lab manual.pptx

2
Introduction Device Configuration
• Basic Device Configuration
• Configure hostnames on a Cisco IOS device using the
CLI
• Use Cisco IOS commands to limit access to device
configurations
• Use IOS commands to save the running configuration
• Explain how devices communicate across network
media
• Configure a host device with an IP address
• Verify connectivity between two end devices

Components of a Network
There are three categories of network components:
• Devices
• Media
• Services

End Devices
Some examples of end devices are:
• Computers (work stations, laptops, file servers, web servers)
• Network printers
• VoIP phones
• TelePresence endpoint
• Security cameras
• Mobile handheld devices (such as smartphones, tablets, PDAs, and
wireless debit / credit card readers and barcode scanners)

Network Infrastructure Devices
Examples of intermediary network devices are:
• Network Access Devices (switches, and wireless access points)
• Internetworking Devices (routers)
• Security Devices (firewalls)

Network Media

Network Representations

Cisco IOS
Operating Systems
All networking equipment dependent on operating
systems
• End users (PCs, laptops, smart phones, tablets)
• Switches
• Routers
• Wireless access points
• Firewalls
Cisco Internetwork Operating System (IOS)
• Collection of network operating systems used on Cisco devices

Cisco IOS
Purpose of OS
• PC operating systems perform technical functions that enable
• Use of a mouse
• View output
• Enter text
• Switch or router IOS provides options to
• Configure interfaces
• Enable routing and switching functions
• All networking devices come with a default IOS
• IOS stored in Flash

Cisco IOS
IOS Functions
Major functions performed or enabled by Cisco routers and
switches include:

Accessing a Cisco IOS Device
Console Access Method
Most common methods to access the Command Line Interface
• Console
• Telnet or SSH
• AUX port

Console Access Method
Console port
• Device is accessible even if no networking services have been configured
(out-of-band)
• Need a special console cable
• Allows configuration commands to be entered
• Should be configured with passwords to prevent unauthorized access
• Device should be located in a secure room so console port can not be easily
accessed

Telnet, SSH, and AUX Access Methods
Telnet
• Method for remotely accessing the CLI over a network
• Require active networking services and one active interface that is
configured
Secure Shell (SSH)
• Remote login similar to Telnet but utilizes more security
• Stronger password authentication
• Uses encryption when transporting data
Aux Port
• Out-of-band connection
• Uses telephone line
• Can be used like console port

Terminal Emulation Programs
Software available for
connecting to a networking
device
• PuTTY
• Tera Term
• HyperTerminal
• OS X Terminal

Navigating the IOS
Cisco IOS Modes of Operation

Navigating the IOS
Primary Modes

Navigating the IOS
Global Configuration Mode and
Submodes

Navigating the IOS
Navigating between IOS Modes

Navigating the IOS
Navigating between IOS Modes (cont.)

• Navigation between modes is also done via commands
• The enable command enters the Privileged EXEC Mode
• The exit commands exits to the parent command mode
• The Configure Terminal command enters the Global Configuration
Mode
• The end command used to back in privileged EXEC mode
21
Short Navigate Between IOS Modes

The Command Structure
IOS Command Structure

Hot Keys and Shortcuts
• Tab - Completes the remainder of a partially typed command or keyword
• Ctrl-R - Redisplays a line
• Ctrl-A – Moves cursor to the beginning of the line
• Ctrl-Z - Exits configuration mode and returns to user EXEC
• Down Arrow - Allows the user to scroll forward through former
commands
• Up Arrow - Allows the user to scroll backward through former
commands
• Ctrl-Shift-6 - Allows the user to interrupt an IOS process such as ping
or traceroute.
• Ctrl-C - Aborts the current command and exits the configuration mode

IOS Examination Commands

The show version Command

Hostnames
Why the Switch
Let’s focus on
• Creating a two PC network connected via a switch
• Setting a name for the switch
• Limiting access to the device configuration
• Configuring banner messages
• Saving the configuration

Hostnames
Device Names
Some guidelines for naming conventions are that names should:
• Start with a letter
• Contain no spaces
• End with a letter or digit
• Use only letters, digits, and dashes
• Be less than 64 characters in length
Without names, network
devices are difficult to
identify for configuration
purposes.

Hostnames
Host names
Hostnames allow
devices to be
identified by
network
administrators
over a network or
the Internet.

Hostnames
Configuring Hostnames

Limiting Access to Device Configurations
Securing Device Access
The passwords introduced here are:
 Enable password - Limits access to the privileged EXEC mode
 Enable secret - Encrypted, limits access to the privileged EXEC mode
 Console password - Limits device access using the console connection
 VTY password - Limits device access over Telnet
Note: In most of the labs in this course, we will be using simple passwords
such as cisco or class.

Securing Privileged EXEC Access
• use the enable secret command, not the
older enable password command
• enable secret provides greater security because the
password is encrypted

Securing User EXEC Access
 Console port must be secured
• reduces the chance of unauthorized personnel physically
plugging a cable into the device and gaining device access
 vty lines allow access to a Cisco device via Telnet
• number of vty lines supported varies with the type of device
and the IOS version

Encrypting Password Display
service password-
encryption
• prevents passwords
from showing up as
plain text when
viewing the
configuration
• purpose of this
command is to keep
unauthorized
individuals from
viewing passwords
in the configuration
file
• once applied,
removing the
encryption service
does not reverse the
encryption

Banner Messages
• important part of
the legal process in
the event that
someone is
prosecuted for
breaking into a
device
• wording that implies
that a login is
"welcome" or
"invited" is not
appropriate
• often used for legal
notification because
it is displayed to all
connected terminals

Saving Configurations
Configuration Files
• Switch# reload
•System configuration has been
modified. Save? [yes/no]: n
•Proceed with reload? [confirm]
• Startup configuration is
removed by using the erase
startup-config
•Switch# erase startup-config
• On a switch you must also
issue the delete vlan.dat
• Switch# delete vlan.dat
• Delete filename [vlan.dat]?
•Delete flash:vlan.dat? [confirm]

Ports and Addresses
IP Addressing in the Large
• Each end device on a
network must be
configured with an IP
address
• Structure of an IPv4
address is called dotted
decimal
• IP address displayed in
decimal notation, with
four decimal numbers
between 0 and 255
• With the IP address, a
subnet mask is also
necessary
• IP addresses can be
assigned to both physical
ports and virtual interfaces

Ports and Addresses
Interfaces and Ports
• Network communications depend on end user device interfaces,
networking device interfaces, and the cables that connect them
• Types of network media include twisted-pair copper cables, fiber-optic
cables, coaxial cables, or wireless
• Different types of network media have different features and benefits
• Ethernet is the most common local area network (LAN) technology
• Ethernet ports are found on end user devices, switch devices, and other
networking devices
• Cisco IOS switches have physical ports for devices to connect to, but also
have one or more switch virtual interfaces (SVIs - no physical hardware on
the device associated with it; created in software)
• SVI provides a means to remotely manage a switch over a network

Addressing Devices
Configuring a Switch Virtual Interface
• IP address - together with subnet mask, uniquely identifies end device on
internetwork
• Subnet mask - determines which part of a larger network is used by an IP
address
• interface VLAN 1 - interface configuration mode
• ip address 192.168.10.2 255.255.255.0 - configures the IP address and
subnet mask for the switch
• no shutdown - administratively enables the interface
• Switch still needs to have physical ports configured and VTY lines to enable
remote management

Addressing Devices
Manual IP Address Configuration for End Devices

Addressing Devices
Automatic IP Address Configuration for End Devices

Addressing Devices
IP Address Conflicts

Verifying Connectivity
Test the Loopback Address on an End Device

Testing the Interface Assignment

Testing End-to-End Connectivity

Summary
• Services provided by the Cisco IOS accessed using a command-line
interface (CLI)
• accessed by either the console port, the AUX port, or
through telnet or SSH
• can make configuration changes to Cisco IOS devices
• a network technician must navigate through various
hierarchical modes of the IOS
• Cisco IOS routers and switches support a similar operating system
• Introduced the initial settings of a Cisco IOS switch device
• setting a name
• limiting access to the device configuration
• configuring banner messages
• saving the configuration

Configuring a Network Operating System
Summary

Lab
Basic configuration
• Switch>
• Switch1#configure terminal
• S1(config)#hostname S1
• S1(config)#exit

S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
Why is the login command required? __________________________
S1(config)#enable secret class //protects access to privileged

service password-encryption
S1(config)#service password-encryption
• prevents passwords from showing up as plain text when viewing the
configuration
• purpose of this command is to keep unauthorized individuals from viewing
passwords in the configuration file
• once applied, removing the encryption service does not reverse the
encryption

Configure the Layer 3 address of the switch
S1(config)#vlan 99
S1(config-vlan)# name management
S1(config-vlan)#exit
S1(config)#interface vlan99
S1(config-if)#ip address 172.17.99.11 255.255.255.0
S1(config-if)#no shutdown
S1(config-if)#exit
S1(config)#

Assign all user ports to VLAN 99
S1#configure terminal
S1(config)#interface range fa0/1 – 24
S1(config-if-range)#switchport access vlan 99
S1(config-if-range)#exit

Set up a static MAC address
S1(config)#mac-address-table static mac address of end device vlan 99
interface f0/1
Step 8: Verify the results.
S1#show mac-address-table
Remove the static MAC
S1(config)#no mac-address-table static mac address of end device vlan
99 interface f0/1

List the port security options.
• Explore the options for setting port security on interface Fast Ethernet
0/18.
S1# configure terminal
S1(config)#interface fastethernet 0/18
S1(config-if)#switchport port-security ?
aging Port-security aging commands
mac-address Secure mac address
maximum Max secure addresses
violation Security violation mode
<cr>
S1(config-if)#switchport port-security

Configure port security on an access port.
Configure switch port Fast Ethernet 0/18 to accept only two devices, to
learn the MAC addresses of those
devices dynamically, and to block traffic from invalid hosts if a violation
occurs.
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#switchport port-security violation protect
S1(config-if)#exit
S1#show port-security

Modify the port security settings on a port.
On interface Fast Ethernet 0/18, change the port security maximum MAC
address count to 1 and to shutdown if a violation occurs.
S1(config-if)#switchport port-security maximum 1
S1(config-if)#switchport port-security violation shutdown
Verify the results.
S1#show port-security

VLAN
• What is VLAN?
• What is the function of VLAN?
• What is the basic steps to configuration VLAN?

VLAN
Final Switch Configurations
hostname S1 // for switch one
vlan 10
name staff
vlan 20
name students
vlan 30
name guest
vlan 99
name management
interface interface range fa0/1-5
switchport trunk native vlan 99
switchport mode trunk
interface Vlan99
ip address 172.17.99.11 255.255.255.0

Switch two configuration
hostname S2
vlan 10
name staff
vlan 20
name students
vlan 30
name guest
vlan 99
name management
interface FastEthernet0/11
switchport access vlan 10
switchport mode access
interface Vlan99
ip address 172.17.99.12 255.255.255.0

Switch 3 configuration
hostname S3
vlan 10
name staff
vlan 20
name students
vlan 30
name guest
vlan 99
name management
interface Vlan99
ip address 172.17.99.13 255.255.255.0

how to communication inter-vlan it need layer 3
device so called router
R1(config)# interface g0/1.10
R1(config-subif)# encapsulation dot1Q 10
R1(config-subif)# ip address 172.17.10.1 255.255.255.0
R1(config-subif)# interface g0/1.20
R1(config-subif)# interface g0/1.30
R1(config-subif)# exit
R1(config)# interface g0/1
R1(config-if)# no shutdown

Routing
• The router is responsible for the routing of traffic between networks.
Router Functions
Routers are Computers
Routers are specialized computers containing the following required components to operate:
• Central processing unit (CPU)
• Operating system (OS) - Routers use Cisco IOS
• Memory and storage (RAM, ROM, NVRAM, Flash, hard drive)

Router…
• Routers use specialized ports and network interface cards to
interconnect to other networks. Router memory are

Router Basic Settings
Configure Router Basic Settings
• Name the device – Distinguishes it
from other routers
• Secure management access – Secures
privileged EXEC, user EXEC, and Telnet
access, and encrypts passwords .
• Configure a banner – Provides legal
notification of unauthorized access.
• Save the Configuration

Routers Choose Best Paths
• Routers use static routes and dynamic routing protocols to learn
about remote networks and build their routing tables.
• Routers use routing tables to determine the best path to send
packets.
• Routers encapsulate the packet and forward it to the interface
indicated in routing table.

Administrative Distance
• If multiple paths to a destination are configured on a router, the path installed in the routing table
is the one with the lowest Administrative Distance (AD):
o A static route with an AD of 1 is more reliable than an EIGRP-discovered route with an AD of 90.
o A directly connected route with an AD of 0 is more reliable than a static route with an AD of 1.

Static Routes
Static routes and default static routes can be implemented after directly connected interfaces are
added to the routing table:
oStatic routes are manually configured.
oThey define an explicit path between two networking devices.
oStatic routes must be manually updated if the topology changes.
oTheir benefits include improved security and control of resources.
oConfigure a static route to a specific network using the ip route network
mask {next-hop-ip | exit-intf} command.
oA default static route is used when the routing table does not contain a path
for a destination network.
oConfigure a default static route using the ip route 0.0.0.0 0.0.0.0 {exit-
intf | next-hop-ip} command.

Statically Learned Routes
Static Route Example

Static Route Example (cont.)
Entering and Verifying a Static Route

Static IPv6 Route Examples

Configuring the RIP Protocol
Router RIP Configuration Mode

Verify RIP Routing

Enable and Verify RIPv2

Disable Auto Summarization
 Similarly to RIPv1, RIPv2 automatically summarizes networks at major network
boundaries by default.
 To modify the default RIPv2 behavior of automatic summarization, use the no
auto-summary router configuration mode command.
 This command has no effect when using RIPv1.
 When automatic summarization has been disabled, RIPv2 no longer summarizes
networks to their classful address at boundary routers. RIPv2 now includes all
subnets and their appropriate masks in its routing updates.
 The show ip protocols now states that automatic network summarization is
not in effect.

Configuring Passive Interfaces
Sending out unneeded updates
on a LAN impacts the network in
three ways:
 Wasted Bandwidth
 Wasted Resources
 Security Risk

Propagate a Default Route

Parts of an IPv4 Route Entry
Routing Table Entries

Directly Connected Entries

Remote Network Entries

Dynamically Learned IPv4 Routes
Level 1 Route

Open Shortest Path First(OSPF) routing protocol
Objectives of this lab
• OSPF Characteristics
• Explain how single-area OSPF operates.
• Single-Area OSPFv2
• Implement single-area OSPFv2.
• Single-Area OSPFv3
• Implement single-area OSPFv3.

OSPF Characteristics
• OSPF
• Version 2 (OSPFv2) is available for IPv4 while OSPF version 3
(OSPFv3) is available for IPv6.
• 3 Main Components
• Data Structures, Routing Protocol Messages, and Algorithm
• Achieving Convergence:
• Establish Neighbor Adjacencies
• Exchange Link-State Advertisements
• Build the Topology Table
• OSPF can be implemented in
one of two ways:
• Single-Area OSPF
• Multi-area OSPF

OSPF Messages
• OSPFv2 messages contain:
• LSP Types:
• Type 1: Hello packet
• Type 2: Database Description (DBD) packet
• Type 3: Link-State Request (LSR) packet
• Type 4: Link-State Update (LSU) packet
• Type 5: Link-State Acknowledgment (LSAck) packet

OSPF Messages (Cont.)
• Hello Packets are used to:
• Discover OSPF neighbors and establish neighbor
adjacencies.
• Advertise parameters on which two routers must agree
to become neighbors.
• Elect the Designated Router (DR) and Backup Designated
Router (BDR) on multi-access networks like Ethernet and
Frame Relay.
• OSPF Hello packets are transmitted to multicast address
224.0.0.5 in IPv4 and FF02::5 in IPv6

OSPF Operation
• OSPF progresses through several states while attempting to
reach convergence
• Down state, Init state, Two-Way state, ExStart state,
Exchange state, Loading state, and Full state
• Establishing Adjacencies
• When a neighboring OSPF-enabled router receives a Hello
packet with a router ID that is not within its neighbor list,
the receiving router attempts to establish an adjacency
with the initiating router.
• OSPF DR and BDR
• On multiaccess networks, OSPF elects a DR to be the
collection and distribution point for LSAs sent and received.
A BDR is also elected in case the DR fails.
• After the Two-Way state, routers transition to database
synchronization states.

Single-Area OSPFv2
OSPF Router ID
• Enabling OSPFv2
• OSPFv2 is enabled using
the router ospf process-id
global configuration mode
command.
• The process-id value
represents a number between
1 and 65,535 and is selected by
the network administrator.
• The process-id value is locally
significant, which means that it
does not have to be the same
value on the other OSPF
routers to establish adjacencies
with those neighbors.

Single-Area OSPFv2
OSPF Router ID (Cont.)
• Router ID
• The router ID is used by the OSPF-enabled router to uniquely
identify the router and participate in the election of the DR
• Router ID based on one of three criteria
• Explicitly configured using the OSPF router-id rid command
• Router chooses the highest IPv4 address of any of configured
loopback interfaces
• If no loopback interfaces are configured, then the router chooses
the highest active IPv4 address of any of its physical interfaces
• Clearing the OSPF process is the preferred method to reset the
router ID.
• Note: The router ID looks like an IPv4 address, but it is not
routable and, therefore, is not included in the routing table, unless
the OSPF routing process chooses an interface (physical or
loopback) that is appropriately defined by a network command.

Single-Area OSPFv2
Configure Single-Area OSPFv2
• Enabling OSPF
• Any interfaces on a router that match the network
address in the network command are enabled to send
and receive OSPF packets.
• Wildcard Mask
• In a wildcard mask, binary 0 is equal to a match and
binary 1 is not a match.

Single-Area OSPFv2
Configure Single-Area OSPFv2 (Cont.)
• The network Command
• OSPFv2 can be enabled using the network intf-ip-
address 0.0.0.0 area area-id router configuration mode command.
• The advantage of specifying the interface is that the wildcard mask
calculation is not necessary.
• Unneeded OSPFv2 messages affect the network:
• Inefficient use of bandwidth, inefficient use of resources, and
increased security risk
• Configure passive interfaces
• Use the passive-interface router configuration mode command to
prevent the transmission of routing messages through a router
interface, but still allow that network to be advertised to other
routers.
• A neighbor adjacency cannot be formed over a passive interface.

Single-Area OSPFv2
OSPF Cost
• OSPF Metric = Cost
• The cost of an interface is inversely proportional to the
bandwidth of the interface.
• Cost = reference bandwidth / interface bandwidth
• The cost of an OSPF route is
the accumulated value from one
router to the destination network.
• To adjust the reference
bandwidth, use the auto-cost
reference-bandwidth Mb/s
router configuration command.

Single-Area OSPFv2
OSPF Cost (Cont.)
• Default Interface Bandwidths
• As with reference bandwidth, interface bandwidth values do
not actually affect the speed or capacity of the link.
• Use the show interfaces command to view the interface
bandwidth setting.
• Adjust Interface Bandwidth
• To adjust the interface bandwidth use the
bandwidth kilobits interface configuration command.
• Use the no bandwidth command to restore the default value.
• Set OSPF Cost Manually
• The cost can be manually configured on an interface using
the ip ospf cost value interface configuration command.

Single-Area OSPFv2
Verify OSPF
• Verify OSPF Neighbors
• Use the show ip ospf neighbor command to verify that the
router has formed an adjacency with its neighboring routers.
• Verify OSPF Protocol
Settings
• The show ip protocols
command is a quick way to
verify vital OSPF configuration
information.
• Verify OSPF Process
Information
• The show ip ospf command
can also be used to examine
the OSPFv2 process ID and
router ID

Single-Area OSPFv2
Verify OSPF (Cont.)
• Verify OSPF Interface Settings
• The quickest way to verify OSPFv2 interface settings is
to use the show ip ospf interface command.
• To get a summary of OSPFv2-enabled interfaces, use
the show ip ospf interface brief command.

Single-Area OSPFv3
OSPFv2 vs. OSPFv3
• OSPFv3
• Similar to its IPv4
counterpart, OSPFv3
exchanges routing
information to
populate the IPv6
routing table with
remote prefixes
• Packets with a source
or destination link-
local address cannot
be routed beyond the
link from where the
packet originated.

Single-Area OSPFv3
OSPFv2 vs. OSPFv3 (Cont.)
• Link-Local Addresses
• Link-local addresses are automatically created when an IPv6 global
unicast address is assigned to the interface.
• Assigning Link-Local Addresses
• Link-local addresses can be configured manually using the same
interface command used to create IPv6 global unicast addresses,
but appending the link-local keyword to the ipv6
address command.
• Configuring the OSPFv3 Router ID
• OSPFv3 requires a 32-bit router ID to be assigned before OSPF can
be enabled on an interface.
• The router-id rid command is used to assign a router ID in OSPFv3.
• Clearing the OSPF process is the preferred method to reset the
router ID.

Single-Area OSPFv3
Configuring OSPFv3
• Enabling OSPFv3 on Interfaces
• To enable OSPFv3 on an interface, use the ipv6
ospf process-id area area-id interface configuration mode
command.

Single-Area OSPFv3
Verify OSPFv3
• Verify OSPFv3 Neighbors
• Use the show ipv6 ospf neighbor command to verify that the
router has formed an adjacency with its neighboring routers.
• Verify OSPFv3 Protocol Settings
• The show ipv6 protocols command is a quick way to verify
vital OSPFv3 configuration information, including the OSPFv3
process ID, the router ID, and the interfaces enabled for
OSPFv3.
• Verify OSPFv3 Interfaces
• The quickest way to verify OSPFv3 interface settings is to use
the show ipv6 ospf interface command.
• To retrieve and view a summary of OSPFv3-enabled
interfaces on R1, use the show ipv6 ospf interface
brief command

Single-Area OSPFv3
Verify OSPFv3 (Cont.)
• Verify the IPv6 Routing Table
• The show ipv6 route ospf command provides specifics
about OSPFv3 routes in the routing table.

Topology to enable OSPF routing protocol

Summary OSPF IPv4 commands
Router 1
R1(config)# router ospf 1
R1(config-router)# network 192.168.1.0 0.0.0.63 area 0
R1(config-router)# network 192.168.1.76.0 0.0.0.3 area 0
R1(config-router)# passive-interface g0/0

Router 2

Router 3

Router 4
R4(config-router)# default-information originate
R4(config-router)#exit
R4(config)# ip route 0.0.0.0 0.0.0.0 g0/0

Router 5
R5(config)# Ip route 192.168.1.0 255.255.255.0 g0/0
R5(config)# do wr

Summary OSPF IPv6 commands
Router 1
R1(config)# ipv unicast-routing
R1(config)#ipv6 router ospf 1
R1(config-rtr)#router-id 1.1.1.1
R1(config)# interface g0/0
R1(config-if)# ipv6 ospf 1 area 0
R1(config-if)# interface s0/0/0

Router 2

Router 3

Router 4
R4(config-if)# ipv6 router ospf 1
R4(config-if)# default-information originate
R4(config-if)# exit
R4(config)# ipv6 route ::/0 2001:db8:acad:a:5000::2

Router 5
R5(config)# ipv route 2001:db8:acad:a::/64 2001:db8:acad:a:5000::1

EIGRP
• Features of EIGRP
• Uses the Diffusing Update Algorithm (DUAL) to calculate paths and back-up paths.
• Establishes Neighbor Adjacencies.
• Uses the Reliable Transport Protocol to provide delivery of EIGRP packets to neighbors.
• Partial and Bounded Updates. Sends updates only when there is a change and only to the
routers that need the information.
• Supports Equal and Unequal Cost Load Balancing.
• Protocol Dependent Modules – responsible for network layer protocol-specific tasks
• Sends and receives EIGRP packets that are encapsulated in IPv4
• Parses EIGRP packets and informs DUAL of the new information and DUAL makes routing
decisions. The results are stored in the IPv4 routing table.

EIGRP Characteristics
EIGRP Packet Types
 EIGRP Hello Packets
 Are sent as multicasts and uses RTP for unreliable delivery
 Used to form and maintain EIGRP neighbor adjacencies
 EIGRP Update and Acknowledgment Packets
 Update packets propagate updated routing information when necessary to the
routers that require the information using RTP
 Acknowledgment packets are send to acknowledge the update was received.
 EIGRP Query and Reply Packets
 Searches for networks
 Uses reliable delivery
 Queries are multicast or unicast. Replies are always unicast.

Implement EIGRP for IPv4
Verify EIGRP with IPv4
• The show commands are useful in verifying EIGRP operations
and for debugging and troubleshooting purposes.
• show ip eigrp neighbors command
• View the neighbor table
• Verify neighbor adjacencies have been established
• show ip protocols Command
• Identify the parameters and other information about the
current state of any active IPv4 routing protocol processes
configured on the router
• What information can you get from this show command?
• show ip route
• Verify the routes are installed in the IPv4 routing table as
expected
• Check for convergence

Configure EIGRP with IPv4 (Cont.)
• The network command and Wildcard Mask
• network network-address [wildcard-mask]
• Wildcard mask is the inverse of a subnet mask
• To calculate the wildcard mask:
• 255.255.255.255
• - 255.255.255.252 Subnet mask
• -----------------
• 0. 0. 0. 3 Wildcard mask
• Passive Interface - prevent the
neighbor adjacencies
• Suppress unnecessary update traffic
• Increase security controls
• passive-interface interface-type interface-number

EIGRP Operation
EIGRP Initial Route Discovery
• Can you describe the initial route discovery process?

Topology to enable EIGRP routing protocol

EIGRP Routing IPv4 commands
Router 1
R1(config)# router eirp 10
R1(config-router)# network 192.168.1.0 0.0.0.63

Router 2

Router 3

Router 4
R4(config-router)# default-information originate
R4(config-router)#exit
R4(config)# ip route 0.0.0.0 0.0.0.0 g0/0

Configure EIGRP metrics
R4 router:
R4(config)#interface s0/0/0
R4(config-if)#bandwidth 64
R4(config)#interface s0/0/1
R4(config-if)#bandwidth 1024
• Note: The bandwidth command only modifies the bandwidth metric
used by routing protocols, not the physical bandwidth of the link.

DHCPv4 Operation
Introducing DHCPv4
 DHCPv4:
 assigns IPv4 addresses and other network configuration information dynamically
 useful and timesaving tool for network administrators
 dynamically assigns, or leases, an IPv4 address from a pool of addresses
 A Cisco router can be configured to provide DHCPv4 services.
 Administrators configure DHCPv4 servers so that leases expire. Then the
client must ask for another address, although the client is typically
reassigned the same address.

DHCPv4 Operation
DHCPv4 Operation

DHCPv4 Operation
DHCPv4 Operation (cont.)

Configure DHCPv4 Server
Configure a Basic DHCPv4 Server
A Cisco router running the Cisco IOS software can be configured to act as a DHCPv4 server. To set up DHCP:
1. Exclude addresses from the pool.
2. Set up the DHCP pool name.
3. Define the range of addresses and subnet mask. Use the default-router
command for the default gateway. Optional parameters that can be included in the
pool – dns server, domain-name.
To disable DHCP, use the no service dhcp command.
•

Configure DHCPv4 Server
Verifying DHCPv4
 Commands to verify DHCP:
show running-config | section dhcp
show ip dhcp binding
show ip dhcp server statistics
 On the PC, issue the ipconfig /all command.

DHCP wired network configuration

How to enable DHCP wired network
configuration
ip dhcp exclude-address 192.168.10.1 192.168.10.9
ip dhcp exclude-address 192.168.10.254
ip dhcp pool LAN-POOL-1
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.11.5
end

DHCP wireless network configuration

How to enable DHCP wireless network
configuration
ip dhcp exclude-address 192.168.10.1 192.168.10.9
ip dhcp exclude-address 192.168.10.254
ip dhcp pool LAN-POOL-1
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.11.5
end

NAT Operation
NAT Characteristics
• IPv4 Private Address Space
• 10.0.0.0 /8, 172.16.0.0 /12, and 192.168.0.0 /16
• What is NAT?
• Process to translate private IPv4 address to IPv4 public address
• Conserve public IPv4 addresses
• Configured at the border router for translation
• NAT includes four types of addresses:
Inside local address
Inside global address
Outside local address
Outside global address

NAT Operation
Types of NAT
• Static NAT
• One-to-one mapping of local and global
addresses
• Configured by the network administrator
and remain constant.
• Dynamic NAT
• Uses a pool of public addresses and assigns
them on a first-come, first-served basis
• Requires that enough public addresses for
the total number of simultaneous user
sessions
• Port Address Translation (PAT)
• Maps multiple private IPv4 addresses to a
single public IPv4 address or a few
addresses
• Also known as NAT overload
• Validates that the incoming packets were
requested
• Uses port numbers to forward the response
packets to the correct internal device

NAT Operation
NAT Advantages
• Advantages of NAT
• Conserves the legally registered addressing scheme
• Increases the flexibility of connections to the public network
• Provides consistency for internal network addressing schemes
• Provides network security
• Disadvantages of NAT
• Performance is degraded
• End-to-end functionality is degraded
• End-to-end IP traceability is lost
• Tunneling is more complicated
• Initiating TCP connections can be disrupted

Configure static routing.
A. Create a static route from the ISP router to the Gateway router using
the assigned public network address range 209.165.200.224/27.
ISP(config)# ip route 209.165.200.224 255.255.255.224 209.165.201.18
B. Create a default route from the Gateway router to the ISP router.
Gateway(config)# ip route 0.0.0.0 0.0.0.0 209.165.201.17

Cont..
• Step 1: Configure a static mapping.
• A static map is configured to tell the router to translate between the
private inside server address 192.168.1.20 and the public address
209.165.200.225. This allows a user from the Internet to access PC-A.
Gateway(config)# ip nat inside source static 192.168.1.20 209.165.200.225
Step 2: Specify the interfaces.
• Issue the ip nat inside and ip nat outside commands to the interfaces.
Gateway(config)# interface g0/1
Gateway(config-if)# ip nat inside
Gateway(config-if)# interface s0/0/1
Gateway(config-if)# ip nat outside

Cont…
Test the configuration.
A. Display the static NAT table by issuing the show ip nat translations
command.
Gateway# show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 209.165.200.225 192.168.1.20 --- ---

Cont…
B. From PC-A, ping the Lo0 interface (192.31.7.1) on ISP. If the ping was
unsuccessful, troubleshoot and correct the issues. On the Gateway router,
display the NAT table.
Gateway# show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 209.165.200.225:1 192.168.1.20:1 192.31.7.1:1 192.31.7.1:1
--- 209.165.200.225 192.168.1.20 --- ---
A NAT entry was added to the table with ICMP listed as the protocol when PC-A
sent an ICMP request (ping) to 192.31.7.1 on ISP.

Analyzing Static NAT
• Verifying Static NAT
show ip nat translations
show ip nat statistics
clear ip nat statistics

lab manual.pptx

Recommended

Recommended

More Related Content

Similar to lab manual.pptx

Similar to lab manual.pptx (20)

Recently uploaded

Recently uploaded (20)

lab manual.pptx