Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bevezetés a Cisco routerek konfigurálásába. Fodor Éva

Similar presentations


Presentation on theme: "Bevezetés a Cisco routerek konfigurálásába. Fodor Éva"— Presentation transcript:

1 Bevezetés a Cisco routerek konfigurálásába

2 Fodor Éva E-mail: eva.fodor@synergon.hu

3 Tematika I. n A 7 rétegű OSI modell n Az alkalmazási és a felsõbb rétegek n A fizikai és adatkapcsolati réteg n A hálózati réteg és az útvonal-meghatározás n A routerek felhasználói intefésze

4 Tematika II. n Routing alapok n A router kiindulási konfigurációja n Konfigurálási módszerek és módok n A Cisco IOS szoftver betöltésének módjai

5 Tematika III. n TCP/IP áttekintés n IP címek beállítása n Soros vonali alapok n IP routing beállítása n Szűrőlisták használata

6 Tematika IV. n Queuing technikák n Scalable Routing Protocol áttekintés n Frame Relay alapok

7 The Internetworking model The Layered Model

8 Why a Layered Network Model? n Reduces complexity n Standardizes interfaces n Facilitates modular engineering n Ensure interoperable technology n Accelerates evolution n Simplifies teaching and learning Application Presentation Session Transport Network Data Link Physical 76543217654321

9 Layer Functions Network processes to applications Data representation Interhost communication End-to-end connections Addresses and best path Access to media Binary transmission Application Presentation Session Transport Network Data Link Physical 76543217654321

10 Peer-to-Peer Communication Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical bits HOST AHOST B segments packets frames

11 Data Encapsulation Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical Network Header Frame Header Frame Trailer DATA 0101101010110001

12 Data Encapsulation Example Segment Header DATA Network Header DATA Network Header Frame Header DATA Frame Trailer Segment Header DATA Segment Header 0111111010101100010101101010110001 Segment E-mail message Data Packet Frame Bits (Medium dependent)

13 Remaining Chapter Sequence Application Presentation Session transport Network Data Link Physical 76543217654321 Network Applications End-to-end services Routing Data Transmission

14 Summary n The OSI reference model organizes network functions into seven categories called layers n Data flows from upper-level user applications to lower- level bits transmitted over network media n Peer-to-Peer functions use encapsulation and de- encapsulation at layer interfaces n Most network manager task configure the lower three layers

15 Application and Upper Layers

16 Objectives n Upon complention of this chapter, you will be able to: –Name and describe computer, network, and internetwork applications –Describe the OSI presentation functions and identify common standards –Describe the OSI session functions and identify common standards –Describe the OSI transport functions for end-to-end network services –Identify common processes for establishing connections, flow control, and windowing

17 Application, Presentation and Session Layers

18 Application Layer COMPUTER APPLICATIONS Word processing Presentation Graphics Spreadsheet Database Design/Manufacturing Project Planning Others NETWORK APPLICATIONS Electronic Mail File transfer Remote Access Client/Server Process Information Location Network Management Others n Selects network application to support user’s application

19 Application Layer (cont.) INTERNETWORK APPLICATIONS Electronic Data Interchange World Wide Web E-Mail Gateways Special-Interest Bulletin Boards Financial Transaction Services Internet Navigation Utilities Conferencing (Video, Voice, Data) Others NETWORK APPLICATIONS Electronic Mail File transfer Remote Access Client/Server Process Information Location Network Management Others Internetwork applications can extend beyond the enterprise

20 Presentation Layer Text Data ASCII EBCDIC Encrypted Sound Video MIDI MPEG QuickTime Sound Video MIDI MPEG QuickTime Graphics Visual Images PICT TIFF JPEG GIF Graphics Visual Images PICT TIFF JPEG GIF Provides code formatting and conversion for applications

21 Session Layer n Network File System (NFS) n Structured Query Language (SQL) n X Window System n AppleTalk Session Protocol (ASP) n DNA Session Control Protocol (SCP) Service Request Service Reply Coordinates applications as they interact on different hosts

22 Transport Layer

23 Transport Layer Overview n Segments upper-layer applications n Establishes an end-to-end connection n Sends segments from one end host to another n Optionally, ensures data reliability

24 Segment Upper-Layer Applications Application Presentation Session Transport File Transfer File Transfer Terminal Session Terminal Session Electronic Mail Application Data Application Data port port Segments Transport segments share traffic stream

25 Establishes Connection SENDER RECEIVER Synchronize Negotiate Connection Synchronize Acknowledge Connection Established Data Transfer (Send Segments)

26 Sends Segments with Flow Control SENDER RECEIVER Transmit Buffer Full Process Segments Buffer OK Buffer Full Process Segments Buffer OK Not Ready Stop Ready Go Resume Transmission

27 Reliability with Windowing SENDER RECEIVER SENDER RECEIVER Send 1 Send 2 Receive 1 Ack 2 Receive 2 Ack 3 Send 1 Send 2 Send 3 Send 4 Window size = 3 Receive 1 Receive 2 Receive 3 Ack 4

28 An Acknowledgment Technique SENDER RECEIVER 123654123654 Send 1 Send 2 Send 3 Send 4 Send 5 Send 6 Send 5 Ack 4 Ack 5 Ack 7

29 Transport to Network Layer End-to-end segments Routed packets

30 Summary n The ISO/OSI reference model describes network applications n Presentation layer formats and converts network application data to represent text, graphics, images, video, and audio n Session-layer functions coordinate communication interactions between applications n Reliable transport-layer functions include Multiplexing Connection synchronization Flow control Error recovery Reliability through windowing

31 Physical and Data Link Layers

32 Objectives n Upon completion of this chapter, you will be able to perform the following tasks: Identify and describe the data link sublayers and their functions Explain the use of MAC addresses Describe the topology and functionally of LANs Differentiate between LAN and WAN protocols Describe the characteristics of WAN based protocols

33 Physical and Data Link Layers

34 Physical and Data-link standards Data Link (frames) Physical (bits, signals, clocking) 802.2 LLC FDDIFDDI 802.5802.5 802.3802.3 EthernetEthernet Dial on Demand ISDN SDLCHDLC X.25 Link Frame Relay PPP V.24 V.35 HSSI G.703 EAI-530 EAI/TIA-232 EAI/TIA-449 LANWAN Separate physical and data link layers for LAN and WAN

35 LAN Data Link Sublayer n LLC refers upward to higher-layer software functions n MAC refers downward to lower-layer hardware functions Network Data Link Physical Media Access Control LLC MAC Logical Link Control Packet or Datagram 802.2 LLCMAC Frame

36 LLC Sublayer Functions n Enable upper layer to gain independence over LAN media access n Allow service access point (SAPs) from interface sublayers to upper-layer functions n Provide optional connection, flow control, and sequencing service

37 MAC Address n MAC address is burned into ROM on a network interface card 0000.0c12.3456 Vendor CodeSerial Number 24 bits ROM RAM

38 Finding the MAC address n An Example:TCP/IP Address Resolution Protocol (ARP) n ARP find the MAC address for a data-link connection Host Z MAC ? Host YHost Z ARP Request Broadcast Example 1: TCP/IP destination local Host Z Host Z MAC ARP Reply Host Y MAC Host Z MAC ? ARP Request BroadcastHost Z Host Y Host Z Router MAC ARP Reply Host Y MAC Example 2: TCP/IP destination not local

39 Common LAN Technologies

40 LAN Technology Overview Ethernet Token Ring FDDI

41 Ethernet and IEEE 802.s n Several framing variations exist for this common LAN technology

42 Physical Layer: Ethernet/802.3 MacPCSun 10BaseT- Twisted Pair 10Base2 - Thin Ethernet 10Base5 - Thick Ethernet HUB

43 The Ethernet/802.3 Interface n Cisco router’s data link to Ethernet/802.3 uses an interface named E plus a number (for example, E0) 0800.089c.34d50800.2006.1a56 E0

44 Ethernet/802.3 Operation ABCD Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical DB and C

45 Ethernet/802.3 Broadcast Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical

46 Ethernet Frame Variations PreambleDA SA Type Data FCS 8 6 6 2 4 Ethernet Frame PreambleDA SA Length 802.2 Header FCS 8 6 6 2 4 and Data 802.3 Frame

47 Ethernet/802.3 Reliability n Carrier sense multiple access collision detect (CSMA/CD) ABC D Collosion ABC D JAM

48 High-Speed Ethernet Options n 100BaseFX,100BaseTX n 100BaseVG AnyLAN n 1000BaseSX,1000BaseLX n 1000BaseCX

49 Token Ring and IEEE 802.5 n IBM’s Token Ring is equivalent to IEEE 802.5

50 Physical Layer: Token Ring/802.5 n Logically a ring, but physically a star configuration to MAU relays MAU Shielded or Unshielded Twisted Pair Logical Technology

51 The Token Ring/802.5 Interface n Cisco router’s data link to Token Ring/802.5 uses interface named To plus a number (for example, To0) Token Ring To0

52 Token Ring/802.5 Operation n Token Ring LANs continuously pass a token or a Token Ring frame T = 0 T = 1 T = 0 T T T Data

53 Token Ring/802.5 Media Control n Fields in a frame determine priority and reservation for sharing media Access Control Field PPriority bits TToken bit MMonitor bit RReservation bits PPPTMRRR

54 Token Ring/802.5 Active Monitor n Active monitor ensure token operation on the ring for media access T M = 1M = 0 M = 1 T Data

55 Token Ring/802.5 Reliability n Sending station receives status information in a frame A ACrrACrr Frame Status Field 00Destination not found 01Copied but not acknowledged 10Unable to copy data from frame 11Station found or frame copied to another ring by a bridge

56 Fiber Distributed Data Interface (FDDI) n Devices on FDDI maintain connectivity on dual counter-rotating rings FDDI Dual Ring 100 Mbps

57 Physical Layer: FDDI n Devices attached to FDDI use token passing DAC Dual-Homed SAS DAS

58 The FDDI Interface n Cisco router’s data link to FDDI uses an interface named F plus a number (for example, F0) FDDI Dual Ring F0

59 FDDI Dual-Ring Reliability 1. When a failure domain occurs... 2. … wrap primary and secondary rings... 3. … maintaining network integrity

60 Common WAN Technologies

61 WAN Technology Overview SDLC HDLC LAPB PPP X.25 Frame Relay ISDN

62 Physical Layer: WAN EIA/TIA-232 V.35 X.21 HSSI others DTEDCE (Modem) Data Terminal Equipment End of the user’s device on the WAN link Data Circuit-Terminal Equipment End of the WAN provider’s side of the communication facility DTE to DCE Interface Standards

63 Data Link Layer: WAN protocols n SDLC - Synchronous Data Link Control n HDLC - High-Level Data Link Control n LAPB - Link Access Procedure Balanced n Frame Relay - Simplified version of HDLC framing n PPP - Point-to-Point Protocol n X.25 - Packet level protocol (PLP) n ISDN - Integrated Services Digital Network (data-link signaling) (Modem)

64 Summary The physical layer provides access to the wires of an internetwork The data link layer provides support for communication over several types of data links: LAN (Ethernet/IEEE 802.3, Token Ring/IEEE 802.5, FDDI) Dedicated WAN (SDLC, HDLC, PPP, LAPB) Switched WAN (X.25, Frame Relay, ISDN )

65 Network Layer and Path Determination

66 Objectives Upon completion of this chapter, you will be able to: List the key internetworking functions of the OSI network layer and how they are performed in a router Describe the two parts of network addressing, then identify the parts in specific protocol address examples Contrast the network discovery and update processes in distance vector routing with those in link-state routing List problems that each routing type encounters when dealing with topology changes, and describe techniques to reduce the number of these problems Explain the services of separate and integrated multiprotocol routing

67 Network Layer Basics

68 Network Layer: Path Determination n Layer 3 functions to find the best path through the internetwork Which Path?

69 Network Layer: Communicate Path n Addresses represent the path of media connections 1 2 3 4 5 6 7 8 9 10 11

70 Addressing: Network and Host n Network address - Path part used by the router n Host address - Specific port or device on the network NetworkHost 1 2 3 1 1 123123 1.3 1.2 1.1 3.1 2.1

71 Protocol Addressing Variations NetworkNode 11 NetworkNode 10.8.2.48 NetworkNode 1ac.eb0b0000.0c00.6e25 General Example TCP/IP Example Novell IPX Example (Mask 255.0.0.0)

72 Routing = building maps and giving directions Switching = moving packets between interfaces Router Functions

73 198.113.181.0 [170/304793] 192.150.42.17702:03:50D 198.113.178.0 192.168.96.0 192.168.97.0 [110/9936]192.150.42.17702:03:50O 192.150.42.17700:00:20R C [120/3]Ethernet0Ethernet0 Ethernet0 Ethernet0 Network # Interface Next Hop MetricAge Source Routing Table

74 Routing protocols need to handle issues associated with larger networks: Maintain route information Select routes Routing in Internetworks

75 Routing protocols need to handle issues associated with larger networks: Support flexible network address management Redistribute routes Route multiple protocols Routing in Internetworks (cont.)

76 Source Dest. Which is the best path from Source to Destination? Route selection: Metrics

77 Route selection: Load Balancing Load balancing can provide increased bandwidth and redundancy

78 Route selection: Routing Hierarchy A hierarchical network can reflect the corporation’s organization Hierarchical Network Corporate Headquarters National Office Remote Office

79 Static Route Uses a protocol route that a network administrators enters into the router Static Route Uses a protocol route that a network administrators enters into the router Dynamic Route Uses a route that a network routing protocol adjusts automatically for topology or traffic changes Dynamic Route Uses a route that a network routing protocol adjusts automatically for topology or traffic changes Static versus Dynamic Routes

80 A B Point-to-point or circuit-switched connection Only a single network connection with no need for routing updates “Stub” Network Fixed route to address reflects administrator’s knowledge Static Route Example

81 Use if next hop is not explicitly listed in the routing table A B C 192.34.56.0 10.0.0.0 Company X Internet Routing Table No entry for destination net Try router B deafult route Default Route Example

82 C B A D X Can alternate route substitute for a failed route ? Adapting to Topology Change

83 Routing protocol maintains and distributes routing information Network Routing Protocol Routing table Routing table Routing table Routing table Dynamic Routing Operations

84 Information used to select the best path for routing B A E1 64 Bandwidth Delay Load Reliability Bandwidth Delay Load Reliability Hop count Ticks Cost Hop count Ticks Cost Representing Distance with Metrics

85 Routing Protocols

86 C B A D C B A D Distance Vector Hybrid Routing Link State Classes of Routing Protocols

87 Convergence occurs when all routers use a consistent perspective of network topology After a topology changes, routers must recompute routes, which disrupts routing The process and time required for router reconvergence varies in routing protocols One Issue: Time to Convergence

88 Pass periodic copies of routing table to neighbor routers and accumulate distance vectors C B A D D C B A Routing Table Routing Table Routing Table Routing Table Routing Table Routing Table Routing Table Routing Table Distance Vector Concept

89 B A C W X Y Z Routing Table X 0 Y 0 Z 1 W 1 Routing Table X 0 Y 0 Z 1 W 1 Routing Table Y 0 Z 0 X 1 W 2 Routing Table Y 0 Z 0 X 1 W 2 Routers discover the best path to destinations from each neighbor Routing Table W 0 X 0 Y 1 Z 2 Routing Table W 0 X 0 Y 1 Z 2 Distance Vector Network Discovery

90 Updates proceed step-by-step from router to router B A TopologyChangeCausesRoutingTableUpdate Process to Update This Routing Table Router A Sends Out This UpdatedRoutingTable Process to Update This Routing Table Distance Vector Topology Changes

91 A E D C B X 1 Alternate Route: Network 1, Distance 3 Alternate Route: Network 1, Distance 3 Network 1, Unreachable Alternate Route: Use A Network 1, Distance 4 Alternate Route: Use A Network 1, Distance 4 Alternate routes, slow convergence, inconsistent routing Network 1 Down Problem: Routing Loops

92 A E D C B X 1 Network 1, Distance 5 Network 1, Distance 7 Network 1, Distance 4 Network 1, Distance 6 Routing loops increment the distance vector Network 1 Down Problem: Counting to Infinity

93 Routing Table Maximum metric is 16 Network 1 is Unreachable Routing Table Maximum metric is 16 Network 1 is Unreachable A E D C B X 1 Network 1, Distance 12 Network 1, Distance 14 Network 1, Distance 15 Network 1, Distance 13 Specify a maximum distance vector metric as infinity Network 1 Down Solution: Defining a Maximum

94 Network 1, unreachable If you learn a protocol’s route on an interface, do not send information about that route back out that interface A E D C B X 1 Network 1 Down B:Do not update router A about routes to network 1 D: Do not update router A about routes to network 1 Solution: Split Horizon

95 Network 1 route to network 1 has infinite Cost Network 1 route to network 1 has infinite Cost Router keeps an entry for the network down state, allowing time for other routers to recompute for this topology change A E D C B X 1 Network 1 Down Solution: Route Poisoning

96 Routers ignore network update information for some period A E D C B ?,X 1 Network 1 Down Update after Hold-Down Time Update after Hold-Down Time Network 1 Down Update after Hold-Down Time Update after Hold-Down Time Update after Hold-Down Time Update after Hold-Down Time Update after Hold-Down Time Update after Hold-Down Time Solution: Hold Down Timers

97 After initial flood, pass small event-triggered link-state updates to all other routers A D C B Link-State Packets Topological Database Shortest Path First Tree Routing Table Routing Table SPF Algorithm Link-State Concept

98 B A C W X Y Z Link-State Packet W 0 X 0 Link-State Packet W 0 X 0 Link-State Packet X 0 Y 0 Link-State Packet X 0 Y 0 Link-State Packet Y 0 Z 0 Link-State Packet Y 0 Z 0 Topological Database Topological Database Topological Database SPF A Routing Table A Routing Table B Routing Table B Routing Table C Routing Table C Routing Table SPF Tree Routers calculate the shortest path to destinations in paralell Link-State Network Discovery

99 Topology Change in Link- State Update Process to Update This Routing Table Update processes proceed using the same link- state update Process to Update This Routing Table Link-State Topology Changes

100 Topological Database SPF Routing Table Routing Table SPF Tree Processing and memory required for link-state routing Bandwidth consumed for initial link state „flood” Link-State Concerns

101 A D C B Network 1, Back Up Now Network 1, Unreachable X,ok Slow path update Slow path update arrives last Network 1 goes down then comes up Fast path updates arrive first Which SPF tree to use for routing? Unsynchronized updates, inconsistent path decisions Problem: Link-State Updates

102 Synchronizing large networks- which network topology updates are correct? Router startup-order of start alters the topology learned Partitioned regions-slow updating part separated from fast updating part Link State Update Problems (cont.)

103 Reduce the need for resources ”Dampen” update frequency Target link-state updates to multicast Use link-state area hierarchy for topology Exchange route summaries at area borders Reduce the need for resources ”Dampen” update frequency Target link-state updates to multicast Use link-state area hierarchy for topology Exchange route summaries at area borders Coordinate link-state updates Use time stamps Update numbering and counters Manage partitioning using an area hierarchy Coordinate link-state updates Use time stamps Update numbering and counters Manage partitioning using an area hierarchy Solution: Link State Mechanisms

104 Distance Vector Link-State Views net topology from Gets common view of neighbor’s perspective entire network topology Adds distance vectors Calculates the shortest from router to router path to other routers Frequent, periodic updates: Event-triggered updates: slow convergence faster convergence Passes copies of routing Passes link-state routing updates table to neighbor routers to other routers Distance Vector Link-State Views net topology from Gets common view of neighbor’s perspective entire network topology Adds distance vectors Calculates the shortest from router to router path to other routers Frequent, periodic updates: Event-triggered updates: slow convergence faster convergence Passes copies of routing Passes link-state routing updates table to neighbor routers to other routers Comparing Distance Vector Routing to Link-State Routing

105 Choose a routing path based on distance vectors Convergence rapidly using change-based updates Ballanced Hybrid Routing Share attributes of both distance-vector and link-state routing EIGRP Hybrid Routing

106 Summary Internetworking functions of the network layer include network addressing and best path selection for traffic Network addressing uses one part to identify the path used by the router and one part for ports or devices on the net Routed protocols direct user traffic, while routing protocols work between routers to maintain path tables Network discovery for distance vector involves exchange of routing tables; problems can include slower convergence For link-state, routers calculate the shortest paths to other routers; problems can include inconsistent updates Balanced hybrid routing uses attributes of both link-state and distance vector, applying paths to several protocols

107 Basic Router Operations

108 External Configuration Sources n Configuraion information can come from many sources Virtual Terminal VTY 0-4 TFTP Server Network Management Statio Interfaces Console port Auxiliary port

109 RAM NVRAM Flash ROM Console Auxiliary Interfaces Internal Configuration Components

110 Check hardware Find and load Cisco IOS software image Find and apply router configuration information Check hardware Find and load Cisco IOS software image Find and apply router configuration information System startup routines initiate router software Fallback routines provide startup alternatives as needed An Overview of System Startup

111 Bootstrap RAM Cisco Internetworking Operating System Configuration File Load Bootstrap Locate and Load Operating System Locate and Load Configuration File or Enter „setup” mode ROM Flash NVRAM TFTP Server ROM TFTP Server Console Startup Sequence

112 RAM Command Executive Internetwork Operation System Active Programs Configuration Tables Buffers File Bootstrap Program Executes RAM for Working Storage

113 User EXEC Mode Limited examination of router. Remote access. Router> Privileged EXEC Mode Detailed examination of router. Debugging and testing. File manipulation. Remote access Router# SETUP Mode Prompted dialog used to establish an initial configuration. Global Configuration Mode Simple configuration commands. Router (config)# Other Configuration Mode Comlex and multiline configuration. Router (config - mode)# RXBOOT Mode Recovery from a catastrophe in the case of a lost password or the operating system being accidentally erased from Flash Router Modes

114 Router con0 is now available Press RETURN to get started User Access Verification Password: Router> Router> enable Password: Router# Router# disable Router> Router> exit User-mode prompt Privileged-mode prompt Console Logging in to the Router: Cisco IOS

115 n Symbolic translation n Keyword completion n Last command recall n Command prompting n Syntax checking Router# clock Translating „CLOCK” %Unknown command or computer name, or unable to find computer address Router# clock clear clock Router# clock %Incomplete command Router# clock? Setset the time and date Router# clock set %Incomplete command Router# clock set? Current time (hh:mm:ss) Router# clock set 19:56:00 %Incomplete command Router# clock set 19:56:00 ? Day of the month MONTH Month of the year Router# clock set 19:56:00 04 8. %Invalid input detected at the ‘^ ‘ maker Router# clock set 19:56:00 04 August %Incomplete command Router# clock set 19:56:00 04 August ? Year Context-Sensitive Help

116 Router> $ value for our customers, emplyees, investors, and partners Automatic scrolling of long lines. Move to the begenning of the command line Move to the end of the command line Move back one word Move forward one character Move back one character Move forward one character Refresh line Automatic scrolling of long lines. Move to the begenning of the command line Move to the end of the command line Move back one word Move forward one character Move back one character Move forward one character Refresh line Using Editing Commands

117 or Up arrowLast (previous) command recall or Down arrowMore recent command recall Router> show historyShow command buffer Router>terminal history size number-of-lines Set command buffer size Router> no terminal editingDisable advanced editing features Router> terminal editingReenable advanced editing Entry completion or Up arrowLast (previous) command recall or Down arrowMore recent command recall Router> show historyShow command buffer Router>terminal history size number-of-lines Set command buffer size Router> no terminal editingDisable advanced editing features Router> terminal editingReenable advanced editing Entry completion Reviewing Command History

118 Summary Using the router Log in with user password Enter privileged mode with enable password Disable or quit Advanved help features Command completion and prompting Syntax checking Advanced editing features Automatic line scrolling Cursor controls History buffer with command recall Copy and paste using most laptop computers

119 Examining Router Status

120 RAMNVRAMFlash Internetwork Operating System Active Tables Backup Operating Programs Configuration and Configuration System File Buffer File InterfacesInterfaces Router# show processes CPU Router# show protocols Router# show processes CPU Router# show protocols Router# show mem Router# show stack Router# show buffers Router# show mem Router# show stack Router# show buffers Router# show startup-config Router# show config Router# show startup-config Router# show config Router# show version Router# show flash Router# show interface Router Status Commands Router# show running-congif Router# write term Router# show running-congif Router# write term

121 Router# show version Cisco Internetwork Operating System Software IOS ™ 4500 Software (C4500-J-M), Experimental Version 11.2 (199600626:214907) Copyright © 1986-1996 by cisco System, Inc. Complied Fri 28-Jun-96 16:32 by rbeach Image test-base: 0x600088A0, data-base: 0x6076E000 ROM: System Bootstrap, Version5.1 (1) [daveu 1], RELEASE SOFTWARE (fc1) ROM: 4500-XBOOT Bootstrap Software, Version 10.1(1), RELEASE SOFTWARE (fc1) router uptime is 1 week, 3 days, 32 minutes System restarted by reload System image file is „c4500-j-mz”, booted via tftp from 171.69.1.129 - - - More - - - Router# show version Cisco Internetwork Operating System Software IOS ™ 4500 Software (C4500-J-M), Experimental Version 11.2 (199600626:214907) Copyright © 1986-1996 by cisco System, Inc. Complied Fri 28-Jun-96 16:32 by rbeach Image test-base: 0x600088A0, data-base: 0x6076E000 ROM: System Bootstrap, Version5.1 (1) [daveu 1], RELEASE SOFTWARE (fc1) ROM: 4500-XBOOT Bootstrap Software, Version 10.1(1), RELEASE SOFTWARE (fc1) router uptime is 1 week, 3 days, 32 minutes System restarted by reload System image file is „c4500-j-mz”, booted via tftp from 171.69.1.129 - - - More - - - show version Command

122 n Use write terminal with Release 10.3 and earlier n Use show config with Release 10.3 and earlier Router# show running-config Building configuration... Current configuration: ! Version 11.2 ! - - - More - - - Router# show running-config Building configuration... Current configuration: ! Version 11.2 ! - - - More - - - Router# show startup-config Using 1108 out of 130048 bytes ! Version 11.2 ! Hostname router - - - More - - - Router# show startup-config Using 1108 out of 130048 bytes ! Version 11.2 ! Hostname router - - - More - - - show running-config Command and show startup-config Command

123 Configuring a Router

124 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Load an existing configuration file Change the router identification Assign a password to both the user and privileged EXEC modes Configure a serial interface Save the changes to NVRAM

125 n Cisco IOS software version n Router identification n Boot file locations n Protocols information n Interface configurations Router Configuration Overview

126 n Global Configuration Mode Router# config term Router (config)# : : : Router (config) # (command) Router (config)# Router (config)# exit Router# Router# config term : : : Router (config)# router protocol Router (config-router) # : : : Router (config-router) # (command) Router (config-router) # : : : Router (config-router) # exit Router (config) # interfacetype port Route (config-if) # : : : Router (config-if) # (command) Router (config-if) # : : : Router (config-if) # exit Router (config) # exit Router# Router# config term Router (config)# : : : Router (config) # (command) Router (config)# Router (config)# exit Router# Router# config term : : : Router (config)# router protocol Router (config-router) # : : : Router (config-router) # (command) Router (config-router) # : : : Router (config-router) # exit Router (config) # interfacetype port Route (config-if) # : : : Router (config-if) # (command) Router (config-if) # : : : Router (config-if) # exit Router (config) # exit Router# Other Configuration Mode Used for system-wide configuration requiring one command line. Includes commands to enter other configuration modes Usedforother configurations requiring multiple command lines Configuration Modes

127 n Use these commands for routers running Cisco IOS Release 11.0 or later NVRAM show startup-config erase startup-config Copy tftp startup-config show running-config copy running-config tftp copy tftp running-config copy running-config startup-config config term config memory RAM TFTP Server (IP Only) Console or Terminal Bit bucket Working with 11.x Config Files

128 Tokyo# copy running-config tftp Remote host []? 131.108.3.155 name of configuration file to write [tokzo-confg] ? Tokyo.2 Write file tokyo.2 to 131.108.2.155? [confirm] y Writing tokyo.2 ! ! ! ! ! ! ! ! [OK] tokyo# Tokyo# copy running-config tftp Remote host []? 131.108.3.155 name of configuration file to write [tokzo-confg] ? Tokyo.2 Write file tokyo.2 to 131.108.2.155? [confirm] y Writing tokyo.2 ! ! ! ! ! ! ! ! [OK] tokyo# Router# copy tftp running-config Host or network configuration file [host]? IP address of remote host [255.255.255.255]? 131.108.2.155 Name of configuration file [router-confg] ? Tokyo.2 configure using tokyo.2 from 131.108.2.155? [confirm] y Booting tokyo.2 from 131.108.2.155: ! ! [OK - 874/16000 bytes] tokyo# Router# copy tftp running-config Host or network configuration file [host]? IP address of remote host [255.255.255.255]? 131.108.2.155 Name of configuration file [router-confg] ? Tokyo.2 configure using tokyo.2 from 131.108.2.155? [confirm] y Booting tokyo.2 from 131.108.2.155: ! ! [OK - 874/16000 bytes] tokyo# RAM Using a TFTP Server

129 n User EXEC mode n Privileged EXEC mode n Global configuration mode Router> Router# Router(config)# Exit Other configuration modes Configuration ModePrompt Interface Subinterface Controller Map-list Map-class Line Router IPX-router Route-map Router (config.if)# Router (config-subif)# Router (config-controllr) # Router (config-map-list) # Router (config-map-class)# Router (config-line)# Router (config-router) # Router (config-ipx-router)# Router (config-route-map)# Overview of Router Modes

130 n Sets local identify or message for the accessed router or interface Router (config) # hostname Tokyo Tokyo# Router (config) # hostname Tokyo Tokyo# Tokyo (config) # banner motd# Welcome to router Tokyo Accounting Department 3rd Floor Tokyo (config) # banner motd# Welcome to router Tokyo Accounting Department 3rd Floor Tokyo (config) # interface e 0 Tokyo (config-if) # description EngineeringLAN, Bldg. 18 Tokyo (config) # interface e 0 Tokyo (config-if) # description EngineeringLAN, Bldg. 18 Router Name Login Banner Interface Decsription Configuring Router Identification

131 Router (config) # line console 0 Router (config-line) # login Router (config-line) # password cisco Router (config) # line console 0 Router (config-line) # login Router (config-line) # password cisco Router (config) # line vty 0 4 Router (config-line) # login Router (config-line) # password cisco Router (config) # line vty 0 4 Router (config-line) # login Router (config-line) # password cisco Router (config) # enable-password san-fran Router (config) # service password-encryption (set password here) Router (config) # no service password-encryption Router (config) # service password-encryption (set password here) Router (config) # no service password-encryption Console Password Virtual Terminal Password Enable Password Perform PasswordEncryption Password Configuration

132 Type includes serial, ethernet, tokenring, fddi, hssi, loopback, dialer null async atm bri and tunnel Router (config) # interface type port Router (config) # interface type slot/port Router (config) # interface type port Router (config) # interface type slot/port Router (config-if) # shutdown Use this commadn to administratively turn off an interface without altering its other configuration entries Router (config-if) # exit Turn on an interface that has been shutdown Router (config-if) # no shutdown Quit from current config-interface mode Router (config) # interface type number.subinterface After designating the primary interface, use this to establish virtual interfaces on the single physical interface Interface Configuration Mode

133 Make changes in configuration modes Examine results Router# show running-config Intended results? Save changes to backup Router# copy running-config startup-config Router# copy running-config tftp Examine backup file Router# show startup-config Remove changes Router (config) # no.... Router# config mem Router# copy tftp running-config Router# erase startup-config Router# reload Yes No Verifying Configuration Changes

134 Using NVRAM with Release 11.x Router# configure memory [OK] Router# Router# configure memory [OK] Router# Router# erase startup-config [OK] Router# Router# erase startup-config [OK] Router# Router# copy runnning-config startup-config Router# Router# copy runnning-config startup-config Router# Router# show startup-config using 5057 out of 32768 bytes ! Enable-password san-fran ! Interface Ethernet 0 ip address 131.108.100.5 255.255.255.0 ! ----More ---- Router# show startup-config using 5057 out of 32768 bytes ! Enable-password san-fran ! Interface Ethernet 0 ip address 131.108.100.5 255.255.255.0 ! ----More ---- NVRAM RAM Bit bucket

135 Summary Configuration files can come from the console, NVRAM, or a TFTP server The router has several modes: Privileged mode used for copying and managing entire configuration files Global configuration mode used for one-line commands and commands that change the entire router Other configuration modes used for multiple command lines and detailed configurations The router provides a host name, a banner, and interface descriptions to aid in identification

136 Managing the Configuration Environment

137 Configuration registers Registers in NVRAM for modifying fundamental Cisco IOS software Identifies where to boot Cisco IOS image (for examle, use config-mode commands) Configuration registers Registers in NVRAM for modifying fundamental Cisco IOS software Identifies where to boot Cisco IOS image (for examle, use config-mode commands) Router# configure terminal Router(config)# boot system flash IOS_filename Router(config)# boot system tftp IOS_filename tftp_address Router(config)# boot system rom [Ctrl-Z] Router# copy running-config startup-config Router# configure terminal Router(config)# boot system flash IOS_filename Router(config)# boot system tftp IOS_filename tftp_address Router(config)# boot system rom [Ctrl-Z] Router# copy running-config startup-config Boot system commands not found in NVRAM Get default Cisco IOS software from flash Flash memory empty Get default Cisco IOS software from tftp server Locating the Cisco IOS Software

138 Router>show version Cisco Internetwork Operating System Software Copyright (c) 1986-1998 by cisco Systems, Inc. Compiled Tue 26-May-98 17:50 by dschwart Image text-base: 0x60010900, data-base: 0x60974000 ROM: System Bootstrap, Version 11.1(8)CA1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) BOOTFLASH: RSP Software (RSP-BOOT-M), Version 11.2(14)P, RELEASE SOFTWARE (fc1) Router uptime is 23 hours, 24 minutes System restarted by reload at 15:44:39 CET-DST Tue Sep 1 1998 --More-- Router>show version Cisco Internetwork Operating System Software Copyright (c) 1986-1998 by cisco Systems, Inc. Compiled Tue 26-May-98 17:50 by dschwart Image text-base: 0x60010900, data-base: 0x60974000 ROM: System Bootstrap, Version 11.1(8)CA1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) BOOTFLASH: RSP Software (RSP-BOOT-M), Version 11.2(14)P, RELEASE SOFTWARE (fc1) Router uptime is 23 hours, 24 minutes System restarted by reload at 15:44:39 CET-DST Tue Sep 1 1998 --More-- IOS (tm) RSP Software (RSP-ISV-M), Version 11.2(14)P, RELEASE SOFTWARE (fc1) System image file is "slot0:rsp-isv-mz.112-14.P", booted via slot0 show version Command

139 cisco RSP4 (R5000) processor with 32768K/2072K bytes of memory. R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache) Last reset from power-on G.703/E1 software, Version 1.0. Channelized E1, Version 1.0. Bridging software. X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. Chassis Interface. 4 VIP2 controllers (2 FastEthernet)(12 E1). 2 FastEthernet/IEEE 802.3 interface(s) 218 Serial network interface(s) 123K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). cisco RSP4 (R5000) processor with 32768K/2072K bytes of memory. R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache) Last reset from power-on G.703/E1 software, Version 1.0. Channelized E1, Version 1.0. Bridging software. X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. Chassis Interface. 4 VIP2 controllers (2 FastEthernet)(12 E1). 2 FastEthernet/IEEE 802.3 interface(s) 218 Serial network interface(s) 123K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x102 show version Command (cont.)

140 Router# configure terminal Router(config)# config-register 0x10F [Ctrl-Z] Router# configure terminal Router(config)# config-register 0x10F [Ctrl-Z] Configuration register bits 3,2,1, and 0 set boot option Configuration-Register ValueMeaning 0x0Use ROM monitor mode (Manually boot using the b command 0x1Automatically boot from ROM (default if router has no flash) 0x2 to 0xFExamine NVRAM for boot system commands (0x2 default if router has Flash) Configuration-Register ValueMeaning 0x0Use ROM monitor mode (Manually boot using the b command 0x1Automatically boot from ROM (default if router has no flash) 0x2 to 0xFExamine NVRAM for boot system commands (0x2 default if router has Flash) Check configuration register setting with show version Configuration Register Values

141 Router> show flash(dir) -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1.. unknown 81E4BFDC 64D114 19 6475924 Jun 11 1998 09:32:10 rsp-isv-mz.112- 14.P 14102252 bytes available (6476052 bytes used) Router> show flash(dir) -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1.. unknown 81E4BFDC 64D114 19 6475924 Jun 11 1998 09:32:10 rsp-isv-mz.112- 14.P 14102252 bytes available (6476052 bytes used) Router> show flash bootflash: (show flash device:) -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1.. unknown D607A4A1 3FCDD4 20 3919188 Jun 11 1998 10:13:04 rsp-boot-mz. 112-14.P 3682860 bytes available (3919316 bytes used) Router> show flash bootflash: (show flash device:) -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1.. unknown D607A4A1 3FCDD4 20 3919188 Jun 11 1998 10:13:04 rsp-boot-mz. 112-14.P 3682860 bytes available (3919316 bytes used) Display the layout and contents of current device Display the layout and contents of the specified device show flash Command

142 Router>show flash devices slot0, slot1, bootflash, slaveslot0, slaveslot1, slavebootflash, slavenvram, nvram, tftp, rcp Router>show flash devices slot0, slot1, bootflash, slaveslot0, slaveslot1, slavebootflash, slavenvram, nvram, tftp, rcp Router> pwd slot0 Router> pwd slot0 List possible devices Display current directory Change directory Router> cd device: Flash devices

143 Flash RAM TFTP Server copy device: tftp Router# copy slot0: tftp Enter source file name: rsp-isv-mz.112-14.P Enter destination file name [rsp-isv-mz.112-14.P]: CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Address or name of remote host [sun]? 192.168.7.120 ! Router# copy slot0: tftp Enter source file name: rsp-isv-mz.112-14.P Enter destination file name [rsp-isv-mz.112-14.P]: CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Address or name of remote host [sun]? 192.168.7.120 ! Back up files from flash devices Creating a Software Image Backup

144 Flash RAM TFTP Server copy tftp device: Tozsde_1#copy tftp slot0: Enter source file name: rsp-isv-mz.112-15a.P 14102124 bytes available on device slot0, proceed? [confirm] Address or name of remote host [sun]? Accessing file "rsp-isv-mz.112-15a.P" on sun...FOUND Loading rsp-isv-mz.112-15a.P from 192.168.7.120 (via FastEthernet4/0/0): !!!!!!! !!!!!!!!!!!!!!!!!!!.!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!! [OK - 6480440/9797440 bytes] CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Tozsde_1#copy tftp slot0: Enter source file name: rsp-isv-mz.112-15a.P 14102124 bytes available on device slot0, proceed? [confirm] Address or name of remote host [sun]? Accessing file "rsp-isv-mz.112-15a.P" on sun...FOUND Loading rsp-isv-mz.112-15a.P from 192.168.7.120 (via FastEthernet4/0/0): !!!!!!! !!!!!!!!!!!!!!!!!!!.!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!! [OK - 6480440/9797440 bytes] CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Downloading the Image from the Net

145 Summary Create running and startup configuration Configure interface Determine the load location of the Cisco IOS image

146 Access to Other Routers

147 n Media and protocol interaction TCP/IP Novell AppleTalk Others IPX CDP discovers and show Information about directly connected Cisco devices LANs Frame ATM Others Relay TCP/IP Novell AppleTalk Others IPX CDP discovers and show Information about directly connected Cisco devices LANs Frame ATM Others Relay Upper Layer Entry Addresses Cisco Proprietary Data-Link Protocol Media Supporting SNAP Cisco Discovery Protocol (CDP) Overview

148 n Single command summarizes protocols and adresses on target (for example, neighboring Cisco router) IP, IPX Router IP, AppleTalk CDP Router IP, CLNS, DECnet CDP Router IP, CLNS #sho cdp Show CDP Neighbor Entries

149 n Enable CDP on each interface Router A Router B S0 E0 S0 E0 Frame Relay WAN routerA (confi-if)# cdp enable routerA# show cdp interface Serial0 is up, line protocol is up, encapsulation is Frame Relay Sending CDP packets every 60 seconds Holdtime is 180 seconds Ethernet0 is up, line protocol is up, encapsulation is ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds routerA# show cdp interface Serial0 is up, line protocol is up, encapsulation is Frame Relay Sending CDP packets every 60 seconds Holdtime is 180 seconds Ethernet0 is up, line protocol is up, encapsulation is ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds CDP Configuration Example

150 routerA#sho cdp neighbors Capabality Codes: R - Router, T - Trans Bridge, B - Source-Route Bridge, S - Switch, H - Host, I - IGMP Device ID Local Intrfce Holdtime Capabality Platform Port ID routerB.cisco.com Eth0151R TAGSEth0 routerB.cisco.com Ser0165R TAGSSer3 routerA#show cdp neighbors detail ------------------------------------------ Device ID: routerB.cisco.com Entry aaddress(es): IP address: 196.92.68.18 CLNS address: 490001.1111.1111.1111.00 Appletalk address: 10.1 Platform: AGS, Capabalities: Router Trans-Bridge Interface: Ethernet0, port ID (outgoing port): Ethernet0 Holdtime: 143 sec routerA#sho cdp neighbors Capabality Codes: R - Router, T - Trans Bridge, B - Source-Route Bridge, S - Switch, H - Host, I - IGMP Device ID Local Intrfce Holdtime Capabality Platform Port ID routerB.cisco.com Eth0151R TAGSEth0 routerB.cisco.com Ser0165R TAGSSer3 routerA#show cdp neighbors detail ------------------------------------------ Device ID: routerB.cisco.com Entry aaddress(es): IP address: 196.92.68.18 CLNS address: 490001.1111.1111.1111.00 Appletalk address: 10.1 Platform: AGS, Capabalities: Router Trans-Bridge Interface: Ethernet0, port ID (outgoing port): Ethernet0 Holdtime: 143 sec Showing CDP Neighbors

151 routerA#sho cdp entry routerB --------------------------------- Device ID: routerB Entry address(es): IP address: 198.92.68.18 CLNS address: 490001.1111.1111.1111.00 APPLETALK ADDRESS: 10.1 Platform: AGS, Capabalities: Router Trans-Bridge Interface: Ethernet0, Port ID (outgouing port): Ethernet0 Holdtime: 155 sec Version: IOS ™ GS Software (GS3), 11.2(13337) [asastry] Copyright © 1986-1996 by cisco System, Inc. complied Tue 14-May-96 1:04 routerA#sho cdp entry routerB --------------------------------- Device ID: routerB Entry address(es): IP address: 198.92.68.18 CLNS address: 490001.1111.1111.1111.00 APPLETALK ADDRESS: 10.1 Platform: AGS, Capabalities: Router Trans-Bridge Interface: Ethernet0, Port ID (outgouing port): Ethernet0 Holdtime: 155 sec Version: IOS ™ GS Software (GS3), 11.2(13337) [asastry] Copyright © 1986-1996 by cisco System, Inc. complied Tue 14-May-96 1:04 Showing CDP Entries for a Device

152 TCP/IP Overview

153 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe how the TCP/IP implementation relates to the OSI reference Model Identify the functions of the TCP/IP transport-layer protocols Identify the functions of the TCP/IP network-layer protocols Identify the functions performed by ICMP

154 TCP/IP Protocol Stack Application Presentation Session Transport Network Data Link Physical 76543217654321 Application Transport Internet Network Interface OSI Reference ModelTCP/IP Conceptual Layers Ethernet, 802.3, 802.5, FDDI, and so on

155 Application Layer Overview *Used by the router Application Transport Internet Network Interface Hardware File Transfer TFTP* FTP NFS E-mail SMTP Remote Login Telnet* rLogin Network Management SNMP* Name Management DNS*

156 Transport Layer

157 Transport Layer Overview *Used by the router Application Transport Internet Network Interface Hardware Transmission Control Protocol (TCP) User Datagram Protocol (UDP)

158 TCP Segment Format Source Port Dest. Port Sequence Number Acknowledgment Number HLENReservedCode Bits #Bits 16163232466 WindowCheck- sum Urgent Pointer Option Data... 1616160 or 32

159 Port Numbers 161 FTPFTP TELNETTELNET SMTPSMTP DNSDNS TFTPTFTP SNMPSNMP TCPUDP 2123255369 Port Numbers Application Layer Transport Layer

160 TCP Port Numbers Source Port Dest. Port... Dest.port = 23 Send packet to my Telnet application. 1028……...23 SPDP Host AHost Z Telnet Z

161 TCP Handshake/Open Connection Host AHost Z Receive SYN (seq = y, ack = x+1) Send SYN (seq = x) Send ACK (ack = y+1) Receive SYN (seq = x) Send SYN (seq = y, ack = x+1) Receive ACK (ack = y+1)

162 TCP Simple Acknowledgement Sender Send ACK 2 Window size = 1 Receiver Send 1 Send 2 Send 3 Receive 3 Receive 1 Receive 2 Send ACK 3 Send ACK 4 Receive ACK 2 Receive ACK 3 Receive ACK 4

163 TCP Sliding Window Sender Send ACK 7 Window size = 3 Receiver Send 1 Send 2 Send 3 Receive 3 Receive 1 Receive 2 Send ACK 4 Receive ACK 4 Send 4 Send 5 Send 6 Receive ACK 7 Receive 4 Receive 5 Receive 6

164 UDP Segment Format n No sequence or acknowledgement fields Source Port Destination Port Length Data …. #Bits 16161616 Checksum

165 Network Layer

166 Internet Layer Overview n OSI network layer corresponds to the TCP/IP Internet layer Application Transport Internet Network Interface Hardware Internet Protocol (IP) Internet Control Message Protocol (ICMP) Address Resolution Protocol (ARP) Reserve Address resolution Protocol (RARP)

167 IP Diagram VERSHLENType of service Total Length IdentificationFlags Frag Offset #Bits 4 481616 313 8 Protocol Header Checksum Destination IP Address IP Option Data... 8 16 32 32var TTL Source IP Address

168 Protocol Field n Determines destination upper-layer protocol TCPUDP IP 176 Transport Layer Internet Layer Protocol Numbers

169 Internet Control Message Protocol (ICMP) Application Transport Internet Network Interface Hardware Destination Unreachable Echo (Ping) Other ICMP

170 ICMP Testing n Destination unreachable –Host or port unreachable –Network unreachable I do not know how to get to Z! Send ICMP Send data to Z Host A To Z Destination unreachable Data Network

171 ICMP Testing (cont.) n Generated by the ping command Is B reachable ? Host A ICMP Echo Reply Yes, I am here. Host B ICMP Echo Request

172 Address Resolution Protocol (ARP) n Map IP Ethernet n Local ARP I need the Ethernet address of 172.16.3.2 172.16.3.1 IP: 12.16.3.2 = Ethernet: 0800.0020.1111 I heard that broadcast, that is me. Here is my Ethernet address. Host B IP: 172.16.3.2 = ???

173 Reserve ARP (RARP) n Map Ethernet IP n ARP and RARP are implemented directly on top of the data link layer What is my IP address? Ethernet: 0800.0020.1111 IP: 12.16.3.25 I heard that broadcast. IP address is 172.16.3.25 Ethernet: 0800.0020.1111 IP = ???

174 Summary The TCP/IP protocol stack has the following components: Protocols to support file transfer, e-mail, remote login, and other applications Reliable and “unreliable” transports Connectionless datagram delivery at the network layer ICMP provides control and message functions at the network layer

175 IP Address Configuration

176 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe the different classes of IP addresses Configure IP addresses Verify IP addresses

177 TCP/IP Address Overview

178 IP Addressing Network Host 32 Bits 8 Bits 172. 16. 122. 204

179 n Class A: n Class B: n Class C: n Class D: for multicast n Class E: for research N= Network number assigned by NIC H= Host number assigned by network administrator IP Address Classes NHHH NNHH NNNH

180 Recognizing Classes in IP Addresses (First Octet Rule) High Order Bits Octet in Decimal Address Class 0 10 110 1 - 126 128 - 191 192 - 223 ABCABC

181 Configuring IP Addresses

182 Host Addresses 172.16.200.1 172.16.3.10 172.16.12.12 10.1.1.1 10.250.8.11 10.180.30.118 IP:172.16.2.1IP:10.6.24.2 172.16 Network 12. 12 Host. Routing Table Network Interface 172.16.0.0 E0 10.0.0.0 E1 E0E1

183 Subnetting Addressing 172.16.2.200 172.16.2.2 172.16.2.160 172.16.3.5 172.16.3.100 172.16.3.150 IP:172.16.2.1IP:172.16.3.1 172.16 Network 2 Subnet. New Routing Table Network Interface 172.16.2.0 E0 172.16.3.0 E1 E0E1. 160 Host

184 Subnet Mask IP Adresses Default Subnet Mask 8-bit Subnet Mask 1721600 255 00 0 NetworkHost NetworkHost NetworkHostSubnet Use host bits, starting at the high order bit position

185 Broadcast Address 172.16.3.0 172.16.1.0 172.16.3.255 (Directed broadcast) 172.16.2.0 255.255.255.255 (Local Network broadcast)

186 n Assigns an address and subnet mask n Start IP processing on an interface ip address ip-address subnet-mask term ip netmask-format n Sets format of network mask as seen in show commands Router (config) # Router (config-if) # IP Address Configuration

187 n Define statics host name to IP address mapping ip host name [tcp-port-number] address [address]... ip host tokyo 1.0.0.5 2.0.0.8 ip host tokyo 1.0.0.4 ip host tokyo 1.0.0.5 2.0.0.8 ip host tokyo 1.0.0.4 n Hosts/interfaces selectable by name or IP address Router (config) # IP Host Names

188 n Specifies one or more hosts that supply host name information ip name-server server-address1 [[server-address2]... [server-address6] Router (config) # Name Server Configuration

189 n DNS enables by default n Turns off the name service ip domain-lookup Router (config) # no ip domain-lookup Name System

190 n Test IP network connectivity Router> ping 172.16.101.1 Type escape sequence to abort timeout is 2 second Success rate is 80 percent, round-trip min/avg/max = 6/6/6 ms Router> Router> ping 172.16.101.1 Type escape sequence to abort timeout is 2 second Success rate is 80 percent, round-trip min/avg/max = 6/6/6 ms Router> Sending 5, 100-byte ICMP Echos to 172.16.101.1,. ! ! ! ! Simple Ping

191 n Ping supported for several protocols Router# ping Repeat count [5]: Datagram size [100]: Timeout in second [2]: Extended commands [n] : z Source address: Type of service [0]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of siyes [n]: Tzpe escape sequence to abort. Sending 5, 100/bzte ICMP Echos to 192.168.101.162, timeout is 2 second: ! ! ! ! ! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 ms Router# Router# ping Repeat count [5]: Datagram size [100]: Timeout in second [2]: Extended commands [n] : z Source address: Type of service [0]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of siyes [n]: Tzpe escape sequence to abort. Sending 5, 100/bzte ICMP Echos to 192.168.101.162, timeout is 2 second: ! ! ! ! ! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 ms Router# Protocol [ip]: Target IP address: 192.168.101.162 Set DF bit in IP header? [no] : yes Extended Ping

192 n Shows interface addresses used to reach the destination Router# trace aba.nyc.mil Type escape sequence to abort. 1 debris.cisco.com (172.16.1.6) 1000 msec 8 msec 4 msec 2 barrnet-gw.cisco.com (172.16.16.2) 8 msec 8 msec 8 msec 3 externa-a-gateway.stanford.edu (192.42.110.225) 8 msec 4 msec 4 msec 4 bb2.su.barrnet.net (131.119.254.6) 8msec 8 msec 8 msec 5 su.arc.barrnet.net (131.119.3.8) 12 msec 12 msec 8 msec 6 moffett-fld-mb.in.mil (192.52.195.1) 216 msec 120 msec 132 msec Router# trace aba.nyc.mil Type escape sequence to abort. 1 debris.cisco.com (172.16.1.6) 1000 msec 8 msec 4 msec 2 barrnet-gw.cisco.com (172.16.16.2) 8 msec 8 msec 8 msec 3 externa-a-gateway.stanford.edu (192.42.110.225) 8 msec 4 msec 4 msec 4 bb2.su.barrnet.net (131.119.254.6) 8msec 8 msec 8 msec 5 su.arc.barrnet.net (131.119.3.8) 12 msec 12 msec 8 msec 6 moffett-fld-mb.in.mil (192.52.195.1) 216 msec 120 msec 132 msec 7 aba.nyc.mil (26.0.0.73) 412 msec * 664 msec Tracing the route to aba.nyc.mil (26.0.0.73) IP Trace

193 Summary IP addresses are specified in 32-bit dotted decimal format Router interface can be configured with an IP address ping and trace commands can be used to verify IP address configuration

194 Introduction to Serial Connections

195 Objectives Upon completion of this chapter, you will be able to: Describe and distinguish the types and attributes of serial communication on WANs Describe how WAN communication works Identify Point-to-Point Protocol operations to encapsulate WAN data on Cisco routers Identify dial-on-demand routing processes as a signaling trigger for WAN data calls on Cisco routers

196 Wide-Area Network Service

197 An Overview of Wide-Area Services The router uses a WAN central office Time-Division Multiplexed Circuits (56/64K or T1/E1) Call Setup (SS7 or other X.25/Frame Relay Networks Basic Telephone Service

198 Interfacing WAN Service Provides n Provider assigns connection parameters to subscriber Point-to-Point or circuit-switched connection S SS S S S S WAN Service Provider Toll Network Trunks and Switches CO Switch Local Loop Demarcation Customer Premises Equipment

199 Subscriber to Provider Interface n DTE/DCE - The point where responsibility passes Data Terminal Equipment End of the user’s device on the WAN link Data Circuit-Terminating Equipment End of the WAN provider’s side of the communication facility DTE DCE Modem CSU/DSU TA/NT1 S S S S S S

200 Using WAN Services with Routers SDLC X.25/LAPB Frame Relay ISDN/LAPB HDLC PPP DDR

201 WAN Frame Format Summary n Formats assume framing on dedicated WAN facilities Code IdentifierLengthData FlagAddressControlProtocolLCPFCSFlag FlagAddressControlProprietaryDataFCSFlag FlagAddressControlDataFCSFlag Link Control Protocol (LCP) PPP Cisco HDLC SDLC and LAPB

202 Point-to-Point Protocol

203 An Overview of PPP n PPP can carry packets from several protocol suites using Network Control Programs (NCPs) n PPP controls the setup of several link options using LCP TCP/IP NOVELL IPX AppleTalk Multiple protocol encapsulations using NCPs in PPP Link setup and control using LCP in PPP PPP Encapsulation

204 Layering PPP Elements n PPP - A data link with network-layer services IPCPIPXCPMany Others Network Control Programs Authentication, other options Link Control Protocol Synchronous or Asynchronous Physical Media IPCPIPXCPMany Others Network Control Programs Authentication, other options Link Control Protocol Synchronous or Asynchronous Physical Media IPIPXLayer 3Protocols Network Layer Data Link Layer Physical Layer

205 PPP LCP Configuration Options FeatureHow It OperatesProtocol AuthenticationRequire a passwordPAP Perform Challenge HandshakeCHAP Compress data at source;Stacker or Compressionreproduce data atPredictor destination ErrorMonitor data dropped on linkQuality DetectionAvoid frame loopingMagic Number MultilinkLoad balancing acrossMultilink multiple linksProtocol (MP) AuthenticationRequire a passwordPAP Perform Challenge HandshakeCHAP Compress data at source;Stacker or Compressionreproduce data atPredictor destination ErrorMonitor data dropped on linkQuality DetectionAvoid frame loopingMagic Number MultilinkLoad balancing acrossMultilink multiple linksProtocol (MP)

206 Configuring PPP Router (config-if) # Encapsulation ppp n Defines encapsulation type as PPP ppp authentication pap n Sets password checking for incoming calls ppp authentication chap n Forces incoming calls to answer password challenges Router (config) # Username name password secret-pwd n Sets host name and password for call verification Router (config-if) #

207 Monitoring PPP dtp -19# show interface b0 b 1 BRI0: B-Channel 1 is up, line protocol is up Hardware is BRI MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load1/255 Encapsulation PPP, loopback not set, keepalive not set lcp =OPENmultilink=OPEN ipcp=OPEN Last input 0:05:51, output 0:05:52, output hang never Last clearing of “show interface” counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Output queue: 0/64/0 (size/threshold/drops) Conversation 0/1 (active/max aactive) Reserved Conversations 0/0 (allocated/max allocated) 5 minutes input rate 0 bits/set, 0 packet/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 15 packet input, 804 bytes, 0 no buffer Received 0 broadcast, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 14 packet output, 806 bytes, 0 underruns 0 output errors, 0 collisions, 19 interface resets, 0 restarts 0 output buffer failures, 0 output buffers swapped out 1 carrier transitions dtp -19# show interface b0 b 1 BRI0: B-Channel 1 is up, line protocol is up Hardware is BRI MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load1/255 Encapsulation PPP, loopback not set, keepalive not set lcp =OPENmultilink=OPEN ipcp=OPEN Last input 0:05:51, output 0:05:52, output hang never Last clearing of “show interface” counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Output queue: 0/64/0 (size/threshold/drops) Conversation 0/1 (active/max aactive) Reserved Conversations 0/0 (allocated/max allocated) 5 minutes input rate 0 bits/set, 0 packet/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 15 packet input, 804 bytes, 0 no buffer Received 0 broadcast, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 14 packet output, 806 bytes, 0 underruns 0 output errors, 0 collisions, 19 interface resets, 0 restarts 0 output buffer failures, 0 output buffers swapped out 1 carrier transitions

208 IP Routing Configuration

209 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Perform the initial configuration of your router and enable IP Add the RIP routing protocol to your configuration Add the EIGRP routing to your configuration

210 Static routes Default routes Dynamic routing Static routes Default routes Dynamic routing IP Routing Learns Destinations

211 n Define a path to an IP destination network or subnet ip route network [mask] {address | interface } [distance] Router (config) # Static Route Configuration

212 Cisco B Cisco A S1 S0 S2 S0 E0 172.16.2.1 172.16.2.2 ip route 172.16.1.0 255.255.255.0 172.16.2.1 Static Route Configuration

213 n Define a default route Router (config) # ip default-network network-number Default Route Configuration

214 Network 172.16.0.0 Subnet Mask 255.255.255.0 Company X Public Network 192.168.17.0 router rip network 172.16.0.0 network 192.168.17.0 ip default-network 192.168.17.0 router rip network 172.16.0.0 network 192.168.17.0 ip default-network 192.168.17.0 Cisco A Default Route Example

215 n RIP n IGRP Interior Routing Protocols: Exterior Routing Protocols Autonomous System 100 Autonomous System 200 Interior or Exterior Routing Protocols

216 Router (config)# router ? bgpBorder Gateway Protocol (BGP) egpExterior Gateway Protocol (EGP) eigrpEnhanced Interior Gateway Routing Protocol (EIGRP) igrp Interior Gateway Routing Protocol (IGRP) sisisISO-IS IS iso-igrpIGRP for OSI network mobileMobile router odrOn Demand stub Router ospfOpen Shorted Path First (OSPF) ripRouting Information Protocol (RIP) staticStatic routes Router (config) # router rip Router configuration commands: default-informationcontrol distribution of default information default-metricSet metric of redistrative router distanceDefine an administrative distance distance-listFilter network in routing updates exitExit from routing protocol configuration mode --- More --- Router (config)# router ? bgpBorder Gateway Protocol (BGP) egpExterior Gateway Protocol (EGP) eigrpEnhanced Interior Gateway Routing Protocol (EIGRP) igrp Interior Gateway Routing Protocol (IGRP) sisisISO-IS IS iso-igrpIGRP for OSI network mobileMobile router odrOn Demand stub Router ospfOpen Shorted Path First (OSPF) ripRouting Information Protocol (RIP) staticStatic routes Router (config) # router rip Router configuration commands: default-informationcontrol distribution of default information default-metricSet metric of redistrative router distanceDefine an administrative distance distance-listFilter network in routing updates exitExit from routing protocol configuration mode --- More --- Router (config-router) # ? IP Routing Protocol Mode

217 Application Transport Internet Network Interface Hardware Routing Information Protocols (RIP) Interior Gateway Routing Protocols (IGRP) Open Shorted Path First Protocols (OSPF) Enhanced IGRP (EIGRP) Interior IP Routing Protocols

218 n Global configuration –Select routing protocol(s) –Specify network(s) n Interface configuration –Verify address/subnet mask Network 172.30.0.0 Network 172.16.0.0 IGRP RIP IGRP, RIP Network 160.89.0.0 IP Routing Configuration Tasks

219 n Defines an IP routing protocol Router (config) # router protocol [keyword] Router (config-router) # Network network-number n The network subcommand is a mandatory configuration command for each IP routing process Dynamic Routing Configuration

220 Routing Information Protocol

221 n Hop count metric selects the path 19.2 kbps T1 RIP Overview

222 Starts the RIP routing process Router (config) # router rip Router (config-router) # network network-number Selects participating attached networks RIP Configuration

223 Cisco E Cisco A Cisco B Cisco C Cisco D T0 S0 S1 S2 Token Ring 1.4.0.0 1.1.0.0 1.2.0.0 3.3.0.0 2.3.0.0 2.2.0.0 2.7.0.0 2.6.0.0 2.5.0.0 2.1.0.0 2.4.0.0 Cisco A router rip network 1.0.0.0 network 2.0.0.0 router rip network 1.0.0.0 network 2.0.0.0 RIP Configuration Example

224 Router> show ip protocol Routing Protocol is „rip” Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing : rip Routing Information Sources: GatewayDistanceLast Update 183.8.128.121200:00:14 183.8.64.1301200:00:19 183.8.128.1301200:00:03 Router> show ip protocol Routing Protocol is „rip” Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing : rip Routing Information Sources: GatewayDistanceLast Update 183.8.128.121200:00:14 183.8.64.1301200:00:19 183.8.128.1301200:00:03 Routing for Network: 183.8.0.0. 144.253.0.0 Sending update every 30 seconds, next due in 13 seconds Distance: (default is 120) Monitoring IP

225 Router> show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, E1 - OSPF external type1, E2 - OSPF external type 2, E - EGP, I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default Gateway of last resort is not set 144.253.0.0 is subnetted (mask is 255.255.255.0), 1 subnets C 144.253.100.0 is directly connected, Ethernet0 R 153.50.0.0 [120/1] via 183.8.128.12, 00:00:09, Ethernet0 183.8.0.0. Is subnetted (mask is 255.255.255.128), 4 subnets R 183.8.0.128 [120/1] via 183.8.128.130, 00:00:17, Serial0 [120/1] via 183.8.64.130, 00:00:17, Serial1 C183.8.128.0 is directly connected, Ethernet0 C183.8.64.128 is directly connected, Serial1 C 183.8.128.128 is directly connected, Serial0 R 192.3.63.0 Router> show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, E1 - OSPF external type1, E2 - OSPF external type 2, E - EGP, I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default Gateway of last resort is not set 144.253.0.0 is subnetted (mask is 255.255.255.0), 1 subnets C 144.253.100.0 is directly connected, Ethernet0 R 153.50.0.0 [120/1] via 183.8.128.12, 00:00:09, Ethernet0 183.8.0.0. Is subnetted (mask is 255.255.255.128), 4 subnets R 183.8.0.128 [120/1] via 183.8.128.130, 00:00:17, Serial0 [120/1] via 183.8.64.130, 00:00:17, Serial1 C183.8.128.0 is directly connected, Ethernet0 C183.8.64.128 is directly connected, Serial1 C 183.8.128.128 is directly connected, Serial0 R 192.3.63.0 Displaying the IP Routing Table

226 Internet Gateway Routing Protocol

227 IGRP OverviewC n Composite metric selectss the path n Speed is the primary consideration 19.2 kbps T1

228 IGRP Configuration Defines IGRP as an IP routing process Router (config) # router igrp autonomous-system Router (config-router) # network network-number Selects participating attached networks

229 IGRP Configuration Example Cisco E Cisco A Cisco B Cisco C Cisco D T0 S0 S1 S2 Token Ring 1.4.0.0 1.1.0.0 1.2.0.0 3.3.0.0 2.3.0.0 2.2.0.0 2.7.0.0 2.6.0.0 2.5.0.0 2.1.0.0 2.4.0.0 Cisco A router igrp 109 network 1.0.0.0 network 2.0.0.0 router igrp 109 network 1.0.0.0 network 2.0.0.0

230 show ip protocol Command Router> show ip protocol Routing Protocol is „igrp 300” Invalid after 270 seconds, hold down 280, flushed after 630 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default netwworks flagged in outgoing updates Default networks accepted from incoming updates IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing : igrp 300 Routing Information Sources: Gateway DistanceLast Update 183.8.128.121200:00:14 183.8.64.1301200:00:19 183.8.128.1301200:00:03 --More-- Router> show ip protocol Routing Protocol is „igrp 300” Invalid after 270 seconds, hold down 280, flushed after 630 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default netwworks flagged in outgoing updates Default networks accepted from incoming updates IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing : igrp 300 Routing Information Sources: Gateway DistanceLast Update 183.8.128.121200:00:14 183.8.64.1301200:00:19 183.8.128.1301200:00:03 --More-- Routing for Network: 183.8.0.0. 144.253.0.0 Sending update every 30 seconds, next due in 55 seconds Distance: (default is 120)

231 Summary Routers can be configured to use one or more IP routing protocols Two IP routing protocols are: RIP IGRP

232 Basic Traffic Management with Access Lists

233 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe the use, value, and processes of access lists Configure standard and extended access lists to filter IP traffic Monitor and verify selected access list operations on the router IPX and AppleTalk access lists later

234 Access Lists Overview

235 n Deny traffic you do not want based on packet tests (for example, addressing or traffic type) n Specify packet traffic for dialing remote sites using dial-on-demand routing (DDR) Internet 172.16.0.0 172.17.0.0 Why use Access Lists?

236 n Standard –Simpler address specifications –Generally permits or denies entire protocol suite Access List Processes Protocol Source and Destination Permit ? S0 E0 Optional Dialer Incoming Packet Outgoing Packet n Extended –More complex address specification –Generally permits or denies specific protocols What Are Access Lists?

237 Choose Interface Route/ bridge ? Table Entry ? Access List? Permit ? Notify Sender Unwanted Packet Packet Discard Bucket Packet Inbound Interfaces Outbound Interfaces Packet Y Y Y Y N N N N Firewall Test Access List Statements How Access Lists Work

238 Permit Deny Match Last Test? Match First Test? Match Next Test? Packet Discard Bucket Destination Interface(s) Packet to Interface(s) in the Access Group Y Y Y Y Y Y N N N Implicit Deny A List of Tests: Deny or Permit

239 n Access lists are numbered (for IP, numbered or named) Step 1: Set parameters for this access list test statement (which can be one of several statements) Router (config) # access-list access-list-number {permit|deny}{test conditions} Step 2: Enable an interface to become part of the group that uses the specified access list Router (config-if) # {protcol} access-group access-list-number {in|out} Access List Command Overview

240 n Number identifies the protocol and type n Other number ranges for most protocols Access List TypeNumber Range/Identifier IPStandard1-99 Extended100-199 Named ( Cisco IOS 11.2 and later) IPXStandard800-899 SAP filters1000-1099 AppleTalk600-699 Access List TypeNumber Range/Identifier IPStandard1-99 Extended100-199 Named ( Cisco IOS 11.2 and later) IPXStandard800-899 SAP filters1000-1099 AppleTalk600-699 How to identify Access Lists

241 TCP/IP Access Lists

242 Limit traffic and restrict network use Enable directed forwarding of broadcasts FTP Broadcast Managing IP Traffic Overview

243 n Access lists control packet movement through a network Transmission of packets on an interface Virtual terminal line access ( IP) Access List Application

244 n Access lists are multipurpose Route filtering Routing table Dial-on-demand routingQueue List Priority and custom queuing Other Access List Uses

245 n Standard lists (1 to 99) test conditions of all IP packets from source addresses n Extended lists (100 to 199) can test conditions of –Source and destination addresses –Specific TCP/IP-suite protocols –Destination n Wildcard bits indicate how to check the corresponding address bits (0=check, 1=ignore) Key Concepts for IP Access Lists

246 n 0 means check corresponding bit value n 1 means ignore value of corresponding bit 128 64 32 16 8 4 2 1 0 0 0 0 0 0 0 0 = 0 0 1 1 1 1 1 1 = 0 0 0 0 1 1 1 1 = 0 0 0 0 0 0 1 1 = 1 1 1 1 1 1 1 1 = Octet bit position and address value for bit Check all address bits (match all) Ignore last 6 address bits Ignore last 4 address bits Ignore last 2 address bits Do not check address (ignore bits in octet) Examples How to Use Wildcard Mask Bits

247 n Address and wildcard mask: 172.30.16.0 0.0.15.255 IP access list test conditions: Check for IP subnets 172.30.16.0 to 172.30.31.0 network.host 172.30.16.00 0 0 0 1 0 0 0 0 Wildcard mask to match bits: 0000 1111 check ignore How to Use Wildcard Mask Bits (cont.)

248 n Accept any address: 0.0.0.0 255.255.255.255; abbreviate the expression using the keyword any Test conditions: Ignore all the address bits (match any) Any IP address 0. 0. 0. 0 Wildcard mask: 255.255.255.255 (ignore all) How to Use the Wildcard any

249 n Abbreviate the wildcard using the IP address followed by the keyword host. For example, 172.30.16.29 host n Example 172.30.16.29 0.0.0.0 checks all the address bits Test conditions: Check all the address bits (match all) An IP host address, for example: 172.30.16.29 Wildcard mask: 0.0.0.0 (check all bits) How to Use the Wildcard host

250 Sets parameters for this list entry IP standard access lists use 1 to 99 Router (config) # access-list access-list-number { permit | deny } source [source-mask] Router (config) # ip access-group access-list-number { in | out } Activates the list on an interface IP Standard Access List Configuration

251 For Standard IP Access Lists Incoming packetAccess list? Next entry in list Does source address match? Apply condition More entries? Route to interface DenyPermit No Yes ICMP MessageForward Packet Inbound Access List Processing

252 For Standard IP Access Lists Incoming packet Access list? Next entry in list Does source address match? Apply condition More entries? DenyPermit No Yes ICMP MessageForward Packet Route to interface Outbound Access List Processing

253 n Permit my network only E0E1 S0 172.16.4.13 172.16.3.0Non- 172.16.0.0 172.16.4.0 access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list) (access-list 1 deny 0.0.0.0 255.255.255.255) interface ethernet 0 ip accress-group 1 out interface ethernet 1 ip access-group 1 out access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list) (access-list 1 deny 0.0.0.0 255.255.255.255) interface ethernet 0 ip accress-group 1 out interface ethernet 1 ip access-group 1 out Standard Access List Example

254 n Allow more precise filtering conditions –check source and destination IP address –Specify an optional IP protocol port number –Use access list number range 100 to 199 Extended IP Access Lists

255 Activates the extended list on an interface Sets parameters for this list entry IP uses a list number in range 100 to 199 Router (config) # access-list access-list-number { permit | deny } protocol source source-mask destination destination-mask [operator operand] [established] ip access-group access-list-number { in | out } Extended Access List Configuration

256 n Filters based on icmp messages Router (config) # access-list access-list-number { permit | deny } {source source-wildcard |any} {destination destination-wildcard | any } [icmp-type [ icmp-code] | icmp-message ] icmp ICMP Command Syntax

257 n Filters based on tcp/tcp port number or name access-list access-list-number { permit | deny } [ operator source-port| source-port] {destination destination-wildcard | any } Router (config) # [operator destination-port | destination-port ] [established] {source source-wildcard |any} tcp TCP Syntax

258 n Filters based on udp protocol or udp port number or name access-list access-list-number { permit | deny } {source source-wildcard |any} [ operator source-port| source-port ] {destination destination-wildcard | any } Router (config) # udp [operator destination-port | destination-port ] UDP Syntax

259 Access list? Source address Destination address Protocol? * Protocol options ? Apply condition DenyPermit Next entry in list ICMP Message Match Yes Forward Packet Does not match No * If present in access list packet Extended Access List Processing

260 n Deny FTP for E0 E0E1 S0 172.16.4.13 172.16.3.0Non- 172.16.0.0 172.16.4.0 access-list 101 deny tcp 172.16.4.0 0.0.0.255. 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip 172.16.4.0 0.0.0.255 0.0.0.0 255.255.255.255 (implicit deny all) (access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255) interface ethernet0 ip address-group 101 out access-list 101 deny tcp 172.16.4.0 0.0.0.255. 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip 172.16.4.0 0.0.0.255 0.0.0.0 255.255.255.255 (implicit deny all) (access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255) interface ethernet0 ip address-group 101 out Extended Access List Example

261 Router# show ip interface Ethernet 0 is up, line protocol is up Internet address is 192.54.222.2, subnet mask is 255.255.255.0 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 byte Helper address is 192.52.71.4 Secondary address 131.182.115.2, subnet mask 255.255.255.0 Proxy ARP is enabled Security level is default Slit horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent Ip fast switching is enabled Gateway Discovery is disabled IP accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Router # Router# show ip interface Ethernet 0 is up, line protocol is up Internet address is 192.54.222.2, subnet mask is 255.255.255.0 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 byte Helper address is 192.52.71.4 Secondary address 131.182.115.2, subnet mask 255.255.255.0 Proxy ARP is enabled Security level is default Slit horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent Ip fast switching is enabled Gateway Discovery is disabled IP accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Router # Outgoing access list 10 is set Inbound access list is not set Monitoring Access Lists

262 Display access lists from all protocols Router # show access-lists Display a specific IP access lists Router # show ip access-lists [access-list-number] Clear packet counts Router # clear access-lists counters [ access-list-number] Display line configuration Router # show line Access List show Command

263 Router> show access-lists Standard IP access list 19 permit 172.16.19.0 Standard Ip access list 49 permit 172.16.31.0 wildcard bits 0.0.0.255 permit 172.16.194.0 wildcard bits 0.0.0.255 permit 172.16.195.0 wildcard bits 0.0.0.255 permit 172.16.196.0 wildcard bits 0.0.0.255 permit 172.16.197.0 wildcard bits 0.0.0.255 Extended IP access list 101 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 23 Type code access list 201 permit 0x6001 0x0000 Type code access list 202 permit 0x6004 0x0000 deny 0x0000 0xFFFF Router> Router> show access-lists Standard IP access list 19 permit 172.16.19.0 Standard Ip access list 49 permit 172.16.31.0 wildcard bits 0.0.0.255 permit 172.16.194.0 wildcard bits 0.0.0.255 permit 172.16.195.0 wildcard bits 0.0.0.255 permit 172.16.196.0 wildcard bits 0.0.0.255 permit 172.16.197.0 wildcard bits 0.0.0.255 Extended IP access list 101 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 23 Type code access list 201 permit 0x6001 0x0000 Type code access list 202 permit 0x6004 0x0000 deny 0x0000 0xFFFF Router> deny 0.0.0.0, wildcard bits 255.255.255.255 Monitoring Access List Statements

264 Restricting Virtual Terminal Access

265 Standard and extended access lists will not block access from the router n For security, virtual terminal (vty) access can be blocked to or from the router Router# Virtual Terminal Access Overview

266 n Five virtual terminal lines (0-4) n Set identical restrictions on all the virtual terminal lines Router# 0 123 4 Virtual port (vty 0 4) Physical port (E0) How to Control vty Access

267 n Restricts incoming and outgoing connections between a particular virtual terminal line into a device (and the addresses in an access list) Router (config) # Line { vty number | vty-range} Enters configuration mode for a terminal line or a range of lines Router (config/line) # access-class access-list-number { in | out } Virtual Terminal Line Commands

268 Virtual Terminal Access Example n Permits only hosts in netwrok 192.89.55.0 to connect to the virtual terminal ports on the router Controlling Inbound Access Access-list 12 permit 192.89.55.0 0.0.0.255 ! Line vty 0 4 access-class 12 in Access-list 12 permit 192.89.55.0 0.0.0.255 ! Line vty 0 4 access-class 12 in

269 Using an Alternative to Access Lists

270 Null Interface n Route to nowhere saves valuable CPU cycles access-list ip permit 1.0.0.0 … access-list ip deny 2.0.0.0 … access-list ip permit 3.0.0.0 … access-list ip deny 4.0.0.0 … access-list ip permit 5.0.0.0 … Packet arrives Access list Null 0 Routing table S0 E0 T0 S1

271 Null Interface Command Router (config) # ip route address mask null 0 Create a static route to filter unwanted traffic Interface name is always null 0

272 Null Interface Example Ip route 201.222.5.0 255.255.255.0 null 0 131.108.5.0 131.108.1.0 131.108.4.0 131.108.6.1131.108.6.2 131.108.7.0 201.222.5.0 Eliminates traffic for 201.222.5.0 from WAN

273 Using Helper Addresses

274 Helper Addressing Overview n Routers do not forward broadcast, by default n Helper address provide selective connectivity Diskless Workstation Boot Server

275 Why Use a Helper Address? n Sometimes clients do not know the server address n Helpers change broadcast to unicast to reach server Diskless Workstation Boot Server Broadcast Looking for boot server

276 IP Helper Address Commands Router (config-if) # ip helper-address address Enables forwarding and specifies destination address for main UDP broadcast packet Changes destination address from broadcast to unicast or directed broadcast address Router (config) # ip forward-protocl { udp [ port ] | nd | snds } Specifies which protocols will be forwarded

277 Single Server - Remote Medium Diskless Workstation Boot Server 144.253.1.1 144.253.2.2 E0 Broadcast Forwarding Default UDP Broadcast interface ethernet 0 ip address 144.253.1.100 255.255.255.0 ip helper-address 144.253.2.2 interface ethernet 0 ip address 144.253.1.100 255.255.255.0 ip helper-address 144.253.2.2

278 Single Server - Remote Medium Forwarding Default and Other Broadcast Diskless Workstation Boot Server BOOTP Broadcast 144.253.1.1 144.253.2.2 E0 interface ethernet0 ip address 144.253.1.100 255.255.255.0 ip helper-address 144.253.2.2 ip forward-protocol udp 3000 no ip forward-protocol udp 69 interface ethernet0 ip address 144.253.1.100 255.255.255.0 ip helper-address 144.253.2.2 ip forward-protocol udp 3000 no ip forward-protocol udp 69

279 Server Location Multiple server-remote media Single server-remote medium Multiple server-remote medium

280 Single Server - Remote Medium Directed Broadcast into Subnet E0 BOOTP Server 144.253.2.2 DNS Server 144.253.2.1 Broadcast Directed Broadcast to 144.253.2.255 interface ethernet 0 ip address 144.253.1.100 255.255.255.0 ip helper-address 144.253.2.255 interface ethernet 0 ip address 144.253.1.100 255.255.255.0 ip helper-address 144.253.2.255

281 Multiple Server - Remote Medium Directed Broadcast and Unicast E0 BOOTP Server 144.253.2.2 DNS Server 144.253.2.1 Broadcast Directed Broadcast to 144.253.2.255 interface ethernet 0 ip address 144.253.1.100 255.255.255.0 ip helper-address 144.253.2.255 ip helper-address 144.253.3.2 interface ethernet 0 ip address 144.253.1.100 255.255.255.0 ip helper-address 144.253.2.255 ip helper-address 144.253.3.2 FTP Server 144.253.3.2

282 Summary You can manage IP traffic by: Controlling packet transmission on each medium Using a static route to the null interface in place of an access list to minimize processing overhead Configuring helper addresses to forward broadcasts Standard access lists are easy to configure and require lower processing overhead Extended access list provide greater control.

283 Chapter 6. Configuring Queuing to Manage Traffic

284 Queuing Overview n Prioritizes traffic through router n Cisco IOS offers weighted fair queuing,priority queuing, and custom queuing SNA IPX IP IPXIPSNA

285 The Need for Traffic Prioritization n Delay-sensitive applications may require higher priority than others File Transfer Interactive Traffic

286 Effective Use of Traffic Priorization n Priorization is most effective on bursty WAN links (T1/E1 or below) that experience temporary congestion IPX IP AppleTalk S0 T1/E1

287 IPX IP AppleTalk Establishing a Queuing Policy n Determines which packets get through first n Helps provide acceptable service levels and control WAN costs Traffic Queue Bottleneck

288 Determine traffic priorities Choosing a Cisco IOS Queuing Option No need for queuing WAN congested ? Strict control needed? Queuing policy? Delay OK? Use weighted fair queuing Use priority queuing Step1Step2Step3Step4 Yes No Custom Queuing

289 Configuring Weighted Fair Queuing

290 Data Stream Classification Low-Volume Traffic FIFO Queuing High-Volume Traffic Low-Volume Traffic

291 Discriminates between sessions Automatically “fairly” allocates bandwidth for each session Priority users get needed bandwidth Other users share remaining bandwidth Session 1Session 2 Session 3 Session 4 Premium Gets what it needs. Standard Shares remaining bandwidth Premium Gets what it needs Standard Shares remaining bandwidth Weighted Fair Queuing

292 Fair Queuing Operation n Messages are sorted into conversations 641 5 2 3 Packets in order of arrival

293 n Conversations are assigned a channel n Sorts the queu by order of the last bit crossing its channel Fair Queuing Operation (cont.) 6 41 25 3 Packets fair queuedFair queue 3 1 2 4 5 6

294 n Messages are transmitter in a fair order n High-volume conversations share the link Fair Queuing Operation (cont.) 61 2 5 3 4

295 Weighted Fair Queue Example Frame Relay Network interface Serial1 encapsulation frame-relay fair-queue 128 bandwidth 56 interface Serial1 encapsulation frame-relay fair-queue 128 bandwidth 56

296 Configuring Priority Queuing

297 Priority Queuing LOW Packet arrives Selects one of these Priority List for S0 HIGH MEDIUM NORMAL S0

298 Priority Queuing Operation Dispatch Packet Place in Queue Incoming Packet Select Queue NORMAL Packet? HIGH Packet? MEDIUM Packet? LOW Packet? Timeout ? Queue full? Queue service No To Yes More? Queue selectionWAN

299 Telnet IPX AppleTalk Default Telnet IPX AppleTalk Default Priority Queuing Configuration Tasks LOW HIGH MEDIUM NORMAL Telnet IPX AppleTalk Default Telnet IPX AppleTalk Default To configure priority queuing perform the following tasks: 1. Create priority list based on protocol or interface 2. Assign a default queue 3. Specify the queue sizes (optional) 4. Assign the priority list to an interface To configure priority queuing perform the following tasks: 1. Create priority list based on protocol or interface 2. Assign a default queue 3. Specify the queue sizes (optional) 4. Assign the priority list to an interface S0 Priority List for S0

300 Priority List Configuration Commands n Sets queue priority by protocol type Router (config) # Priority-list list-munber protocol protocol-name { high | medium | normal | low} queue/keyword keyword-value Sets priority by incoming interface type Router (config) # Priority-list list-munber interface interface-type interface-number { high | medium | normal | low}

301 Priority List Configuration Commands (cont.) n Assigns a default queue Router (config) # priority-list list-munber default { high | medium | normal | low} Specifies the queue sizes Router (config) # priority-list list-munber queue-limit high-limit medium-limit normal-limit low-limit Links priority list to an interafce Router (config) # Priority-group list

302 Priority Queuing Example LOW HIGH MEDIUM NORMAL priority-list 1 protocol ip high tcp 23 priority-list 1 protocol appletalk medium priority-list 1 protocol ipx medium priority-list 1 protocol ip normal priority-list 1 default low ! Interface serial 0 priority-group 1 priority-list 1 protocol ip high tcp 23 priority-list 1 protocol appletalk medium priority-list 1 protocol ipx medium priority-list 1 protocol ip normal priority-list 1 default low ! Interface serial 0 priority-group 1 S0

303 Configuring Custom Queuing

304 Custom Queuing n Queues handled in round-robin fashion S0 2 1 (system) 3 14 15 16 High priority (keepalive) Custom Queue List for S0 Deliver x number of bytes per cycle 0 Default 20 entires

305 Custom Queuing Operation 2 1 3 14 15 16 Custom Queue List for S0 Traffic Filtering S0 Next Queue Current Queue Dispatch Packet To WAN Over Service Threshold ? More ? Queued Message Forwarding NoYes

306 Custom Queuing Configuration 1 1 S0 To configure custom queuing perform the following tasks: 1. Set custom queuing filtering for protocols or interfaces 2. Assign a default queue 3. Change queue capacity (optional) 4. Configure the transfer rate per queue 5. Assign the custom queue-list to an interface To configure custom queuing perform the following tasks: 1. Set custom queuing filtering for protocols or interfaces 2. Assign a default queue 3. Change queue capacity (optional) 4. Configure the transfer rate per queue 5. Assign the custom queue-list to an interface 2 2 3 3 4 4. 5 5 14 16 15 Default Queue

307 Custom Queue Configuration Commands Router(config)# queue-list list-number protocol protocol-name queue-number queue-keyword keyword-value queue-list list-number protocol protocol-name queue-number queue-keyword keyword-value Sets queue priority by protocol type Router(config)# queue-list list-number interface interface-type interface-number queue-number queue-list list-number interface interface-type interface-number queue-number Sets priority by interface type

308 Custom Queue Configuration Commands (cont.) Router(config)# queue-list list-number default queue-number Assigns a default queue priority Router(config)# queue-list list-number queue queue-numer limit limit-number queue-list list-number queue queue-numer limit limit-number Changes the capacity of a queue

309 Custom Queue Configuration Commands (cont.) Router(config)# queue-list list-number queue queue-number byte-count byte-count-number queue-list list-number queue queue-number byte-count byte-count-number Assigns a default queue priority Router(config-if)# custom-queue-list list Assigns a queue list to an interface

310 Custom Queuing Example 1 1 1 2 2 3 3 4 4 5 5 queue-list 1 interface E0 1 queue-list 1 protocol ip 2 queue-list 1 protocol ipx 3 queue-list 1 protocol vines 4 queue-list 1 default 5 ! interface serial 3/2 custom-queue-list 1 queue-list 1 interface E0 1 queue-list 1 protocol ip 2 queue-list 1 protocol ipx 3 queue-list 1 protocol vines 4 queue-list 1 default 5 ! interface serial 3/2 custom-queue-list 1 S0

311 Custom Queuing Example 2 1 1 2 2 3 3 4 4 5 5 queue-list 1 protocol ip tcp 20 queue-list 1 protocol ip 2 queue-list 1 protocol ipx 3 queue-list 1 protocol vines 4 queue-list 1 default 5 queue-list 1 queue 1 byte-count 3000 ! interface serial 3/2 custom-queue-list 1 queue-list 1 protocol ip tcp 20 queue-list 1 protocol ip 2 queue-list 1 protocol ipx 3 queue-list 1 protocol vines 4 queue-list 1 default 5 queue-list 1 queue 1 byte-count 3000 ! interface serial 3/2 custom-queue-list 1 S0 2 datagrams per cycle

312 Queuing Comparison Weighted Fair Queuing No queue lists Low volume given priority Conversation dispatching Interactive traffic gets priority File transfers get balanced access Enabled by default Priority Queuing 4 queues High queue serviced first Packet dispatching Critical traffic gets through Designed for low-bandwidth links Custom Queuing 16 queues Round-robin serviced Threshold dispatching Allocation of available bandwidth Best suited for high-bandwidth links

313 Chapter 7 Scalable Routing Protocol OverView

314 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Compare distance vector, link-state, and advanced routing protocols Identify key features of scalable routing protocols Describe variable-length subnet masking (VLSM)

315 Scalable Routing Protocols Overview

316 Routing in Internetworks Routing protocols need to handle issues associated with larger networks: maintain route information Select routes

317 Routing in Internetworks (cont) Routing protocols need to handle issues associated with larger networks: Support flexible network as management Redistribute routes Route multiple protocols

318 Distance Vector Overview Routing Update Routing Table Periodic updates are sent to neighbors ABCD

319 Scalability with Distance Vector Routing Update Routing Table Scalability concerns: Convergence update traffic Metric limitations ABCD Update Interval

320 Link-State Overview Topological Database Routing Table Link-State Advertisements Shorted Path First Three 3 SPF Algorithm 2 4 5 1 DA B C

321 Scalability with Link State 1 DA B C Scalability concerns: Heavy memory use CPU utilization Initial flood of overhead traffic – Convergence – Link State traffic

322 Advanced Routing Choose a routing path based on distance vectors Converge rapidly using change-based updates Share attribute of both distance vector and link-state routing

323 Route Selection: Metrics Which is the best path from Source to Destination?

324 Route Selection: Load Balancing Load balancing can provide increased bandwidth and redundancy

325 Route Selection: Routing Hierarchy A hierarchical network can reflect the corporation’s organization Hierarchical Network Corporate Headquarters National Office Remote Office

326 Redistribution Routing protocols can share routing information RIP IGRP 172.16.23.0 172.16.27.0 172.16.27.46

327 Multiprotocol Support IP Network IPX Network AppleTalk Network IP Network IPX Network AppleTalk Network Enhanced IGRP Enhanced IGRP can route multiple network protocols

328 Address Management Routing protocols can summarize addresses of several network into one address 172.16.25.0 172.16.26.0 172.16.27.0 172.16.28.0 I can route to the 172.16.0.0 network

329 Administrative Distance IGRP RIP Router places the IGRP route in the routing table

330 Variable-Length Subnet Masks

331 Hierarchical Addressing Long Distance Local Office Long Distance Path to 703 (Area Code) California Virginia Path to 1212 (Area Code) Path to 555 (Area Code) Does a telephone switch in California know to reach a specific line in Virginia? (1-703-55-1212)

332 IP Routers Use Hierarchical Addressing PrefixHost 32 bits n bits An IP address has a prefix part and a host part

333 Prefix Length Determined from Context Host 32 bits Variable-length prefixes are not new Prefix length = 8 HostPrefix length =16 HostPrefix length = 24 Class A Class B Class C

334 New Notation for Prefix Length „Classfull” routers accept only a few prefix lengths Class A 10.0.0.0/ 8 10.0.0.0255.0.0.0 Class B 172.16.0.0/ 16 172.16.0.0255.255.0.0 Class C 192.168.0.0/ 24 192.168.0.0255.255.255.0 „Classless” routers accept any prefix length Prefix length is included in the IP address Class C 192.168.16.0 /22 192.168.16.0255.255.252.0

335 Subnetting Extends Prefix to the Right PrefixHost 32 bits Prefix length Classless hosts know about locally configured prefix extensions Classful hosts assume /8, /16, or /24 for nonlocal prefixes

336 Classless Routing Transmits Prefix Length 172.16.1.0/ 24 172.16.13.4/ 30 172.16.0.0/ 16 172.16.13.8/ 30 Different prefix lengths are known at different points Also known as VLSM

337 Using Variable Length Subnet MAsks 172.16.1.0 172.16.2.0 172.16.14.0 172.16.254.0 172.16.0.0/24 (255.255.255.0) 254 subnets 172.16.14.0/30 (255.255.255.252) 62 more subnets available inside 172.16.14.0 172.16.14.4 172.16.14.8 172.16.14.252 Subnet 172.16.14.0/24 is divided into smaller subnets: Subnet with a fixed mask at first Further subnet one regular subnet

338 VLSM Saves Subnets in the WAN 172.16.14.5/24 172.16.14.4/30 172.16.14.16 172.16.14.12/30172.16.14.16/30 172.16.14.8/30 172.16.14.0/30 B S0 A Four host addresses are collected for each serial link

339 Route Summarization (Aggregation) PrefixHost Prefix length Subnetting extends prefix to the right. Summarization collapses prefix to the left.

340 Classless Routing and Prefix Routing 172.16.168.0 172.16.169.0 172.16.170.0 172.16.171.0 172.16.172.0 172.16.173.0 172.16.174.0 172.16.175.0 Prefix routing used by EIGRP and OSPF Classless Interdomain Routing (CIDR) used by BGP4 I will just tell you about summary route to 172.16.168.0/21

341 Discontiguous Subnets and Classful Routing 192.168.14.16 255.255.255.240 172.16.15.0 255.255.255.0 172.16.14.0 255.255.255.0 Advertise subnet 172.16.15.0 255.255.255.0 ? RIP and IGRP do not advertise subnets OSPF and EIGRP can advertise subnets

342 Router Looks for the Longest Match 192.168.5.33/32host 192.168.5.32/27subnet 192.168.5.0/24network 192.168.0.0/16block of networks 0.0.0.0/0default Supports host-specific routes, blocks of and networks, default routes

343 Summary Distance vector routing protocols periodically send complete routing updates Link-state routing protocols send LSAs to all router in the area A scalable routing protocol should: Minimize update traffic Handle address limitations Support hierarchical topology Incorporate rapid convergence VLSM saves addressing space in IP networks

344 Chapter 9 Configuring Open Shortest Path First

345 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe OSPF features and operation Configure OSPF for proper operation Use Cisco IOS summarization and stub-area features for OSPF Verify OSPF operation

346 OSPF Features and Operation

347 OSPF Overview  Standard IP link-state routing protocol  Designed to overcome RIP limitations

348 OSPF Features  Has no hop count limitation  Supports VLSM  Uses multicast addressing for updates  Has faster convergence  Allows for routing authentication  Supports hierarchical routing

349 OSPF Hierarchical Routing  Consist of areas and autonomous systems  Minimizes routing udate traffic Area 0 Area 1Area 2 Autonomous System

350 OSPF Router Types Area 1 Backbone Area 0 Area 2 External AS Area Border Router AS Boundary Router Internal Router Backbone Router

351 The Backbone and Virtual Links  Backbone center of communication  Virtual links provide path to backbone  Avoid configuring virtual links if possible Virtual Link Area 0 (Backbone) Area 1 Area 2 Area 3

352 Another Use for Virtual Links  Link discontinuous backbone - Merged networks - Redundancy Area 3 Area 0

353 The Link-State Database  Represents the network topology  Shared with OSPF routers in same area Adjacent Link-State Database

354 Link-State Advertisements (LSAs)  Sourced by router connected to link  Flooded by all other routers in area  Transmitted at each link-state change LSA

355 Link-State Advertisement Operation LSA LSA received Add to database Flood LSA Run SPF to calculate new table Reset timer for entry Yes No Is entry in topological database?

356 Types of Link-State Packets O — OSPF Derived Intra-Area (Router LSA) IA — Inter-Area (Summary LSA) E1 — Type 1 External Route E2 — Type 2 External Route Routing Table External AS ASBR DR Area 1 Area 0 ABR Network Router External Summary

357 Types of External Routes  Type-1 (E1) metric — external + internal  Type-2 (E2) metric — external cost only 55 Area 1Area 0 R1R2R3 N1 cost = 30 N2 cost = 20 N1 cost = 25 N2 cost = 20 Cost = 20 20 N2 (E2) N1 (E1)

358 OSPF Network Types Point-to-Point Broadcast Multiaccess X.25 Frame Relay Nonbroadcast Multiaccess

359 OSPF Router ID  Number by which the router is known to OSPF - Default: The highest IP address on an active interface - Can be overridden by a loopback interface Network 131.108.0.0 Bogus Loopback Address Ex: 1.1.1.1 Not in OSPF table Saves address space Bogus Loopback Address Ex: 1.1.1.1 Not in OSPF table Saves address space Real Loopback Address Ex: 131.108.17.5 In OSPF table Uses address space Real Loopback Address Ex: 131.108.17.5 In OSPF table Uses address space

360 Neighbors  Form using the Hello protocol Hello

361 Adjacencies  Hellos elect designated router (DR) and backup designated router (BRD)  Each router forms adjacency with DR and BDR DRBDR

362 Designated Router Election  Hello packets exchanged via IP multicast  Router with highest OSPF priority elected Hello DRBDR P=3P=2 P=1 P=0

363 Multiaccess Network  New router announces presence  DR and BDR respond Adding a Router New Router DR BDR 224.0.0.5 Hello

364 Multiaccess Network (cont.)  New router sends LSAs to DR and BDR  BDR waits for DR to respond Adding a Router New Router DR BDR 224.0.0.6 LSA

365 Multiaccess Network (cont.)  DR transmits LSAs to other routers  DR must receive ACK from all routers Adding a Router New Router DR BDR 224.0.0.5 LSA

366 Multiaccess Network (cont.)  Source router tells DR on 224.0.0.6  DR tells others on 224.0.0.5  Other routers flood LSAs Link-State Change New Router DR BDR X X LSA

367 Configuring OSPF

368 OSPF Basic Configuration Commands Router (config) # router ospf process-id  Enables on OSPF routing process Router (config-router ) # network address wildcard-mask area area-id Selects participating interfaces

369 OSPF Basic Configuration Example router ospf 63 network 172.16.5.3 0.0.0.0 area 1 network 172.16.0.0 0.0.255.255 area 0 network 192.168.10.5 0.0.0.0 area 1 router ospf 63 network 172.16.5.3 0.0.0.0 area 1 network 172.16.0.0 0.0.255.255 area 0 network 192.168.10.5 0.0.0.0 area 1 172.16.5.3 192.168.10.5 172.16.1.1 172.16.3.1 T0 E0 E1 E2 Area 1 Area 0

370 OSPF Virtual Link Command Router (config-router) # Area area-id virtual-link router-id  Creates a virtual link

371 OSPF Virtual Link Example R2: router ospf 63 area 1 virtual-link 192.168.10.5 R2: router ospf 63 area 1 virtual-link 192.168.10.5 Area 1 Area 0 Area 3 Router ID 192.168.10.5 Router ID 192.168.20.123 R1: router ospf 100 area 1 virtual-link 192.168.20.123 R1: router ospf 100 area 1 virtual-link 192.168.20.123

372 Vendor Interoperability Assigns a cost to an outgoing interface May be required for interoperability Use default cost between Cisco devices Traffic Non-Cisco Cisco Router (config-if ) # Ip ospf cost cost

373 Using Route Summarization, Stub Areas, and Redistribution

374 OSPF Route Summarization Minimizes routing table entries Localizes impact of a topology change Area 1 ABRs Summarization Area 0 Backbone

375 Route Summarization (cont.) Interarea (IA) summary link carries mask One entry can represent several subnet Area 1 Area 0 ABR Summarization O 131.108.4.0255.255.255.0 O 131.108.8.0255.255.255.0 O 131.108.12.0255.255.255.0 O 131.108.16.0255.255.255.0 O 131.108.20.0255.255.255.0 O 131.108.24.0255.255.255.0 O 131.108.28.0255.255.255.0 IA 131.108.16.0255.255.240.0 Routing Table for C Routing Table for B ABC

376 Route Summarization Issue Existing Subnet Mask = 2521111 11 00Valid 131.108.12.0255.255.255.0Address = 120000 11 00 3rd Subnet Summary Route Mask = 2401111 0000Invalid Subnet 131.108.12.0255.255.240.0Address = 120000 1100zero Some addresses may need reallocating

377 Route Summarization Commands Router (config-router ) # Area area-id range address mask  Consolidates IA router on an ABR Router (config-router ) # Summary-address address mask Consolidates external routes on an ASBR

378 Route Summarization Example Area 0 Area 1 Area 2 172.16.96.0 - 172.16.127.0 255.255.255.0 172.16.64.0 - 172.16.95.0 255.255.255.0 172.16.32.0 - 172.16.63.0 255.255.255.0 172.16.32.1 172.16.64.1 172.16.127.1 172.16.96.1 Interface Addresses (255.255.255.0 mask) Interface Addresses (255.255.255.0 mask) R1# router ospf 100 network 172.16.32.0 0.0.31.255 area 1 network 172.16.96.0 0.0.31.255 area 0 area 0 range 172.16.96.0 255.255.224.0 area 1 range 172.16.32.0 255.255.224.0 R1# router ospf 100 network 172.16.32.0 0.0.31.255 area 1 network 172.16.96.0 0.0.31.255 area 0 area 0 range 172.16.96.0 255.255.224.0 area 1 range 172.16.32.0 255.255.224.0 R2# router ospf 100 network 172.16.32.0 0.0.31.255 area 2 network 172.16.96.0 0.0.31.255 area 0 area 0 range 172.16.96.0 255.255.224.0 area 2 range 172.16.64.0 255.255.224.0 R2# router ospf 100 network 172.16.32.0 0.0.31.255 area 2 network 172.16.96.0 0.0.31.255 area 0 area 0 range 172.16.96.0 255.255.224.0 area 2 range 172.16.64.0 255.255.224.0 R1 R2

379 Stub Areas Hide external routes, reduce database Consolidate external links - 0.0.0.0 Area 1 Area 0 Area 2 0.0.0.0 BGP Stub Area 172.20.64.0 - 172.20.95.0 255.255.255.0 External AS

380 Stub Area Restrictions External AS 0.0.0.0 Area 2 single exit point or, if multiple exit points, suboptimal path acceptable Transit area for virtual links disallowed An ASBR cannot be internal to stube Single Exit Point

381 Totally Stubby Areas Block external and summary routes Know only intra-area and default routes Area 1 Area 0 Area 2 0.0.0.0 BGP Stub Area 172.20.64.0 - 172.20.95.0 255.255.255.0 External AS Summary (IA) Route

382 OSPF Stub Area Commands Router (config-router ) # Area area-id stub [no-summary]  Creates a stub network Router (config-router ) # Area area-id default-cost cost Specifies cost for default route sent into stub area

383 OSPF Stub Area Example External AS Area 0 Stub Area 2 192.168.15.2 192.168.15.1 192.168.14.1 E0S0 R3 R4 R3# interface Ethernet 0 ip address 192.168.14.1 255.255.255.0 interface Serial 0 ip address 192.168.15.1 255.255.255.252 router ospf 100 network 192.168.14.0 0.0.0.255 area 0 network 192.168.15.0 0.0.0.255 area 2 area 2 stub R3# interface Ethernet 0 ip address 192.168.14.1 255.255.255.0 interface Serial 0 ip address 192.168.15.1 255.255.255.252 router ospf 100 network 192.168.14.0 0.0.0.255 area 0 network 192.168.15.0 0.0.0.255 area 2 area 2 stub R4# interface Serial 0 ip address 192.168.15.2 255.255.255.252 router ospf 15 network 192.168.15.0 0.0.0.255 area 2 area 2 stub R4# interface Serial 0 ip address 192.168.15.2 255.255.255.252 router ospf 15 network 192.168.15.0 0.0.0.255 area 2 area 2 stub

384 OSPF Totally Stubby Example External AS Area 0 Stub Area 2 192.168.15.2 192.168.15.1 192.168.14.1 E0S0 R3 R4 R3# router ospf 100 network 192.168.14.0 0.0.0.255 area 0 network 192.168.15.0 0.0.0.255 area 2 area 2 stub no-summary area 2 stub default-cost 20 R3# router ospf 100 network 192.168.14.0 0.0.0.255 area 0 network 192.168.15.0 0.0.0.255 area 2 area 2 stub no-summary area 2 stub default-cost 20 R4# router ospf 15 network 192.168.15.0 0.0.0.255 area 2 area 2 stub R4# router ospf 15 network 192.168.15.0 0.0.0.255 area 2 area 2 stub

385 OSPF Route Redistribution RIP IGRP Enhanced IGRP IS-IS OSPF BGP EGP Allows routing-information exchange between OSPF and other routing protocols

386 OSPF redistribution Command Router (config-router ) # Redistribute protocol [ process-id ] [ metric value ] [ metric-type value ] [ subnet ]  Redistributes routes from OSPF into other routing protocols (and vice versa)

387 OSPF Redistribution Example 1 RIP OSPF Area 0 172.16.62.1 172.16.9.1 S0 S1 R1 172.16.8.1172.16.63.1 Redistribution between RIP and OSPF router ospf 109 network 172.16.62.0 0.0.0.255 area 0 network 172.16.63.0 0.0.0.255 area 0 redistribute rip subnets metric-type 1 metric 20 router rip network 172.16.0.0 passive-interface serial 0 passive-interface serial 1 default-metric 10 redistribute ospf match internal external 1 external 2 router ospf 109 network 172.16.62.0 0.0.0.255 area 0 network 172.16.63.0 0.0.0.255 area 0 redistribute rip subnets metric-type 1 metric 20 router rip network 172.16.0.0 passive-interface serial 0 passive-interface serial 1 default-metric 10 redistribute ospf match internal external 1 external 2

388 Redistribution Example 2 “Back door” creates potential loop RIP OSPF Area 0 R1 R2 R3 172.16.9.1 172.16.8.1 router ospf 109 network 172.16.62.0 0.0.0.255 area 0 network 172.16.63.0 0.0.0.255 area 0 redistribute rip subnets metric-type 1 metric 20 distribute-list 11 out rip access-list 11 permit 172.16.8.0 0.0.7.255 router ospf 109 network 172.16.62.0 0.0.0.255 area 0 network 172.16.63.0 0.0.0.255 area 0 redistribute rip subnets metric-type 1 metric 20 distribute-list 11 out rip access-list 11 permit 172.16.8.0 0.0.7.255

389 Verifying OSPF Operation

390 Show ip ospf interface Command Verifies interfaces are in correct areas Router# show ip ospf interface e 0 Ethernet 0 is up, line protocol is up Internet Address 203.250.14.1 255.255.255.0, Area 0.0.0.0 Process ID 10, Router ID 203.250.13.41, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State BDR, Priority l Designated Router (ID) 203.250.15.1, Interfece address 203.250.14.2 Backup Designated router (ID) 203.250.13.41, interface address 203.250.14.1 Timer intervale configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 0:00:02 Neighbor Count is 3, Adjacent neighbor count is 3 Adjacent with neighbor 203.250.15.1 (Designated Router) Loopback0 is up, line protocol is up Internet address 203.250.13.41 255.255.255.255, Area 1 Process ID 10, Router ID 203.250.13.41, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host Router# show ip ospf interface e 0 Ethernet 0 is up, line protocol is up Internet Address 203.250.14.1 255.255.255.0, Area 0.0.0.0 Process ID 10, Router ID 203.250.13.41, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State BDR, Priority l Designated Router (ID) 203.250.15.1, Interfece address 203.250.14.2 Backup Designated router (ID) 203.250.13.41, interface address 203.250.14.1 Timer intervale configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 0:00:02 Neighbor Count is 3, Adjacent neighbor count is 3 Adjacent with neighbor 203.250.15.1 (Designated Router) Loopback0 is up, line protocol is up Internet address 203.250.13.41 255.255.255.255, Area 1 Process ID 10, Router ID 203.250.13.41, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host

391 Show ip ospf Command Router # show ip ospf Routing Process "ospf 1" with ID 2.2.2.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Number of areas in this router is 1 Area 23 Number of interfaces in this area is 3 Area has no authentication SPF algorithm executed 19 times Area ranges are Link State Update Interval is 0:30:00 and due in 0:04:55 Link State Age Interval is 0:20:00 and due in 0:04:55 Router # show ip ospf Routing Process "ospf 1" with ID 2.2.2.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Number of areas in this router is 1 Area 23 Number of interfaces in this area is 3 Area has no authentication SPF algorithm executed 19 times Area ranges are Link State Update Interval is 0:30:00 and due in 0:04:55 Link State Age Interval is 0:20:00 and due in 0:04:55 Displays general information about the OSPF routing process

392 show ip ospf database Command Router# show ip ospf database OSPF Router with ID (3.3.3.3) (Process ID 1) Router Link States (Area 23) Link IDADVAgeSeq#ChecksumLink Routercount 3.3.3.33.3.3.3780x800000320x80865 4.4.4.44.4.4.416910x800000280xEllC1 2.2.2.22.2.2.216930x800000300x835E5 1.1.1.11.1.1.116960x800000260x80A11 Net Link States (Area 23) Link IDADV RouterAgeSeg#Checksum 150.100.4.2 4.4.4.416910x800000300x2FCE 150.100.1.2 2.2.2.216930x800000240xFB29 Router# show ip ospf database OSPF Router with ID (3.3.3.3) (Process ID 1) Router Link States (Area 23) Link IDADVAgeSeq#ChecksumLink Routercount 3.3.3.33.3.3.3780x800000320x80865 4.4.4.44.4.4.416910x800000280xEllC1 2.2.2.22.2.2.216930x800000300x835E5 1.1.1.11.1.1.116960x800000260x80A11 Net Link States (Area 23) Link IDADV RouterAgeSeg#Checksum 150.100.4.2 4.4.4.416910x800000300x2FCE 150.100.1.2 2.2.2.216930x800000240xFB29

393 show ip protocol Command Router> show ip protocol Routing Protocol is "ospf 300" Sendinq updates every 0 seconds Invalid after 0 seconds, hold down 0, flushed after 0 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: ospf 300 Routing for Networks: 183.8.0.0/0.0.255.255 144.253.100.0/0.0.0.255 Routing Information Sources: GatewayDistance Last Update 14d.253.100.0110 6d21 183.8.128.121100:17:32 192.3.63.1921100:17:33 153.50.193.11100:17:33 183.8.6d.1301106d19 183.8.64.1281100:17:33 133.3.4.01100:17:33 131.108.100.31100:17:33 Distance: (default is 1l0) - - More - - Router> show ip protocol Routing Protocol is "ospf 300" Sendinq updates every 0 seconds Invalid after 0 seconds, hold down 0, flushed after 0 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: ospf 300 Routing for Networks: 183.8.0.0/0.0.255.255 144.253.100.0/0.0.0.255 Routing Information Sources: GatewayDistance Last Update 14d.253.100.0110 6d21 183.8.128.121100:17:32 192.3.63.1921100:17:33 153.50.193.11100:17:33 183.8.6d.1301106d19 183.8.64.1281100:17:33 133.3.4.01100:17:33 131.108.100.31100:17:33 Distance: (default is 1l0) - - More - -

394 Other OSPF show Commands Router# show ip ospf virtual-links Displays parameters about OSPF virtual links Router# show ip ospf neighbor detail Displays neighbor information per interface Router# show ip ospf border-routers Displays routes to the ABR and ASBR

395 Summary OSPF is a scalable, standards-based link-state routing protocol OSPF features: Hierarchical design VLSM support Vendor interoperability Route summarization Route redistribution

396 Chapter 11 Configuring Enhanced IGRP

397 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe Enhanced IGRP features and operation Configure Enhanced IGRP Verify Enhanced IGRP operation

398 Enhanced IGRP Operation

399 Enhanced IGRP Overview n Enhanced IGRP supports: n Rapid convergence n Partial bounded updates n Multiple network-layer support Enhanced IGRP IP Routing Protocols AppleTalk RTMP Novell Routing Protocols

400 Enhanced IGRP Convergence n Neighbor B provides the best route to network 7 n Neighbor B is in the routing table D H B A Neighbor TableTopology Table Network 7 Neighbor B Routing Table Network 7 Network 7

401 Partial Bounded Updates n Updates only sent to directly connected neighbor D H B A Update

402 Neighbor Discovery D H B A Neighbor TableTopology Table Network 7 Neighbor B Routing Table BDHBDH Network 7

403 Topology Table n B is current successor router n H is the feasible successor D H B A Network 7 (20) (10) (1) (100) C EF G Network 7 Advert. Distance 21 220 30 Neighbor B D H Feasible Dist. 31 230 40 Topolog Table

404 Feasible Successor Selection n Router H becomes the successor D H B A Network 7 (20) (10) (1) (100) C EF G Network 7 Advert. Distance 21 220 30 Neighbor B D H Feasible Dist. 31 230 40

405 Active State n The route to network 7 change to Active state, Because no feasible successor exists D H B A Network 7 (30) (10) (1) (100) C EF G Network 7 Advert. Distance 21 220 40 Neighbor B D H Feasible Dist. 31 230 50

406 Multiple Protocol Support for Novell IPX IPX RIP SAP Updates Enhanced IGRP

407 Multiple Protocol Support for AppleTalk RTMP Enhanced IGRP

408 Multiple Protocol Support for IP IPX RIP Enhanced IGRP Autonomous System 200 IGRP Autonomous System 200 Enhanced IGRP

409 Enhanced IGRP Configuration

410 Enhanced IGRP for IP Configuration Router (config) # router eigrp autonomous-system-number Defines Enhanced IGRP as an IP routing process Router (config-router) # network network-number Selects participating attached networks

411 Enhanced IGRP for IP Example 2.4.0.0 3.1.0.0 1.1.0.0 1.2.0.0 1.4.0.0 T0 2.3.0.0 2.1.0.0 2.2.0.0 2.5.0.0 2.6.0.0 2.7.0.0 S0 S1 S2 A A B B C E D router eigrp 109 network 1.0.0.0 network 2.0.0.0

412 Integrating Enhanced IGRP Enhanced IGRP IP RIP AppleTalk RTMP IPX RIP Enhanced IGRP saves WAN link by sending incremental routing updates

413 Enhanced IGRP Path Selection nEnhanced IGRP uses a composite metric to pick the best path IP RIP AppleTalk RTMP IPX RIP IP RIP AppleTalk RTMP IPX RIP Enhanced IGRP 19.2 T1

414 Redistribution with Enhanced IGRP Enhanced IGRP IP AppleTalk IPX Novell protocol redistribution with Enhanced IGRP is enabled by default AppleTalk RTMP redistribution is enabled by default Redistribution of IGRP in the same autonomous system is automatic Other protocols require redistribution

415 IP Route Redistribution n Routes are learned from another routing protocol IP Routing Table I 192.168.5.0 I 172.16.1.0 I 172.16.2.0 I 172.16.3.0 IP Routing Table D EX192.168.5.0 D192.168.5.8 D 192.168.5.16 D 192.168.5.24 S1 advertises routes from EIGRP S0 advertises routes from EIGRP AS 200 IGRP 172.16.0.0 AS Boundary Router AS 200 IGRP 172.16.0.0 AS 300 EIGRP 192.168.5.0 S1S0

416 IP Route Redistribution Configuration Router (config-router) # redistribute protocol [option] Allows routes discovered by one process to be advertised in the updates of another process Router (config-router) # default-metric bandwidth delay reliabulity loading mtu Used for IGRP and Enhanced IGRP redistribution Router (config-router) # default-metric number Used for OSPF, RIP, EGP BGP redistribution

417 IGRP to Enhanced IGRP Migration Autonomous System 100 IGRP/EIGRP Automatic redistribution Autonomous System 200 IGRP Autonomous System 300 EIGRP Redistribution configuration required Enhanced IGRP sends updates that are not compatible with IGRP full table updates Redistribution is automatic within the same autonomous systems Manual redistribution is required between autonomous systems

418 IP Route Redistribution Example 1 AS 200 IGRP 172.16.0.0 AS 300 EIGRP 192.168.5.0 router eigrp 300 network 192.168.5.0 redistribute igrp 200 ! route igrp 200 network 172.16.0.0 redistribute eigrp 300 default-metric command is optional with IGRP/EIGRP redistribution

419 IP Route Redistribution Example 2 RIP 172.68.0.0 Autonomous System 300 EIGRP 201.222.5.0 router rip network 172.68.0.0 redistribute eigrp 300 default-metric 3 route eigrp 300 network 201.222.5.0 redistribute rip default-metric 56 2000 255 1 1500

420 Minimizing Routing Updates

421 Route Filtering Router (config-router) # distribute-list access-list-number { out | in } [ interface-name | routing-process ] distribute-list access-list-number { out | in } [ interface-name | routing-process ] Specifies routes passed to the receiving routing protocol Uses a standard access list to permit or deny routes Can be applied to transmitted (outbound) or received (inbound) routing updates Filters all updates or updates on specific interfaces

422 IP Route Filtering Example n Hides network 10.0.0.0 using interface filtering router eigrp 1 network 172.16.0.0 network 192.168.5.0 distribute-list 7 out s0 ! Access-list 7 permit 172.16.0.0 0.0.255.255 10.0.0.0 172.16.0.0 192.168.5.0

423 Redistribution Filter Example router rip network 192.168.5.0 redistribute eigrp 1 deafult-metric 3 distribute-list out eigrp 7 ! router eigrp 1 network 172.16.0.0 redistribute rip default-metric 56 2000 255 1 1500 ! access-list 7 deny 10.0.0.0 0.255.255.255 access-list 7 permit 0.0.0.0 255.255.255.255 RIP 192.168.5.0 EIGRP 172.16.0.0 EIGRP 10.0.0.0 Hides network 10.0.0.0 using redistribution filtering

424 Enhanced IGRP Route Summarization Router (config-router) # no auto-summary Network-level route summarization (Class A, B, or C) is enabled by default Disables automatic summarization Router (config-if) # ip summary-address eigrp as-number addresss mask Enables summarization for advertisements on a specific interface

425 Route Summarization Example router eigrp 1 network 10.108.0.0 network 172.16.0.0 no auto-summary router eigrp 1 network 10.108.0.0 end int s 0 ip address 192.168.4.2 255.255.255.0 ip summary-address eigrp 1 172.16.0.0 255.255.0.0 10.108.0.0 172.16.1.0 172.16.2.0 192.168.4.2 World S0

426 Minimizing Routing Updates Router (config-router) # passive-interface interface-name Prevent routing protocol updates from being generated on the interface As an alternative to passive interface you: Do not configure a routing protocol on the interface Use access lists to filter routing protocol Use route redistribution

427 Using the passive-interface Command n The passive-interface command disables sending routing updates on interfaces RIP 172.17.0.0 EIGRP 172.16.0.0 AS 90 S0 E0 router rip network 172.17.0.0 redistribute eigrp 90 default-metric 3 pasive-interface ethernet 0 ! router eigrp 90 network 172.16.0.0 redistribute rip default-metric 1544 100 255 1 1500 passive-interface serial 0

428 Static Route Configuration Router (config) # ip route network [ mask ] address [ distance ] Defines a path to an IP destination network or subnet Default administrative distance is 1 Requires redistribution Router (config) # ip route network [ mask ] interface [ distance ] Defines a path to an IP destination network or subnet Default administrative distance is 0 (means directly connected) Automatically redistributed

429 Static Route Reditribution A ED BC S0 201.222.5.0 131.108.0.0 192.31.7.10192.31.7.18 ip route 131.108.0.0 255.255.0.0 192.31.7.18 ip route 201.222.5.0 255.255.255.0 192.31.7.10 ! router eigrp 1 network 192.31.7.0 default-metric 10000 100 255 1 1500 redistribute static distribute-list 3 out static ! access-list 3 permit 131.108.0.0 0.0.255.255 Passive-interface s0

430 VerifyingEnhanced IGRP Operation

431 Router (config) # show ip protocols Display the parameters and current state of the active routing protocol process Router (config) # show ip route eigrp Display current Enhanced EIGRP entries in the routing table

432 Verifying Enhanced IGRP Operation (cont.) Router (config) # show ip eigrp neighbors Display the neighbours discovered by IP Enhanced IGRP Router (config) # show ip eigrp topology Display the IP Enhanced IGRP topology table Router (config) # show ip eigrp traffic Display the number of IP Enhanced IGRP packets sent and received

433 Verifying Enhanced IGRP Operation (cont.) Router # show ipx route Displays the contents of the IPX routing table Router # show ipx eigrp neighbors Display the neighbors discovered by IPX Enhanced IGRP Router # show ipx eigrp topology Displays the IPX Enhanced IGRP topology table

434 Verifying Enhanced IGRP Operation (cont.) Router # show AppleTalk route Displays the contents of the AppleTalk routing table Router # show AppleTalk eigrp neighbors Display the neighbors discovered by AppleTalk Enhanced IGRP Router # show AppleTalk eigrp topology Displays the AppleTalk Enhanced IGRP topology table

435 Summary Enhanced IGRP is an advanced routing protocol that uses the DUAL algorithm Enhanced IGRP has the following features: Rapid convergence Incremental updates Routes IP, IPX, and AppleTalk Route summarization

436 1999.03.01© Synergon Informatika Rt., 1999 Chapter 12 Connecting Enterprises to an Internet Service Provider

437 437. © Synergon Informatika Rt., 1999. június Objectives Upon completion of this chapter, you will be able to perform the following tasks: Determine when to use BGP to connect to an ISP Describe methods to connect to an ISP using static and default routes, and BGP

438 438. © Synergon Informatika Rt., 1999. június BGP and ISP Connectivity Basics

439 439. © Synergon Informatika Rt., 1999. június Internet Service Provider BGP Overview Autonomous System BGP used between autonomous systems (AS) ISP BGP configuration can be complex

440 440. © Synergon Informatika Rt., 1999. június When Not to Use BGP ISP runs BGP Static A B Use a static route to provide connectivity Advertise default network via IGP Avoid BGP configuration by using default networks and static routes — Appropriate when the local policy is the same as the ISP policy

441 441. © Synergon Informatika Rt., 1999. június AS 100 Policy Drives BGP Requirements A AS 400 F AS 200 C B AS 300 ED Static Route BGP Policy for AS 100: Always use AS 300 path to reach AS 400

442 442. © Synergon Informatika Rt., 1999. június AS 100 Policy Drives BGP A AS 400 F AS 200 C B AS 300 ED BGP Downstream policy relies on upstream presence of BGP Router F must run BGP so that router A can implement policy

443 443. © Synergon Informatika Rt., 1999. június BGP Sessions EBGP AS 1 Service Provider IBGP AS 2 BGP traffic is carried by TCP connections Two types of BGP session: External and internal

444 444. © Synergon Informatika Rt., 1999. június BGP Operation IPBGP IGP Routing Protocol BGP Routing Protocol BGP routes can be redistributed into the IP routing table

445 445. © Synergon Informatika Rt., 1999. június BGP Operation (cont.) IPBGP IGP Routing Protocol BGP Routing Protocol Redistributing IP into BGP requires: - The route to be known - The BGP network command

446 446. © Synergon Informatika Rt., 1999. június Connecting to an ISP Using BGP and Alternatives

447 447. © Synergon Informatika Rt., 1999. június ISP Connecting to an ISP Overview Enterprise Network Accomplished through static routes, default, or BGP

448 448. © Synergon Informatika Rt., 1999. június Static Route Command Review ip route network mask {interface | ip-address} Router (config) #  Creates a static route  Can establish a “floating” route

449 449. © Synergon Informatika Rt., 1999. június RIP Static Route Example ISP AS 100 19.0.0.0 AS 200 15.1.1.1 15.1.1.2 15.1.1.0 A S0 Service Provider Running BGP ip route 0.0.0.0 0.0.0.0 S0 ! router rip network 19.0.0.0 ip route 0.0.0.0 0.0.0.0 S0 ! router rip network 19.0.0.0

450 450. © Synergon Informatika Rt., 1999. június OSPF Example ISP AS 100 19.0.0.0 AS 200 15.1.1.1 15.1.1.2 15.1.1.0 A S0 Service Provider Running BGP ip route 0.0.0.0 0.0.0.0 S0 ! router ospf 1 network 19.0.0.0 ip route 0.0.0.0 0.0.0.0 S0 ! router ospf 1 network 19.0.0.0 OSPF default configuration using a static route

451 451. © Synergon Informatika Rt., 1999. június BGP Commands router bgp autonomous-system Router (config) # Enables the BGP routing protocol network network-number Router (config-router) # Allows BGP to advertise an IGP route if it is already in the IP table Does not activate the protocol on an interface

452 452. © Synergon Informatika Rt., 1999. június BGP Commands (cont.) neighbor ip-address remote-as autonomous-system Router (config-router) # Actives a BGP clear ip bgp { * | address } Router # Resets BGP connections Use after changing BGP configuration

453 453. © Synergon Informatika Rt., 1999. június BGP Configuration Example AS 100 19.0.0.0 AS 200 15.1.1.1 15.1.1.2 15.1.1.0 A S0 15.0.0.0 B Configuration for A route bgp 100 network 19.0.0.0 neighbor 15.1.1.2 remote-as 200 route bgp 100 network 19.0.0.0 neighbor 15.1.1.2 remote-as 200 Configuration for B route bgp 200 network 15.0.0.0 neighbor 15.1.1.1 remote-as 100 route bgp 200 network 15.0.0.0 neighbor 15.1.1.1 remote-as 100 Representative of most BGP configurations

454 454. © Synergon Informatika Rt., 1999. június BGP show Commands show ip bgp Router # Displays the BGP routing table show ip bgp paths Router # Displays all paths in database show ip bgp summary Router # Displays status of all BGP connections

455 455. © Synergon Informatika Rt., 1999. június Summary BGP is a protocol used to connect autonomous systems Static routes or default routes can be used if the autonomous system policy is consistent with ISP policy

456 Configuring Frame Relay

457 n Upon completion of this module, you will be able to perform the following tasks: Describe Cisco’s implementation of Frame Relay Recognize key Frame Relay terms and features List the command to configure Frame Relay LMIs, maps, and subinterfaces List the command to monitor Frame Relay operation in the router Objectives

458 Frame Relay Overview

459 Introduction to Frame relay DT E DLCIs PVC s DCE DLCIs DCE Local Management Interface (LMI) LAN Protocol Permanent virtual circuits (PVCs) use data-link connection identifiers (DLCs)

460 Frame Relay Stack Application Presentation Session Transport Network Data Link Physical 76543217654321. Frame Relay Physical OSI Reference ModelFrame Relay 2121

461 Frame Relay DLCI Assignment n Get DLCI from your Frame Relay provider n Each DLCI is locally significant n map your network addresses to DLCI n Map entry indicates static route to destination Frame Relay Switch 172.16.11.2 DLCI 48 DLCINetwork Address 48172.16.11.3 172.16.11.3

462 Configuring Frame Relay

463 Frame Relay Configuration Router (config-if) # Encapsulation frame-relay [ ietf ] Router (config-if) # Frame Relay Imi-type { ansi | cisco | q933a } n Selects LMI type n Sets Frame relay encapsulation

464 Frame Relay Address Mapping Router (config-if) # Frame-relay map protocol protocol-address DLCI [ broadcast ] [ ietf | cisco ] n Defines how to reach a destination

465 Nonbroadcast Multiaccess (NBMA) n All routers appear as peers on a single subnet n Assumes configuration with fully meshed virtual circuits Frame Relay Network DLCI 110 172.16.11.3 172.16.11.2 172.16.11.4 DLCI 77 DLCI 48 DLCI 66 DLCI 134 DLCI 235 Subnet 172.16.11

466 Frame Relay Maps Example interface serial 0 ip address 172.16.11.2 255.255.255.0 ! ! Enable frame relay, use the ANSI LMI encapsulation frame-relay frame-relay Imi-type ansi !Note: for alternate ietf encap, also use Imi-type ansi ! !set up a static frame relay map - full mesh ! frame-relay map ip 172.16.11.3 48 broadcast frame-relay map ip 172.16.11.4 110 broadcast interface serial 0 ip address 172.16.11.2 255.255.255.0 ! ! Enable frame relay, use the ANSI LMI encapsulation frame-relay frame-relay Imi-type ansi !Note: for alternate ietf encap, also use Imi-type ansi ! !set up a static frame relay map - full mesh ! frame-relay map ip 172.16.11.3 48 broadcast frame-relay map ip 172.16.11.4 110 broadcast Cisco A

467 Split Horizon and Frame Relay n If you map DLCIs from A’s SO, only updates to or from A can route on that interface (that is, not B to C or D) A: Do not send updates in from B on S0 back out on S0 B: Sending updates for C or D using S0 on A DLCI 16 to B DLCI 17 to C DLCI 22 to D S0 : D C B A

468 Full Mesh for Frame Relay n Full connectivity using a full point-to-point mesh uses many PVCs and configuration statements C D B A DLCI to B DLCI to C DLCI to D DLCI to B DLCI to A DLCI to D DLCI to A DLCI to B DLCI to C DLCI to D DLCI to A

469 An Alternative: Subinterfaces n Routers need to bypass split horizon on S0 n Define logical subinterfaces on the serial line C B D A S0.2 for DLCI to C S0 to a serial line S0.3 for DLCI to D S0.1 for DLCI to B

470 Partial Mesh for Frame Relay n Map DLCIs with A’s subinterfaces to connect all routers with fewer DLCIs and a simpler configuration C B D A S0.1 S0.2 S0.3 B: Sending traffic for C or D using serial line to A A: Can relay traffic in from B on S0.1, back out on S0.2, or back out on S0.3

471 Subinterface Configuration Router (config) # Interface type.subinterface-number point-to-point Router (config-if) # frame Relay interface-dlci dlci broadcast n Assign a DLCI to the Frame Relay subinterface on the router n Defines the logical subinterface f or Frame Relay and enters the interface configuration mode

472 Frame Relay with Subinterfaces n Each Frame Relay subinterface uses its own subnet Frame Relay Network int S0.2 DLCI 48 ipx address 4a1d.0000.0c556.de33 S0 172.16.113.2 int S0.1 DLCI 110 172.16.112.1 172.16.112.2 ipx address 4a1d.0000.0c566.de35 172.16.113.1

473 Subinterface Configuration Example interface serial 0 encapsulation frame-relay ! ! The first of the two subinterfaces interface s 0.1 point-to-point ! Assign the DLCI to the subinterface frame-relay interface-dlci 110 broadcast ! Indicate the destination protocol address for DLCI 110 ipx network 4a1d ! ! The second subinterface on the S0 interface interface s 0.2 point-to-point frame-relay interface-dlci 48 broadcast ipx network 4c1d interface serial 0 encapsulation frame-relay ! ! The first of the two subinterfaces interface s 0.1 point-to-point ! Assign the DLCI to the subinterface frame-relay interface-dlci 110 broadcast ! Indicate the destination protocol address for DLCI 110 ipx network 4a1d ! ! The second subinterface on the S0 interface interface s 0.2 point-to-point frame-relay interface-dlci 48 broadcast ipx network 4c1d Cisco A

474 Inverse ARP for Network Discovery n This auto-discovery of remote destination addresses simplifies Frame Relay configuration A S S Frame Relay Network Switch announces DLCI 48 DLCI 48 DLCI 66 172.16.11.2 172.16.11.3 Switch announces DLCI 66 Router A announces IP 172.16.11.2 for DLCI 66 Router B announces IP 172.16.11.3 for DLCI 48 B

475 Using Inverse ARP for DLCIs n Frame Relay Inverse ARP is on by default once you specify DLCIs n Inverse ARP resolves protocol addresses of remote routers for local DLCIs C B D A DLCI 22 to D Inverse-arp ipx 22 DLCI 16 to B Inverse-arp ipx 16 DLCI 17 to C Inverse-arp ipx 17 D’s IPX Address C’s IPX Address B’s IPX Address

476 Showing a Frame Relay Interface Router# show int s 0 Serial 0 is up, line protocol is up hardware is MCI serial Internet address is 172.16.11.2, subnet mask 255.255.255.0 MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation Frame Relay, loopback not set, keepalive set (10 sec) LMI DLCI 1026, LMI sent 1, LMI stat recvd 0, LMI upd recvd 0 Last input 0:04:42, output 0:00:07 output hang never Last clearing of “show interface” counters never output queue 0/40, 0 drops; input queue 0/75, 0 drpos five minutes input rate 0 bits/sec, 0 packets/sec five minutes output rate 0 bits/sec, 0 packets/sec 6019 packets input, 305319 bytes, 0 no buffer Received 2973 broadcasts. 0 runts, 0 giants 7 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 7 abort 8595 packets output, 3499314 bytes, 0 underruns 0 output errors, 0 collosions, 10 interface resets, 0 restarts 17 carrier transitions Router# show int s 0 Serial 0 is up, line protocol is up hardware is MCI serial Internet address is 172.16.11.2, subnet mask 255.255.255.0 MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation Frame Relay, loopback not set, keepalive set (10 sec) LMI DLCI 1026, LMI sent 1, LMI stat recvd 0, LMI upd recvd 0 Last input 0:04:42, output 0:00:07 output hang never Last clearing of “show interface” counters never output queue 0/40, 0 drops; input queue 0/75, 0 drpos five minutes input rate 0 bits/sec, 0 packets/sec five minutes output rate 0 bits/sec, 0 packets/sec 6019 packets input, 305319 bytes, 0 no buffer Received 2973 broadcasts. 0 runts, 0 giants 7 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 7 abort 8595 packets output, 3499314 bytes, 0 underruns 0 output errors, 0 collosions, 10 interface resets, 0 restarts 17 carrier transitions

477 Monitoring Frame Relay Router#terminal monitor Router#no logging console Router#debug frame-relay Imi Serial 0 (out): StEnq, clock 20212760, myseq 206, mineseen 205, yourseen 136, DTE up Serial 0 (in): StEnq, clock 20212760, myseq 206 RT IE 1, length 1, type 1 Serial 0 (out): StEnq, clock 20212770, myseq 207, mineseen 205, yourseen 136, DTE up Serial 0 (in): StEnq, clock 20212776, myseq 207 RT IE 1, length 1, type 0 KA IE 3, length 2, yourseq 146, myseq 298 PVC IE 0x7, length 0x6, dlci 48, status 0, bw 56000 PVC IE 0x7, length 0x6, dlci 58, status 0, bw 56000 PVC IE 0x7, length 0x6, dlci 110, status 4, bw 56000 Router#terminal monitor Router#no logging console Router#debug frame-relay Imi Serial 0 (out): StEnq, clock 20212760, myseq 206, mineseen 205, yourseen 136, DTE up Serial 0 (in): StEnq, clock 20212760, myseq 206 RT IE 1, length 1, type 1 Serial 0 (out): StEnq, clock 20212770, myseq 207, mineseen 205, yourseen 136, DTE up Serial 0 (in): StEnq, clock 20212776, myseq 207 RT IE 1, length 1, type 0 KA IE 3, length 2, yourseq 146, myseq 298 PVC IE 0x7, length 0x6, dlci 48, status 0, bw 56000 PVC IE 0x7, length 0x6, dlci 58, status 0, bw 56000 PVC IE 0x7, length 0x6, dlci 110, status 4, bw 56000

478 Summary Use a locally significant DLCI as an indicator of the ultimate destination of a Frame Relay PVC Cisco supports different Frame Relay LMIs: ANSI (Annex D) CCITT (Annex A) Cisco (LMI) Define static PVCroutes with Frame Relay maps Alternately, define subinterfaces for interface DLCIs to avoid split horizon on routing and SAP updates Inverse ARP, on by default, auto-discovers remote protocol addresses for local DLCIs Monitor Frame Relay with show and debug commands


Download ppt "Bevezetés a Cisco routerek konfigurálásába. Fodor Éva"

Similar presentations


Ads by Google