1 Pertemuan 26 Integrating Network using Routing Protocol.

Slides:



Advertisements
Similar presentations
Distance Vector Routing Protocols
Advertisements

Access Control List (ACL)
Route Optimisation RD-CSY3021.
11: IPv6 Routing Table and Static Routes
Chapter 7 RIP version 2.
IP Routing Static Routing Information management 2 Groep T Leuven – Information department 2/14 The Router Router Interface is a physical.
RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Routing Protocols and Concepts – Chapter 7 Sandra Coleman, CCNA, CCAI
Copyright 2002 Year 2 - Chapter 5/Cisco 3 - Module 5 Routing Protocols: IGRP By Carl Marandola.
Understanding The Routing Table
WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
Routing and Routing Protocols
Instructor & Todd Lammle
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
Chapter 22 Network Layer: Delivery, Forwarding, and Routing.
Ch. 11 – Access Control Lists
Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—5-1 WAN Connections Enabling Static Routing.
CISCO NETWORKING ACADEMY Chabot College ELEC IP Routing Protocol Highlights.
Dynamic Routing Protocols  Function(s) of Dynamic Routing Protocols: – Dynamically share information between routers (Discover remote networks). – Automatically.
Routing/Routed Protocols. Remember: A Routed Protocol – defines logical addressing. Most notable example on the test – IP A Routing Protocol – fills the.
1 Routing Protocols and Configuration Instructor: Te-Lung Liu Program Associate Researcher NCHC, South Region Office.
Advantages of Dynamic Routing over Static Routing : Advertise only the directly connected networks. Updates the topology changes dynamically. Administrative.
Lecture Week 7 RIPv2 Routing Protocols and Concepts.
Ch. 9 – Basic Router Troubleshooting CCNA 2 version 3.0 Rick Graziani Cabrillo College.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Access Control Lists (ACLs)
Access Control List (ACL) W.lilakiatsakun. ACL Fundamental ► Introduction to ACLs ► How ACLs work ► Creating ACLs ► The function of a wildcard mask.
Open standard protocol Successor of RIP Classless routing protocol Uses Shortest Path First (SPF) Algorithm Updates are sent through Multicast IP address.
Ch. 11 – Access Control Lists CCNA 2 version 3.0.
E /24 LAN /24LAN – / /8 S0 S /8 Head Office Branch Office E /16.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Introduction to Routing and Packet Forwarding Routing Protocols and.
Ch. 16\Mod.7 – Distance Vector Routing Protocols Part 1 of 2: Distance Vector Routing and RIP CCNA 1 version 3.0.
© 2002, Cisco Systems, Inc. All rights reserved..
© 2002, Cisco Systems, Inc. All rights reserved. 1 Determining IP Routes.
Access-Lists Securing Your Router and Protecting Your Network.
Configuring a Router. Router user interface The Cisco IOS software uses a command-line interface (CLI) as the traditional console environment. This environment.
Access Control List ACL’s 5/26/ What Is an ACL? An ACL is a sequential collection of permit or deny statements that apply to addresses or upper-layer.
Ch. 5 – Access Control Lists. Part 1: ACL Fundamentals.
© 2002, Cisco Systems, Inc. All rights reserved. 1 Routing Overview.
Cisco proprietary protocol Classless routing protocol Metric (32 bit) : Composite Metric (BW + Delay) by default. Administrative distance is 90 Updates.
Routing and Routing Protocols
1 Identifying Static and Dynamic Routes Static Route Uses a route that a network administrator enters into the router manually Dynamic Route Uses a route.
Chapter 8 The Routing Table: A Closer Look CIS 82 Routing Protocols and Concepts Rick Graziani Cabrillo College Last Updated: 4/14/2008.
1 Version 3.1 Module 6 Routed & Routing Protocols.
 RIP — A distance vector interior routing protocol  IGRP — The Cisco distance vector interior routing protocol (not used nowadays)  OSPF — A link-state.
Access Control Lists Mark Clements. 17 March 2009ITCN 2 This Week – Access Control Lists What are ACLs? What are they for? How do they work? Standard.
1 Pertemuan 24 Access Control List Fundamentals. Discussion Topics Introduction ACLs How ACLs work Creating ACLs The function of a wildcard mask Verifying.
Chapter 5 RIP version 1 CIS 82 Routing Protocols and Concepts Rick Graziani Cabrillo College Last Updated: 3/10/2008.
Ch. 5 – Access Control Lists. Part 1: ACL Fundamentals.
1 Pertemuan 25 Access Control Lists (ACLs). Discussion Topics Standard ACLs Extended ACLs Named ACLs Placing ACLs Firewalls Restricting virtual terminal.
ROUTING AND ROUTING TABLES 2 nd semester
Routing Chapter 7.
Cisco Routers Routers collectively provide the main feature of the network layer—the capability to forward packets end-to-end through a network. routers.
Year 2 - Chapter 5/Cisco 3 - Module 5 Routing Protocols: IGRP.
RIP v1– Routing Information Protocol RIP Versions –RIP v1 (original version, Doyle ch 5) –RIP v2 (improved version, Doyle ch 7) Simple distance-vector.
NetWork Training Center
STATIC ROUTING.
Routing and routing tables
Managing IP Traffic with ACLs
Chapter 8 The Routing Table: A Closer Look
Routing Information Protocol
Routing and routing tables
CIS 185 CCNP ROUTE Ch. 4 Manipulating Routing Updates Part 2 – Controlling Routing Updates Rick Graziani Cabrillo College Last Updated:
Enabling Static Routing
Chapter 5 RIP version 1 CIS 82 Routing Protocols and Concepts
Chapter 2: Static Routing
Routing Information Protocol
CIT 384: Network Administration
Presentation transcript:

1 Pertemuan 26 Integrating Network using Routing Protocol

Discussion Topics Configuring network using dynamic routing protocol Configuring ACLs Network troubleshooting 2 Ref : Rick Graziani

3 SanJose2 hostname SanJose2 interface ethernet 0 ip add interface serial 0 ip add SanJose1 hostname SanJose1 interface ethernet 0 ip add interface serial 0 ip add interface serial 1 ip add Baypointe hostname Baypointe interface ethernet 0 ip add interface serial 0 ip add Running RIPv1 on classful networks

4 Objective: Running RIPv1 on classful networks This scenario is the same one we used in the network discovery lab, with the same configurations and the same outputs. The concepts specific to this scenario will become more clear when we view the differences between this scenario and Scenario 2: Running RIPv1 on subnets and between classful networks. Step 1 – Configuring RIP First, lets enable RIP on each router. From global configuration you will enter the command (the default is RIPv1): Router(config)#router rip Once you are in the Router RIP configuration sub-mode, all you need to do is enter the classful network address for each directly connected network, using the network command. Router(config-router)#network directly-connected-classful-network- address Scenario 1: Running RIPv1 on classful networks

5 Here are the commands for each router: SanJose2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SanJose2(config)#router rip SanJose2(config-router)#network SanJose2(config-router)#network Baypointe#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Baypointe(config)#router rip Baypointe(config-router)#network Baypointe(config-router)#network SanJose1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SanJose1(config)#router rip SanJose1(config-router)#network SanJose1(config-router)#network SanJose1(config-router)#network Scenario 1: Running RIPv1 on classful networks

Rick Graziani 6 Step 2 – Understanding the network command SENDING RIP MESSAGES Each router will begin to send RIP update message out each interface belonging to one of the network statements. SanJose2(config)#router rip SanJose2(config-router)#network SanJose2(config-router)#network For example, SanJose2 to will send out RIP update messages on Ethernet 0 because that interface has an IP address that belong to the network , and on Serial 0 because that interface has an IP address that belongs to the network Just because a router has a directly connected network does not mean it will automatically include that network in its routing updates to neighboring routers. The network command also tells the RIP to include these networks in its updates to adjacent neighbors. To view the RIP messages being sent and received use the debug ip rip command. SanJose2# debug ip rip RIP protocol debugging is on SanJose2 01:03:27: RIP: sending v1 update to via Ethernet0 ( ) 01:03:27: network , metric 1 01:03:27: RIP: sending v1 update to via Serial0 ( ) 01:03:27: network , metric 1

7 LISTENING FOR RIP MESSAGES Routers will also listen for RIP messages on each interface belonging to one of the network statements. For example, SanJose2 to will listen for RIP update messages on Ethernet 0 because that interface has an IP address that belong to the network , and also listen for RIP update messages on Serial 0 because that interface has an IP address that belongs to the network As RIP messages are received router, will add those networks in the messages to their routing tables: If the RIP message contains a network not currently in the routing table. If the RIP message contains a network with a better metric (fewer hops) than an entry currently in the routing table. SanJose2 01:10:56: RIP: received v1 update from on Serial0 01:10:56: in 1 hops 01:10:56: in 1 hops Scenario 1: Running RIPv1 on classful networks

8 Step 3 – Viewing the debug ip rip output and the routing tables Remember that SanJose1 will learn routes to networks from SanJose2. It will then send that information to Baypointe, telling Baypointe that it is the next hop to get to those networks, and incrementing the metric (hop count) by one. After convergence, each router will continue to send its RIP update messages out the appropriate interfaces every 30 seconds. Lets look at the debug messages and the routing table for each router: Scenario 1: Running RIPv1 on classful networks

Rick Graziani 9 SanJose2 01:30:45: RIP: sending v1 update to via Ethernet0 ( ) 01:30:45: network , metric 2 01:30:45: network , metric 3 01:30:45: network , metric 1 01:30:45: network , metric 2 01:30:45: RIP: sending v1 update to via Serial0 ( ) 01:30:45: network , metric 1 SanJose2# 01:30:50: RIP: received v1 update from on Serial0 01:30:50: in 1 hops 01:30:50: in 2 hops 01:30:50: in 1 hops SanJose2# SanJose2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set R /24 [120/1] via , 00:00:10, Serial0 R /24 [120/2] via , 00:00:10, Serial0 C /24 is directly connected, Ethernet0 C /24 is directly connected, Serial0 R /24 [120/1] via , 00:00:10, Serial0 SanJose2#

Rick Graziani 10 SanJose1 01:33:05: RIP: received v1 update from on Serial1 01:33:05: in 1 hops SanJose1# 01:33:07: RIP: received v1 update from on Serial0 01:33:07: in 1 hops 01:33:08: RIP: sending v1 update to via Ethernet0 ( ) 01:33:08: network , metric 1 01:33:08: network , metric 2 01:33:08: network , metric 2 01:33:08: network , metric 1 01:33:08: RIP: sending v1 update to via Serial0 ( ) 01:33:08: network , metric 1 01:33:08: network , metric 2 01:33:08: network , metric 1 01:33:08: RIP: sending v1 update to via Serial1 ( ) 01:33:08: network , metric 2 01:33:08: network , metric 1 01:33:08: network , metric 1 SanJose1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP Gateway of last resort is not set C /24 is directly connected, Serial1 R /24 [120/1] via , 00:00:12, Serial1 R /24 [120/1] via , 00:00:10, Serial0 C /24 is directly connected, Serial0 C /24 is directly connected, Ethernet0

Rick Graziani 11 Baypointe 01:34:53: RIP: sending v1 update to via Ethernet0 ( ) 01:34:53: network , metric 1 01:34:53: network , metric 3 01:34:53: network , metric 2 01:34:53: network , metric 2 01:34:53: RIP: sending v1 update to via Serial0 ( ) 01:34:53: network , metric 1 Baypointe# 01:34:56: RIP: received v1 update from on Serial0 01:34:56: in 2 hops 01:34:56: in 1 hops 01:34:56: in 1 hops Baypointe#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set C /24 is directly connected, Serial0 C /24 is directly connected, Ethernet0 R /24 [120/2] via , 00:00:23, Serial0 R /24 [120/1] via , 00:00:23, Serial0 R /24 [120/1] via , 00:00:23, Serial0

12 NOTE: At this point all routers should be able to ping all networks. We will discuss RIP much more in the chapter on Routing Protocols (RIP). Step 4 – Turning-off debug Don’t forget to turn-off debug when you are done collecting the output. Router# undebug all or Baypointe# undebug ip rip Step 5 – Reflections For each router compare the RIP received messages with its routing table. Now you see how the information is entered into the routing table. Cisco IOS uses split horizon with poison reverse, however this information is not displayed with debug ip rip command. You will notice that the routers send RIP messages out their stub Ethernet interfaces, even though there are no routers out there to receive those messages. This does take up unnecessary bandwidth on the link; so later we will see how to keep those RIP messages from going out those interfaces. Scenario 1: Running RIPv1 on classful networks

13 ACL Example Task: –Deny only the host from exiting the Sales network. –Permit all other hosts on the Sales network to leave the /24 network. Keyword “any” can be used to represent all IP Addresses.

14 ACL Example RouterB(config)#access-list 10 deny RouterB(config)#access-list 10 permit any Implicit “deny any” -do not need to add this, discussed later RouterB(config)#access-list 10 deny RouterB(config)# interface e 0 RouterB(config-if)# ip access-group 10 in Order matters! What if these two statements were reversed? Does the implicit deny any ever get a match? No, the permit any will cover all other packets.

15 ACL Example RouterB(config)#access-list 10 permit any RouterB(config)#access-list 10 deny Implicit “deny any” -do not need to add this, discussed later RouterB(config)#access-list 10 deny RouterB(config)# interface e 0 RouterB(config-if)# ip access-group 10 in Order matters! In this case all packets would be permitted, because all packets would match the first access list statement. Once a condition is met, all other statements are ignored. The second access list statement and the implicit deny any would never be used. This would not do what we want.

16 Note on inbound access lists When an access lists applied to an inbound interface, the packets are checked against the access list before any routing table lookup process occurs. We will see how outbound access list work in a moment, but they are applied after the forwarding decision is made, after the routing table lookup process takes place and an exit interface is determined. Once a packet is denied by an ACL, the router sends an ICMP “Destination Unreachable” message, with the code value set to “Administratively Prohibited” to the source of the packet. RouterB(config)#access-list 10 deny RouterB(config)#access-list 10 permit any Implicit “deny any” (do not need to add this, discussed later): RouterB(config)#access-list 10 deny RouterB(config)# interface e 0 RouterB(config-if)# ip access-group 10 in

17 Notes from Traffic coming into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router keeps looking until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an "implied deny" for traffic that is not permitted. A single-entry ACL with only one "deny" entry has the effect of denying all traffic. You must have at least one "permit" statement in an ACL or all traffic will be blocked. access-list 10 permit access-list 10 deny ip any (implicit)

18 Time for Wildcard Masks! A wildcard mask address: Tells how much of the packet’s source IP address (or destination IP address) needs to match for this condition to be true.

19 Time for Wildcard Masks! A wildcard mask is a 32-bit quantity that is divided into four octets. A wildcard mask is paired with an IP address. The numbers one and zero in the mask are used to identify how to treat the corresponding IP address bits. The term wildcard masking is a nickname for the ACL mask-bit matching process and comes from of an analogy of a wildcard that matches any other card in the game of poker. Wildcard masks have no functional relationship with subnet masks. –They are used for different purposes and follow different rules. Subnet masks start from the left side of an IP address and work towards the right to extend the network field by borrowing bits from the host field. Wildcard masks are designed to filter individual or groups of IP addresses permitting or denying access to resources based on the address.

20 Wildcard Masks! “Trying to figure out how wildcard masks work by relating them to subnet masking will only confuse the entire matter. The only similarity between a wildcard mask and a subnet mask is that they are both thirty-two bits long and use ones and zeros for the mask.” This is not entirely true. Although it is very important that you understand how a wildcard mask works, it can also be thought as an inverse subnet mask.

21 Wildcard Masks! Wildcard masking used to identify how to treat the corresponding IP address bits. –0 - “check the corresponding bit value.” –1 - “do not check (ignore) that corresponding bit value.” A zero in a bit position of the access list mask indicates that the corresponding bit in the address must be checked and must match for condition to be true. A one in a bit position of the access list mask indicates the corresponding bit in the address is not “interesting”, does not need to match, and can be ignored any value.any value A Match… Matching packets will look like this… Test Condition The packet Test Conditon

22 Wildcard Masks! –0 - “check the corresponding bit value.” –1 - “do not check (ignore) that corresponding bit value.” any value.any value A Match… Must MatchNo Match Necessary Resulting in the bits that must match or doesn’t matter. Matching packets will look like this. Test Condition Test Conditon The packet

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.