Ccna lab manual[1]

2,175 views

Published on

CCNA lab manual,containing all there is to know about network troubleshooting.

Published in: Education, Technology
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
2,175
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
339
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Ccna lab manual[1]

  1. 1. 1Cisco DEVICE AND IOS BASICS
  2. 2. 2Device connectivity BasicsThe series of diagrams below reveal the cable types used for variousdevice connectivity.I. Console Connectivity to configure a switch using management hosta. PC serial port to Switch Console port Catalyst SwitchRollover cable is being used Management Consoleb. For remote Configuration through Auxiliary interface Internet cloud Aux 0 ModemRemote computer Modem
  3. 3. 3II. Network Connection a. To cascade same type of device use Cross-Over cable.b. For HUB/SWICH to PC/ROUTER – straight through cable is used & Cross- over cable is used between PC – Router & Hub – Switch. Switch Host Straight Through cableCross Over cable Cross Over cable Router HUBSetting up the Management Console (windows environment):First let’s setup the Hyperterminal from windows – for interfacing withthe Cisco Devices and issue commands. Here we go…
  4. 4. 4Path to trigger the emulation software from your DesktopClick start  Programs  Accessories  Communications  HyperTerminalWe’ll name our Session My_Lab. The next screen requires us to configurethe COM port to which we are going to connect our Cisco Device.
  5. 5. 5Next, choose the default settings, else communication will be aproblem !On clicking OK, we’ll see the below screen & we are ready to talk toour CISCO Switch/Router !
  6. 6. 6 IOS BASICSPressing the RETURN key takes us to the USER EXEC mode.Switch con0 is now availablePress RETURN to get started.Switch>The “>” prompt denotes user exec mode. To move into Privilege mode, weuse the “enable” command.Switch>enableSwitch#Privilege mode is identified with the “#” symbol. “configure terminal”command takes us into the global configuration mode where we canconfigure global parameters like hostname etc for the entire device.Switch#configure terminalSwitch(config)#To get into any specific interface mode we have use the “interface”command with relevant interface number. To configure parametersspecific to interface 1 of module 0, we issue the command as shownbelow.
  7. 7. 7Switch(config)#interface fastethernet 0/1Switch(config-if)#This is the sequence with which we change modes in the forwarddirection. Let’s now move backwards now.Switch(config-if)#exitSwitch(config)#To go one step backward we have to use the command “exit”Switch(config)#exitSwitch#However, we must use the command “disable” to move from privilege touser exec mode. If we use “exit”, it’ll log us out (and we’ll again seethe first messageSwitch con0 is now availablePress RETURN to get started)Switch#disableSwitch>To logout, we use the “exit” command again.Switch>exitSwitch con0 is now availablePress RETURN to get startedNOTE : We can use ^Z to directly move backward 2 steps – from interfacemode to privilege mode.Config-if# ^ZSwitch#Also note that we can use “?” whenever we want to see the variouscommands available in a particular mode or want to find out whatcommands begin with a certain letter etc. This can be easily observedin the below case.Router#?Exec commands: access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface access-template Create a temporary Access-List entry archive manage archive files cd Change current directory<output omitted>Router#s? (displays all commands beginning with “s”)*s=show send setup slip squeeze start-chat systat
  8. 8. 8If we typed a wrong spelling & try to use help the output will displayas “Unrecognized command”. The same message is displayed even if we tryto use help when no further arguments are possible (or wrong argumentsused). Look at the below examples...Router#show router ?% unrecognized commandRouter#show ip a% Ambiguous command: "show ip a"Router#show ? access-expression List access expression access-lists List access lists accounting Accounting data for active sessions aliases Display alias commands arp ARP table<output omitted>Another interesting aspect is that we don’t have to type the entirecommand. We can just type the first few letters of a command (to theextent that only one command begins with the typed letters) and presstab – the command is completed for us! (Even if we don’t complete thecommand, it’ll accept!)Using tab keyLet‟s just type “sh” and use the tab key tab keyRouter#sh (tab)Router#showThere are some shortcut keys that’ll help us to work with IOS faster.Their description & use is given below.Shortcut keys to access your CLI modeCTRL-A Moves the cursor to the beginning of the lineCTRL-E Moves the cursor to the end of the lineESC-B Moves the cursor back one word at a timeESC-F Moves the cursor forward one word at a timeCTRL-B Moves the cursor back one character at a timeLEFT ARROW Moves the cursor back one character at a timeCTRL-F Moves the cursor forward one character at a timeRIGHT ARROW Moves the cursor forward one character at a timeCTRL-P Recalls the last commandUP ARROW Recalls the last commandCTRL-N Recalls the most previously executed commandDOWN ARROW Recalls the most previously executed commandCTRL-D Deletes the character the cursor is underBACKSPACE Deletes the character preceding the cursorCTRL-R Redisplays the current lineCTRL-U Erases the line completely
  9. 9. 9CTRL-W Erases the word the cursor is underCTRL-Z Takes you from Configuration mode back to Privilege EXEC modeTAB Once you enter a few characters and hit the TAB key, the IOS device completes the word, assuming that you typed in enough characters to make the command or parameter unique$ When this appears at the beginning of a command line, it indicates that there are more characters to the right of the $.
  10. 10. 10Switching Labs
  11. 11. 11 General Experiments with Basic Switch CommandsAssume we are on a Switch console and the switch’s ready – we see thebelow messageSwitch con0 is now availablePress RETURN to get started.(press the return key)Switch> this is our user exec modeTo get into privilege mode use the command “enable”Switch>enableSwitch# The prompt has changed from “>” to “#”. if you see “#” afterthe hostname you are in Privilege modeTo get back from privilege mode to user exec mode use the commanddisableSwitch#disableSwitch>To get into global configuration mode use the following commandsSwitch>enableSwitch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)# This prompt indicates global configuration modeTo get into specific interface mode use the following commandsSwitch>enableSwitch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#interface Fastethernet 0/1Switch(config-if)#Let’s add some description to the interface fastethernet 0/1 –indicating that Host1 is connected to this interface. We do this fromthe specific interface modeSwitch>enableSwitch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#interface Fastethernet 0/1Switch(config-if)#description Host1Check out this description in running configuration using the command“show running configuration”Switch#show running-configBuilding configuration...
  12. 12. 12Current configuration : 130 bytes!interface FastEthernet0/1 description Host1 no ip address end (irrelevant output omitted)Let’s see some more basic show commands. (All show commands work onlyin privilege mode)To view details of interfaces/particular interface use“show interfaces” (or) “show interfaces <interface type interface id>e.g.Switch#show interfaces Fa 0/1FastEthernet0/1 is down, line protocol is down Hardware is FastEthernet,address is 000d.ed5b.49c1(bia 000d.ed5b.49c1) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set <output omitted>We can also observe that it’s sufficient to use the first few lettersof the keyword Fastethernet – once these letters identify the uniquecommand, the balance letters needn’t be typed !Switch#show interface vlan 1Vlan1 is administratively down, line protocol is down Hardware is CPUInterface,address is 000d.ed5b.49c0(bia 000d.ed5b.49c0) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set <output omitted>Switch#Show spanning-treeNo spanning tree instances exist.Following is the command to see the current device configuration whichis in the RAM.Switch#show running-configBuilding configuration...Current configuration : 866 byversion 12.1!hostname Switch!interface FastEthernet0/1 description Host1 no ip address<output omitted>!interface FastEthernet0/12 no ip address!interface Vlan1 no ip address no ip route-cache
  13. 13. 13 shutdown!line con 0line vty 5 15!EndSwitch#Show startup-configBuilding configuration...Current configuration : 866 bytes!version 12.1!hostname Switch!!interface FastEthernet0/1 description Host1 no ip address!!interface FastEthernet0/12 no ip address!interface Vlan1 no ip address no ip route-cache shutdown!line con 0line vty 5 15!endAnother interesting command to view the connectivity status of variousinterfaces is “show interface status”Switch#show interface statusPort Name Status Vlan Duplex Speed TypeFa0/1 Host1 connected 1 a-half a-10 10/100BaseTXFa0/2 notconnect 1 auto auto 10/100BaseTXFa0/3 notconnect 1 auto auto 10/100BaseTXFa0/4 notconnect 1 auto auto 10/100BaseTXFa0/5 notconnect 1 auto auto 10/100BaseTXFa0/6 notconnect 1 auto auto 10/100BaseTXFa0/7 notconnect 1 auto auto 10/100BaseTXFa0/8 notconnect 1 auto auto 10/100BaseTXFa0/9 notconnect 1 auto auto 10/100BaseTXFa0/10 notconnect 1 auto auto 10/100BaseTXFa0/11 notconnect 1 auto auto 10/100BaseTXFa0/12 notconnect 1 auto auto 10/100BaseTXNow, let’s see the content of the mac-address-table of our switch -after disconnecting all connected computers (no devices connected toany interface of the switch) – using the “show mac-address-table”command
  14. 14. 14Switch#show mac-address-table Mac Address Table------------------------------------------Vlan Mac Address Type Ports---- ----------- ---- -----No entries are seen! Let’s connect a host (computer) to port no. 1 andgenerate some traffic from it.As soon as we connect the host to the switch in the port 1 thefollowing message can be observed on the screen02:18:06:%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up02:18:07: %LINEPROTO-5-UPDOWN: Line protocol on InterfaceFastEthernet0/1, changed state to upTo generate traffic (for the switch to learn from source address offrame) we’ll ping from the host to some IP address & then execute theshow mac-address-table command again.Switch2950#sh mac-address-table Mac Address Table------------------------------------------Vlan Mac Address Type Ports---- ----------- ---- ----- 1 0040.33a0.4bc7 Dynamic Fa0/1Total Mac Addresses for this criterion: 1The above table reveals the mac address of the host connected tointerface fa0/1. It also reveals that this is a dynamically learntentry.If 2 switches are interconnected directly to each other (cascading)let’s see what happens. We shall use this simple diagram for betterunderstanding. F0/12 F0/12 Switch A Switch B F0/1 F0/2 F0/1 F0/2 0000.0000.0002 0000.0000.0001 0000.0000.000A 0000.0000.000B
  15. 15. 15Now we see Switch A’s mac address table as belowSwitchA#sh mac-address-table Mac Address Table------------------------------------------Vlan Mac Address Type Ports---- ----------- ---- ----- 1 0000.0000.0002 Dynamic Fa0/1 1 0000.0000.0001 Dynamic Fa0/2 1 0000.0000.000A Dynamic Fa0/12 1 0000.0000.000B Dynamic Fa0/12 1 0000.0000.00B1 Dynamic Fa0/12 1 0000.0000.00B2 Dynamic Fa0/12Total Mac Addresses for this criterion: 6We observe that this switch reveals the cascaded switch B’s connectedhost mac addresses and switch B’s Base Mac address (0000.0000.00B1) &switch B’s cascade interface Fa0/12 Mac address (0000.0000.00B2) also.A similar output would be seen for switch B’s mac table (shown below).The base Mac Address is common for the entire switch while everyinterface of the switch has a unique Mac address of its own also.SwitchB#sh mac-address-table Mac Address Table------------------------------------------Vlan Mac Address Type Ports---- ----------- ---- ----- 1 0000.0000.000A Dynamic Fa0/1 1 0000.0000.000B Dynamic Fa0/2 1 0000.0000.0001 Dynamic Fa0/12 1 0000.0000.0002 Dynamic Fa0/12 1 0000.0000.00A1 Dynamic Fa0/12 1 0000.0000.00A2 Dynamic Fa0/12Total Mac Addresses for this criterion: 4Let’s see what “show interface status” command revealsSwitchA#show interface statusPort Name Status Vlan Duplex Speed Type<output omitted>Fa0/9 notconnect 1 auto auto 10/100BaseTXFa0/10 notconnect 1 auto auto 10/100BaseTXFa0/11 notconnect 1 auto auto 10/100BaseTXFa0/12 Trunk 1 auto auto 10/100BaseTXSwitchB#show interface statusPort Name Status Vlan Duplex Speed Type<output omitted>Fa0/9 notconnect 1 auto auto 10/100BaseTXFa0/10 notconnect 1 auto auto 10/100BaseTXFa0/11 notconnect 1 auto auto 10/100BaseTXFa0/12 Trunk 1 auto auto 10/100BaseTXIt displays the cascade link as TRUNK.Another interesting command to view various details regarding theswitch’s configuration is “show version”
  16. 16. 16Switch#show versionCisco Internetwork Operating System SoftwareIOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASESOFTWARE (fc1)Copyright (c) 1986-2002 by cisco Systems, Inc.Compiled Sun 24-Nov-02 23:31 by antoninoImage text-base: 0x80010000, data-base: 0x80562000ROM: Bootstrap program is CALHOUN boot loaderSwitch uptime is 4 hours, 33 minutesSystem returned to ROM by power-onSystem image file is "flash:/c2950-i6q4l2-mz.121-12c.EA1.bin"cisco WS-C2950-12 (RC32300) processor (revision K0) with 21002K bytesof memory.Processor board ID FOC0739W1K0Last reset from system-resetRunning Standard Image12 FastEthernet/IEEE 802.3 interface(s)32K bytes of flash-simulated non-volatile configuration memory.Base ethernet MAC Address: 00:0D:ED:5B:49:C0Motherboard assembly number: 73-5782-12Power supply part number: 34-0965-01Motherboard serial number: FOC07391MM3Power supply serial number: PHI073402LDModel revision number: K0Motherboard revision number: A0Model number: WS-C2950-12System serial number: FOC0739W1K0Configuration register is 0xFTo save our current configuration from RAM to NVRAM (startupconfiguration) we use the command copy running-configuration startup-configuration (Alternately the “write” command may also be used)Switch#copy running-config startup-configDestination filename [startup-config]?Building configuration...[OK]If we want to restart the switch use the following commandSwitch#Reload – (used to warm boot the switch)To clear all the contents of the mac table, use the below command (thiswill remove only dynamic entries. Static/Permanent entries will not beremoved).Switch#clear mac-address-table *To delete the startup configuration, useSwitch#erase startup-configTo change our switch name to “Switch2950”
  17. 17. 17Switch(config)#hostname Switch2950Switch2950(config)#To configure secret (encrypted) password for privilege mode (passwordis set as “cisco1” in the below example)Switch2950(config)#enable secret cisco1After configuring the secret password let see the output in showrunning-config commandSwitch2950#show runBuilding configuration...Current configuration : 939 bytes<output omitted>hostname Switch2950!enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/ (this is how theencrypted password is seen)!<output omitted>EndTo configure enable password for privilege modeSwitch2950(config)#enable password cisco (to configure enable passwordfor privilege mode)Switch2950#sh runBuilding configuration...Current configuration : 939 bytes<output omitted>hostname Switch2950!enable password cisco (our password is in clear text which is inreadable format)!<output omitted>endTo configure the console password, the following is the sequence.Switch2950(config)#line console 0Switch2950(config-line)#login% Login disabled on line 0, until password is setSwitch2950(config-line)#password ciscoshow running-config revealsSwitch#show running-config!line con 0 password cisco login!<Out put omitted>
  18. 18. 18If we restart / relogin into the switch, it asks for the password inthe beginning itselfSwitch2950 con0 is now availablePress RETURN to get started.User Access VerificationPassword: (here we have to supply the console 0 password to get intouser exec mode)Let’s observe the whole running-config outputSwitch# show running-configBuilding configuration...Current configuration : 1154 bytes!version 12.1no service single-slot-reload-enableno service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Switch!enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/enable password cisco!ip subnet-zero!!interface FastEthernet0/1 description Host1 no ip address!interface FastEthernet0/2 no ip address!interface FastEthernet0/3 no ip address!interface FastEthernet0/4 no ip address!interface FastEthernet0/5 no ip address!interface FastEthernet0/6 no ip address!interface FastEthernet0/7 no ip address!interface FastEthernet0/8
  19. 19. 19 no ip address!interface FastEthernet0/9 no ip address!interface FastEthernet0/10 no ip address!interface FastEthernet0/11 no ip address!interface FastEthernet0/12!interface Vlan1 no ip address shutdown!ip http server!!line con 0 password cisco loginline vty 0 4line vty 5 15!EndNote: if both secret and enable passwords exist, only secret will beused to get into privilege mode.Let’s say we have some remote administrators who’ll logon into thisswitch remotely. (They can do so because Cisco switches run terminalservices). However, setting the vty password is a must for telnetaccess & this is how we do it.Lets start configuring the VTY sessionsSwitch2950(config)#line vty 0 15Switch2950(config-line)#login% Login disabled on line 1, until password is set% Login disabled on line 2, until password is set% Login disabled on line 3, until password is set% Login disabled on line 4, until password is set% Login disabled on line 5, until password is set% Login disabled on line 6, until password is set% Login disabled on line 7, until password is set% Login disabled on line 8, until password is set% Login disabled on line 9, until password is set% Login disabled on line 10, until password is set% Login disabled on line 11, until password is set% Login disabled on line 12, until password is set% Login disabled on line 13, until password is set% Login disabled on line 14, until password is set% Login disabled on line 15, until password is set% Login disabled on line 16, until password is set
  20. 20. 20This reveals that 16 simultaneous telnet sessions are possible! we haveto configure the password to enable all these 16 sessionsSwitch2950(config-line)#password ciscoSwitch2950(config-line)#This config alone is not sufficient for telnetting. We need to definean IP address to the switch and only then telnet is possible. Where dowe configure an IP address in the switch ?Switch2950>enableSwitch2950#configure terminalSwitch2950(config)#interface vlan 1Switch2950(config-if)#ip address 1.1.1.1 255.0.0.0 (this is the commandto configure ip address for an interface).So, we configure the IP address to VLAN1 (we’ll learn more about vlanlater).Switch2950(config-if)#no shutdown (after assigning the ip address wehave enable the interface using the “NO SHUTDOWN” command). We will beable to see the below message.01:33:27: %LINK-3-UPDOWN: Interface Vlan1, changed state to up01:33:29: %LINK-3-UPDOWN: Interface Vlan1, Line Protocol changed stateto upLet’s now see how we can control the speed & Duplex operation of theswitchSwitch2950(config)#interface fastethernet 0/1Switch2950(config-if)#duplex halfNote : Duplex will not be set until speed is set to non-auto valueSwitch2950(config-if)#speed 10Switch2950(config-if)#duplex halfNow check the out put in show interface status commandSwitch#show interface statusPort Name Status Vlan Duplex Speed TypeFa0/1 Host1 connected 1 half 10 10/100BaseTXFa0/2 notconnect 1 auto auto 10/100BaseTXFa0/3 notconnect 1 auto auto 10/100BaseTXFa0/4 notconnect 1 auto auto 10/100BaseTXFa0/5 notconnect 1 auto auto 10/100BaseTXFa0/6 notconnect 1 auto auto 10/100BaseTXFa0/7 notconnect 1 auto auto 10/100BaseTXFa0/8 notconnect 1 auto auto 10/100BaseTXFa0/9 notconnect 1 auto auto 10/100BaseTXFa0/10 notconnect 1 auto auto 10/100BaseTXFa0/11 notconnect 1 auto auto 10/100BaseTXFa0/12 notconnect 1 auto auto 10/100BaseTX
  21. 21. 21Had the switch auto negotiated, the output would have beenPort Name Status Vlan Duplex Speed TypeFa0/1 Host1 connected 1 a-half a-10 10/100BaseTXFa0/2 notconnect 1 auto auto 10/100BaseTXFa0/3 notconnect 1 auto auto 10/100BaseTXFa0/4 notconnect 1 auto auto 10/100BaseTXFa0/5 notconnect 1 auto auto 10/100BaseTXFa0/6 notconnect 1 auto auto 10/100BaseTXFa0/7 notconnect 1 auto auto 10/100BaseTXFa0/8 notconnect 1 auto auto 10/100BaseTXFa0/9 notconnect 1 auto auto 10/100BaseTXFa0/10 notconnect 1 auto auto 10/100BaseTXFa0/11 notconnect 1 auto auto 10/100BaseTXFa0/12 notconnect 1 auto auto 10/100BaseTXa-half a-10 means auto negotiated with connected device to halfduplex & 10 Mbps.PORT SECURITY : Let’s now learn how switch interfaces can be configuredto allow connectivity only for pre-defined hosts (based on their Mac-Addresses). This is done on a per interface basis.Before configuring port security for the interfaces, let’s see theoutput of “show port-security” commandSwitch#show port-securitySecure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count)----------------------------------------------------------------------------------------------------------------------------------------------Total Addresses in System : 0Max Addresses limit in System : 1024Now let’s configure port security for interface Fa 0/1 – only systemwith mac id 0000.0000.a111 should be allowed connectivity – any otherdevice connection to this interface should result in the interfaceshutting down.Manual port securitySwitch2950(config)#interface fastethernet 0/1Switch2950(config-if)#switchport mode accessSwitch2950(config-if)#switchport port-securitySwitch2950(config-if)#switchport port-security mac-address0000.0000.A111See the output in show running-config & show port-securitySwitch2950#sh runBuilding configuration...Current configuration : 1089 bytes!hostname Switch2950!enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/enable password cisco!!
  22. 22. 22interface FastEthernet0/1 switchport mode access switchport port-security switchport port-security mac-address 0000.0000.A111 no ip address duplex half speed 10<output omitted>Switch2950#show port-securitySecure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count)----------------------------------------------------------------------- Fa0/1 1 1 0 Shutdown-----------------------------------------------------------------------Total Addresses in System : 0Max Addresses limit in System : 1024We can also ask the switch to auto-learn the mac address of theconnected host using the keyword “sticky”Switch2950(config)#interface fastethernet 0/2Switch2950(config-if)#switchport mode accessSwitch2950(config-if)#switchport port-securitySwitch2950(config-if)#switchport port-security mac-address stickyAfter configuring sticky if any traffic comes to the interfacefastethernet 0/2 of the switch will learn the mac-address and secureit.Switch2950#show running-configBuilding configuration...Current configuration : 1089 bytes!hostname Switch2950!enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/enable password cisco!!interface FastEthernet0/2 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address 0000.0000.A112 no ip address <output ommitted>Switch2950#show port-securitySecure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count)-----------------------------------------------------------------------Fa0/1 1 1 0 ShutdownFa0/2 1 1 0 Shutdown-----------------------------------------------------------------------Total Addresses in System : 0Max Addresses limit in System : 1024
  23. 23. 23By default, only one mac-address will be locked to the interface – thiscan be changed as demonstrated below.Increasing the maximum count of mac-address secured for the interfaceSwitch2950(config)#interface fastethernet 0/3Switch2950(config-if)#switchport mode accessSwitch2950(config-if)#switchport port-securitySwitch2950(config-if)#switchport port-security maximum 4 <0-132>Switch2950#sh runBuilding configuration...Current configuration : 1089 bytes!hostname Switch2950!enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/enable password cisco!interface FastEthernet0/3 switchport mode access switchport port-security switchport port-security maximum 4 no ip address <output omitted>Switch2950#show port-securitySecure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count)-----------------------------------------------------------------------Fa0/1 1 1 0 ShutdownFa0/2 1 1 0 ShutdownFa0/3 4 0 0 Shutdown-----------------------------------------------------------------------Total Addresses in System : 0Max Addresses limit in System : 1024The security action is shutdown by default & we can change this amongone of 3 modes.Shutdown (default) - if violation happens interface will shutdownautomaticallyProtect (don’t log) - if violation happens interface won’t shutdown,won’t allow for communication, won’t log any errorRestrict (do log) - if violation happens interface won’t shutdown butno communication will be allowed & an alert would be sent / SNMP trapsent.The configuration may be done as shown below.Switch2950(config)#interface fastethernet 0/4Switch2950(config-if)#switchport mode accessSwitch2950(config-if)#switchport port-securitySwitch2950(config-if)#switchport port-security violation shutdown /protect / restrictIf we chose protect
  24. 24. 24Switch2950#sh runBuilding configuration...Current configuration : 1089 bytes!hostname Switch2950!enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/enable password cisco!interface FastEthernet0/4 switchport mode access switchport port-security switchport port-security violation protect switchport port-security mac-address 0000.0000.A131 no ip address <output omitted>Switch2950#show port-securitySecure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count)-----------------------------------------------------------------------Fa0/1 1 1 0 ShutdownFa0/2 1 1 0 ShutdownFa0/3 4 0 0 ShutdownFa0/4 1 0 0 Protect-----------------------------------------------------------------------Total Addresses in System : 0Max Addresses limit in System : 1024Spanning-tree protocol - L et’s n ext d o som e b asic ob servation on S T P F0/11 F0/11 Switch A Switch B 1000.0000.000A 0000.0000.000AWith reference to the above diagram, the Root Bridge is Switch Bbecause it has the lowest mac-address 0000.0000.000A. Switch A will bethe non-root bridge. Let’s see the output of show spanning-tree commandnow.SwitchB#show spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0000.0000.000A This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0000.0000.000A Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300
  25. 25. 25Interface Port ID Designated Port IDName Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr------------ -------- --------- --- ------ --------------------------Fa0/11 128.1 100 FWD 0 32769 1000.0000.000A 128.1SwitchA#show spanning-treeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0000.0000.000A This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 1000.0000.000A Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300Interface Port ID Designated Port IDName Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr----------- -------- --------- --- --------- -------------------- -----Fa0/11 128.1 100 FWD 0 32769 0000.0000.000A 128.1The next major topic we would like to see is VLAN.The output of “show vlan” command when no vlans are configured isSwitch2950#show vlanVLAN Name Status Ports---- ------------------------ --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/121002 fddi-default active1003 token-ring-default active1004 fddinet-default active1005 trnet-default activeVLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Tran1 Tran2---- ----- ------ ---- ------ ------ -------- --- ------- ----- -----1 enet 100001 1500 - - - - - 0 01002 fddi 101002 1500 - - - - - 0 01003 tr 101003 1500 - - - - srb 0 01004 fdnet 101004 1500 - - - ieee - 0 01005 trnet 101005 1500 - - - ibm - 0 0Remote SPAN VLANs-----------------------------------------------------------------------Primary Secondary Type Ports------- --------- ----------------- -----------------------------------We can observe that all the interfaces are associated with the defaultVLAN1.Now let’s get on to creating STATIC VLANs & define port associations.Two possibilities exist. One from the privilege mode (using VLANDatabase) & the second from global config mode.
  26. 26. 26Creating vlan using “vlan database” methodSwitch2950#vlan databaseSwitch2950(vlan)#vlan 2 name CCNA – creating VLAN with id 2 & name CCNAVLAN 2 added: Name: CCNASwitch2950(vlan)#apply – to save the configurationAPPLY completed.Switch2950(vlan)#exit – implicit save & exitAPPLY completed.Exiting....Using “^Z” will not save the config & we will also exit from vlandatabase.After Vlan is created see the output of “show vlan” commandSwitch2950#show vlanVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/122 CCNA active1002 fddi-default active1003 token-ring-default active1004 fddinet-default active1005 trnet-default active<output omitted>Assigning vlan membership – let’s make interface fa0/4 a member of Vlan2Switch2950(config)#int fastEthernet 0/4Switch2950(config-if)#switchport mode accessSwitch2950(config-if)#switchport access vlan 2Switch2950(config-if)# ^zInterface 4 is now assigned to vlan 2Switch2950#show vlanVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/122 CCNA active Fa0/41002 fddi-default active1003 token-ring-default active1004 fddinet-default active1005 trnet-default active<output omitted>You are seeing the output from show run command after assigning themembership for the interface 4Switch2950#show runBuilding configuration...
  27. 27. 27!Current configuration : 98 bytes!interface FastEthernet0/4 switchport access vlan 2 switchport mode access no ip addressendLet’s repeat the above using the second method - Creating vlan usingglobal configuration modeSwitch2950#configure terminalSwitch2950(config)#vlan 3Switch2950(config-vlan)#name CCNPSwitch2950(config-vlan)#exitOutput of show vlan command after creating vlan 3 in globalconfiguration modeSwitch2950#sh vlanVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/122 CCNA active Fa0/43 CCNP active1002 fddi-default active1003 token-ring-default active1004 fddinet-default active1005 trnet-default activeWe can see that the outcome is the same wherever we create the VLANfrom.If we wanted to know the VTP Domain name, version used, VTP switchmode, we use the command “show vtp status”Switch2950#show vtp statusVTP Version : 2Configuration Revision : 1Maximum VLANs supported locally : 64Number of existing VLANs : 6VTP Operating Mode : ServerVTP Domain Name : NullVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledLet’s change the switch mode to CLIENT.Switch2950#vlan databaseSwitch2950(vlan)#vtp clientSetting device to VTP CLIENT mode.The same task using global configuration mode -Switch2950#configure terminal
  28. 28. 28Switch2950(config)#vtp mode Server / Client / TransparentSwitch2950#show vtp statusVTP Version : 2Configuration Revision : 1Maximum VLANs supported locally : 64Number of existing VLANs : 6VTP Operating Mode : ClientVTP Domain Name : NullVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledNow we are going to change vtp domain name from “Null” to “Cisco” usingvlan database methodSwitch2950#vlan databaseSwitch2950(vlan)#vtp domain CiscoChanging VTP domain name from Null to CiscoSwitch2950(vlan)#exitAPPLY completed.Exiting....Same task using global configuration modeSwitch2950#configure terminalSwitch(config)#vtp domain CiscoChanging VTP domain name from Null to CiscoSwitch2950#show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 64Number of existing VLANs : 6VTP Operating Mode : ServerVTP Domain Name : CiscoVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : Disabled
  29. 29. 29Let’s see how mac address table reflects the vlan configuration in thebelow case. F0/12 F0/12 Switch A Switch B F0/1 F0/2 F0/1 F0/2 0000.0000.0002 0000.0000.0001 0000.0000.000A 0000.0000.000B Vlan 1 Vlan 2Switch A & B’s mac address table & interface status reveal -SwitchA#sh mac-address-table Mac Address Table------------------------------------------Vlan Mac Address Type Ports---- ----------- ---- ----- 1 0000.0000.0002 Dynamic Fa0/1 2 0000.0000.0001 Dynamic Fa0/2 1 0000.0000.000A Dynamic Fa0/12 2 0000.0000.000B Dynamic Fa0/12<other entries omitted>SwitchB#sh mac-address-table Mac Address Table------------------------------------------Vlan Mac Address Type Ports---- ----------- ---- ----- 1 0000.0000.000A Dynamic Fa0/1 2 0000.0000.000B Dynamic Fa0/2 1 0000.0000.0001 Dynamic Fa0/12 1 0000.0000.0002 Dynamic Fa0/12<other entries omitted>
  30. 30. 30SwitchA#show interface statusPort Name Status Vlan Duplex Speed TypeFa0/1 connected 1 full 100 10/100BaseTXFa0/2 connected 2 full 100 10/100BaseTXFa0/3 notconnect 1 auto auto 10/100BaseTXFa0/4 notconnect 1 auto auto 10/100BaseTXFa0/5 notconnect 1 auto auto 10/100BaseTXFa0/6 notconnect 1 auto auto 10/100BaseTXFa0/7 notconnect 1 auto auto 10/100BaseTXFa0/8 notconnect 1 auto auto 10/100BaseTXFa0/9 notconnect 1 auto auto 10/100BaseTXFa0/10 notconnect 1 auto auto 10/100BaseTXFa0/11 notconnect 1 auto auto 10/100BaseTXFa0/12 Trunk 1 auto auto 10/100BaseTXSwitchB#show interface statusPort Name Status Vlan Duplex Speed TypeFa0/1 connected 1 full 100 10/100BaseTXFa0/2 connected 2 full 100 10/100BaseTXFa0/3 notconnect 1 auto auto 10/100BaseTXFa0/4 notconnect 1 auto auto 10/100BaseTXFa0/5 notconnect 1 auto auto 10/100BaseTXFa0/6 notconnect 1 auto auto 10/100BaseTXFa0/7 notconnect 1 auto auto 10/100BaseTXFa0/8 notconnect 1 auto auto 10/100BaseTXFa0/9 notconnect 1 auto auto 10/100BaseTXFa0/10 notconnect 1 auto auto 10/100BaseTXFa0/11 notconnect 1 auto auto 10/100BaseTXFa0/12 Trunk 1 auto auto 10/100BaseTXTo view trunk details we use the commands “show interface <interfaceid> trunk” & “show interface <interface id> switchport”SwitchA#show interface fastethernet 0/12 switchportName: Fa0/12Switchport: EnabledAdministrative Mode: dynamic desirableOperational Mode: dynamicAdministrative Trunking Encapsulation: dot1qNegotiation of Trunking: OnAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)We can even configure the mac-address statically. The following commandis used.SwitchA(config)#mac-address static 0000.0000.AAAA vlan 3 interfacefastEthernet 0/11Then our mac-address table looks like thisSwitchA#sh mac-address-table Mac Address Table------------------------------------------Vlan Mac Address Type Ports---- ----------- ---- ----- 1 0000.0000.000A Dynamic Fa0/1 2 0000.0000.000B Dynamic Fa0/2 3 0000.0000.AAAA Static Fa0/11 1 0000.0000.0001 Dynamic Fa0/12
  31. 31. 31 1 0000.0000.0002 Dynamic Fa0/12Total Mac Addresses for this criterion: 5
  32. 32. 32Routing
  33. 33. 33Static RoutesThere are actually two ways that a router can learn a static route.First, a router will look at its active interfaces, examine theaddresses configured on the interfaces and determine the correspondingnetwork numbers, and populate the routing table with this information.This is commonly called a connected route.The following example shows the routing table of a Router whoseEthernet 0 interface has been configured with an IP Address 10.0.0.1 &Serial 0 with 192.168.1.1. To view the Routing table, use the command“show ip route”Router_1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS- IS inter area * - candidate default, U - per-user static route, o – ODR P - periodic downloaded static routeGateway of last resort is not setC 10.0.0.0/8 is directly connected, Ethernet0C 192.168.1.0/24 is directly connected, Serial0Explanation of the Routing Table Entries :The top portion of the display for this command has a table of codes.These codes, which describe a type of route that may appear in therouting table, are shown in the first column at the bottom part of thedisplay.“C” represents that it’s a directly connected network.This is followed by Network ID & to which interface that network isconnected.In 10.0.0.0/8, the “/8” represents the subnet mask – 255.0.0.0Note : If we hadn’t configured any IP address on the router, therewould be no entries in the routing table – it would have been empty.
  34. 34. 34The second way is when we manually configure it. A static route is amanually configured route on the router. Consider the below networkwith IP addresses configured as shown. 192.168.1.1 172.16.0.1 S0 172.16.0.2 S0 192.168.1.2 S1 S1 R1 R2 R3 E0 E0 E0 10.0.0.1 20.0.0.1 30.0.0.1Static Route ConfigurationTo configure a static route for IP, use one of these two commands:Router(config)#ip route <Dest_Net_ID><subnet_mask><next_hop IP_address>-or-Router(config)#ip route <Dest_Net_ID>< subnet_mask>< interface_to_exit>The first parameter that you must specify is the destination networknumber.After the subnet mask parameter, you have two ways to specify how toreach the destination network:(i)By specifying the next hop neighbor’s IP address (safe to use this– as this is suitable for all environments)or(ii)The router’s specific exit interface to reach a destinationnetwork. (Use this method if it is a point-to-point link only). In thisinstance, you must specify the name of the interface on the router,like serial0.Here below is the configuration of Router R1 with the next hopneighbor’s IP address.R1#sh runBuilding configuration...Current configuration : 908 bytesversion 12.2(irrelevant output omitted)
  35. 35. 35interface Ethernet0 ip address 10.0.0.1 255.0.0.0!interface Serial0 ip address 192.168.1.1 255.255.255.0 no fair-queue clockrate 64000!ip route 20.0.0.0 255.0.0.0 192.168.1.2ip route 30.0.0.0 255.0.0.0 192.168.1.2ip route 172.16.0.0 255.255.0.0 192.168.1.2ip http server!line con 0 transport input noneline aux 0!endThe following shows the routing table of a Router (R1 – the leftmostRouter) with Static Routes configured.R1#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS- IS inter area * - candidate default, U - per-user static route, o – ODR P - periodic downloaded static routeGateway of last resort is not setS 20.0.0.0/8 [1/0] via 192.168.1.2S 172.16.0.0/16 [1/0] via 192.168.1.2C 10.0.0.0/8 is directly connected, Ethernet0C 192.168.1.0/24 is directly connected, Serial0S 30.0.0.0/8 [1/0] via 192.168.1.2This shows additional entries (configuration discussed next) with “S” –representing manually configured static routes.Consider the entry - S 20.0.0.0/8 [1/0] via 192.168.1.2Two values in “[1 / 0]” represent the Administrative Distance (AD) &Metric value respectively (details discussed in separate section).Suffice to remember that the first value is the AD value and itsdefault value is “1” for a static route. The next value indicates themetric & the default value of a statically configured route is always“0”.via 192.168.1.2 represents the gateway address, i.e. the next router’sinterface IP address – this is the interface through which the data hasto travel from R1 to reach destination Network 20.0.0.0 (which isconnected to router R2).
  36. 36. 36Here below is the configuration of Router R2 with the exit interfaceconfiguration.R2#sh runBuilding configuration...Current configuration : 654 bytes(irrelevant output omitted)!interface Ethernet0 ip address 20.0.0.1 255.0.0.0!interface Serial0 ip address 172.16.0.1 255.255.0.0 clockrate 64000!interface Serial1 ip address 192.168.1.2 255.255.255.0!no ip http serverip classlessip route 10.0.0.0 255.0.0.0 Serial1ip route 30.0.0.0 255.0.0.0 172.16.0.2!line con 0line aux 0line vty 0 4 password cisco login!!endThe following table shows the routing table of R2R2#sh ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per- user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not setC 20.0.0.0/8 is directly connected, Ethernet0C 172.16.0.0/16 is directly connected, Serial0S 10.0.0.0/8 is directly connected, Serial1C 192.168.1.0/24 is directly connected, Serial1S 30.0.0.0/8 [1/0] via 172.16.0.2In this example, there are three connected routes, and two staticroutes. The static route (10.0.0.0) is treated as a directly connectedroute, since it was created by specifying the interface to exit therouter – “SERIAL1”.
  37. 37. 37BACKUP ROUTEWhile configuring static route, optionally you can change theadministrative distance of a static route. If you omit this value, itwill have one of two defaults, depending on the configuration of theprevious parameter. If you specified the next hop neighbor’s IPaddress, then the administrative distance defaults to 1. If youspecified the interface on the router it should use to reach thedestination, the router treats the route as a connected route andassigns an administrative distance of 0 to it.Please note that you can create multiple static routes to the samedestination. For instance, you might have primary and backup paths tothe destination. For the primary path, use the default administrativedistance value. For the backup path, use a number higher than this,such as 2. Once you have configured a backup path, the router will usethe primary path, and if the interface on the router fails for theprimary path, the router will use the backup route.The configuration of Router R3 with the interface the router shouldexit to reach the destination network with a administrative distancevalue of 2 and also with the next hop neighbor’s IP address pointing toRouter R2. 192.168.1.1 S0 172.16.0.2 192.168.1.2 172.16.0.1 S0 S1 S1 R1 R2 S1 R3 200.0.0.1 S0 E0 E0 E0 200.0.0.2 10.0.0.1 20.0.0.1 30.0.0.1R3#sh runBuilding configuration...Current configuration : 725 bytes!version 12.2!enable password cisco(irrelevant output omitted)!interface Ethernet0 ip address 30.0.0.1 255.0.0.0 duplex auto speed auto!interface Serial0 ip address 172.16.0.2 255.255.0.0!interface Serial1 ip address 200.0.0.2 255.255.255.0
  38. 38. 38!ip route 20.0.0.0 255.0.0.0 172.16.0.1ip route 20.0.0.0 255.0.0.0 Serial0 2ip http server!!line con 0 logging synchronousline aux 0line vty 0 4 password cisco login!endThe following example shows the routing table of R3R3#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS- IS inter area * - candidate default, U - per-user static route, o – ODR P - periodic downloaded static routeGateway of last resort is not setS 20.0.0.0/8 [1/0] via 172.16.0.1C 172.16.0.0/16 is directly connected, Serial1C 200.0.0.0/24 is directly connected, Serial0C 30.0.0.0/8 is directly connected, Ethernet0Mark here that even though we have configured 20.0.0.0 network with theoutgoing interface Serial0 , it has not been populated in the routingtable because of higher Administrative Distance number. 172.16.0.1 172.16.0.2 S0 S1 R2 R3 E0 E0 20.0.0.1 30.0.0.1Default Route ConfigurationA default route is a special type of static route. Where a static routespecifies a path a router should use to reach a specific destination, adefault route specifies a path the router should use if it doesn’t know
  39. 39. 39how to reach the destination. Sometimes this is also referred to as a“gateway of last resort”.Note that if a router does not have any path in its routing tabletelling it how to reach a destination, and the router receives a packetdestined for this network, the router will drop the packet. Therefore,a default route can serve as a catch-all: if there is no specific pathto the destination, the router will use the default route to reach it.To set up a default route, use the following syntax for a static route:Router(config)#ip route 0.0.0.0 0.0.0.0 IP_address_of_next_hop_neighbor-or-Router(config)# ip route 0.0.0.0 0.0.0.0 interface_to_exitThe network number of 0.0.0.0/0 represents all networks, and a mask ofall 0’s in the bit position represents all hosts in the specifiednetwork.The configuration of Router R3 with a default route is shown below.R3#sh runBuilding configuration...(irrelevant output omitted)interface Ethernet0 ip address 30.0.0.1 255.0.0.0 duplex auto speed auto!interface Serial1 ip address 172.16.0.2 255.255.0.0!ip route 0.0.0.0 0.0.0.0 Serial1line con 0!endThe following table shows the routing table of R3R3#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS- IS inter area * - candidate default, U - per-user static route, o – ODR P - periodic downloaded static routeGateway of last resort is Serial0 to network 0.0.0.0C 172.16.0.0/16 is directly connected, Serial0C 30.0.0.0/8 is directly connected, Ethernet0S* 0.0.0.0/0 [1/0] via Serial0
  40. 40. 40 RIPWe shall have a simple setup to learn how RIP routing is enabled andalso try to find out what happens dynamically when a network changeoccurs.In this exercise, to emulate connected networks, we’ll create “virtualinterfaces” called loopback interfaces. We’ll identify and configureclockrate on DCE interfaces. We’ll verify our IP configuration usingthe “show ip interface brief” command & finally enable RIP routingprotocol. 1.1.1.1 3.3.3.3 L0 11.0.0.1 L0 11 11.0.0.2 Router1 Serial 1 Router3 2 Serial 01. To create a loopback interface use the “interface loopback <id>”command. This is very similar to a regular interface command – aloopback automatically gets created.Create a loopback interface in Router1Router1(config)#int loopback 0Router1(config-if)#ip address 1.1.1.1 255.0.0.0Rotuer1(config-if)#exitCreate a loopback interface in Router3Rotuer3(config)#int loopback 0Rotuer3(config-if)#ip address 3.3.3.3 255.0.0.0Rotuer3(config-if)#exit2. We also need to identify if the WAN serial interface is a DCE or DTEusing “show controllers serial 0” command because the DCE providesclocking.Router1#sh controller s 1HD unit 0, idb = 0x29A524, driver structure at 0x2A1AE8buffer size 1524 HD unit 0, V.35 DTE cablecpb = 0xE1, eda = 0x4940, cda = 0x4800RX ring with 16 entries at 0xE1480000 bd_ptr=0x4800 pak=0x2A5AFC ds=0xE1ECC8 status=00 pak_size=001 bd_ptr=0x4814 pak=0x2A584C ds=0xE1E60C status=00 pak_size=002 bd_ptr=0x4828 pak=0x2A559C ds=0xE1DF50 status=00 pak_size=003 bd_ptr=0x483C pak=0x2A52EC ds=0xE1D894 status=00 pak_size=004 bd_ptr=0x4850 pak=0x2A503C ds=0xE1D1D8 status=00 pak_size=0<output omitted>Rotuer3#show controllers serial 0HD unit 0, idb = 0x2A1B80, driver structure at 0x2A9140
  41. 41. 41buffer size 1524 HD unit 0, V.35 DCE cablecpb = 0xE2, eda = 0x2940, cda = 0x2800RX ring with 16 entries at 0xE2280000 bd_ptr=0x2800 pak=0x2AD158 ds=0xE2C60C status=80 pak_size=001 bd_ptr=0x2814 pak=0x2ACEA8 ds=0xE2BF50 status=80 pak_size=002 bd_ptr=0x2828 pak=0x2ACBF8 ds=0xE2B894 status=80 pak_size=003 bd_ptr=0x283C pak=0x2AC948 ds=0xE2B1D8 status=80 pak_size=004 bd_ptr=0x2850 pak=0x2AC698 ds=0xE2AB1C status=80 pak_size=0<output omitted>The above reveals that Router3’s serial interface is the DCE end &implies that we need to configure the clockrate on Router3’s S0interface using the “clock rate <value>” command.Router3(Config-if)#clock rate 64000We can also view the enabled ROUTED PROTOCOL using “show protocols”command.(This reveals that IP is enabled).Rotuer3#show protocolsGlobal values: Internet Protocol routing is enabledEthernet0 is administratively down, line protocol is downEthernet1 is administratively down, line protocol is downLoopback0 is up, line protocol is up Internet address is 3.3.3.3/8Serial0 is up, line protocol is up Internet address is 11.0.0.2/8Serial1 is administratively down, line protocol is downWhen no routing protocol is configured, the Routing table displaysdirectly connected routes only (after configuring serial interface ipaddress also).Router3#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS interarea * - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 3.0.0.0/8 is directly connected, Loopback0C 11.0.0.0/8 is directly connected, Serial03. Another useful command (to view various interface status) is the“show ip interface brief”.Router1#show ip interface briefInterface IP-Address OK? Method Status Protocol
  42. 42. 42Ethernet0 unassigned YES NVRAM administratively down downLoopback0 1.1.1.1 YES manual up upSerial0 unassigned YES NVRAM administratively down downSerial1 11.0.0.1 YES manual up upThe “method” column tells us whether the interface configuration wastaken from NVRAM (startup-config) or was manually configured by theadministrator. The status & Protocol reveal the link (connectednetwork) status.If status shows as up, the link is OK. If it shows as down, the networkis down. If it’s administratively down, it means that the network hasbeen manually shut down using the “shutdown” command. If protocol showsas down, it means that the line protocol is not properly configured.Typically either the encapsulation or the clock rate is not configuredproperly.ENABLING RIP PROTOCOLLet’s now enable the RIP Routing Protocol using “Router RIP” command &publish directly connected Networks using “Network <Network id>”commandRouter3(config)#router ripRouter3(config-router)#Network 3.0.0.0Router3(config-router)#Network 11.0.0.0Router3(config-router)#endRouter3#Let’s see if the above 3 configurations are reflected in the running-config output…Router3#show running-configBuilding configuration...Current configuration : 769 bytes!version 12.2no service single-slot-reload-enableservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Router3!logging rate-limit console 10 except errorsenable password cisco!ip subnet-zerono ip finger!no ip dhcp-client network-discovery!interface Loopback0 ip address 3.3.3.3 255.0.0.0!interface Ethernet0
  43. 43. 43 no ip address shutdown!interface Ethernet1 no ip address shutdown!interface Serial0 ip address 11.0.0.2 255.0.0.0 clockrate 64000 <DCE interface>!interface Serial1 no ip address shutdown!router rip network 3.0.0.0 network 11.0.0.0!ip kerberos source-interface anyip classlessip http server!line con 0 transport input noneline aux 0line vty 0 4 password cisco login!endsimilarly in Router1,Router1(config)#router ripRouter1(config-router)#network 1.0.0.0Router1(config-router)#network 11.0.0.0Router1(config-router)#endRouter1#show running-configBuilding configuration...hostname Router1!interface Loopback0 ip address 1.1.1.1 255.0.0.0!interface Ethernet0 no ip address shutdown!interface Serial0 no ip address shutdown!interface Serial1 ip address 11.0.0.1 255.0.0.0
  44. 44. 44!router rip network 1.0.0.0 network 11.0.0.0!end<output omitted>We are clearly able to see the configuration changes in the running-config of both the routers. If we view Router1s routing table, we’llbe able to see what routes have been learnt through RIP.Router1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS interarea* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 1.0.0.0/8 is directly connected, Loopback0R 3.0.0.0/8 [120/1] via 11.0.0.2, 00:00:05, Serial1C 11.0.0.0/8 is directly connected, Serial1Consider the second entry of the routing table“R” represents RIP learnt routes“[120/1]” represents AD value of 120 for RIP & hop count of 1 to reachnetwork 3.0.0.0“via 11.0.0.2” denotes the gateway and also specifies that it isreachable through router1s Serial 1 interface.Router3s routing table displays similar entriesRotuer3#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS interarea * - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setR 1.0.0.0/8 [120/1] via 11.0.0.1, 00:00:00, Serial0C 3.0.0.0/8 is directly connected, Loopback0C 11.0.0.0/8 is directly connected, Serial0To view more details regarding the configured Routing Protocol (RIP inour case), lets use the “show ip protocols” command.
  45. 45. 45This will display routing protocol details along with certainparameters like timers, default AD value, routed networks, RIP versionetcRouter3#sh ip protocolsRouting Protocol is "rip" Sending updates every 30 seconds, next due in 2 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Triggered RIP Key-chain Loopback0 1 1 2 Serial0 1 1 2 Automatic network summarization is in effect Routing for Networks: 3.0.0.0 11.0.0.0 Routing Information Sources: Gateway Distance Last Update 11.0.0.1 120 00:00:17 Distance: (default is 120)Router1#sh ip protocolsRouting Protocol is "rip"Sending updates every 30 seconds, next due in 24 secondsInvalid after 180 seconds, hold down 180, flushed after 240(Displays various timer values) Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Redistributing: ripDefault version control: send version 1, receive any version(Configured RIP Version is 1) Interface Send Recv Triggered RIP Key-chain Loopback0 1 1 2 Serial1 1 1 2 Automatic network summarization is in effect Routing for Networks: (Displays networks published) 1.0.0.0 11.0.0.0 Routing Information Sources: Gateway Distance Last Update 11.0.0.2 120 00:00:16 Distance: (default is 120) (Displays default AD value)To view what information is exchanged between routers running RIP,lets debug the RIPs operation using debug ip rip commandRotuer3#debug ip ripRIP protocol debugging is onRotuer3#01:05:49: RIP: received v1 update from 11.0.0.1 on Serial0 (V1 represents version 1)01:05:49: 1.0.0.0 in 1 hops (This is what is received from router1)01:05:59: RIP: sending v1 update to 255.255.255.255 via Loopback0 (3.3.3.3) (Broadcast update sent)01:05:59: RIP: build update entries
  46. 46. 4601:05:59: network 1.0.0.0 metric 2 (metric refers to hop count)01:05:59: network 11.0.0.0 metric 101:05:59: RIP: sending v1 update to 255.255.255.255 via Serial0 (11.0.0.2)01:05:59: RIP: build update entries01:05:59: network 3.0.0.0 metric 101:06:18: RIP: received v1 update from 11.0.0.1 on Serial0 (30 sec periodic update)01:06:18: 1.0.0.0 in 1 hops01:06:27: RIP: sending v1 update to 255.255.255.255 via Loopback0 (3.3.3.3)01:06:27: RIP: build update entries01:06:27: network 1.0.0.0 metric 201:06:27: network 11.0.0.0 metric 101:06:27: RIP: sending v1 update to 255.255.255.255 via Serial0 (11.0.0.2)01:06:27: RIP: build update entries01:06:27: network 3.0.0.0 metric 1Rotuer3#undebug all (to switch off all debugging)Observe that full routing table is not sent as updates in all directions –because of split horizon rule. Let’s see how similar the debug output is inrouter1Router1#debug ip ripRIP protocol debugging is onRouter1#01:07:50: RIP: received v1 update from 11.0.0.2 on Serial101:07:50: 3.0.0.0 in 1 hops01:08:05: RIP: sending v1 update to 255.255.255.255 via Loopback0 (1.1.1.1)01:08:05: RIP: build update entries01:08:05: network 3.0.0.0 metric 201:08:05: network 11.0.0.0 metric 101:08:05: RIP: sending v1 update to 255.255.255.255 via Serial1 (11.0.0.1)01:08:05: RIP: build update entries01:08:05: network 1.0.0.0 metric 101:08:18: RIP: received v1 update from 11.0.0.2 on Serial101:08:18: 3.0.0.0 in 1 hops01:08:33: RIP: sending v1 update to 255.255.255.255 via Loopback0 (1.1.1.1)01:08:33: RIP: build update entries01:08:33: network 3.0.0.0 metric 201:08:33: network 11.0.0.0 metric 101:08:33: RIP: sending v1 update to 255.255.255.255 via Serial1 (11.0.0.1)01:08:33: RIP: build update entries01:08:33: network 1.0.0.0 metric 1Rotuer1#undebug allTo verify the dynamic nature of the routing protocol, lets emulate anetwork going down by shutting down the loopback 0 of router1 & observethe debug output X 1.1.1.1 3.3.3.3 L0 L0 11.0.0.1 11.0.0.2 Router1 Serial 1 Router3 Serial 0Router1(config)#int loopback 0Router1(config-if)#shut
  47. 47. 47Router1(config-if)#01:21:17: %LINK-5-CHANGED: Interface Loopback0, changed state toadministratively downRouter1#debug ip ripRIP protocol debugging is on01:21:17: RIP: sending v1 flash update to 255.255.255.255 via Serial1(11.0.0.1) (this indicates a Triggered Update)01:21:17: RIP: build flash update entries01:21:17: network 1.0.0.0 metric 16(metric 16 means infinity for RIP – route poisoning)01:21:19: RIP: received v1 update from 11.0.0.2 on Serial101:21:19: 1.0.0.0 in 16 hops (inaccessible)(“inaccessible” implies that Poison-Reverse message is received from Router3)01:21:22: RIP: sending v1 update to 255.255.255.255 via Serial1 (11.0.0.1)01:21:22: RIP: build update entries01:21:22: network 1.0.0.0 metric 16Router1(config-if)#^ZNow this change is also reflected in the routing table – a networkthat’s gone down is immediately removed from the routing table.Router1#sh ip route01:21:30: %SYS-5-CONFIG_I: Configured from console by consolerouteCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is not setR 3.0.0.0/8 [120/1] via 11.0.0.2, 00:00:22, Serial1C 11.0.0.0/8 is directly connected, Serial1The above experiment reveals that the routers exchange networkconnectivity information (i) During Startup (ii) Periodically (once in 30 secs) (iii) Triggered (whenever network changes occur)We are also able to observe how split horizon functions to ensurerouting updates are not sent in the direction from where they werelearnt.Route poisoning & poison reverse were also observed.
  48. 48. 48 IGRP 1.1.1.1 3.3.3.3 L0 100.0.0.1 L0 11 100.0.0.2 Router1 Serial 1 Router3 2 Serial 0In this scenario, let’s complete the basic interface configurations,check the routing table content without configuring the routingprotocol & then proceed with protocol configuration & verification.A partial running-config output reveals interface configurationRouter1#sh runBuilding configuration...<output omitted>!interface Loopback0 ip address 1.1.1.1 255.0.0.0!interface Serial1 ip address 100.0.0.1 255.0.0.0<output omitted>!EndThe routing table reveals that the connected networks are upRouter1#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o – ODR P - periodic downloaded static routeGateway of last resort is not setC 1.0.0.0/8 is directly connected, Loopback0C 100.0.0.0/8 is directly connected, Serial1Let’s now configure IGRP routing protocol using“router igrp <AS number>” command & publish connected networks using“network <network id>” command.Router1(config)#router igrp 100 (100 is the Autonomous System)Router1(config-router)#network 1.0.0.0
  49. 49. 49Router1(config-router)#network 100.0.0.0 (publish directly connected networks)The running config on routers 1 & 3 now display the protocolconfiguration too.Router1#sh runBuilding configuration...<output omitted>!interface Loopback0 ip address 1.1.1.1 255.0.0.0!interface Serial1 ip address 100.0.0.1 255.0.0.0!router igrp 100network 1.0.0.0network 100.0.0.0!<output omitted>!EndRouter3(Config)#router igrp 100 (This AS number must be similar on all the routers)Router3(Config-router)# network 3.0.0.0Router3(Config-router)# network 100.0.0.0Router3#sh runBuilding configuration...Current configuration : 776 bytes!<output omitted>!interface Loopback0 ip address 3.3.3.3 255.0.0.0!interface Serial0 ip address 100.0.0.2 255.0.0.0 clockrate 64000!router igrp 100network 3.0.0.0network 100.0.0.0!<output omitted>!endAfter configuring IGRP let’s see if the routing tables of Routers 1 & 3have information about IGRP learnt routes.Router1#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
  50. 50. 50 BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS- IS inter area * - candidate default, U - per-user static route, o – ODR P - periodic downloaded static routeGateway of last resort is not setC 1.0.0.0/8 is directly connected, Loopback0C 100.0.0.0/8 is directly connected, Serial1I 3.0.0.0/8 [100/8976] via 100.0.0.2, 00:00:01, Serial1Router3#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS- IS inter area * - candidate default, U - per-user static route, o – ODR P - periodic downloaded static routeGateway of last resort is not setI 1.0.0.0/8 [100/8976] via 100.0.0.1, 00:01:03, Serial0C 100.0.0.0/8 is directly connected, Serial0C 3.0.0.0/8 is directly connected, Loopback0The I implies that this is an IGRP learnt route.100 stands for the AD value &8976 is the metric (composite – BW & Delay)“sh ip protocols” command gives us other useful information – same aswhat we saw for RIP.Router1#sh ip protocolsRouting Protocol is "igrp 100" Sending updates every 90 seconds, next due in 37 seconds Invalid after 270 seconds, hold down 280, flushed after 630 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Default networks flagged in outgoing updates Default networks accepted from incoming updates IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing: igrp 100 Routing for Networks: 1.0.0.0 100.0.0.0 Routing Information Sources: Gateway Distance Last Update 100.0.0.2 100 00:00:09 Distance: (default is 100)Router3#sh ip protocolsRouting Protocol is "igrp 100"
  51. 51. 51 Sending updates every 90 seconds, next due in 17 seconds Invalid after 270 seconds, hold down 280, flushed after 630 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Default networks flagged in outgoing updates Default networks accepted from incoming updates IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing: igrp 100 Routing for Networks: 3.0.0.0 100.0.0.0 Routing Information Sources: Gateway Distance Last Update 100.0.0.1 100 00:00:13 Distance: (default is 100)“Debug ip igrp transactions” command give us details reg the metric,updates etcRotuer3#debug ip igrp transactionsIGRP protocol debugging is onRotuer3#00:29:14:IGRP: received update from 100.0.0.1 on Serial000:29:14: network 1.0.0.0, metric 8976 (neighbor 501)00:29:19:IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)00:29:19: network 1.0.0.0, metric=897600:29:19: network 100.0.0.0, metric=847600:29:19:IGRP: sending update to 255.255.255.255 via Serial0 (100.0.0.2)00:29:19: network 3.0.0.0, metric=50100:30:32:IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)00:30:32: network 1.0.0.0, metric=897600:30:32: network 100.0.0.0, metric=847600:30:32:IGRP: sending update to 255.255.255.255 via Serial0 (100.0.0.2)00:30:32: network 3.0.0.0, metric=50100:30:38:IGRP: received update from 100.0.0.1 on Serial000:30:38: network 1.0.0.0, metric 8976 (neighbor 501)Let’s simulate a problem of network going down - on Router1. We’llshutdown the loopback 0 interface and this should reflect in router3’sRouting Table – will display possibly down message for the hold-downtime period (280 secs). X 1.1.1.1 3.3.3.3 L0 L0 100.0.0.1 100.0.0.2 Router1 Serial 1 Router3 Serial 0Router1(config)#int loopback 0Router1(config-if)#shutdown
  52. 52. 52Router1#sh runBuilding configuration...Current configuration : 693 bytes!hostname Router1!interface Loopback0 ip address 1.1.1.1 255.0.0.0 ShutdownObserve the debug output after shutting down the loopback 0 interfaceof router1 the metric value for network 1.0.0.0 goes to 4294967295 –representing infinity.Router3#debug ip igrp transactionsIGRP protocol debugging is on00:47:00: IGRP: received update from 100.0.0.1 on Serial000:47:00: network 1.0.0.0, metric 4294967295 (inaccessible)00:47:00: IGRP: edition is now 300:47:00: IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)The routing table now reflects this change as “possibly down” – doesn’tremove the entry immediately – waits for hold-down timer to expire andthen decides to remove the entry/reinstate the entry if the network hascome up!Rotuer3#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is not setI 1.0.0.0/8 is possibly down, routing via 100.0.0.1, Serial0C 100.0.0.0/8 is directly connected, Serial0C 3.0.0.0/8 is directly connected, Loopback0Note : If the entry were to be removed, it’s not done so immediatelyafter hold down timer expires. It’s removed only after the flush timer(630 secs) expires.
  53. 53. 53 EIGRP S0 25.0.0.1 S01.1.1.1 25.0.0.2 3.3.3.3 L0 Router1 L0 50.0.0.1 Router3 50.0.0.2 S1 S1BASIC CONFIGURATIONIn this case, we’ll consider a slightly different scenario where wehave two paths to a destination. We’ll be able to understand redundancy& load balancing also with this case study.Let’s first configure the Routers according to the above diagram &observe the routing table without configuring the routing protocols.Router1(config)#Router1(config)#int loop 0Router1(config-if)#ip add 1.1.1.1 255.0.0.0Router1(config-if)#exitRouter1(config)#int s0Router1(config-if)#ip add 25.0.0.1 255.0.0.0Router1(config-if)#no shutRouter1(config-if)#exitRouter1(config)#int s1Router1(config-if)#ip add 50.0.0.1 255.0.0.0Router1(config-if)#no shutRouter1#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS- IS inter area * - candidate default, U - per-user static route, o – ODR P - periodic downloaded static routeGateway of last resort is not setC 1.0.0.0/8 is directly connected, Loopback0C 50.0.0.0/8 is directly connected, Serial1C 25.0.0.0/8 is directly connected, Serial0Similarly Configure Router3 & check out it’s Routing TableRouter3(config)#int loop 0Router3(config-if)#ip add 3.3.3.3 255.0.0.0Router3(config-if)#exitRouter3(config)#int s0Router3(config-if)#ip add 25.0.0.2 255.0.0.0Router3(config-if)#clock rate 64000Router3(config-if)#no shut
  54. 54. 54Router3(config-if)#exitRouter3(config)#int s1Router3(config-if)#ip add 50.0.0.2 255.0.0.0Router3(config-if)#clock rate 64000Router3(config-if)#no shutRouter3#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS- IS inter area * - candidate default, U - per-user static route, o – ODR P - periodic downloaded static routeGateway of last resort is not setC 50.0.0.0/8 is directly connected, Serial1C 3.0.0.0/8 is directly connected, Loopback0C 25.0.0.0/8 is directly connected, Serial0I)EIGRP OPERATION WITH EQUAL COST LOAD BALANCINGENABLING EIGRPNow, we’ll enable the routing protocol on both the routers using“Router EIGRP <AS number>” command & publish Networks using“Network <Network id>” commandRouter1(config)#router eigrp 200Router1(config-router)#net 1.0.0.0Router1(config-router)#net 25.0.0.0Router1(config-router)#net 50.0.0.0Router3(config)#router eigrp 200Router3(config-router)#net 3.0.0.0Router3(config-router)#net 25.0.0.0Router3(config-router)#net 50.0.0.0Let’s see how this configuration reflects in the running configurationof Router1 & Router3Router1#sh runBuilding configuration...<output omitted>interface Serial0 ip address 25.0.0.1 255.0.0.0!interface Serial1 ip address 50.0.0.1 255.0.0.0!router eigrp 200 network 1.0.0.0 network 25.0.0.0 network 50.0.0.0 auto-summary (Observe this is automatically added!)
  55. 55. 55 no eigrp log-neighbor-changes!<output omitted>EndRouter3#sh runBuilding configuration...<output omitted>interface Serial0 ip address 25.0.0.2 255.0.0.0 clockrate 64000!interface Serial1 ip address 50.0.0.2 255.0.0.0 clockrate 64000!router eigrp 200 network 3.0.0.0 network 25.0.0.0 network 50.0.0.0 auto-summary (Automatically added indicating Auto-summarisation) no eigrp log-neighbor-changes)<output omitted>EndTHE ROUTING TABLEAs there are 2 equally good paths between the routers, 2 routes must beseen in the routing table of these routers. We can also see “D” in thefirst column of the highlighted entry indicating EIGRP learnt routes.Router1#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS- IS inter area * - candidate default, U - per-user static route, o – ODR P - periodic downloaded static routeGateway of last resort is not setC 1.0.0.0/8 is directly connected, Loopback0C 50.0.0.0/8 is directly connected, Serial1D 3.0.0.0/8 [90/2297856] via 25.0.0.2, 00:02:25, Serial0 [90/2297856] via 50.0.0.2, 00:02:25, Serial1C 25.0.0.0/8 is directly connected, Serial0The above indicates two paths to reach network 3.0.0.0 from Router1. Asimilar table can be seen in Router3.Router3#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
  56. 56. 56 EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS- IS inter area * - candidate default, U - per-user static route, o – ODR P - periodic downloaded static routeGateway of last resort is not setD 1.0.0.0/8 [90/2297856] via 25.0.0.1, 00:03:08, Serial0 [90/2297856] via 50.0.0.1, 00:03:08, Serial1C 50.0.0.0/8 is directly connected, Serial1C 3.0.0.0/8 is directly connected, Loopback0C 25.0.0.0/8 is directly connected, Serial0The “show ip route eigrp” command displays only EIGRP learnt routes.Router1#sh ip route eigrpD 3.0.0.0/8 [90/2297856] via 25.0.0.2, 00:04:43, Serial0 [90/2297856] via 25.0.0.2, 00:04:43, Serial0Router3#sh ip route eigrpD 1.0.0.0/8 [90/2297856] via 25.0.0.1, 00:03:19, Serial0 [90/2297856] via 50.0.0.1, 00:03:19, Serial1THE NEIGHBOR TABLELet’s look at the neighbor table contents next.We use the “sh ip eigrp neighbors” command.In this case, the same neighbor is learnt via 2 paths & hence 2entries. Had there been only one path between the 2 routers, only oneentry would be seen.Router1#sh ip eigrp neighborsIP-EIGRP neighbors for process 200H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num1 50.0.0.2 Se1 14 00:01:47 28 200 0 60 25.0.0.2 Se0 14 00:09:34 30 200 0 5The first column indicates the order of learning Neighbors.The next column points the connected interface IP of the neighbor.Third column is this router’s interface through which the neighbor isconnected.A similar table is seen on Router3 as well.Router3#sh ip eigrp neighborsIP-EIGRP neighbors for process 200H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num1 50.0.0.1 Se1 11 00:03:32 28 200 0 60 25.0.0.1 Se0 11 00:11:12 726 4356 0 7
  57. 57. 57THE TOPOLOGY TABLELet’s now view the topology table entries using the “sh ip eigrptopology” command. We should be able to see the “successor” & “feasiblesuccessor” apart from Feasible & Advertised Distance values.Router1#sh ip eigrp topologyIP-EIGRP Topology Table for AS(200)/ID(1.1.1.1)Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia StatusP 1.0.0.0/8, 1 successors, FD is 128256 via Connected, Loopback0 via Summary (128256/0), Null0P 3.0.0.0/8, 2 successors, FD is 2297856 via 50.0.0.2 (2297856/128256), Serial1 (Both are equally good) via 25.0.0.2 (2297856/128256), Serial0 (Hence two successors )P 25.0.0.0/8, 1 successors, FD is 2169856 via Connected, Serial0 via Summary (2169856/0), Null0P 50.0.0.0/8, 1 successors, FD is 2169856 via Connected, Serial1 via Summary (2169856/0), Null0In the highlighted entry “(2297856/128256)” 2297856 is the feasibledistance & 128256 is the advertised distance.If both paths were with different metrics, the one with the best metricwould have been the successor & the other feasible successor. Then itwould display 1 successor & not 2 successors as we’ll see in the nextsection.“P”in the first column indicates that it’s in the passive state.Let’s observe Router3’s Topology Table – much the same !Router3#sh ip eigrp topologyIP-EIGRP Topology Table for AS(200)/ID(3.3.3.3)Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia StatusP 1.0.0.0/8, 2 successors, FD is 2297856 via 50.0.0.1 (2297856/128256), Serial1 via 25.0.0.1 (2297856/128256), Serial0P 3.0.0.0/8, 1 successors, FD is 128256 via Connected, Loopback0 via Summary (128256/0), Null0P 25.0.0.0/8, 1 successors, FD is 2169856 via Connected, Serial0 via Summary (2169856/0), Null0P 50.0.0.0/8, 1 successors, FD is 2169856 via Connected, Serial1 via Summary (2169856/0), Null0
  58. 58. 58II) EIGRP REDUNDANCY – BACKUP PATH S0 25.0.0.1 S0 1.1.1.1 25.0.0.2 3.3.3.3 L0 Router1 L0 50.0.0.1 Router3 50.0.0.2 S1 S1We’ll change the bandwidth of both the paths ensuring they havedifferent metrics.Router1#conf tRouter1(config)#int s1Router1(config-if)#bandwidth 128Another useful command to view the running config of a specificinterface is “sh run interface <type id>”Router1#sh run int s1Building configuration...Current configuration : 88 bytes!interface Serial1 bandwidth 128 ip address 50.0.0.2 255.0.0.0endLet’s change on Router3 alsoRouter3#conf tRouter3(config)#int s1Router3(config-if)#bandwidth 128Router3#sh run int s1Building configuration...Current configuration : 88 bytes!interface Serial1 bandwidth 128 ip address 50.0.0.2 255.0.0.0 clockrate 64000endHaving changed the metrics, we now have one path which is better thanthe other. So we’ll be able to see only the best path in the Routingtable.Router1#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-

×