Ccna configuracion y comandos


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Ccna configuracion y comandos

  1. 1. Reference for commands for Cisco products Password ConfigurationCisco IOS Software Command HelpIOS stores the commands that you type in a history buffer, storing ten commands by default. You canchange the history size with the terminal history size x user exec command, where x is the number ofcommands for the CLI to recall; this can be set to a value between 0 and 256. You then can retrievecommands so that you do not have to retype the commands.
  2. 2. Key Sequences for Command Edit and RecallIOS enables enhanced editing mode by default and has for a long time. However, you can turn off thesekeystrokes with the no terminal editing exec command, and turn them back on with the terminalediting command.CLI Configuration Mode Versus Exec Modes
  3. 3. Cisco Router Memory TypesLocations for Copying and Results from Copy OperationsConfiguration show CommandsGetting into Setup Mode
  4. 4. The Cisco IOS Software Boot Sequence1. The router performs a power-on self-test (POST) to discover and verify the hardware.2. The router loads and runs bootstrap code from ROM.3. The router finds the IOS or other software and loads it.4. The router finds the configuration file and loads it into running config.Three OS Categories for RoutersTwo configuration tools tell the router what OS to load:X The configuration registerX The boot system configuration command
  5. 5. On most Cisco routers, the default Configuration Register setting is hexadecimal 2102.Binary Version of Configuration Register, Value Hex 2102The boot field is the name of the low-order 4 bits of the configuration register. This field can be considereda 4-bit value, represented as a single hexadecimal digit. (Cisco represents hexadecimal values by precedingthe hex digit[s] with 0x—for example, 0xA would mean a single hex digit A.) If the boot field is hex 0,ROMMON is loaded. If the boot field is hex 1, RXBOOT mode is used. For anything else, it loads a full-featured IOS. But which one?The second method used to determine where the router tries to obtain an IOS image is through the use ofthe boot system configuration command. If the configuration register calls for a full-featured IOS (bootfield 2-F), the router reads the startup-configuration file for boot system commands. If there are no bootsystem commands, the router takes the default action, which is to load the first file in Flash memory. Table7-6 summarizes the use of the configuration register and the boot system command at initialization time,when the boot field’s value implies that the router will look for boot commands.The Boot System CommandsImpact of the boot system Command on Choice of IOS: Boot Field Between 2 and F
  6. 6. Operating Cisco LAN Switches2950 Front Panel and LEDs2950 Switch LEDs and Meaning
  7. 7. Basic Router Configuration andOperationConfiguring IP AddressesIP Configuration Commands
  8. 8. IP EXEC Commands
  9. 9. Basic Administrative ConfigurationOn most routers, you would configure at least the following:X A host name for the routerX Reference to a DNS so that commands typed on the router can refer to host names instead of IP addressesX Set a password on the console portX Set a password for those Telnetting to the routerX Set the enable secret password to protect access to privileged modeX Create a banner stating an appropriate warning, depending on the security practices at that companyTo make the router ask for a password at the console, you need the login console subcommand; thepassword console subcommand tells the router what password is required at the console. Similar logicapplies to the login and password vty subcommands.Two other things that you might want to configure habitually on routers are the console timeout and thesynchronization of unsolicited messages. The exec timeout minutes seconds command sets the inactivitytimeout. Also, unsolicited informational messages and output from the IOS debug command both show upat the console by default. These same messages can be seen at the aux port or when Telnetting into a routerby using the terminal monitor command. The logging synchronous line subcommand tells the routernot to interrupt the output of a show command with these unsolicited messages, letting you read the output
  10. 10. of the command that you typed before the router displays the other messages. logging synchronous canmake your life a lot easier when using a router.Syslog messages also can be sent to another device. Two alternatives exist: sending the messagesto a syslog server, and sending the messages as SNMP traps to a management station. Thelogging host command, where host is the IP address or host name of the syslog server, is usedto enable sending messages to the external server. After SNMP is configured, the snmp-serverenable traps command tells the IOS to forward traps, including syslog messages.Configuring IP AddressesThe ip address interface subcommand configures the IP address for each interface. Because each interfacehas an IP address, the interface configuration command precedes each ip address command, identifyingto IOS the interface to which the IP address should be assigned.Prefix NotationThis notation, called prefix notation, denotes the subnet mask in terms of the number of 1 bits in the subnetmask. The number of bits of value binary 1 in the mask is considered to be the prefix. Prefix notation issimply a shorter way to write the mask. If you prefer to see the subnet masks instead of the prefix, simply use the terminal ip netmask-formatdecimal exec command.Seeding the Routing Table with Connected IP RoutesThe Cisco IOS routes IP packets by default—in other words, you do not need to type any commands to tellthe router to enable IP routing. Before the router will route packets in or out an interface, the interface musthave an IP address.The problem with the configurations shown so far is that the routers do not know routes to all the subnets inthe network. The ultimate solution to this problem is to configure a dynamic routing protocol.Routers add routes to their routing tables for the subnets associated with their own physical interfaces.The show ip route command lists routes to the subnets connected to the router. The output from thecommand lists a C in the first column, which, according to the notes at the beginning of the commandoutput, means “connected.” In other words, this router is connected directly to these subnets.The show ip interfaces brief command lists one line per interface, with IP address information andinterface status.The show interfaces {interface} command lists more details about a single interface, with most of thosedetails about the interface itself. Finally, the show ip interfaces {interface} command showsdetailed information about the IP protocol running over interface.IOS adds connected routes to the routing table that meet the following requirements:X The interface has been configured with a valid IP address.X The interface is in an up and up status according to the various interface-oriented show commands.All three of the show commands that list interface status information use two designations of up and up.The first status keyword (the first of the two ups in this case) generally refers to OSI Layer 1 status. Thesecond status word generally refers to the status of OSI Layer 2.Another instance in which a router might put an interface in status up and down is when the router does notreceive keepalive messages on a regular basis. Cisco routers send, and expect to receive, proprietarykeepalive messages on each interface. The purpose of the keepalives is to know whether the interface isusable. You can disable keepalives with the no keepalive interface subcommand, or you can change thetimer with the keepalive interval interface subcommand.
  11. 11. To bring down an interface for administrative reasons and, as a side effect, remove the connected routefrom the routing table, you can use the shutdown interface subcommand. The no shutdown commandbrings the interface back up.Bandwidth, Clock Rate, and Serial Lines in the LabTo use a back-to-back WAN connection, one router must supply the clocking. The clock rate commandsets the rate in bits per second on the router that has the DCE cable plugged into it. If no cable has beenplugged in, the IOS accepts the command. If a DTE cable has been plugged in, IOS rejects the command. Ifyou do not know which router has the DCE cable in it, you can find out by using the show controllerscommand.The bandwidth command tells IOS the speed of the link, in kilobits per second, regardless of whether therouter is supplying clocking. The bandwidth setting does not change anything that the router does at Layer1; instead, this setting is used by IOS software for other purposes. bandwidth defaults to T1 speed onserial interfaces. There is no default for clock rate, even with a DCE cable plugged in—it must beconfigured.IP Troubleshooting FeaturesInternet Control Message ProtocolTCP/IP includes a protocol specifically to help manage and control the operation of a TCP/IP network,called the Internet Control Message Protocol (ICMP). The ICMP protocol provides a wide variety ofinformation about the health and operational status of a network. The ICMP messages sit inside an IPpacket, with no transport layer header at all–so it is truly just an extension of the TCP/IP network layer.ICMP Message TypesICMP Echo Request and Echo ReplyThe ICMP echo request and echo reply messages are sent and received by the ping command.The echo request includes some data that can be specified by the ping command; whatever data is sent inthe echo request is sent back in the echo reply.Destination Unreachable ICMP MessageThe ICMP Destination Unreachable message is sent when a message cannot be delivered completely to theapplication at the destination host. Because packet delivery can fail for many reasons, there are fiveseparate unreachable functions (codes) using this single ICMP unreachable message. All five code typespertain directly to an IP, TCP, or UDP feature.ICMP Unreachable Codes
  12. 12. Codes That the ping Command Receives in Response to Its ICMP Echo RequestIP Naming CommandsIP Naming Commands
  13. 13. Telnet and SuspendThe telnet IOS exec command enables you to Telnet from one Cisco device to another; in practical use, itis typically to another Cisco device. One of the most important features of the telnet command is thesuspend feature.Telnet Command OptionsCisco Discovery ProtocolThe Cisco Discovery Protocol (CDP) discovers basic information about neighboring routers and switches,without needing to know the passwords for the neighboring devices. CDP supports any LAN, HDLC,Frame Relay, and ATM interface—in fact, it supports any interface that supports the use of SNAP headers.The router or switch can discover Layer 2 and Layer 3 addressing details of neighboring routers withouteven configuring that Layer 3 protocol—this is because CDP is not dependent on any particular Layer 3protocol.Devices that support CDP advertise their own information and learn information about others by listeningfor their advertisements. On media that support multicasts at the data link layer, CDP uses multicast; onother media, CDP sends a copy of the CDP update to any known data-link addresses. So, any CDP-
  14. 14. supporting device that shares a physical medium with another CDP-supporting device can learn about theother device.CDP discovers several useful details from the neighboring device:X Device identifier—Typically the host nameX Address list—Network and data-link addressesX Port identifier—Text that identifies the port, which is another name for an interfaceX Capabilities list—Information on what type of device it is—for instance, a router or a switchX Platform—The model and OS level running in the deviceCDP is enabled in the configuration by default. The no cdp run global command disables CDP for theentire device, and the cdp run global command re-enables CDP. Likewise, the no cdp enable interfacesubcommand disables CDP just on that interface, and the cdp enable command switches back to thedefault state of CDP being enabled.The show cdp command has four options. THe show cdp neighbor command lists each neighbor, withone line of output per neighbor. The show cdp entry fred command lists the details learned by CDP aboutthe neighbor whose host name is fred. Another command that lists the detailed information is the showcdp neighbor detail command, which is in the same format as show cdp entry but lists the informationfor every neighbor.Turning off CDPno cdp run (general)no cdp enable (para una interface)Gathering CDP Timers and Holdtime Informationshow cdpcdp timercdp holdtimeGathering Neighbor Informationshow cdp neighborshow cdp neighbor detailshow cdp entry *Gathering Interface Traffic Informationshow cdp trafficGathering Port and Interface Informationshow cdp interfaceManaging Configuration Filescopy source destinationThe source and the destination parameters can be running-config, startup-config, ortftp for RAM, NVRAM, and a TFTP server respectively.Two commands can be used to erase the contents of NVRAM. These are the write erasecommand, which is the older command, and the erase startup-config command, which is thenewer command.Verifying Flash Memoryshow flashBacking Up the Cisco IOS
  15. 15. copy flash tftpRestoring or Upgrading the Cisco IOS Softwarecopy tftp flashthe router must be reloaded.Backing Up and Restoring the Cisco Configurationcopy run startcopy running-config tftpcopy startup-config tftpshow running-configStatic Routingip route destination_ip_address subnet_mask { ip-address | interface } [distance ]Verifying Routing Tablesshow ip routeclear ip routeConfiguring OSPFThe commands used to configure OSPF are: • router ospf < process_number > where process_number is a number local to the router. This command configures OSPF as the routing protocol on the router. • network network_number wildcard_mask defines the networks that are to participate in the OSPF updates and the area that they reside in. • interface loopback < interface_number > ip address < ip_address > < subnet_mask >defines a loopback interface, which is a virtual interface, on the router. • ip ospf cost < cost > sets the default cost for the router. • auto-cost reference-bandwidth changes the OSPF cost formula.Note: The ip ospf cost command overrides the auto-cost reference-bandwidthcommand.Configuring EIGRPThe commands used to configure EIGRP on a Cisco router are consistent with the other IProuting protocolcommands. The EIGRP commands are: • router eigrp autonomous_system_number configures EIGRP as the routing protocol on the router. • network network_number [ wildcard_mask ] defines the networks that are to participate in the EIGRP updates. The [ wildcard_mask ] optional parameter identifies which interfaces are running EIGRP. • no network network_number [ wildcard_mask ] disables EIGRP. • no autosummary turns off automatic summarization. • ip summary address eigrp autonomous_system_number ip_address subnet_mask configures summarization at the interface level. • variance multiplier configures EIGRP to load-balance across unequal paths. • bandwidth line_speed overrides the default bandwidth settings on the links.VTP Configuration
  16. 16. Before VLANs can be configured, VTP must be configured.Configuring a VTP Management Domain • Switch# vlan database • Switch(vlan)# vtp domain domain_nameTo assign a switch to a management domain on a CLI-based switch, • Switch(enable) set vtp [ domain domain_name ]Configuring the VTP Mode • Switch# vlan database • Switch(vlan)# vtp domain domain_name • Switch(vlan)# vtp { server | client | transparent } • Switch(vlan)# vtp password passwordOn a CLI-based switch, the following command can be used to configure the VTP mode: • Switch(enable) set vtp [ domain domain_name ] [ mode{ server | client | transparent }] [ password password ]Configuring the VTP Version • Switch# vlan database • Switch(vlan)# vtp v2-modeOn a CLI-based switch, the VTP version number is configured using the following command: • Switch(enable) set vtp v2 enableStandard IP Access List Configuration • ip access-group {number | action [in | out]}, in which action can be either permit of deny and is used to enable access lists; and • access-class number | action [in | out], which can be used to enable either standard or extended access lists.The standard access list configuration can be verified using the following show commands: • show ip interface[type number], which includes a reference to the access lists enabled on the interface; • show access-lists [access-list-number | access-list-name], which shows details of configured access lists for all protocols; and • show ip access-list [access-list-number | access-list-name], which shows the access lists.Extended IP Access Control Lists • access-list access-list-number action protocol source source-wildcard destination destination-wildcard [log | log-input], which can be used to enable access lists;Basic Configuration and Operation Commands for the Cisco2950 SwitchCommands for Catalyst 2950 Switch Configuration
  17. 17. Basic Switch OperationPopular show Commands on a 2950 Switch
  18. 18. show interfaces fastethernet 0/13 command lists basic status and configuration information aboutfastethernet interface 0/ interfaces status lists the status of each interface in a single line, including the speed and duplexsettings negotiated on that mac-address-table dynamic command lists all the dynamically learned entries in the mac-address-table shows both static and dynamic running-config command lists the default startup-configerase startup-configcopy running-config startup-configcopy running-config startup-config
  19. 19. reloadTypical Basic Administrative ConfigurationBasic Configuration of a 2950 Switch
  20. 20. hostname namepassword password for the consol and vty(telnet)login commands tell the switch to require a password at the console and for Telnet sessions,enable password passwordenable secret passwordinterface Fastethernet 0/5 command to enter interface configuration mode.duplex and speed commands tell the switch to force these settings rather than use the autonegotiatedsettings.shutdown puts an interface in a down status administrativelyno shutdown command brings the interface back upTo configure the IP address, you first use the interface vlan 1 command, Next, the ip address commandsets the IP address and subnet mask.ip default-gateway sets the default IP gateway for the switchPort Security ConfigurationTo configure port security, you need to configure several things. You enable port security using theswitchport port-security interface configuration command. Also, the 2950 switch IOS allows portsecurity only on ports that do not connect to other switches. To designate an interface as not connecting toanother switch, you use the switchport mode access command. Then you can statically configure theMAC addresses using the switchport portsecurity mac-address mac-address command.
  21. 21. Using Port Security to Define Correct MAC Addresses of Particular Interfacesswitchport port-security mac-address
  22. 22. switchport mode accessswitchport port-securityswitchport port-security maximum you can configure up to 132 per interface using the switchport port-security maximum command.switchport port-security violationswitchport portsecurity mac-address sticky tells the switch to learn the MAC address from the firstframe sent into the switch, and then add the MAC address as a secure MAC to the running configurationshow port-security interface fastethernet 0/1show running-configSpanning Tree Protocol ConfigurationCisco switches use STP by default.Configuration and Operations Commands from This Chapter for 2950 SwitchesBasic STP show CommandsSTP Status for the Network Shown in Figure 2-12 with Default STP Parameters
  23. 23. show spanning-treeChanging STP Port Costs and Bridge PriorityManipulating STP Port Cost and Bridge Priority
  24. 24. debug spanning-tree
  25. 25. spanning-tree cost 2show spanning-treespanning-tree vlan 1 root primaryEtherChannel ConfigurationConfiguring and Monitoring EtherChannelchannel-group 1 mode on
  26. 26. show etherchannel 1 summaryVLAN and Trunking Configuration2950 VLAN Command ListVLAN Configuration for a Single SwitchCisco 2950 switches use a slightly different configuration mode to configure VLAN and VTP informationas compared to the other switch configuration commands. You use VLAN configuration mode, which isreached by using the vlan database enable mode EXEC command. So, instead of using the configureterminal enable mode command, you enter vlan database, after which you are placed in VLANconfiguration mode. In VLAN configuration mode, you can configure VLAN information as well as VTPsettings.
  27. 27. vlan databasevlan 2 name barney-2exitapplyabortswitchport access vlan 2switchport mode accessinterface range fastEthernet 0/9 - 12switchport access vlan 3if you had entered just the switchport access vlan commands before creating the VLANs in VLANconfiguration mode, the switch would have automatically created the vlan briefshow vlanshow vlan id 2VLAN Trunking ConfigurationNetwork with Two Switches and Three VLANs
  28. 28. switchport mode dynamic desirable2950 Trunk Configuration Options with the switchport mode Commandvtp domain fredshow vtpshow interfaces fastEthernet 0/17 switchportshow interfaces fastEthernet 0/17 trunkConfiguring and Testing Static RoutesSample Network Used in Static Route Configuration Examples
  29. 29. Configuring RIP and IGRPIP RIP and IGRP Configuration Commands
  30. 30. IP RIP and IGRP EXEC CommandsBasic RIP and IGRP ConfigurationSample Router with Five Interfaces
  31. 31. Completing the RIP Configuration from ExampleIGRP Configuration
  32. 32. Finally, the numbers between the brackets mention some very useful information. The first numberrepresents the administrative distance, which is covered later in this chapter. The second number lists themetric associated with this route.IGRP uses the value set with the bandwidth command on each interface to determine the interface’sbandwidth. On LAN interfaces, the bandwidth command’s default values reflect the correct bandwidth.However, on serial interfaces, the bandwidth command defaults to 1544—in other words, T1 speed. (Thebandwidth command uses units of kbps, so the bandwidth 1544 command sets the bandwidth to 1544kbps, or 1.544 Mbps.)Examination of RIP and IGRP debug and show CommandsSample Three-Router Network with Subnet Failing
  33. 33. The following list describes what happens at each point in the process:X POINT NUMBER 1—Albuquerque sends an update out Serial0, obeying split-horizon rules. Notice that10.1.2.0, Yosemite’s Ethernet subnet, is not in the update sent out Albuquerque’s S0 interface.X POINT NUMBER 2—This point begins right after Yosemite’s E0 is shut down, simulating a failure.Albuquerque receives an update from Yosemite, entering Albuquerque’s S0 interface. The route to an infinite metric, which in this case is 16.X POINT NUMBER 3—Albuquerque formerly did not mention subnet because of split-horizonrules (point 1). The update at point 3 includes a poisoned route for with metric 16. This is anexample of split horizon with poison reverse.X POINT NUMBER 4—Albuquerque receives an update in S1 from Seville. The update includes a metric16 (infinite) route to Seville does not suspend any splithorizon rules to send this route, because itsaw the advertisement of that route earlier, so this is a simple case of route poisoning.Migrating to IGRP with Sample show and debug Commands
  34. 34. Issues When Multiple Routes to the Same Subnet ExistBy default, Cisco IOS software includes up to four equal-cost routes to the same subnet in the routing table—essentially as if maximum-paths 4 had been configured. You can configure maximum-paths as lowas 1 or as high as 6.When RIP places more than one route to the same subnet in the routing table, the router balances the trafficacross the various routes.The metric formula used for IGRP (and EIGRP) poses an interesting problem when considering equal-metric routes. IGRP can learn more than one route to the same subnet with different metrics; however, the
  35. 35. metrics are very unlikely to be equal, because the metric is actually calculated with a mathematicalformula. So, with IGRP (and EIGRP), you can tell the routing protocol to think of metrics that are “prettyclose” as being equal. To do so, Cisco IOS software uses the variance router subcommand to define howdifferent the metrics can be for routes to be considered to have equal metrics.The variance command defines a multiplier; any metrics lower than the product of the lowest metric andthe variance are considered equal.When IGRP places more than one route to the same subnet in the routing table, the router balances thetraffic across the various routes in proportion to the metric values. You can choose to tell the router to useonly the lowest-cost route using the traffic-share min router IGRP subcommand. This command tells therouter that, even if multiple routes to the same subnet are in the routing table, it should use only the routethat truly has the smallest metric.OSPF ConfigurationIP OSPF Configuration CommandsIP OSPF EXEC CommandsOSPF Single-Area ConfigurationSample Network for OSPF Single-Area Configuration
  36. 36. router ospf 1networkOSPF Configuration with Multiple AreasMultiarea OSPF Network
  37. 37. OSPF Multiarea Configuration and show Commands on Albuquerque
  38. 38. OSPF Multiarea Configuration and show Commands on Yosemitenetwork area 1show ip route ospfshow ip routeThe OSPF topology database includes information about routers and the subnets, or links, to which they areattached. To identify the routers in the neighbor table’s topology database, OSPF uses a router ID (RID) foreach router. A router’s OSPF RID is that router’s highest IP address on a physical interface when OSPFstarts running. Alternatively, if a loopback interface has been configured, OSPF uses the highest IP addresson a loopback interface for the RID, even if that IP address is lower than some physical interface’s IPaddress. Also, you can set the OSPF RID using the router-id command in router configuration mode.
  39. 39. router-idNOTE If you’re not familiar with it, a loopback interface is a special virtual interface in a Cisco router. Ifyou create a loopback interface using the interface loopback x command, where x is a number, thatloopback interface is up and operational as long as the router IOS is up and working. You can assign an IPaddress to a loopback interface, you can ping the address, and you can use it for several purposes—including having a loopback interface IP address as the OSPF router ip ospf neighborshow ip ospf interfaceip ospf cost xbandwidthauto-cost reference-bandwidth 1000EIGRP ConfigurationIP EIGRP Configuration CommandsIP EIGRP EXEC Commands
  40. 40. router eigrpnetworkshow ip routeshow ip route eigrp
  41. 41. show ip eigrp neighborsshow ip eigrp interfacesNAT ConfigurationNAT Configuration CommandsNAT EXEC CommandsStatic NAT ConfigurationNAT IP Address Swapping: Unregistered Networks
  42. 42. ip nat inside source static
  43. 43. ip nat insideip nat outsideshow ip nat translationsshow ip nat statisticsDynamic NAT Configuration
  44. 44. The configuration for dynamic NAT includes a pool of inside global addresses, as well as an IP access listto define the inside local addresses for which NAT is performed.ip nat poolip nat inside sourceip nat inside source list 1 pool fred
  45. 45. ip nat pool fredshow ip nat translationsshow ip nat statisticsclear ip nat translationclear ip nat translation *debug ip natNAT Overload Configuration (PAT Configuration)NAT Overload and PAT
  46. 46. ip nat inside source list 1 interface serial 0/0 overloadshow ip nat translations,HDLC and PPP ConfigurationPPP and HDLC Configuration CommandsPoint-to-Point-Related show and debug Commands
  47. 47. encapsulation hdlcno encapsulation ppp,CHAP Configuration ExampleISDN Configuration and Dial-on-Demand RoutingISDN Configuration Commands
  48. 48. ISDN-Related EXEC CommandsDDR Legacy Concepts and ConfigurationYou can configure DDR in several ways, including Legacy DDR and DDR dialer profiles. The maindifference between the two is that Legacy DDR associates dial details with a physical interface, whereasDDR dialer profiles disassociate the dial configuration from a physical interface, allowing a great deal offlexibility.DDR Step 1: Routing Packets Out the Interface to Be DialedSample DDR Network
  49. 49. DDR does not dial until some traffic is directed (routed) out the dial interface.The router needs to route packets so that they are queued to go out the dial interface. Cisco’s design forDDR defines that the router receives some user-generated traffic and, through normal routing processes,decides to route the traffic out the interface to be dialed.Of course, routing protocols cannot learn routes over a BRI line that is not normally up! Therefore, staticroutes must be configured on SanFrancisco, pointing to subnets in LosAngeles. Then, packets are routedout the interface, which can trigger a dial of a B channel to LosAngeles.To begin the process of building a DDR configuration, IP routes are added to the configuration so thatpackets can be directed out BRI0 on SanFrancisco,DDR Step 2: Determining the Subset of the Packets That Trigger the Dialing ProcessTogether, Steps 1 and 2 of Legacy DDR logic determine when to dial a circuit. These combined steps aretypically called triggering the dial. In Step 1, a packet is routed out an interface to be dialed, but that alonedoes not necessarily cause the dial to occur. The Cisco IOS software allows Step 2 to define a subset of thepackets routed in Step 1 to actually cause the route to dial.Cisco calls packets that are worthy of causing the device to dial interesting packets. Cisco does not namepackets that are not worthy of causing the dial; Only interesting packets cause the dial to occur, but whenthe circuit is up, both interesting and boring traffic can flow across the link.Two different methods can be used to define interesting packets. In the first method, interesting is definedas all packets of one or more Layer 3 protocols (for example, all IP packets). The second method allowsyou to define packets as interesting if they are permitted by an access list.
  50. 50. DDR Step 3: Dialing (Signaling)Before the router can dial, or signal, to set up a call, it needs to know the phone number of the other router.The command is dialer string string, where string is the phone number.With only one site to dial, you can simply configure a single dial string. However, with multiple remotesites, the router needs to know each site’s phone number. It also needs to know which phone number to usewhen calling each site.Mapping Between the Next Hop and the Dial String
  51. 51. Two other important configuration elements are included in Example 10-4. First, CHAP authentication isconfigured. PAP or CHAP is required if you’re dialing to more than one site with ISDN—and PAP andCHAP require PPP. Notice that the usernames and password used with the two remote routers are shownnear the top of the configuration.You should also note the importance of the broadcast keyword on the dialer map commands. Just as withany other point-to-point serial link, there is no true data-link broadcast. If a broadcast must be sent on theinterface after the circuit has been created, you must use the broadcast keyword to tell the interface toforward the packet across the link.
  52. 52. DDR Step 4: Determining When the Connection Is TerminatedThe decision to take down the link is the most interesting part about what happens while the link is up.Although any type of packet can be routed across the link, only interesting packets are considered worthyof keeping the link up and spending more money. The router keeps an idle timer, which counts the timesince the last interesting packet went across the link. If no interesting traffic happens for the number ofseconds defined by the idle timer, the router brings the link down.Two idle timers can be set. With the dialer idle-timeout seconds command, the idle time is set. However,if the router wants to dial other sites based on receiving interesting traffic for those sites, and all the Bchannels are in use, another shorter idle timer can be used. The dialer fast-idle seconds command lets youconfigure a typically lower number than the idle timer so that when other sites need to be dialed, the linkthat is currently up can be brought down more quickly.ISDN BRI ConfigurationCompleted SanFrancisco ConfigurationLosAngeles Configuration: Receive Only
  53. 53. isdn switch-typeisdn spid1isdn spid2Summary of the New Configuration Needed for ISDN BRI Beyond Legacy DDR ConfigurationSummary of Legacy DDR ConfigurationSummary Legacy DDR Configuration Commands
  54. 54. ISDN and DDR show and debug CommandsSanFrancisco DDR Commands
  55. 55. show dialer interface bri 0,show isdn activeshow isdn statusdebug isdn q921debug isdn q931debug dialer packetsISDN PRI ConfigurationTo configure ISDN BRI, you need to configure only the switch type, plus the SPIDs if the service providerneeds to have them configured.X Configure the type of ISDN switch to which this router is connected.X Configure the T1 or E1 encoding and framing options (controller configuration mode).X Configure the T1 or E1 channel range for the DS0 channels used on this PRI (controller configurationmode).X Configure any interface settings (for example, PPP encapsulation and IP address) on the interfacerepresenting the D channel.Configuring a T1 or E1 ControllerPRI Controller Configuration ExampleFull PRI ConfigurationPRI Controller Configuration Example: Completed Configuration on SanFrancisco
  56. 56. The most unusual part of the configuration introduces the concept of actually identifying the D channel inthe interface command. Notice the command interface serial 1/0:23. The :x notation, where x identifiesone of the channels inside the PRI, tells the IOS which of the 24 channels you want to configure. The DDRinterface subcommands should be configured on the D channel, which is channel 23 according to thecommand! The interface command numbers the channels from 0 through 23, with the D channel as thelast channel, so the :23 at the end correctly tells IOS that you are configuring details for the 24th channel—the D channel.Summary of the New Configuration Needed for ISDN PRI Beyond Legacy DDR Configuration
  57. 57. DDR Configuration with Dialer ProfilesLegacy DDR with Two BRIs and Eight Remote SitesThe problem with Legacy DDR in this case is that it cannot be configured to dial all eight sites using anyavailable B channel on either BRI.Dialer profiles overcome this problem with Legacy DDR using a slightly different style of DDRconfiguration. Dialer profiles pool the physical interfaces so that the router simply uses an available Bchannel on any of the BRIs or PRIs in the pool. Dialer profile configuration allows the Central Site routerto dial any of the eight remote routers using either of the BRIsDialer Profiles: Pooling Multiple BRIs to Reach Eight Remote SitesSummary of the New Configuration Needed for Dialer Profiles Versus Legacy DDR
  58. 58. SanFrancisco Configuration Migrated to Use Dialer Profiles and Two BRIs
  59. 59. ip routeisdn switch-typedialer-list 2switch-typedialer pool-member 3Dialer Profiles: Pooling Multiple BRIsMultilink PPPMultilink PPP Configuration for Atlantappp multilink
  60. 60. dialer load-threshold.Summary of the New Configuration Needed for MLP Versus Legacy DDRSummary Legacy DDR Configuration CommandsSummary of the New Configuration Needed for ISDN BRI Beyond Legacy DDR Configuration
  61. 61. Summary of the New Configuration Needed for ISDN PRI Beyond Legacy DDR ConfigurationSummary of the New Configuration Needed for Dialer Profiles Versus Legacy DDRSummary of the New Configuration Needed for MLP Versus Legacy DDR
  62. 62. Frame Relay ConfigurationFrame Relay Configuration CommandsFrame Relay-Related EXEC Commands
  63. 63. A Fully-Meshed Network with One IP SubnetMayberry ConfigurationMount Pilot ConfigurationRaleigh Configuration
  64. 64. Yes, Frame Relay configuration can be that easy, because IOS uses some very good choices for defaultsettings:X The LMI type is automatically sensed.X The encapsulation is Cisco instead of IETF.X PVC DLCIs are learned via LMI status messages.X Inverse ARP is enabled (by default) and is triggered when the status message declaring that the VCs areup is received. (Inverse ARP is covered in the next section.)In some cases, the default values are inappropriate. For example, you must use IETF encapsulation if onerouter is not a Cisco router. For the purpose of showing an alternative configuration, suppose that thefollowing requirements were added:X The Raleigh router requires IETF encapsulation on both VCs.X Mayberry’s LMI type should be ANSI, and LMI autosense should not be used.Mayberry Configuration with New RequirementsRaleigh Configuration with New RequirementsFrame Relay Address MappingFrame Relay “mapping” creates a correlation between a Layer 3 address and its corresponding Layer 2address.Full Mesh with IP Addresses
  65. 65. show Commands on Mayberry, Showing the Need for Mapping
  66. 66. Mayberry can use two methods to build the mapping shown. One uses a statically configured mapping, andthe other uses a dynamic process called Inverse ARP.Inverse ARP is enabled by default in Cisco IOS software Release 11.2 and later.frame-relay map Commands
  67. 67. A Partially-Meshed Network with One IP Subnet Per VCPartial Mesh with IP AddressesAtlanta Configuration
  68. 68. Charlotte ConfigurationNashville ConfigurationBoston ConfigurationOutput from EXEC Commands on Atlanta
  69. 69. A Partially-Meshed Network with Some Fully-Meshed PartsHybrid of Full and Partial MeshRouter A Configuration
  70. 70. Router B ConfigurationRouter C ConfigurationRouter D Configuration
  71. 71. Router E ConfigurationIP Addresses with Point-to-Point and Multipoint SubinterfacesFrame Relay Maps and Inverse ARP on Router C
  72. 72. Standard IP Access List ConfigurationStandard IP Access List Configuration CommandsStandard IP Access List EXEC CommandsStandard Access List on R1 Stopping Bob from Reaching Server1
  73. 73. Standard IP ACL: Example 2The criteria for the access lists are as follows:X Sam is not allowed access to Bugs or Daffy.X Hosts on the Seville Ethernet are not allowed access to hosts on the Yosemite Ethernet.X All other combinations are allowed.Network Diagram for Standard Access List ExampleYosemite Configuration for Standard Access List Example
  74. 74. Seville Configuration for Standard Access List ExampleYosemite Configuration for Standard Access List Example: Alternative SolutionExtended IP ACL ConfigurationExtended IP Access List Configuration Commands
  75. 75. Extended IP Access List EXEC CommandsExtended IP Access Lists: Example 1In this case, Bob is denied access to all FTP servers on R1’s Ethernet, and Larry is denied access toServer1’s web server.Network Diagram for Extended Access List Example 1R1’s Extended Access List
  76. 76. R3’s Extended Access List Stopping Bob from Reaching FTP Servers Near R1Extended IP Access Lists: Example 2This example uses the same criteria and network topology as the second standard IP ACL example, asrepeated here:X Sam is not allowed access to Bugs or Daffy.X Hosts on the Seville Ethernet are not allowed access to hosts on the Yosemite Ethernet.X All other combinations are allowed.Network Diagram for Extended Access List
  77. 77. Yosemite Configuration for Extended Access ListNamed Access List Configuration
  78. 78. Controlling Telnet Access with ACLsvty Access Control Using the access-class Command