Fa0/19, Fa0/20 SOLUTIONS Fa0/21, Fa0/22, Fa0/23, Fa0/24 “i a, 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup On sw-2 Switch(config)#hostname SW-2 SW-2(config) #interface range F0/1 - 2 SW-2(config-if-range)#switchport mode access SW-2(config-if-range)#switchport access vlan 10 SW-2iconfig-if-range) #exit SW-2iconfig) Hintexface range £0/3- 4 SW-2iconlig-if-range)#switchport mode access SW-2(config-ii-range)#switchport access vlan 20 SW-2(config-if-range)#end ‘SW-2#sh vian VLAN Name Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 FaQ/9, Fa/10, Fa0/11, Fa0/12 Fa0)/13, Fa0/14, Fa0/15, Fa/16 Fa0/17, Fa0/18, Fa0/19, Fa)/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gigl/1, Gig /2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. [email protected]_, [email protected]NETMETRIC| 1004 fddinet-default act/unsup SOLUTIONS) 1005 trnet-default act/unsup pe PC ipconfig, IP Address. 3 192168.1.1 Subnet Mask. 5,255.0 Deiault Gateway. 168.1.100 PCoping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes~32 time~13ms TTL~128 Reply from 192.168.1.2: bytes™32 tis Reply from 192.168.1,2: byte Reply from 192.168.1.2: bytes PCeping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out SERVER>ipconfig IP Addri Subnet Mask, 5.255.0 Default Gateway. 192.168.2.100 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SERVER>ping 192.168.2.2 SOLUTIONS, To Pinging 192.168.2.2 with 32 bytes of data: Reply from 192.168.2.2: byte Reply from 192:168.2.2: bytes=32 time=! Reply from 192.168.2.2: bytes=32 time Reply from 192.168.2.2: bytes SERVER> ping 192,168.23 Pinging 192.168.2.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. SERVER>ping 192.168.2.4 Pinging 192.168.2.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out, Request timed out NOTE: * From the above verification we can see that same vian users on different switches are not able to communicate © To communicate , there should be trunking configured on link between the switches To configure trunking SW-1 (config) #interface fastEthernet 0/20 SW-1(config-if)#switchport mode trunk SW-1(config-if)#switchport trunk encapsulation dotlq (ee CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahSW-2iconfig)#int £0/20 SW-2(config-ii)##switchport mode trunk SW-2(config-ii)#switchport trunk encapsulation dotiq SW-1#sh interfaces trunk rt Mode BE psulation Status Native vlan Port Vlans allowed on trunk Fa0/20 1-1005 Port Vlans allowed and active in management domain Fa0/20 1,10,20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 110,20 SW-2Hsh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on —-802.1q_—strunking 1 Port — Vlans allowed on trunk Fa0/20 1-1005 Port Vians allowed and active in management domain Fa0/20 1,10,20 Port Vans in spanning tree forwarding state and not pruned Fa0/20 110,20 PC>ipcontig IP Address, 192,168.1.1 Subnet Mask. 255.255,255.0 NETMETRIC| SOLUTIONS Ta] CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| Default Gateway... 2 192.168.1.100 SOLUTIONS} PC>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply from 192.168.1, Reply from 192.1681. Reply from 192.168.1. Reply from 192.168.1. PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Reply from 192.168.1.4: bytes Reply from 192.168.1.4: bytes SERVER>ipconfig, IP Address. 192.168.2.1 Subnet Mask... 255.255,255.0 Default Gateway. 192.168.2.100 SERVER> ping 192,168.23 Pinging 192.168.2.3 with 32 bytes of data: Reply from 192,168.23: byte Reply from 192.168.2.3: byte Reply from 192.168.2.3: byte Reply from 192.168 .2.3: byte SERVER>ping 192.168.2.4 Pinging 192.168.2.4 with 32 bytes of data: Reply from 192.168.2.4: byte Reply from 192.168.2.4: byte Reply from 192.168.2.4: byt Reply from 192.168.2.4: byte CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC] TASK: SOLUTIONS Configure The Trunk Link Such That It Only Allow The Vian 10 , 20, 30 , 40 Traffic Should Only Be Allowed ( No Other Vlan Traffic Should Be Send 163 On Both switches (SW1/SW2) SW-x(config-if)ftswitchport trunk allowed vlan ? WORD VLAN IDs of the allowed VLANs when this port is in trunking mode add add VLANs to the current list all all VLANs except all VLANs except the following none 0 VLANs remove remove VLANs from the current list SW-x(config-if}##switchport trunk allowed vian 10,20,30,40 SW-1#fsh interfaces trunk Port Mode Encapsulation Status Native vlan Fa/20 on -802.1q trunking 1 Port Vans allowed on trunk Port Vians allowed and active in management domain Fa0/20 10,20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 10,20 SW-2#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on —-802.1g_—trunking 1 Port Vans allowed on trunk Fa0/20 — 10,20,30,40 Port Vians allowed and active in management domain Fa0/20 10,20 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS Port __Vlans in spanning tree forwarding state and not pruned Fa0/20 10,20 ee TASK: © Create van 50, 60,7080 on both switches * Configure the trunk link f0/20 to add vian 50 ,60,70,80 to the existing trunk allowed list On both switches ( SWI/SW2) SW-x(config)#vlan 50 SW-x(config-vlan}#vlan 60 SW-x(config-vlan)#vlan 70 SW-x{config-vlan)#vlan 80 SW-x(config-vlan)#end SW-x(config-if)#switchport trunk allowed vlan add 50,60,70,80 SW-1#tsh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Port Vlans allowed on trunk Port Vians allowed and active in management domain Fa0/20 — 10,20,50,60 Port __Vians in spanning tree forwarding state and not pruned Fa0/20 — 10,20.50,60 SW-2#sh interfaces trunk Port Mode —_ Encapsulation Status Native vlan Fa0/20 on —-802.1q_—strunking 1 Port Vlans allowed on trunk Port Vians allowed and active in management domain Fa0/20 — 10,20,50,60 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| SOLUTIONS ‘ 165 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 — 10,20,50,60 TASK * Configure the trunk link f0/20 to remove vlan 70,80 to the existing trunk allowed list SW-1(config) #int £0/20 SW-1(config-if}#switchport trunk allowed vian remove 70,80 SW-1#sh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on —802.1q_—trunking 1 Port Vians allowed on trunk Port Vlans allowed and active in management domain Fa0/20 10,20,50,60 Port —_Vlans in spanning tree forwarding state and not pruned Fa0/20 — 10,20,50,60 SW-2itsh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on —-802.1q. trunking 1 Port Vlans allowed on trunk Port — Vians allowed and active in management domain Fa0/20 — 10,20,50,60 Port Vians in spanning tree forwarding state and not pruned Fa0/20 —10,20,50,60 CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikandarbaadshahNETMETRIC| V_LAN TRUNKING PROTOCOL SOLUTIONS, 166 VIP is a CISCO proprietary protocol used to share the VLAN configurations with multiple switches and to maintain consistency throughout that network Information will be passed only if switches connected with FastEthernet or higher ports. VTP allows an administrator to add, delete, and rename VLANs-information that is then propagated to all other switches in the VTP domain, Note: Switches Should be configure with same Domain, Domain are not Case sensitive VIP Modes VIP Mode are of three types: © Server Mode © ASwitch configured in Server mode can Add , Modify and Delete VLAN’s © A Default VIP mode for all switches * Client Mode © A switch configured in Client mode cannot Add , Modify and Delete its VLAN configurations © Doesn't store its VLAN configuration information in the NVRAM. Instead , learns it from the server every time it boots up Transparent Mode © A switch configured in a Transparent Mode can Add, Modify and Delete VLAN configurations. © Changes in one transparent switch will not affect any ather switch. Benefits of VLAN Trunking Protocol (VIP) * Consistent VLAN configuration across all switches in the network * Accurate tracking and monitoring of VLANs * Dynamic reporting of added VLANs to all switches in the VTP domain * Plug-and-Play VLAN adding VIP Configuration in config mode Switch (config)# VIP Domain Switch (config)# VIP Password Switch (config) # VIP version 2 Switch(config)# VIP Mode CCNA R&S Workbook by Sikandar Gouse Moinuddin _ CCIE (R&S, SP) # 35012 All contents are copyright @2012 - 2014 All rights reserved. sikhandarbaadshah@NETMETRIC| SOLUTIONS|| VIP Configuration in database mode pe Switch¥VLAN Database Switch(VLAN)# VTP Domain Switch(VLAN)# VIP Password Switch(VLAN)# VIP version 2 Switch(VLAN)# VIP Mode

You might also like

• CCNA Sikandar Notes 11

  

  No ratings yet

  CCNA Sikandar Notes 11

  155 pages
• Netmetric Ccna Study Guide

  

  No ratings yet

  Netmetric Ccna Study Guide

  51 pages
• 000 Sikandar CCNP Route V20 Oct 2015 - Vol-2 - 2

  

  No ratings yet

  000 Sikandar CCNP Route V20 Oct 2015 - Vol-2 - 2

  343 pages
• 004 Secruity-IP Services-CCNA PDF

  

  No ratings yet

  004 Secruity-IP Services-CCNA PDF

  204 pages
• Advanced BGP for Network Engineers

  

  No ratings yet

  Advanced BGP for Network Engineers

  5 pages
• 003 Routing Encor

  

  No ratings yet

  003 Routing Encor

  251 pages
• OSI - Layer - Sikandar Notes

  

  No ratings yet

  OSI - Layer - Sikandar Notes

  11 pages
• CCNP Routing&Switching Program

  

  0% (1)

  CCNP Routing&Switching Program

  2 pages
• A Complete Guide To OSPF

  

  No ratings yet

  A Complete Guide To OSPF

  31 pages
• SWITCH-EnterpriseNets and VLANs PDF

  

  No ratings yet

  SWITCH-EnterpriseNets and VLANs PDF

  118 pages
• CCIE EI Lab Exercises by Narbik Kocharians

  

  No ratings yet

  CCIE EI Lab Exercises by Narbik Kocharians

  3 pages
• Ccna R&S

  

  No ratings yet

  Ccna R&S

  122 pages
• WiFi Troubleshooting CheatSheet

  

  100% (1)

  WiFi Troubleshooting CheatSheet

  21 pages
• 003 L2 Security

  

  No ratings yet

  003 L2 Security

  89 pages
• 78 Articles For CCNA Students

  

  No ratings yet

  78 Articles For CCNA Students

  5 pages
• CCNA NAT Guide for Network Pros

  

  No ratings yet

  CCNA NAT Guide for Network Pros

  3 pages
• Ccna Ospf Cheat Sheet

  

  No ratings yet

  Ccna Ospf Cheat Sheet

  4 pages
• Welcome To Cisco CCNP Route

  

  No ratings yet

  Welcome To Cisco CCNP Route

  65 pages
• WB QQ I

  

  No ratings yet

  WB QQ I

  184 pages
• Is Is 3 PDF Free

  

  No ratings yet

  Is Is 3 PDF Free

  104 pages
• Configuring BGP on Cisco Routers

  

  No ratings yet

  Configuring BGP on Cisco Routers

  52 pages
• ICND1 Assesment Lab: Scenario

  

  No ratings yet

  ICND1 Assesment Lab: Scenario

  22 pages
• BGP Syllabus v1

  

  No ratings yet

  BGP Syllabus v1

  3 pages
• Understanding AAA: Auth, Authz, Accounting

  

  No ratings yet

  Understanding AAA: Auth, Authz, Accounting

  219 pages
• 5 продвинутых технологий Cisco, которые нужно знать: Ruslan Savchenko ведущий

  

  No ratings yet

  5 продвинутых технологий Cisco, которые нужно знать: Ruslan Savchenko ведущий

  50 pages
• ARP Interview Question and Answers - Networker Interview

  

  No ratings yet

  ARP Interview Question and Answers - Networker Interview

  2 pages
• CCIE

  

  No ratings yet

  CCIE

  129 pages
• EIGRP Routing Protocol Guide

  

  No ratings yet

  EIGRP Routing Protocol Guide

  26 pages
• CCIE SP v5 Lab Deploy Demo

  

  No ratings yet

  CCIE SP v5 Lab Deploy Demo

  30 pages
• MPLS Inter Area IGP

  

  No ratings yet

  MPLS Inter Area IGP

  10 pages
• 004 DMVPN - MPLS L3 VPN - Enarsi

  

  No ratings yet

  004 DMVPN - MPLS L3 VPN - Enarsi

  244 pages
• IOS to XR Configuration Show Commands

  

  No ratings yet

  IOS to XR Configuration Show Commands

  1 page
• Sd-Wan Zero-to-Hero: Net Expert Solutions

  

  100% (1)

  Sd-Wan Zero-to-Hero: Net Expert Solutions

  11 pages
• 001 Ipsec VPN

  

  No ratings yet

  001 Ipsec VPN

  138 pages
• Sikandar Ccna Notes PDF

  

  No ratings yet

  Sikandar Ccna Notes PDF

  254 pages
• 001 Certification-Labs Virtuals

  

  No ratings yet

  001 Certification-Labs Virtuals

  36 pages
• Network Resume

  

  No ratings yet

  Network Resume

  3 pages
• Top 13 Most Asked OSPF Interview Questions - 2023

  

  No ratings yet

  Top 13 Most Asked OSPF Interview Questions - 2023

  13 pages
• SD WAN Training

  

  No ratings yet

  SD WAN Training

  80 pages
• Networkerinterview Net Entries Ccna Interview Question PDF Ccna Interview Questions and Answers PDF

  

  No ratings yet

  Networkerinterview Net Entries Ccna Interview Question PDF Ccna Interview Questions and Answers PDF

  20 pages
• Private VLAN Configuration Guide

  

  100% (1)

  Private VLAN Configuration Guide

  4 pages
• 03 OSPF Commands

  

  No ratings yet

  03 OSPF Commands

  60 pages
• Troubleshooting Switch

  

  No ratings yet

  Troubleshooting Switch

  56 pages
• CCNa Top 50 Tricky Question

  

  No ratings yet

  CCNa Top 50 Tricky Question

  9 pages
• Understanding Spanning Tree Protocol (STP)

  

  No ratings yet

  Understanding Spanning Tree Protocol (STP)

  19 pages
• Cisco BGP Protocol Overview

  

  No ratings yet

  Cisco BGP Protocol Overview

  7 pages
• Sikandar CCNP Route Final

  

  No ratings yet

  Sikandar CCNP Route Final

  318 pages
• Vagish Sir (CCNA)

  

  No ratings yet

  Vagish Sir (CCNA)

  48 pages
• Group Encrypted Transport VPN (GETVPN) Design and Implementation Guide

  

  100% (1)

  Group Encrypted Transport VPN (GETVPN) Design and Implementation Guide

  220 pages
• CCNA Sikandar 2015 Version 2

  

  No ratings yet

  CCNA Sikandar 2015 Version 2

  384 pages
• Sikandar CCIE-RS-V5-VPN Workbook

  

  No ratings yet

  Sikandar CCIE-RS-V5-VPN Workbook

  260 pages
• Cisco Routing Process PDF

  

  100% (1)

  Cisco Routing Process PDF

  1 page
• 4 Ccie Rs v5 BGP by Sikandar Gouse Moinuddin Shaik Compress

  

  No ratings yet

  4 Ccie Rs v5 BGP by Sikandar Gouse Moinuddin Shaik Compress

  325 pages
• Routehub TUNNEL L2VPN PDF

  

  No ratings yet

  Routehub TUNNEL L2VPN PDF

  70 pages
• Sikandar Ccna Notes PDF

  

  89% (28)

  Sikandar Ccna Notes PDF

  167 pages
• IP Addressing and Subnetting Guide

  

  No ratings yet

  IP Addressing and Subnetting Guide

  101 pages
• CCNA Tutorial Series SUBNETTING

  

  No ratings yet

  CCNA Tutorial Series SUBNETTING

  19 pages
• CCNA Network Kings

  

  100% (5)

  CCNA Network Kings

  104 pages
• Chapter 4 Solutions: Review Questions

  

  100% (1)

  Chapter 4 Solutions: Review Questions

  4 pages
• Maipu ROUTER Series

  

  100% (1)

  Maipu ROUTER Series

  58 pages
• Answers To Chapter Review Questions

  

  100% (1)

  Answers To Chapter Review Questions

  48 pages
• WorkLearning Contract

  

  No ratings yet

  WorkLearning Contract

  2 pages
• Datebase Mangement HW Help

  

  100% (1)

  Datebase Mangement HW Help

  11 pages
• 5.1.5.7 Packet Tracer - Configuring OSPF Advanced Features Instructions

  

  No ratings yet

  5.1.5.7 Packet Tracer - Configuring OSPF Advanced Features Instructions

  3 pages
• Book Gift Request for Little Man

  

  No ratings yet

  Book Gift Request for Little Man

  1 page
• Host a Scentsy Party, Earn Rewards

  

  No ratings yet

  Host a Scentsy Party, Earn Rewards

  2 pages
• 2.1.1.5 Packet Tracer - Examining A Redundant Design Instructions

  

  0% (4)

  2.1.1.5 Packet Tracer - Examining A Redundant Design Instructions

  3 pages