CISCO CERTIFIED NETWORK ASSOCIATE ROUTING & SWITCHING 200-120 CCNAX CCNA R&S LAB MANUAL (2013) (NETW@RK ONLINE ACADEMY Sikandar Gouse Mo’ CCIE (RBS, SP) # 35012 sitandaceel) nal. com, sitandarQnetwertoatineacademy com tworkontineacademy.com ‘All contents are copyright 2013-7014 All rights reserve. COMA RAS Workbook by Sikandar Goune Moinuddin CCIE (RAS, SP) #26012 @ All contents are copyright @2012 2014 All rights reseCCNA exam information & Cisco career paths rvs About Cisco exam: ... eter Contents for new CCNAX v2.0 Introduction to network devices ‘Modes of routers. ee Understanding LAN connectivity. WAN connections... ere Rules to assign the ip address on cisco routers Lab: basic IP configuration Troubleshooting Connectivity WAN protocols (PPP/HDLC). Lab : Basic configuration using three routers Introduction to Routing (static routing) Basic switching. Design hierarchy Initial configuration of a switeh VIRTUAL LAN CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 @ TWGRI All contents are copyright @2013 - 2014 All rights reserved. NE KTrunking DIP (dynamic trunking protocol). Inter-vian routing Spanning tree protocol sssesesnseneensennnrinneineineineneene Lab: verifying spanning-tree oe ae IPVE sen eee Static and Default IPV6 routing... RIPng OsPrv3 EIGRP FOR IPV6 Password reverting on cisco routers Lab: backup and restore JOS and configs Restore IOS Lab: router as DHCP server First hop redundancy protocols. Soir in (RII) meas secetsarsartanenf Ween me WAN connections types Frame relay Lab: framerelay Metrocthernet Introduction to MPLS technology CABLE and DSL technology Virtual private network vsar Sgltg Troubleshooting Using CDP Troubleshooting user connectivity. Troubleshooting VLAN issues Troubleshooting trunking Troubleshooting Routing (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 ~ 2014 All rights reserved.Cisco Certified Network Associate Exam Information Exam Number 200-120 CCNA Associated Certifications CCNA Routing and Switching Duration 90 Minutes (50-60 questions) Available Languages English Register Pearson VUE Exam Policies Read current policies and requirements Exam Tutorial Review type of exam questions CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco CCNA Routing and Switching certification. Candidates can prepare for this exam by taking the Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v2 course. This exam tests a candidate's knowledge and skills required to install, operate, and troubleshoot a small fo medium size enterprise branch network. The topics include all the areas covered under ICND 1 and ICND2 Exams. Cisco Evolves Associate-Level Certifications, Redesigns CCNA Routing and Switching Certification to Support Next-Generation Job Roles Certification and Training Updates Meet Market Demand for Networking Talent Aligned With Changing Business Requirements The updates include comprehensive troubleshooting, technologies such as [Pv6, and updated software on Cisco routers and switches. (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 Alll contents are copyright @2013 - 2014 All rights reserved.Expert {bxpert network engineering sil ‘and mastery of Cisco products ‘and solutions Associate isco networking begins atthe Associate level Thisisthe apprentice or foundation level of networking certication. CCNA‘ also a prerequisite forthe other Cisco certifications Cisco Career Certifications Cisco offer five levels of network certification: Fhty, Associate, Professional, Expert and Architect, the highest level of accreditation within the Cisto Career Certification program. Enty Both the CCENTand the CCT ‘Entry Certifications certiications serve asstarting «CCE (Cisco Certified points for individuals interested may eisai snstarting acareer as Technician networking protession@l CCT cisco certified technician) ny Rs ao ana ee ee ae (NeTWRKAssociate The Associate level of Cisco Associate Certifications Certifications can begin directly with CCNA for network installation, operations and eaipale Cacia troubleshooting or CCDA for ae network design. Think of the es Associate Level as the foundation SONA Service Pronder evel of networking certification. CCNA Service Provider Operations Professio1 The Professional level is an advanced level of certification that shows more expertise with networking skills. Each certification covers a different technology to meet the needs of varying job roles. CCNP Service Provider Operations CCNP Voice CCNP Wireless Expert ‘The Cisco Certified Internetwork _ Expert Certifications Expert (CCIE) certification is, E accepted worldwide as the most CCE Collaboration prestigious networking CCIE Data Center certification in the industry. CCIE Routing & Switching < CCIE Service Provider Operations CCIE Storage Networking (Retiring July 1, 2013) CCIE Voice (Retiring February 13, 2014) CCE Wireless CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 Wetwerk Alll contents are copyright @2013 - 2014 All rights reserved. Sune aArchitect Cisco Certified Architect is the highest level of accreditation achievable and recognizes the architectural expertise of network designers who can support the increasingly complex networks of global organizations and effectively translate business strategies into evolutionary technical strategies. About CISCO Exam : Cisco exams are computer based, run and administered by VUE. There are many major testing centres through the world.you can visit vue.com There are two different CCNA certification exam approaches. The Cisco CCNA exams are 90 minutes and between 40 to 50 questions. The number of questions varies depending on the how questions are answered- When the exam completes (any unanswered questions are automatically marked incorrect) you are advised at the end of the exam of either pass or fail and how you scored in different areas. Cisco CCA Exam Question Types Multiple choice (MC) Testiet Drag-and-drop (DND) Simulated lab (SIM) Simlet MULTIPLE-CHOICE format simply requires that you point and click a circle beside the correct answer(s). Cisco tells you how many answers you need to choose, and the testing software prevents you from choosing too many. TESTLETS are questions with one general scenario and several multiple-choice questions about the overall scenario. DRAG and DROP questions require you to click and hold, move a button or icon to another area, and release the mouse button to place the object somewhere else typically in a list. For some questions, fo get the question correct, you might need to put a list of five things in the proper order. SIM questions generally describe a problem, and your task is to configure one or more routers and Switches to fix i The exam then grades the question based on the configuration you changed or added. Interestingly, sim questions are the only questions (to date) for which Cisco has openly conlirmed it gives partial credit for. SIMLET questions may well be the most difficult style of question. Simlet questions also use @ network simulator, but instead of having you answer by changing the configuration, the question includes one or more muitipie-choice questions. The questions require that you use the simulator to examine a network's current behavior, interpreting the output of any so show commands you can remember to answer the question. Whereas sim questions require you (o troubleshoot problems related fo a configuration, simlets require you to analyze both working networks and networks with problems, ‘CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012. @ epee per ered (NeTweorkcorrelating show command output with your knowledge of networking theory and configuration, commands. Examples of CCNA exam questions and the testing interface can be found at www.cisco.com/go/prepcenter You will need to register to gain access Booking Exams To find your nearest testing centre or to book your exam go to www.mue.com/cisco How the CCNA Exam Works You can only progress forwards in the exam, questions can NOT be reviewed! Each persons exam is different and it's also different each time you take the exam . For each individual exam about 75 questions are pulled from a central database of which you only ‘see 40 to 50 questions. Ifyou get a question wrong you get more questions on the same subject . The longer you hesitate on a question even if you get it correct the more questions you get on that subject! Time is very short for most people, some of the SIM or SIMLET questions can take a Jong time to complete, may be 15 minutes or more for some people Questions are asked in a ranciom order. You might get a SIM question as the first or last question which when pushed for ime is very bad news. You migat get given questions which don't provide any marks! You are unable to tell which these questions are. Cisco does this for new question to colléct metric information, Example: how many people get it right or wrong and time taken fo answer the question. Any incorrectly answered questions also led to more questions on the same subject! In short, the exam can smell fear! So make sure that you are well prepared before you go, dont cross you fingers and hope that a certain subject will not come up, because it will. CONTENTS FOR NEW CCNA.2.0 (200-120) Operation of IP Data Networks Operation of IP Data Networks Recognize the purpose and furictions of various network devices such as Routers, Switches, Bridges and Hubs. Select the components required to meet a given network specification, Identify common applications and their impact on the network Describe the purpose and basic operation of the protocols in the OSI and TCP/IP models. Predict the data flow between two hosts across a network. Identify the'appropriate media, cables, ports, and connectors to connect Cisco network devices to other network devices and hosts in a LAN LAN Switching Technologies ‘+ Determine the technology and media access control method for Ethernet networks * Identify basic switching concepts and the operation of Cisco switches. © Collision Domains © Broadcast Domains © Types of switching 6 ‘CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 om nwt andr Gm Mots CT (Network© CAMTable Configure and verify initial switch configuration including remote access management. © Cisco JOS commands to perform basic switch setup Verily network status and switch operation using basic utilities such as ping, telnet and ssh. Identify enhanced switching technologies o RSTP o PYSTP © Etherchannels Describe how VLANs create logically separate networks and the need for routing between them. Explain network segmentation and basic traffic management concepts Configure and verity VLANs Configure and verily trunking on Cisco switches o DIP © Auto negotiation Configure and verify PVSTP operation © describe root bridge election © spanning tree mode IP addressing (IPv4 / IPv6) ‘© Describe the operation and necessity of using private and public IP addresses for [Pv addressing ‘+ Identify the appropriate IPv6 addressing scheme to satisly addressing requirements in a LAN/WAN environment. Identify the appropriate IPv4 addressing scheme using VISM and summarization to satisty addressing requirements in a LAN/WAN environment. Describe the technological requirements for running IPv6 in conjunction with IPr4 such as dual stack Describe IPv6 addresses Global unicast Multicast Link local Unique local eui 64 autogénfiguration IP Routing Technologies *-Deseribe basic routing concepts °_ CEF & Packet forwarding © Router lookup process Describe the boot process of Cisco IOS routers ° POST © Router bootup process + Configure and verify utilizing the CLI to set basic Router configuration (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (Wetwerk All contents are copyright @2013 - 2014 All rights reserved.© Cisco IOS commands to perform basic router setup Configure and verify operation status of a device interface, both serial and ethernet Verify router configuration and network connectivity » Cisco 10S commands to review basic router information and network connectivity Configure and verify routing configuration for a static or default route given specific routing requirements ‘Manage Cisco 10S Files © Bootpreferences © Cisco 10S image(s) © Licensing © Showlicense © Change license Differentiate methods of routing and routing protocols Static vs. Dynamic Link state vs. Distance Vector Administrative distance split horizon metric next hop ip routing table Passive Interfaces Configure and verify OSPF (single area) 0 Benefit ofsingle area neighbor adjacencies OSPF states Discuss Multi area Configure OSPF va Configure OSPF v3 Router ID Passive interface LSA types Configure and verify EIGRP (single AS) Feasible Distance / Feasible Successors /Administrative distance Feasibility condition ‘Metric composition Router ID Auto summary Path selection Load balancing Equal CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 é ae (NetworkUnequal > Passive interface = Configure and verify inter-VLAN routing (Router on a stick) > sub interfaces © upstream routing © encapsulation © Configure SV1 interfaces IP Services ‘+ Configure and verify DHCP (IOS Router) configuring router interfaces to use DHCP DHCP options excluded addresses ease time Describe the types, features, and applications of ACLs © Standard Sequence numbers © Editing Extended Named Numbered Log option Configure and verify ACLs in a network environment > Named a Numbered » Log option Identify the basic operation of NAT Purpose Pool Static Ito Overloading Source addressing One way NAT Configure and verify NAT for given network requirements Configure and verify NTP as a client Recognize High availability (FHRP) © Configure and verity Syslog CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RAS, SP) #95012 Wetwerk Alll contents are copyright @2013 - 2014 All rights reserved. Sune xa© Uuilize Syslog Output = Describe SNMP v2 & v3 Network Device Security ‘+ Configure and verity network device security features such as Device password security Enable secret vs enable Transport Disable telnet SSH vr¥s Physical security Service password Describe external authentication methods Configure and verify Switch Port Security features such as Sticky MAC (MAC address limitation Static / dynamic Violation modes © Errdisable © Shutdown Protect restrict ‘Shutdown unused ports Err disable recovery Assign unused ports to an unused VLAN Setting native VLAN to other than VLAN 1 + Configure and verify ACLs to filter network traffic © Configure and verify an ACLs to limit telnet and SSH access to the router Troubleshooting Identify and correct common network problems Utilize netflow data Troubleshoot and correct common problems associated with IP addressing and host configurations. Troubleshootand Resolve VLAN problems o- identify that VLANs are configured port membership correct © [Paddress configured Troubleshoot and Resolve trunking problems on Cisco switches © correct trunk states © correct encapsulation configured © correct vians allowed Troubleshoot and Resolve Spanning Tree operation issues CWA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R6S, SP) # 25012 Alll contents are copyright @2013 - 2014 All rights reserved.root switch priority mode is correct portstates Troubleshoot and Resolve routing issues © routing is enabled © routing table is correct © correct path selection Troubleshoot and Resolve OSPF problems © neighbor Adjancies Hello and Dead timers OSPF area Interface MTU Network types Neighbor states OSPF topology database Troubleshoot and Resolve EIGRP problems © neighbor adjancies © ASnumber © Load balancing © Split horizon Troubleshoot and Resolve interVLAN routing problems © Connectivity Encapsulation Subnet Native VLAN Port mode trunk status Troubleshoot and Resolve ACI issues © Statistics © Permitted networks > Direction © Interface Troubleshoot and Resolve WAN implementation issues Serial interfaces 2. PPP © Frame relay Troubleshoot and Resolve Layer | problems 9 Framing © CRC © Runts CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 Al rights reserved. (etwerkGiants Dropped packets Late collision Input / Output errors ‘+ Monitor NetFlow statistics + Troubleshoot etherchannel problems WAN Technologies © Identify different WAN Technologies Metro Ethernet vsaT Cellular 36/46 ‘MPLS TI/EL ISDN Ds Frame relay Cable vPN Configure and verify a basic WAN serial connection Configure and verify a PPP connection between Cisco routers Configure and verity Frame Relay on Cisco routers Implement and troubleshoot PPPoE CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #35012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.INTRODUCTION TO NETWORK DEVICES Operation of IP Data Networks ‘Most of the enterprise computer network can be separated in to two general types of technology: ‘© local area networks (LAN) * Wide-area networks (WAN). ja - ‘Network: interconnections of devices in LAN or WAN LANs set of devices connected with in the same location (office /building/campus of building). WAN set of LAN connected each other in different geographical locations. Together, LANs an d WANs creat e a com plete enterprise compu er network, work ing together todo the job of a.com put ern etwork: delivenng data from one device to another. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCLE (R&S, SP) # 35012 @ All contents are copyright @2013 ~ 2014 All rights reserved. NETWt@RKIRJAS is a standard type of connector for network cables. RJ45 connectors are most commonly seen with Ethernet cables and networks. ‘RMS connectors feature eight pins to which the wire strands of a cable interface electrically. Standard RJ-45 pinouts define the arrangement of the individual wires needed when attaching connectors to a cable. Several other kinds of connectors closely resemble R/45 and can be easily confused for each other. The RJ-1] connectors used with telephone cables, for example, are only slightly smaller (narrower) than R)-45 connectors. + Also Known As: Registered Jack 45 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 @ TWGRI ‘contents are copyright 20132014 A right reserved. NETSB(CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 TWG@RK aa ee Geer(OSI was developed by the Intemational Organization for Standardization (ISO) and introduced around 1980. It is a layered architecture (consists of seven layers) which defines and explains how the communication happens in between two or more network devices within the organization or internet. Each layer defines a set of functions in data communication, Layer -7 User support Layer -6| Present Layers Layer - 5 Software Layers Layer - 4 Core layer of the OSI Layer -3 Network support Layer -2 Layers or Layer -1 Hardware Layers eo (ayer Z) Application Layer is responsible for providing an interface for the users to interact with application services or Networking Services. Ex Web browser etc entification of Services is de Ying Port Numbers Portis a logical communication Channel Port numbers a 16 bit identifi. + Total No. Ports 0~ 65595 + Reserved Ports 1- 1028 + Unreserved Ports 1024 65595 Servic HTTP 80 Fre —[2i ‘SMaP | 25 TELNET | 23 Tee [69 Presentation Layer_ (Layer 6) «Presentation Layer Is responsible for defining a standard format for the data. + Itdeals with data presentation. + The major functions described at this layer are.. Encoding ~ Decoding ‘+ Ex ASCH, EBCDIC (Text) + JPEG GIF. TIFF (Graphics) CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 @ TWGRI All contents are copyright @2013 - 2014 All rights reserved. NE K‘+ MIDLWAV (Voice) + MPEG,DAT.AVI (Video) Encryption ~ Decryption ‘* Bx DES, 3-DES, AES Compression - Decompression ‘+ Bx Predictor, Stacker, MPPC Session Layer (Layer 5) * Itis responsible for establishing, maintaining and terminating the sessions. ‘¢ _Itdeals with sessions or Interactions between the applications. © Session ID is used to identify a session or interaction + Exc RPC, SOL, NFS Transport Layer (Layer 4) + Ilis responsible for end-to-end transportation of data between the applications. + The major functions described at the Transport Layer are. + Identifying Service + Multiptexing & De-multiplexing + Segmentation + Sequencing & Reassembling + Bwor Correction + FlowContro! Identifying a Service: Services are identified at this layer with the help of Port No’s. The major protocols which takes care of Data ‘Transportation at Transport layer are... CP, UDP To ‘UDP ‘Transmission Control Protocol User Datagram Protocol Connection Oriented Connection Less Reliable communication( with Unreliable communication (no Ack) Ack’s) Slower data Transportation Faster data Transportation Protocol No is 6 Protocol No is 17 Eg: HTTP, FTP, SMTP Eg: DNS, DHCP, TFTP Network Layer (Layer 3) + Itis responsible for end-to end Transportation of data across multiple networks. + Logical addressing & Path determination (Routing) are described at this layer. + The protocols works at Network layer are Routed Protocols: * Routed protocols acts as data carriers and defines logical addressing. «IP IPX, AppleTalk... Etc Routing Protocols: = Routing protocols performs Path determination (Routing). "RIP, IGRP, EIGRP, OSPF. Etc + Devices works at Network Layer are Router, Multilayer switch etc. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 (Wetwerk Alll contents are copyright @2013 - 2014 All rights reserved.Data-link Layer (ayer 2) ‘+ Ilis responsible for end-to-end delivery of data between the devices on a LAN Network segment. Dat link layer comprises of two sub-layers. J) MAC (Media Access Control) It deals with hardware addresses (MAC addresses) MAC addresses are 12 digit Hexa-decimal identifiers used to identify the devices uniquely on the network segment. It also provides ERROR DETECTION using CRC (Cyclic Redundancy Check) and FRAMING (Encapsulation) Ex. Bthemet, Token ring...etc 2) LUC (Logical Link Control) It deals with Layer 3 (Network layer) Devices works at Data link layer are Switch, Bridge, NIC card, Physical Layer (Layer 1) © Itdeals with physical transmission of Binary data on the given media (copper, Fiber, wireless...) © Italso deals with electrical, Mechanical and functional specifications of the devices, media.. etc © The major functions described at this layer are. Encoding/decoding: It is the process of converting the binary data into signals based on the type of the media. © Coppermedia : Electrical signals of different voltages © ber media Light pulses of different wavelengths * Wireless media : Radio frequency waves Mode of transmissions of signals: Signal Communication happens in three different modes Simplex, Half-duplex, Full-duplex Devices works at physical layer are Hub, Modems, Repeater, and Transmission Media CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 @ All contents are copyright @2012~ 2014 All rights reserved. NETW@RKTCPUP ‘The Transmission Control Protoco/Internet Protocol (TCP/IP) suit was created by the Department of Defense (DoD). The DoD Model ‘The Process / Application Layer ‘The Host-to-Host Layer ‘The Intemet Layer ‘The Network-access Layer ‘Comparing OSI & TCP/IP Model OSI Layers TCP/IP Layers Process/Application Layer The Process/Application layer defines protocols for node-to- node application communication and also controls user interface specification. TCP/IP application layer protocol s provide services to th e application software running on a computer. The application layer does not define the application itself, but it defines services tha ‘applications need. For example, application protocol HTTP defines how web browsers can pull the contents of a webpage from a web server. In short the application layer provides an interface between software running on a computer and the network itself Examples for this layer are: + Telnet, FTP, TFTP, NFS, SMTP, SNMP, DNS, DHCP etc. TTP Allow to access WebPages + Telnet is used for Terminal Emulation. ‘© Itallows a user sitting on a remote machine to access the resources of another machine. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 (NETWGRI ‘contents are copyright 20132014 A right reserved. NET WSRFTP ile Transfer Protocol) + Itallows you to transfer files from one machine to another. + Italso allows access to both directories and files. + Ituses TCP for data transfer and hence slow but reliable. TFT P Gile Transfer Protocol) © This is stripped down version of FTP. ©. Ithas no directory browsing abilities. © Itcan only send and receive files. © Ituses UDP for data transfer and hence faster but not reliable. ‘Simple Network Management Protocol © SNMP enable a central management of Network. © Using SNMP an administrator can watch the entire network. © SNMP works with TCP/IP. © uses UDP for transportation of the data. DNS (Domain Name Service) + DNS resolves FODN with IP address. + DNS allows you to use a domain name to specify and IP address. = Itmaintains a database for IP address and Hostnames. DHCP (Dynamic Host Configuration Protocol) Dynamically assigns IP address to hosts, TCP UDP ‘Transmission Control Protocol User Datagram Protocol Connection Oriented Connection Less Reliable communication( with Unreliable communication (no Ack's) Ack’s) Slower data Transportation Faster data Transportation Protocol No is 6 * Protocol No is 17 Eg: HTTP, FTP, SMTP © Eg: DNS, DHCP, TFTP ‘The Internet Layer Protocols + Internet Protocol (IP) * Internet Control Message Protocol (ICMP) + Address Resolution Protocol (ARP) + Reverse Address Resolution Protocol (RARP) Internet Protocol (IP) © Provides connectionless, best-effort delivery routing of datagrams © IPisnot concemed with the content of the datagram’s. © _Itlooks for a way to move the datagram’s to their destination. Internet Control Message Protocol (ICMP) © ICMP messages are carried in IP datagram’s and used to send error and control messages. © The following are some common events and messages that ICMP relates to: +) Destination Unreachable * Ping CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 Wetwerk All contents are copyright @2012 - 2014 All rights reserved. Bas cert+ Traceroute Address Resolution Protocol (ARP) © ARP works at Intemet Layer of DoD Model © Itisused to resolve MAC address with the help of a known IP address. RARP (Reverse ARP) © This also works at Internet Layer. © Itworks exactly opposite of ARP. © Itresolves an IP address with the help of a known MAC address. DHCPis the example of an RARP implementation. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 95012 @ TWORI All contents are copyright @2013~ 2014 All rights reserwed. NETWORK«| [PAddress is Logical Address. It is a Network Layer address (Layer 3) IP address is given to every device in the network and it is used to identify the device with in the network. ‘Two Versions of IP: IP version 4 is a 32 bit address IP version 6 is a 128 bit address IP version 4 + Bitis represent by 0 or 4 (i.e. Binary) + IP address in binary form (32 bits): 01010101000001011011111100000001 + 32 bits are divided into 4 Octets: First Octet Second Octet Third Octet Forth Octet 01010101. 00000101. 10111111. 00000001 * IP address in decimal form: 85.5.191.1 IP version 6 Format + 128-bit address is divided along 16-bit boundaries, and each 16-bit block is converted to a 4-digit hexadecimal number and separated by colons (Colon-Hex Notation) FDO00: ODB8: 7654: 3210: 2C4C: BAIT: 7124: 0032 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ TWORI All contents are copyright @2013~ 2014 All rights reserwed. NE KBinary to Decimal Conversion Taking Example for First Octet : Total 8 bits, Value will be 0's and 1's Le. 2° = 256 combination 27 25 25 2% 23 22? 21 2° ° ° ° ° 1 Unicast Unicast is the term used to describe communication where a piece of information is sent from one point to another point. In this case there is just one sender, and one receiver. Unicast transmission, in which a packet is sent from a single source to a specified destination, is still the ‘predominant form of transmission on LANs and within the Intemet. All LANs (e.g. Ethemet) and IP ‘networks support the unicast transfer mode, and most users are familiar with the standard unicast applications (e.g. http, smtp, tp and telnet) which employ the TCP transport protocol. Broadcast Broadcast is the term used to describe communication where a piece of information is sent from one point to all other points. In this case there is just one sender, but the information is sent to all connected receivers, CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 é Soar eee (NewarkBroadcast transmission is supported on most LANS (e.g. Ethernet), and may be used to send the same ‘message (o all computers on the LAN (e.g. the acidress resolution protocol (arp) uses this to send an address resolution query to all computers on alAN), ‘Network layer protocols (such as [Pv4) also support a form of broadcast that allows the same packet o be sent to every system in a logical network (in IPv4 this consists of the IP network ID and an all I's host number). Multicast © Multicast is the term used to describe communication where a piece of information is sent from one or ‘more points to a set of other points. In this case there is may be one or more senders, and the information is distributed to a set of receivers (there may be no receivers or any other number of receivers). eQ ® One example of an application which may use multicast is a video server sending out networked TV channels. Simultaneous delivery of high quality video to each of a large number of delivery platforms will exhaust the capability of even a high bandwidth network with a powerful video clip server. This poses a major salability issue for applications which required sustained high bandwidth. One way to significantly ease scaling to larger groups of clients is to employ multicast networking. The format of IP multicast packets are identical to that of unicast packets and are distinguished only by the use of a special class of destination address (class D IPvi address) which denotes a specific ‘multicast group. Since TCP supports only the unicast mode, multicast applications must use the UDP transport protocol. (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.IPV¢ address classifications Total IP Address Range of IPv4 is 0.0.0.0 255.255.255.255 IP Addresses are divided into 5 Classes | Glass Ranges ‘Wo. Networks & Hosts 0.0.0.0 - 187.256.255.255 126 Networks & 16777214 Hosts per Network 728.0.0.0- 16384 Networks & 65594 Hosts per Network 191.255.255.255 192.0.0.0 - 2097152 Networks & 254 Hosts per Network 223.255.255.258 224.0.0.0- ‘Reserved for multicast traffic 239.255.255.255 240.0.0.0- 255.255.255.255 Reserved for Research and development Host: a specific device in the network Network: _set of devices Network Address © First IP address of the range «© Itrepresents the complete network and cannot be assigned to any device The network address is represented with all bits as ZERO in the host portion of the address Broadcast Address ‘The last IP address of the range Used to send the broadcast with the network and cannot be assigned to any device in the network ‘The broadcast address is represented with all bits as ONES in the host portion of the address Valid addresses: ‘© Valid IP Addresses lie between the Network Address and the Broadcast Address. ‘© Only Valid IP Addresses are assigned to hosts/clients or any other device in the network CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RAS, SP) #95012 Wetwerk Alll contents are copyright @2013 - 2014 All rights reserved. Sune xa‘Subnet Mask It's an address which is used to identify the network and host portion of an Ip address. Class N.HHH — 255.0.0.0 ClassB N.N.HH — 255.255.0.0 ClassC N.N.N.H — 255.255.255.0 ‘© Subnet Mask differentiates Network portion and Host Portion CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (Ne enact ystems eae CoE Getweork‘Subnet Mask is been given for Network Identification of a Host Id. Represented with all 1's in the network portion and with all 0's in the host portion. PUBLIC IP PRIVATE IP Used on public network (INTERNET) Used with the LAN or within the organization Not recognized on internet Given by the administrator Unique within the network or organization Free Unregistered IP Recognized on internet Given by the service provider (from IANA) Globally unique Pay to service provider (or JANA ) Registered Private IP Address ‘There are certain addresses in each class of IP address that are reserved for Private Networks. These addresses are called private addresses. RANGE OF PRIVATE IP: ClassA 0.0.0.0 fo 110.255.255.255 Class B 172.16.0.0 fo 172,31,258.255 Class 192.168.0.0 fo 192.168.255.255 ‘The ip address of the router Ethernet address connecting to the LAN Itis an entry and exit point of the network. (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.SUBNETTING ‘Subnetting is the process of Dividing a Single Network into Multiple smaller networks. Converting Host bits into Network Bits i.e. Converting 0's into I's «© Subnetting helps in minimizing the wastage of IP address Subnetting can be performing in two ways. 1. FLSM (Fixed Length Subnet Mask) 2. VISM (Variable Length subnet mask) Subnetting can be done based on requirement. © Requirement of Hosts? 2-2 >= requirement © Requirement of Networks? 2. >= requirement ‘FLSM: Example—1 (i Pe er accep naiaas San i MA Weta ender Mode OIE AS GenerReq = 40 hosts using C-class address network 192.168.1.0/24 2.2 >=req 2 >=40 64-2>=40 62 >= 40 Host bits required (h) = 6 Converted network Bits (n) = Total. H. Bits --req. H. Bits 2 Converted network Bits (n) = 2 Total. N. Bits = dofault N bits + converted N bits = 24+2= /26 Hosts/Subet = 2-2 = 2-2 = 64-2 32 Hosts/Subet Subnets = 4 Subnets Customized subnet mask = (/26)= 255.255.255.192 Range: 2=% = 64 ‘Network ID Broadcast ID 192,188.1.0/26 192.168.1.63/26 192.168.1.64/26 192,168.1.127/26 192,168.1.128/26 192, 168.1.191/26 192.168.1.192/26 192, 168.1.255/26 FLSM: Example—? Req = 30 hosts using C-class address network 192.168.1.0/24 2.2 >= 109 ar-2 >=30 32-2>=30 30 >= 30 Host bits required (h) Converted network Bits (n) = Total. H. Bits req. H. Bits CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 @ TWORI All contents are copyright @2013- 2014 All rights reserwed. NE KConverted network Bits (n) Total. N. Bits = default N bits + converted N bits = 24+3= /27 Hosts/Subet = 2-2 = 25-2 = 32-2 = 30 Hosts/Subet Subnets = 2 2? = 8 Subnets Customized subnet mask = (/27)= 255.255.255.224 Range: 2*25 = 32 ‘Network ID Broadcast ID 192,168.1.0/27 192,168.1.31/27 192.168.1.32/27 198.168.1.63/87 192.168.1.64/27 192.168.1.98/27 192.168.1.96/27 192,168,1,127/27 192.168.1.128/27 192,168.1.189/27 192.168.1.160/27 192.168.1.191/27 192.168.1.192/87 192.168,1.223/27 192.168.1.224/27 192.168.1.255/27 FLSM: Example—3 Req = 500 hosts using B-class address network 172.16.0.0/16 2-2>=10q 2-2 >= 500 512-2>= 500 510 >= 500 Host bits required (h) = 9 Converted network Bits (n) = Total. H. Bits --req. H. Bits =16--9=7 Converted network Bits (n)=7 Total. NV. Bits = default N bits + converted N bits =16+7= /23 Hosts/Subet = 2-2 = 2-2 = 512-2 = $10 Hosts/Subet CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 95012 @ TWORI All contents are copyright @2013- 2014 All rights reserwed. NE KSubnets = 2+ =27= 128 Subnets Customized subnet mask = (/23)= 255.255.254.0 Broadcast ID 172.16.0.0/23 172.16.1.255/23 172.16.2.0123 172.16.3.255/23 172,16,4.0/23 172.16.5.255/23 172,16,6.0/23 172,16.7.255/23 172,16.254.0/23 172.16.255.255/23 FLSM: Example—4 Req = 4000 hosts using B-class address network 172.16.0.0/16 4096-2 >= 4000 4094>= 4000 Host bits required (h) = 12 Converted network Bits (n) = Total. H. Bits --req. H. Bits 6-1 Converted network Bits (n)= 4 Total. N. Bits = default N bits + converted N bits =16+4= /20 Hosts/Subet = 2-2 = 2-2 = 4096-2 1094 Hosts/Subet Subnets = 2 =2¢= 16 Subnets Customized subnet mask = (/20)= 255.255.240.0 Range: 2=2!7= 4096 CCNA R&S Workbook by Sikandar Gouse Molnuddin CCIE (R&S, SP) #25012 Genwer All contents are copyright @2013 - 2014 All rights reserved. NE’ K‘Network ID Broadcast ID 172.16.0.0/20 172.16.15.255/20 172.16.16.0/20 172.16.31.285/20 172,16.32.0/20 172.16.47.255/20 172.16.48.0/20 172.16.63.255/20 172,16.64.0/20 172,16.79.255/20 172,16.240.0/20 172,16.255.255/20 LSM: Example—5 Req = 2000 hosts using A-class address network 10.0.0.0/8 2.2 >=req 2u—2 >=2000 2088-2 >= 2000 2046 >= 2000 Host bits required (h)= 11 Converted network Bits (n) = Total. H. Bits - req. H. Bits = 26-1 =13 Converted network Bits (n) = 13 Total. N. Bits = default N bits + converted N bits = 8+13 = /21 Hosts/Subnet = 2-2 = 21-2 2048-2 046 Hosts/Subnet Subnets = 2* = 2!) = 8192 Subnets (Customized subnet mask = (/21)= 255.255.248.0 Network ID Broadcast ID + 10.0.0.0/21 s+ 10.0.7.255/21 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ TWORI All contents are copyright @2013- 2014 All rights reserwed. NE K10.0.8.0/21 10.0.16.0/21 10.0.248.0/21 10.1.16.0/21 10.1.268.0/21 10.2.0.0/21 10.2.8.0/21 10.2.16.0/21 10.2.248.0/21 10.255.0.0/21 10.255.8.0/21 10.255.16.0/21 * 10.255.248.0/21 FLSM: Example—§ 10.0.15.255/21 10.0.23.255/21 10.0.255.255/21 10.1.7.255/21 10.1.15.285/21 10.1.23.255/21 10,1.255.255/21 10.2.7.285/21 10.2.15.255/21 10.2.23.255/21 10.2.255.255/21 <= 10.0.7.255/21 == 10.0.15.255/21 10.0.23.255/21 10.255.255.255/21 ‘Req = 32000 hosts using A-class address network 10.0.0.0/8 32766 >= 32000 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 @ TWORI All contents are copyright @2013~ 2014 All rights reserwed. NE KHost bits required (h)= 15 Converted network Bits (n) = Total. H. Bits -- req. H. Bits 4 1S=9 Total. N. Bits = default N bits + converted N bits Hosts/Subnet = 2-2 = 21-2 32768-2 = 92766 Hosts/Subnet Subnets = 2* = 2/ = 512 Subnets © Customized subnet mask = (/17)= 255.255.128.0 Range: 2° = 32768 Network ID Broadcast ID © 10.0.0.0/17 - 10.0.127.256/17 © 10.0.128.0/17 s- 10.0.255.255/17 10.1.0.0/17 ve 10,0.127,255/17 10.1.128.0/17 ws 10,1.255.255/17 10.2.0.0/17 tee 10.2.127.255/17 10.2.128.0/17 10.2.255.255/17 10.3.0.0/17 10.3.127.255/17 10.3.128.0/17 ss 10,3.255.255/17 10.8.0.0/17 w= 10.4.127.255/17 10.4.128.0/17 -- 10.4.255.255/17 10,5.0.0/17 ws 10,5.127.255/17 10.8.128.0/17 10.5.255.255/17 © 10.255.0.0/17 i 10.255.127.255/17 © 10.255.128.0117 + 10.255.255.255/17 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 Alll contents are copyright @2013 - 2014 All rights reserved.Walue ‘Subnet mask 720 255.255.240.0 ne 8.2. 255.255.192.0 13 i 255.255.256.0 2s 255.255.255.128 ng az 255.255.224.0 ne 255.255.255.240 ne . 255.255.255.248 730 255.255.255.252 me 6.0 285.255.252.0 Variable-Length Subnet Mask (VLSM): 4 VISMis used for proper implementation of IP addresses which allows more than one subnet mask for a given network according to the individual needs % Logically dividing one network into smaller networks is called as Subnetting or VSM. 4 One subnet can be sub-netted for multiple times for efficient use. ‘Requires Classless Routing Protocols. Advantages Efficient Use of IP addresses: Without VLSMs, networks would have to use the same subnet mask throughout the network. But all your networks don't have the same number of hosts requirement. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R6S, SP) #95012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.Example of a VLSMs Networks 200,200.200:32/27 200.200.200,164/30 ¢ ) 25 Hosts 200,200200.188/30_ 999 29020064/27 25 Hosts 200 200.200.9627 200,200.200.128/27 25 Hosts 200.200.200.172/30 Subnetting Questions Find the following values for the Given examples below © subnetmask ‘+ Range (network ID and Broadcast ID), + Valid Host, Subnets 28,10.148.10/18 150.12.110,10/25 150.50.50.50/23 100.10.188.10/20 0,1.112.10/21 112.10.78.40/28 172.18.221.1019 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 5012 @ TWORI All contents are copyright @2013~ 2014 All rights reserwed. NE KVLSM Design Examples Below you can find some of the sample scenario diagram where it mentions the reqquirments (ie No of hosts) SS = = saan 078 renee CCNA R&S Workbook by Sikandar Gouse IMoinuddin CCIE (R&S, SP) # 35012 é TWGRI ane eee aaecael (NeTw@RK(CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 @ All contents are copyright @2013 ~ 2014 All rights reserved. ETW@RK1000 hosts 172.16.0.0722 0.0 t0 3.286 200 hosts 172.16,7.0724 7.0 107.285 172.16.6.0724 6.0 10 6.285, 20 hosts 172.16.9.64/26 172.16.9.160/27 9.64 199.127 9.160 te 9.191, (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.INTRODUCTION TO ROUTERS What is a Router? Router is a device which makes communication possible between two or more different networks present in same or different geographical locations. — Itis an inteetworking device used to connect two or more different networks —_ Itworks on layer 3 (i.e. network layer.) It does two basic things:- — Select the best path from the routing table. ~ Forward the packet on that path Other Vendors apart from Cisco Many companies are manufacturing Router: Nortel Malticom Juniper Dlink Linksys 3Com Router Classification FIXED ROUTER MODULAR ROUTER Fixed router (Non Upgradeable cannot add and remove the Ethernet or serial interfaces) Doesn't have any slot ‘Modular router (Upgradeable can add and remove interfaces as per the requirement) ‘Number of slots available depend on the series of the router CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 G TWGRI Seca ttc arama (NETWORKExample of Fixed Router aur ‘Attachment MR Tateetace Power Switch Auxiliary Power ‘Aux 0 Supply EXTERNAL PORTS OF ROUTER * LAN interfaces - Ethernet = AUT (Attachment Unit Interface) 0)- 15 pin = 10baseT- RIS + WAN interfaces =. Serial interface (S0, S1, s0/0, s0/1, s0/0/0 etc) ~ 60 pin/26 pin(smart serial) = ISDN interface(BRI0 etc) - RJ4S. (used for ISDN wan connections ) + Administration interfaces Console - RJ45 — Local Administration Auxiliary — R/45 — Remote Administration 2621 Model Router (Modular Router) Fastéthemet Console Aunilary Power Ports Port Port Sitch CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 (NETWGRI ‘contents are copyright 2013-2014 A right reserved. NETWSBKAttachment Unit Interface + AUT pin configuration is 1S pin female. + Tus known as Ethernet Port or LAN port or Default Gateway. + Itisused for connecting LAN to the Router. + ‘Transceiver is used for converting 8 wires to 15 wires. i.e. JAS to 18 pin converter. Console Port Itis known as Local Administrative Port Itis generally used for Initial Configuration, Password Recovery and Local Administration of the Router. itis RJ45 Port IMP: Its the most delicate port on the Router. So make less use of the Console Port. . tit 4 LAN - 192.168.1.0/24 ' ' 1 1 Console Connectivity ‘© Connect a rollover cable to the router console port (R)- 45 connector) Connect the other end of the rollover cable to the RJ- 45 to DB-9 converter + Attach the female DB-9 converter to a PC Serial Port. ‘© Open Emulation Software Serial Port © Serial pin configuration is 60 pin configuration female (i.e. 18 pins and 4 rows) and Smart Serial pin configuration is 26 pin Configurations female, It is known as WAN Port ‘ Itis used for connecting to Remote Locations V.38 cable is having 60 pin configuration male at one end and on the other end 18 pin configurations male. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ All contents are copyright @2013 ~ 2014 All rights reserved. NET@RKAuxiliary Port Iis known as Remote Administrative Port. Used for remote administration Its an B)-45 port Aconsole or a rollover cable be used. RU48100825 Woden aso INTERNAL COMPONENTS OF THE ROUTER ROM: «Isa chip integrated on the motherboard which contains a Bootstrap program which tells howto Toad the IOS Used to start and maintain the router. Holds the POST and the bootstrap program, as well as the mini-IOS. POST (power-on self-test) ‘© Stored in the microcode of the ROM, the POST is used to check the basic functionality of the router hardware and determines which interfaces are present. Mini-I0S + Also called the RXBOOT or boot loader by Cisco, the mini-IOS is a small IOS in ROM that can be used fo bring up an interface and load a Cisco [OS into flash memory. © The mini-1OS can also perform a few other maintenance operations. RAM (random access memory) * Used to hold the temporary config, recent packet buffers information , ARP cache, routing tables, and also the software and data structures that aliow the router to function. * Also called as Running-config * The JOS is loaded in to the RAM from the Flash atthe time of booting. Flash memory * Stores the Cisco IOS by default. Flash memory is not erased when the router is reloaded. NVRAM (nonvolatile RAM) ‘* Used to hold the router and switch configuration. NVRAMis not erased when the router or switch is reloaded. It will not store an IOS. The configuration register is stored in NVRAM. Configuration register file ‘© Used to control how the router boots up. This value can be found as the last line of the show version command output (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ TWORI All contents are copyright @2013~ 2014 All rights reserved. NE K© By default is set to 0x2102, which tells the router to Joad the JOS from flash memory as well as to oad the configuration from NVRAM. ROUTER START-UP SEQUENCE Locate andioad | 3. Locate the 10s Operating system 4, Load the 10S Locate anc toad “ys Locate the Configuration fle Configraton ie or tner"seti made | 5. Execte he Cortguraton Ente Soup Modo 1. Performing the POST and Loading the Bootstrap Program ‘+ The power-on selftest (POST) is a process that occurs on almost every computer when it boots. The POST is used to test the router hardware. Afier the POST, the bootstrap program is loaded. The bootstrap program locates the Cisco IOS and Toads it into RAM, 2. Locating and Loading the 10S Software ‘The location of the 10S file is specified by the value of the configuration register setting. The bits in this setting can instruct the device to load the [OS file from the following locations: «Flash memory = ATFIPserver ‘© To load the IOS normally from flash, the configuration register setting should be set to 0x2102. 43. Locating and Executing the Startup Configuration File or Entering Setup Mode + After the 10S is loaded, the bootstrap program searches for the startup configuration file (startup- config) in NVRAM. This file contains the previously saved configuration commands and parameters, including Interface addresses, Routing information , Passwords, other configuration parameters Ifno configuration file is located, the router prompts the user fo enter setup mode to begin the configuration process. Ifa startup configuration file is found, a prompt containing a hostname will display. The router has successfully loaded the JOS and the configuration fle. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) #25012 (@ewerk Alll contents are copyright @2013 - 2014 All rights reserved. Sue xaIntegrated Services Router (ISR). Itgets its name because many of the services, like security, are built into it. I's a modular device like the 2600, ‘but it's much faster and a Jot more sleek—it's elegantly designed to sup-port a broad new range of interface options. 800, 1800,2800,3800, 1900, 2900, 3900, CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.‘Setup mode + The router enters in to setup mode ifthe NVRAM is blank User Mode + Only some basic monitoring + limited show commands, ping,, traceroute + Router> Privileged Mode: + monitoring and some troubleshooting + allshowcommands, ping, trace , copy, erase + Router# Global Configuration mode:- + To make any changes that affect the router like hostname, routing configurations. + All Configurations that affect the router globally + Router(config)#t Interface mode ‘Configurations done on the specific interface Rommon Mode:- Reverting Password Console Connectivity + Connect a rollover cable to the router console port (RJ-45 connector). + Connect the other end of the rollover cable to the RJ-45 to DB-9 converter + Attach the female DB-9 converter to a PC Serial Port. + Open emulation software on the PC: IN WINDOWS Start > Programs > Accessories > Communications > HyperTerminal > HyperTerminal. Give the Connection Name & Select Any icon Select Serial (Com) Port where Router is connected. InPort Settings > Click on Restore Defaults tam 192.168.3.0/24 IN LINUX + #minicom~s (used instead of HyperTerminal in Windows) (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.Eecseaeanéctone wkontatacomncin | Cidade beta ttre i —; = (ea) ae) mean (2) Connection Description (2) connect To pase | ni =) une sl em fio a (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ K All contents are copyright @2012~ 2014 All rights reserved.BASIC COMMANDS User mode: Router > Router > show flash Router > show version Router > show ip interface brief Router >ping 1.1.1.1 Router >traceroute $0.1.1.1 Router > enable Privilege mode: Router # show running-contig Router # show startup-config Router # show flash Router f show version Router #ishow ip interface brief Routert?>ping 1.1.1.1 Router # traceroute 50.1.1. Router # configure terminal (To enter in Global configuration mode) Global configuration mode: (config) # hostname Sikandar CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 @ All contents are copyright @2012~ 2014 All rights reserved. NETW@RKrae rs r Router(config) # interface Router(contig-if)# ip address (terface Mode) Router(contig-if # no shutdown faanigas * Router(config) # line con 0 (To enter into Console line mode) Router(config-line) # password Router(config-line) # login Router(contfig-line) # exit Router(config) # exit hs Assit Router(config) # line aux 0 (To enter into Auxiliary line mode) Router(config-line) # password Router(contig-line) # login Router(contfig-line) # exit Router(contig) # exit Assigning Telnet password: Router(config) # line vty 04 (To enter into VIY line mode) Router(contfig-line) #ipassword Router(contig-line) login Router(config-line) #exit Router(config) #exit Assigning enable password: Router(config) # enable password (The will be password saved in clear text) OR Router(config) # enable secret (The password will be saved in encrypted text) all, (config)ttservice password-encryption CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.Commands to save the configuration: Router ## copy running-config startup-config (OR) Router #t write memory (OR) Router # write TO erase NVRAM configuration: Routeri# erase startup-config (to erase the NVRAM) LAB: BASIC CONFIGURATIONS AND VERIFICATIONS POWER on the router and observe the booting Process (sample Output shown below) System Bootstrap, V@ESiORUIIN(GH)T2, RELEASE SOFTWARE (fel) ce mht (c) 2000 by cisco Systems, Inc. (MPC86O) processor (revision 0x200) with GOMIGKISIZ0K bytes of memory eatin the a Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (©) ofthe Commercial Computer Sofware - Restricted Rights clause at FAR sec. §2.227-19 and subparagraph © () @i of the Rights in Technical Data and Computer Software clause at DFARS sec. 252,227-7013, cisco Systems, Inc. 170 West Tasman Drive ‘San Jose, California 95134-1706 esi asi Orang Seles Sade 105 tn) C2400 State (C4600), VarsonIR:2(28), RELEASE SOFTWARE (5) Technical Support: hitp://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Wed 27-Apr-04 19:01 by miwang isco 2621 (MIPCE60) processoF (reson 0x200) wnt BOBIBRUSIZOK bytes of memory Processor board ID JAD05190MTZ (4292891495) M860 processor: part number 0, mask 49 Bridging software. aS sofware, Version 3.00. CONA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RSS, SP) #35012 @ TWORI ‘Micontents ae copyright @2011 2014 rights exerved. NET WRKSystem Configuration Dialog Continue with configuration dialog? [yes/no]: 9% Please answer yes' or ‘no’. Continue with configuration dialog? [e870] Router> Router>show flash System flash directory: File Length Name/status 3 5571884 [8827403 bytes used, 58188961 available, 63488K bytes of processor board System flash (Read/Write) Router>show version Cisco Intemetwork Operating System Software 0S (tem) C2600 Software (C2600-I-M), Version 12,2(28), RELEASE SOFTWARE (15) Technical Support: hitp://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, In. Compiled Wed 27-Apr-04 19:01 by miwang Image text-base: 0xB000808C, data-base: Ox80AIFECC ROM: System Bootstrap, VarsiOHI2IN(31)T2, RELEASE SOFTWARE (fc1) Copyright (<) 2000 by cisco Systems, Inc. ROM: (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5) sytem retuned to ROME oad Stem image tiles "ashie@600sm122-28:bin" (@i8e6(2622 (MPCBEO) processor (revision 0x200) with BOSIGKISIZOK bytes of memory Processor board ID JADOS190MIZ (4292891498) (M860 processor: part number 0, mask 49 Bridging software. 2.25 software, Version 3.0. Configuration register is 0x2102 Router>sh ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down FastEthemet0/I unassigned YES unset admunistratively down down’ CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ ‘Mcontensarecopyight QI013~- 2018 A rights reserved. NETWORKRouter>ping 1.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: Success rate is 0 percent (0/3) Router>traceroute 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1 To enter in to privilege mode Router> enable By typing the clock ?command, you'll get a list of the next possible parameters and what they do. Notice that you should just keep typing a command, a space, and then a question mark until (carriage retum) is your only option. Ifyou're typing commands and receive ‘To enter in to privilege mode Router configure terminal Enter configuration commands, one per line. End with CNTL/Z. 70 change the Hostname of the ro! Router(config)# hostname HYDERABAD HYDERABAD (config)## TO ASSIGN CONSOLE PASSWORD HYDERABAD (config)##line console 0 -HYDERABAD(config-line)tpassword ciscol23 HYDERABAD(config-line)i#login HYDERABAD(config-line)#end ERE CONG 1 Conte ram consol by console HYDERABAD#* exit HYDERABAD con0 is now available Press RETURN to get started. User Access Verification (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 Alll contents are copyright @2013 - 2014 All rights reserved.(Enter the console password which was configured) HYDERABAD> HYDERABAD>enable HYDERABAD# conf terminal Enter configuration commands, one per line. End with CNTL/Z, HYDERABAD (config) line vty 04 HYDERABAD (contig-line)#t password cenal23 HYDERABAD (config-line)# login HYDERABAD (config-line)}# exit HYDERABAD(config)it enable password ccnp123 HYDERABAD (config) exit HYDERABAD# exit HYDERABAD con0 is now available Press RETURN to get started. User Access Verification Pansword: (Enter the console password which was configured) HYDERABAD> enable HYDERABAD# (Enter the enable password which was configured) HYDERABAD# show running-config Building configuration. (Current configuration : 480 bytes version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption hostname HYDERABAD CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2013~ 2014 All rights reserved.HYDERABAD# configure terminal HYDERABAD(config)# enable secret cciel23 HYDERABAD(config)#t exit HYDERABAD# show running-config Building configuration... (Current configuration : 527 bytes version 12.2 ‘no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption hostname HYDERABAD enable secret enable password ccnp 123 HYDERABAD# erase startup-config Erasing the nvram filesystem will remove all configuration files! COnUAUE? [eon] 10K] Erase of nvram: complete HYDERABAD# reload Proceed with reload? [confirm] 96SYS-5-RELOAD: Reload requested by console, Reload Reason: Reload Command. ‘System Bootstrap, Version 12. 1(31)T2, RELEASE SOFTWARE ({cl) Copyright (c) 2000 by cisco Systems, Inc. cisco 2621 (MPC86Q) processor (revision 0x200) with 60416K/S120K bytes of memory Selfdecompressing the image : ‘EHLLEESIEO LOL ELAEE SEAL EEA EOE EEE pH HEHEHE [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (© ofthe Commercial Computer Software - Restricted Fights clause at FAR sec. 52.227-19 and subparagraph (© Gi Gi ofthe Rights in Technical Data and Computer CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RES, SP) # 25012 (etwerk All contents are copyright @2012~ 2014 All rights reserved. BascoSoftware clause at DFARS sec. 252.227-7013, cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Intemetwork Operating System Software 10S (tm) C2600 Software (C2600-I-M), Version 12,2(28), RELEASE SOFTWARE (fe5) Technical Support: hitp://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Wed 27-Apr-04 19:01 by miwang cisco 2621 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory Processor board ID JADOS190MTZ (4292691495) ‘M860 processor: part number 0, mask 49 Bridging software X.25 software, Version 3.0.0. 2 FastEthemeV/IEEE 602.3 intertace(s) 32K bytes of non-volatile configuration memory. 63488K bytes of ATA CompactFlash (Read/Write) NOTE: The router enters in to setup mode as the startup-config been erased CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.UNDERSTANDING LAN CONNECTIVITY: PC STRAIGHT-THRU HUB CROSSOVER ee 1 TX 2 2 RX Re 3 I a 4 —s XT 6 1X —_—— 2 ET 6 R45 Plug SA Seg sem Cle ‘RJ45 CONNECTOR: ‘¢ RJASis a standard type of connector for network cables. RJ45 connectors are most commonly seen with Ethernet cables and networks. + RY48 connectors feature eight pins to which the wire strands of a cable interface electrically. Standard RJ-45 pinouts define the arrangement of the individual wires needed when attaching connectors to a cable. Several other kinds of connectors closely resemble RJ/45 and can be easily confused for each other. The RJ-I! connectors used with telephone cables, for example, are only slightly smaller (narrower) than R-45 connectors. + Also Known As: Registered Jack 45 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 (Nt TWGRI ‘contents are copyright 20132014 A right reserved. ET WSRSEMANAS Woekbook by Standar Coue Motnmdin CCIE (MAS, $7) #25612 All contents are copyright @2012 - 2014 All rights rese:WAN CONNECTIONS WAN connections are divided into three types 1) Dedicated line 2) Circuit switched 9) Packet switched Dedicated line:- Permanent connection for the destination Used for short or long distance Bandwidth is fixed Availability is 24/7 Charges are fixed whether used or not. Uses analog circuits Always same path is used for destination Example is Leased Line Circuit switcheds- Itis also used for short and medium distances. Bandwidth is fixed Charges depend on usage of line Also called as line on demand. Usually used for backup line ¥. Connects at BRIport of router ¥ ISDNand PSTN are the examples ¥ v y e y v v v Packet switched:- Y Used for medium or longer connections ¥ Bandwidth is shared Many virtual connections on one physical connection Example: - Frame Relay CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 @ TWGRI All contents are copyright @2012~ 2014 All rights reserved. NETWORK‘Leased line:: ‘+ Apermanent/dedicated physical connection which is used to connect Two different geographical areas. This connection is provided by telecommunication companies like BSNL in India ‘+ Leased line provides service 24/7 throughout the year, not like Dial-up Connection which can be connected when required. Leased Lines are obtained depending on the annual rental basis. Moreover, its rent depends on the distance between the sites. ‘LEASED LINE IS OF THREE TYPES 1) SHORT LEASED LINE 2) MEDIUM LEASED LINE 9) LONG LEASE LINE (PLO) “Short Teased line which is used with nthe cily and costis also less Tori. ‘Medium leased line is used to connect sites in fwo diferent states like Hyderabad and Chennai, ‘Long Leased Line also called as PLC. l stands for International private Tease circuit uses to connect two different countries. It's the most expensive among all. Leased Line provides excellent quality of service with high speed of data transmission. 4s it's a private physical connection assures complete security and privacy even with voice. © Speed of the leased line varies from 64 kbps to 2 Mbps or more. Always Leased Line has fixed bandwidth. Note:- (Once leased line is setup not only we can sénd data but transmission of voice is also possible. In addition to this, both voice and data can be sent simultaneously. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.‘Data Communication Equipment * Data Termination Equipment Generate clocking (ie. Speed). + Accept clocking (i.e. Speed). Example of DCE device in leased line | Example of DTE device in Leased ‘setup : V.35 & G.703 Modem & line setup : Router Exchange (Modem & MUX) Example of DTE device in Dial up Example of DCE device in Dial up setup : Computer setup : Dialup Modem Coming to the hardware requirements 1) Leased Line Modem 2) V.35 connector & cable 3) G.703 connector & cable Leased line Modem also called as CSU/DSU (Channel Service Unit and Data Service Unit). It acts as a DCE device which generates clock rate. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 G TWGRI Seen saad (NeTW@RKV.35 Back to Back Cable A Back to Back Cable is used which emulates the copper wire, modems and MUX, the complete exchange setup. ‘© Without DCE & DTE device communication is not possible. In different countries different codes are used for Leased Line with different speeds. In Europe its is identified as E whereas in UK its is identified with letter T In Europe, there are tive types of lines distinguished according to their speed: 6 El lines (34Mbps), 4 El lines (140Mbps) In the United States, the concept is as follows: 1. TI (1.844 Mbps) 2, T2=4T lines (6 Mbps), 3. 73 = 287! lines (45 Mbps), 4. T4=168TI lines (275 Mbps) ‘ADVANTAGES (COMPLETE SECURE HIGH BANDWIDTH HIGH SPEED CONNECTION SUPERIOR QUALITY RELIABLE CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 Getwerk Alll contents are copyright @2013 ~ 2014 All rights reserved.Rules fo assign the IP address to the router: |. All the LAN and WAN should be in different networks (or should not repeat the same networks). 2. Router Ethernet IP and the LAN network assigned should be in the same network. Both the interfaces of router facing each other should be in the same network. Alll the interfaces of routers should be in the different network. WRIESIE THRHERIS Toes seasons eaatenaa «HEISEI ta2s0822——famtesAssnnse82 wases924 waseso2e masesa07 ase.cone (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.192168.2.4 192,168.22 192.168.1.0/24 192.168.2.0/24 1, Design the topology as per the above diagram 2. Configure Ip address as per the diagram and rules 3. Verify the Interface status using command + # showip interface brief ON ROUTER-1 Router> enable Routert? configure terminal Router (config) # hostname R-1 Rel (config)# interface fastEthernet 0/0 Rel(contig-iN# jp address 192.168.1.100 255.255.255.0 Rel (config-i# no shutdown Rel(config-int ‘S6LINK-S-CHANGED; Interface FastEthemet0/0, changed state to up ‘S6LINEPROTO-5-UPDOWN; Line protocol on Interface FastEtheret0/0, changed state to up Rel (contig-iDitexit Rel(conig)# interface sorial 0/0 ReI(config-ifitip address 10.0.0.1 255.0.0.0 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 (NETWGRI ‘coneatnarecopyeoh 2018. 2018 gus teseved NETWORKR-I(config-ip# no shutdown R-I(conlig-i# clock rate 64000 NOTE: © clock rate is only required in the lab scenario as we are using a back to back cable instead ofthe real ‘exchange where the modems will be installed which will generate the clocking here clock rate has to be generated manually using clock rate command R-Ittshow ip interface brief Interface IP-Address OK? Method Status Protocol FastEthemet0/I unassigned YES unset admunistratively down down Serial0/1 unassigned YES unset administratively down down ON ROUTER-2 Router> enable Router#t configure terminal Router(config)# hostname R-2 R-&(contig)#t interface fastEthernet 0/0 R-2(config-iNi# ip address 192.168.2.100 255.255.255.0 R-2(config-i#ino shutdown R-2(contfig-ifttexit R-2(contig)# interface serial 0/0 R-8(conlig-iN#tip address 10.0.0.2 255.0.0.0 R-8(config-iNi#no_ shutdown R-2(conlig-if}# clock rate 64000 R-2itshow ip interface brief Interface [P-Address OK? Method Status Protocol FastEthemet0/0 —192.168.2.100 YES manual up up FastEtherne(0/l__ unassigned YES unset administratively down down Serial0/I unassigned YES unset administratively down down (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.R-Iitshow ip interface brief Interface IP-Fiddress OK? Method Status Protocol FastBthernet0/0 —192.168.1.100 YES manual up up rastEthemne!0/I unassigned YES unset administratively down down Serial0/I unassigned YES unset administratively down down R-2Hping 10.0.0.1 Type escape sequence to abort. Sending §, 100-byte ICMP Echos to 10.0.0.1, timeout is @ seconds: 8), round-trip min/avg/max = 2/4/8 ms ‘Troubleshooting the connectivity: Router # show ip interface Brief 1) Serial is up, line protocol is up © Connectivity is fine. 2) Serial is down, line protocol is down © remote device turned off © remote port is in shutdown state © interface on the remote router has to be configured * problem with connectivity 3) Serial is administratively down, line protocol is down * localportis in shut down state = _ No Shutdown has to be given on the local router interface 4) Serial is up, line protocol is down © Encapsulation mismatch * clock rate command not given on serial interface (only applies in lab scenario ) * ifusing PPP, then authentication mismatch CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.WAN PROTOCOLS Leased Lines uses two types of WAN encapsulation protocols: J) igh Data Link Protocol (HDLC) PPP Higher level data link Control protocol Point to Point Protocol Default on serial links Standard Layer 2 WAN Protocol Cisco Proprietary Layer 2 WAN Protocol Supports Authentication Doesn't support Authentication Support error correction Doesn't support Compression and error correction Rilitsh interfaces 50/0 Senal0/0 is up, line protocol is up (connected) Hardware is HD64570 Intemet address is 10.0.0.1/8 ‘MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, teload 1/285, reload 1/255 Bicapeulion DEG loopback hot set keepalive set (10 sec) Last input never, output never, output hang never Last clearing of “show interface" counters never Input queue: 0/78/0 (size/max/drops); Total output drops: 0 ‘Queueing strategy: weighted fair ‘Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec § minute input rate 0 bits/sec, 0 packets/sec $ minute output rate O bits/sec, 0 packets/sec 5 packets input, 640 bytes, 0 no butler Received 0 broadcasts, 0 runts, 0 giants, 0 throttles input errors, O CRC, 0 frame, 0 overrun, 0 ignored, O abort 5 packets output, 640 bytes, Qunderruns Ooutput errors, Ocollisions, | interface resets 0 output buffer failures, 0 output butters swapped out Ocamrier transitions DCD=up DSR-up DTR=up RTS=up CTS=up PPP supports two authentication protocols: ‘+ PAP (Password Authentication Protocol) ‘© CHAP (Challenge Handshake Authentication Protocol) PAP (Password Authentication Protocol) + PAP provides a simple method for a remote node to establish its identity using a two-way handshake. + PAPis done only upon initial ink establishment CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RES, SP) #35012 @ ‘Ereonents are coppriht @201 20142 ign reserved NETWORK+ PAPis not a strong authentication protocol. + Passwords are sent across the link in clear text. «© Passwords sont in cleartext @ Poor in control of attempts CHAP (Challenge Handshake Authentication Protocol) After the PPP link establishment phase is complete, the local router sends a unique “challenge” message to the remote node. ‘The remote node responds with a value (MDS) ‘The local router checks the response against its own calculation of the expected hash value. Ifthe values match, the authentication is acknowledged. Otherwise, the connection is terminated immediately. ‘Selecting a PPP Authentication Protocol (con't) Use secret known ony to authenticator and peor Configuration of HDLC: ‘Router(contig)#t interface serial 0/0 Router(contfig-ip# encapsulation hdle (default is HDLC even ifu don't configure this command ) Configuration of PPP: Routertt configure terminal Router(config)# interface serial 0/0 Router(config-i# encapsulation ppp CCNA R&S Workbook by Sikandar Gouse IMoinuddin CCIE (R&S, SP) # 35012 é eae elec eats Gaamee (NETWORKTo Enable CHAP Authentication Router(config)# interface serial 0/0 Router(config-i9## encapsulation ppp Router(config-iNit ppp authentication chap To Enable PAP Authentication:- Router(config)i# interface serial 0/0 Router(config-if#t encapsulation ppp Router(config-if}# ppp authentication pap CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.192-168.2.4 192.46822 sop40824 19246822 wisn 192.168.3.0/24 Router(config)t# hostname R-1 R-I(config)#t interface fastEthernet 0/0 Rel (contig-iNit ip address 192.168.1.100 255.255.255.0 Rel (contig-i# no shutdown Rel (conlig-i9# ‘S6LINK-S-CHANGED: Interface Fastéthemet0/0, changed state to up ‘S6LINEPROTO-S-UPDOWN; Line protocol on Interface FastEthemet0/0, changed state to up R-l(conig-iD#exit Rel(config)#interface serial 0/0 Rel (config: tip address 10.0.0.1 255. Rel(conig-i)itno shutdown Rel(config-iN# clock rate 64000 NOTE: © clock rate is only required in the lab scenario as we are using a back to back cable instead of the real ‘exchange where the modems will be installed which will generate the clocking © here clock rate has to be generated manually using clock rate command ReIftshow ip interface brief CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 G TWGRI ee same (NeTWaRKInterface [P-Address OK? Method Status Protocol FastEthemet0/I unassigned YES unset administratively down down Serial0/1 unassigned YES unset administratively down down ROUTER-2 R-2>enable R-8(conlig)# interface fastEthernet 0/0 R-2(config- fit ip address 192.168.2.100 255.255.255.0 R-2(conlig-if)#no shutdown R-2(contig-iN#exit R-a(contig)tt interface serial 0/0 R-2(contig-iNtt ip address 10.0.0.2 255.0.0.0 R-2(contig-iN#ne shutdown R-a(contig-ipitelock rate 64000 R-2(config)# interface serial 0/1 R-8(conlig-iNi# ip address 11.0.0.1 255.0.0.0 R-2(conlig-i)# mo. shutdown R-2(conlig-i#elock rate 64000 R-2show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthemet0/0 — 192.168.2.100 YES manual up up 1 re unset administratively down down ROUTER-3 Router>enable Routerttconft Router(config)ithostname R-3 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 5012 All contents are copyright @2013 - 2014 All rights reserved.R-3(config)#interface fastEthernet 0/0 R-3(conlig-i# jp address 192.168.3.100 255.255.255.0 R-3(config-iN#ino shutdown R-3(contig-iN exit R-3(config)ttinterface serial 0/0 R-3(conlig-iD tip address 1.0.0.2 255.0.0.0 R-3(configrif}#no shutdown R-3(conlig-if##clock rate 64000 R-3(contig-ip# end R-3itshow ip interface brief Interface IP-Address OK? Method Status Protocol FastEthemet0/I unassigned _YES unset administratively down down Serial0/1 unassigned YES unset administratively down down R-2Hping 10.0.0.1 ‘Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Success FS ISIOOBSREEAS/S), round-trip min/avg/max = 4/12/44 ms R-2Hping 11.0.0.2 Type escape sequence to abort. Sending §, 100-byte ICMP Echos to 11.0.0.2, timeout is @ seconds: Success SlGIOOBSREGHN (5/5), round-trip min/avg/max = 4/7/20 ms NOTE: (Once the interfaces are up you should be able to ping to the directly connected interfaces of the other routers (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ All contents are copyright @2013~ 2014 All rights reserved. NETW@RKROUTING Routing Forwarding of packets from one network to another network choosing the best path from the routing table. Routing makes possible for two or more different networks to communicate with each other. Routing table consist of only the best routes for every destinations. Types of Routing 1. Static Routing 2. Default Routing 3. Dynamic Routing Static Routing Itis configured manually by the Administrator. ‘Mandatory need for the Destination Network ID For every destination routing has to be done manually Used for Small organizations Administrative distance for Static Route is 0 or 1. Advantages: + There is no overhead on the router CPU + There is no bandwidth usage between routers + Itadds security because the administrator can choose fo allow routing access to certain networks only. Disadvantages of static routing:- Used for small network. (t's not feasible in large networks ) Each and every network has to be manually configured The administrator must really understand the internetwork and how each router is connected in order to configure routes correctly. Any changes in the internetwork has to be updated in all routers Configuring Static Route Router(config)# ip route or Router(config)i# ip route CCNA R&S Workbook by Sikandar Gouse IMoinuddin CCIE (R&S, SP) # 35012 @ All contents are copyright @2012 ~ 2014 All rights reserved. NETW@RK192.168.1.3, Ss 192168.1.4 192168.2.4 192,168.22 192.168.1.0/24 192.168.2.0/24 Pre-requirement for LAB (check previous labs) ‘= Design the topology (connectivity ) ‘© Assign the IP address according to diagram ‘+ Make sure that interfaces used should be in UP UP state TASK: © Configure Static routing © Verily Routing table and reachability between the LAN's (using PING and TRACE commands ) R-litshow ip route Gateway of last resort is not set oiagaoti a 15 directly connected, FastEthernet0/0 R-2ttshow ip route Gateway of last resort is not set ic od oa arc comet sen 4 is directly connected, FastEthernet0/0 NOTE: ‘The above routing table displays only the networks which are directly connected By default router don’t know about the networks which are not directly connected and that the reason there is no reachability between the two LAN's So to provide reachability we need to implement any type of the routing (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.PC> ipconfig PP Addr 88.0.0. Subnet Mask. 255,255.255.0 Default Gateway. 192,168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Re} Reply from 192.168.1100: Destination host unreachable Reply from 192.168.1100: Destination host unreachable. Ping statistics for 192, 168.2. 1 Packets: ‘+ From the above output we can see there is no communication between 192,168.1.1 and 192.168.2.1 and they are on different networks. + Inorder to communicate we need to implement any of the routing (here in this we use static routing ) OnR-1 R-I(contig)# ip route 192.168.2.0 255.255.255.0 10.0.0.2 R-I(contig)# end R-lftsh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/0 C_ 192.168.1.0/24 is a ‘connected, FastEthernet0/0 OnR-2 R-2(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.1 R-a(config)ttend R-2Hshow ip route Gateway of last resort is not set 10.0.0.0/8 is directly connected, Serial0/0 C 192,168.2.0/24 is directly connected, FastEthernet0/0 PC>ipcontig IP Address. Default Gateway. emrrnnnn! 192-168.1.100 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright @2013 - 2014 All rights reserved.PC>ping 192.168.2.1 Pinging 192,168.2.1 with 32 bytes of data: Request timed out. Reply fom IS216B RNB HES-32 tume=20ms TTL=126 Reply from 192,168.2.1: bytes=32 time=2 1ms TTL=126 Reply from 192, 168.2.1: bytes=32 time=21ms TTL=126 PC>ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data Request timed out. “32 time=2 Ims TTL- Reply trom 192. 168,2.2: bytes=32 time=19ms TE: Reply from 192, 168.2.2: bytes=32 time=12ms TTL=126 PC>tracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: R-2Hping 192.168.1.1 ‘Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168. 1.1, timeout is 2 seconds: Success rate is YOO/peieeht (5/5), round-trip min/avg/max = 10/18/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.192.168.2.1 192.18822 192.1683.1 192168.32 192:168.1.2 192.168.3.0/24 192.168.1.0/24 192.168.2.0/24 Pre-requirement for LAB (check previous labs) ‘* Design the topology (connectivity ) «Assign the IP address according to diagram «Make sure that interfaces used should be in UP UP state TASK: © Configure Static routing © Verify Routing table and reachability between the LAN's (using PING and TRACE commands ) Relttsh ip route Gateway of last resortis not set C 10.0.0.0/8 is directly connected, Serial0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 R-2tish ip route Gateway of last resort is not set C. 10.0.0.0/8is directly connected, Senial0/0 C_11.0.0.0/8is directly connected, Serial0/I C 192.168.2.0/24 is directly connected, FastEthernet0/0 R-3tish ip route Gateway of last resort is not set C 11.0.0.0/8 is directly connected, Serial0/0 C 192,168.3.0/24 is directly connected, Fastéthernet0/0 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.Router- 1 R-I(conlig)t ip route 192.168.2.0 255.255.255.0 10.0.0.2 Rel (config)# ip route 192.168.3.0 255.255.2550 10.0.0.2 R-I(config)# ip route 11.0.0.0 255.0.0.0 10.0.0.2 Router-2 R-2(config)t! ip route 192.168.1.0 255.255.255.0 10.0.0.1 R-2(config)# ip route 192.168.3.0 255.255.255.0 11.0.0.2 Router-3 R-3(contig)## ip route 192.168.2.0 255.255.255.0 1.0.0.1 R-3(conlig)# ip route 192.168.1.0 255.255.255.0 11.0.0.1 R-3(config)# ip route 10.0.0.0 255.0.0.0 11.0.0.1 R-Iftshow ip route Gateway of last resort is not set C_10.0.0.0/8 is directly connected, Serial0/0 : ‘onnected, FastEthernet0/O R-2ttshow ip route C 10.0.0.0/8 is directly connected, Serial0/0 C 11.00.98 is: ea ‘connected, Serial0/I C_ 192.168.2.0/24 is aa Fastéthernet0/0 R-3ttshow ip route C 11.00.0818: connected, Serial0/0 C 192.168.3.0/24 is directly connected, FastEthernet0/0 Addr 08... ANSE Subnet Maske...nvn! 258.255.2550 Default Gateway... 1 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 @ TWORI All contents are copyright @2013~ 2014 All rights reserwed. NETWORKBocuse cpa epi tr NGO URE -22 tme=19ms TTL=126 Reply from 192.168.2.1: bytes=32 time=20ms TTL=126 Reply from 192.168. PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: ‘Request timed out. =32 time=27ms TTL=125 Reply from 192.168.3.1: bytes=32 time=22ms TTL=125 Reply from 192.168.3.1: PC>tracert 192.168.3.1 Tracing route to 192,168.31 over a maximum of 30 hops: 1 Sms 8ms oe Trace complete. Relitping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate is NOOBBIGERL (5/8), round-tnp min/avg/max = 9/16/31 ms R-3Hping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is WOOBEREGHM (5/8), round-trip min/avg/max = 10/18/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (etwerk All contents are copyright @2013 - 2014 All rights reserved.STATIC DEFAULT ROUTING: Default route is used when destination is unknown (internet ) Also can be used at end locations where there is only one exit path for any destination Default routes help in reducing the size of your routing table. Ifthe routers do not found an entry for the destination networkin a routing table, the router wall forward the packet to its default route. Last preferred route in the routing table 3 LAN 192.168.5.0/28 Router(config)# ip route Or Router(config)tt ip route CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #35012 (Wetwerk All contents are copyright @2013 - 2014 All rights reserved.T9ETWSL T9ZASK22 TWeWSS1 WZIELSE 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 Pre-requirement for LAB (check previous labs) ‘+ Design the topology (connectivity ) ‘© Assign the IP address according to diagram ‘© Make sure that interfaces used should be in UP_UP state TASK: ‘© Configure Default route used on RI and \R3 , static routing on R2 + Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) Relish ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 R-2Hsh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/0 © 11.0.0.0/is directly connected, Serial0/1 C 192,168.2,0/24 is directly connected, FastEthernet0/0 R.3Htsh ip route Gateway of last resort is not set C 11.0.0.0/8is directly connected, Serial0/0 C 192,168.3.0/24 is directly connected, FastEthernet0/0 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.Router- 1 R-I(conlig)ttip route 0.0.0.0 0.0.0.0 10.0.0.2 Router-2 R-8(config)#tip route 192.168.1.0 255.255.255.0 10.0.0.1 R-2(config)#ip route 192.168.3.0 255.255.255.0 11.0.0.2 On Router-3 R-3(conlig)#t ip route 0.0.0.0 0.0.0.0 1.0.0.1 R-Ifish ip route Gateway of last resort i810.0.0.2 to network 0.0.0.0 C 10.0.0.0/8is directly connected, Serial0/0 C_ 192.168. 1.0/24 is eaieroecie, FastEthernet0/0 R-2Hsh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/0 C 11.0.0.0/8 is: ced, connected, Serial0/I C_ 192.168.2.0/24 is mmm FastEthernet0/0 R-3itsh ip route Gatevay of last resort is MOONS REHVSHEOOIOD C 11.0.0.0/8 is directly connected, Serial0/0 C_192.168.3.0/24 is ce FastBthernet0/0 PC>ipconfig Ide AONB Sune as Masaasat580 Default Gateway 198168 1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: esa tie eat Repl 192 GB2UT5HE-20 une=19ms 771-126 Reply from 192.168.2.1: bytes=32 time=20ms TTL=126 Reply from 192, 168.2.1: bytes=32 time=14ms TTL=126 PC>ping 192.168.3.1 Pinging 192,168.3.1 with 32 bytes of data: Pee are Repl LGB IEEHB=22 ume=27ms TrL=125 Reply rom 192,168.31; bytes=32 time=22ms TTL=12 CCNA R&S Workbook by Sikandar Gouse Moinuddia CCIE (R&S, SP) # 25012 (etwerk All contents are copyright @2012 - 2014 All rights reserved. basteotsply from 192, 168.3.1: bytes=32 time=25ms TTL=125 PC>tracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 1 Sms 8ms 8ms 2 1ams 9ms 8ms 1 317ms 6ms 12ms 4 24ms 27ms 25ms Trace complete. Rettping 192.168.3.1 ‘Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate is HOOBSREGH (5/8), round-tip min/avg/max = 9/16/81 ms R-S#tping 192.168.1.1 Type escape sequence to abort. ding §, 100-byte ICMP Echos to 192.168. 1.1, timeout is 2 seconds: Success rate is NOOBBIGERL (5/5), round-trip min/avg/max = 10/18/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R6S, SP) #95012 Getwerk Alll contents are copyright @2013 - 2014 All rights reserved.DYNAMIC ROUTING Advantages of Dynamic over static: There is no need to know the destination networks. Need to advertise the directly connected networks. Updates the topology changes dynamically. Administrative work is reduced Used for large organizations. Neighbor routers exchange routing information and build the routing table automatically. this is easier than using static or default routing of Dynamic Routing Protocols © Distance Vector Protocol * Link State Protocol ‘Hybrid Protocol DISTANCE VECTOR TINK STATE PROTOCOL “HYBRID PROTOCOL PROTOCOL (Advance Distance vector Protocol) Works with Bellman Works with Dijkstra Works with DUAL Ford algorithm algorithm algorithm Periodic updates + Incremental updates ‘© Incremental updates Full Routing tables + Missing routes are © Missing routes are are exchanged exchanged exchanged Classful routing Classless routing Classless routing protocol protocol protocol! Updates are through Updates are through Updates are through broadcast, multicast multicast Example: RIP v1, ‘Example : OSPF, IS-IS ‘+ Example ; EIGRP RIPv2, IGRP Link state updates + Alsocalled as Less overhead ‘More overhead Advance Distance Easy to configure Difficult to configure vector Protocol Less overhead Easy to configure Classful Protocols: ‘© Classful routing protocol do not carry the subnet mask information along with updates ‘© which means that all devices in the network must use the same subnet mask (FLSM or default ) © Bx: RIPUI, IGRP Classless Protocols: «Classless routing protocol carry the subnet mask information along with updates «That's why they support sub networks( VLSM and FLSM) and default networks also = Bx: RiPva , EIGRP, OSPF, IS-IS CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 Wetwerk Alll contents are copyright @2013 - 2014 All rights reserved. Sune xaROUTING INFORMATION PROTOCOL V1 Open Standard Protocol (Cisco and non-Cisco ) Classtul routing protocol Updates are broadcasted via 255.258.285.255 Administrative distance is 120 ‘Metric : Hop count (Jeast hops is the best) ‘Max Hop counts: 15 ‘Max routers: 16 16 th hop is unreachable Load Balancing of 4 equal paths Used for small organizations Periodic updates and Exchange entire routing table for every 30 seconds Rip Timers © Update timer : 30 sec = Time between consecutive updates + Invalid timer: 180 sec Time a router waits to hear updates =. The route is marked unreachable if there is no update during this interval. + Flush timer : 240 sec = Time before the invalid route is removed from the routing table ‘+ Hold down timer 180sec =. Stabilizes routing information and helps preventing routing loops during periods when the topology is converging on new information. (Once a route is marked as unreachable, it must stay in hokddown long enough for all routers in the topology to learn about the unreachable network Convergence time is the time taken by the router to use alternate route if the best route is down, RIPVersion 2 + Classless routing protocol (sipport default and sub networks ) + Supports VSM + Supports authentication + Uses multicast address 224.0.0.9 Advantages of RIP Easy to configure No design constraints like OSPF protocol ‘No complexity Less overhead Disadvantage of RIP ~_ Bandwidth utilization is very high as broadcast for every 30 second Works only on hop count (not consider the Banduath) Not scalable as hop count is only 18 Slow convergence Two steps in dynamic protocols 1. Select protocol 2. Advertise directly connected networks CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RSS, SP) #35012 @ All contents are copyright @2013 ~ 2014 All rights reserved. ETW@RK(Configuring RIPy 1 Router(config)## router rip Router(config-router)# network Configuring RIP ve Router (config) #router rip Router (config-router)ié network Router (config-router)# version 2 CCNA R&S Workbook by Sikandar Gouse Molnuddin CCIE (R&S, SP) #25012 Genwer All contents are copyright @2013 - 2014 All rights reserved. NE’ KB) Sei sor.s684.4 '192.168.1.4 192:168.1.2 192.168.1.0/24 192.168.2.0/24 ryeres2.8 192 1E KL EIS WZTESSe 192.168.3.0/24 STEPS: Pro-requirement for LAB (check previous labs) 1). Design the topology (connectivity ) 2) Assign the IP address according to diagram 3). Make sure that interfaces used should be in UP UP state What we do in this lab 4) Dynamic routing using RiPy2 §) Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) Relitsh ip route Gateway of last resort is not set erigaaons directly connected, Serial0/0 a4 is directly connected, Fastéthernet0/0 Re2Hsh ip route Gateway of last resort is not set ly connected, Serial0/0 directly connected, Serial0/1 4 is directly connected, FastEthernet0/O R-3itsh ip route Gateway of last resort is not set ly connected, Serial0/0 0/24 is directly connected, FastEthernet0/0 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.Router- 1 R-I(config)ttronter rip R-l(conlig-router)#version 2 R-1(conhig-router)#network 192.168.1.0 R-I(contig-router)#tmetwork 10.0.0.0 R-I(conlig-router)#end Router-2 -a(config)ttrouter rip -2(config-router)##version 2 R-2(contig-router) network 192.168.2.0 -2(conlig-router)iinetwork 10.0.0.0 R.8(config-router) network 11.0.0.0 R-2(config-routerytend Router-3 R-3(config)ttrouter rip R-3(contig-router)#version 2 R-3(config-router) network 192.168.3.0 .3(contig-router) #network 11.0.0.0 R-3(contig-router)itond R-Ifish ip route Gateway of last resort is not set C_10.0.0.0/8%s: aa Serial0/o ; ‘0/0 R-2Hsh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/0 c 11.00. CoE connected, Serial0/1 C_ 192.168.2.0/24 is aero FastEthernet0/0 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 (etwerk All contents are copyright @2013 - 2014 All rights reserved.R-3#sh ip route Gateway of last resort is not set 192.168.3.0/24 is directly connected, FastEthernet0/O R-Iitshow ip protocols Routing Protocol is in tes ever Outgoing update filter list for all interfaces is not set Incoming update filter ist for all interfaces is not set Redisiributing: nip Default version control: send version 2, receive 2 Interface Send Recv Triggered RIP Key-chain Automatic network summarization is in effect ‘Maximum path: Routing for Networks: Passive Intertace(s): Routing Information Sources: Gateway Distance Last Update 10.0.0.2 120. 00:00:08 Distance: (default is 120) R.litshow ip route rip R_ 11.0.0.0/8 [120/1] via 10.0.0.2, 00:00:24, Serial0/0 R 192, 168.2.0/24 [120/1] via 10.0.0.2, 00:00:24, Serial0/0 R_ 192,168.3,0/24 [120/2] via 10.0.0.2, 00:00:24, Serial0/0 PC>ipcontig IP Address. Subnet Mask.....nnint 258,258.255.0 Default Gateway. vent 198.168. 1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. CCNA R&S Workbook by Sikandar Gouse Moinuddin CUE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. 2 time=27ms TTL=125 Reply from 192.168.3.1: bytes=32 time=2ams TTL=125 Reply from 192,168.3.1: bytes=32 time=25ms TTL=125 PC>tracert 192.168.3.1 Tracing route to 192,168.3.1 over a maximum of 30 hops: 1 Sms 8ms ms 192.168.1.100 2 12ms 9ms 8ms 100.02 3.17ms 6ms 12ms 11.0.0.2 4 24ms 27ms 25ms 192.168.3.1 Trace complete. Reltiping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192. 168.3. timeout is 2 seconds: Success rat is HOO RAGE (5/5), round-trip min/avg/max = 9/16/31 ms Reatiping 192.168.1.1 ‘Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192,168.11 timeout is 2 seconds: Success rate is WOOGIE (5/5), roundt-tp min/avg/max = 10/18/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RAS, SP) #95012 Wetwerk Alll contents are copyright @2013 - 2014 All rights reserved.Administrative Distance + Itis the trustworthiness of the information received by the router. The Number is between 0 and 255 Least value is more preferred. + #t show ip protocols Default administrative distances are as follows : Directly Connected = 0 Static Route = 1 IGRP = 100 OSPF = 110 RIP= 120 EIGRP = 90/170 ISIS Autonomous System Number ‘¢ An autonomous system is a collection of networks under a common administrative domain * Aunique number idenufying the Routing domain of the routers. © Ranges from I- 65535 © Public~1- 64512 Private - 64513 - 65535 Private AS: used within the same service providers Public AS: used in between multiple service providers Routing Protocol Classification IGP EGP Interior Gateway Protocol + Exterior Gateway Protocol Routing protocols used within the same Routing protocol used between autonomous system number different autonomous systems All routers will be routing within the Routers in different AS need an ‘same Autonomous boundary EGP Ex: RIP, IGRP, EIGRP, OSPF, IS-IS Ex: Border Gateway Protocol ‘* IGPs operate within an autonomous system * EGPs connect different autonomous systems CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.IGPs: RIP, OSPF, IGPs: RIP, OSPF, IGRP, EIGRP EGPs: BGP IGRP, EIGRP | Exterior Gateway Protocol Distnsd Yoo | (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 Alll contents are copyright @2013 - 2014 All rights reserved.ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL Cisco calls EIGRP a distance-vector routing protocol or sometimes an advanced distance-vector or even a hybrid routing protocol Cisco proprietary protocol Classless routing protocol Includes all features of IGRP Metric (82 bit) : Composite Metric (BW + Delay + load + MTU + reliability) Administrative distance is 90 Updates are through Multicast (224.0.0.10 ) ‘Max Hop count is 255 (100 by default) Supports IP, IPX and Apple Talk protocols (Obviously we won't use IPX and AppleTalk, but EIGRP does support them.) Hello packets are sent every § seconds (dead interval 15 sec) Convergence rate is very fast Ituses DUAL (diffusion update algorithm) Supports equal and unequal cost load balancing ‘1am router A, who is on the link? ced a Holl, am router 8, iy complete routing information. : a Topology a EK] Thanks forthe iformaton! aa © Laz oe ey complet route intrmation ‘Thanks forthe information! Converged = Contains list of directly connected routers ~_ # show ip eigrp neighbor Topology table List of al the best routes leamed from each neighbor ~ if Show ip eigrp topology Routing table — The best route to the destination ~ i#show ip route (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.‘The neighbor and topology tables are stored in RAM and maintained through the use of Hello and update packets, The routing table is also stored in RAM, but that information is gathered only from the topology table. Successor + Successor is the best route used to forward packet to destination network. + _ Present in Routing table and Topology table Feasible successor A feasible successor is a second best route to a destination network Itis considered a backup route Present in Topology table Used when the primary route (successor) goes down EIGRP uses Diffusing Update Algorithm (DUAL, for selecting and maintaining the best path to each remote network. This algorithm allows for the following: + Backup route determination if one 1s available + Support of VISMs + Dynamic route recoveries + Queries for an altemate route if no route can be found Disadvantages of EIGRP ‘© Works only on Cisco Routers Configuring EIGRP Router(config)# router eigrp Router(config-router)# network NOTE: EIGRP uses autonomous system numbers to identify the collection of routers that share route information. Only routers that have the same autonomous system numbers share routes. AS no should be same on all routers to become neighbors and exchange the routes. EIGRP routers that belong to different autonomous systems (ASes) don’t automatically share routing information and they don't become neighbors. By default, EIGRP can provide equal-cost load balancing of up to four links (actually, all routing protocols do this). However, you can have EIGRP actually load-balance across up to six links (equal or unequal) by using the following command: 1 (config) tirouter eigrp 10 aceite ? Maximum Paths and Hop Count EIGRP has a maximum hop count of 100, but it can be set up to 255. PodIRI (config) router eigxp 100 PodIRI(config-router)#metric maximum-hops ? CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.Shows the entire routing table ‘Shows only EIGRP entries in the routing table Shows all EIGRP neighbors ‘Shows entries in the EIGRP topology table a ae 192.168.2.4 192.15822 49246334 19216822 192.168.2.0/24 192.168.3.0/24 Pre-requirement for LAB (check previous labs) © Design the topology (connectivity ) ‘© Assign the IP address according to diagram ‘© Make sure that interfaces used should be in UP UP state '* Configure Dynamic routing using EIGRP 100 '* Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) Relish ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/0 © 192.168. 1.0/24 is directly connected, FastEthernet0/0 Retitsh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/0 € 11.0.0.0/8 is directly connected, Serial0/1 © 192,168.2.0/24 is directly connected, FastEthernet0/0 R-3iish ip route Gateway of last resort is not set C 11.0.0.0/8 is directly connected, Serial0/0 C 192.168.3.0/24 is directly connected, FastEthernet0/0 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 Alll contents are copyright @2013 - 2014 All rights reserved.ROUTER. 1 ReI(config)# router eigrp 100 R-l(conlig-router)i# network 192.16 Rel(conlig-router)# network 10.0.0.0 ROUTER-2 R-a(config)trouter eigrp 100 R-2(config-router)# network 192.168.2.0 R-8(contig-router)# network 11.0.0.0 R-a(config-router)# network 10.0.0.0 ‘6DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.0.0.1 (Serial0/0) is up: new adjacency ROUTER-3 R-3(conlig)t# router eigrp 100 R-3(config-router)# network 192.168.3.0 R-3(Config-router)# network 11.0.0.0 R-2Hshow ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRIT RTO Q Seq (sec) (ms) Cnt Num R-litshow ip route Gateway of last resort is not set 10.0.0.0/8 is directly connected, R-litshow ip route eigsp D_ 11.0.0.0/6 [90/2681856] via 10.0.0.2, 00:06:05, Serial0/0 D_ 192.166.2.0/24 [90/2172416] via 10.0.0.2, 00:06:08, Serial0/0 D_ 192.188.3.0/24 [90/2684416] via 10.0.0.2, 00:03:09, Serial0/0 R-2iishow ip route eigrp D_ 192.168.1.0/24 [90/2172416] via 10.0.0.1, 00:07:28, Serial0/0 D_ 192,168.3.0/24 [90/2172416] via 11.0.0.2, 00:04:52, Serial0/1 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ All contents are copyright @2013 - 2014 All rights reserved. NETW@RKR-3tish ip route eigsp D_ 10.0.0.0/6 [90/2681856] via 11.0.0.1, 00:04:32, Serial0/0 D_ 192.188.1.0/24 [90/2684416] via 11.0.0.1, 00:04:32, Serial0/0 D_ 192.188.2.0/24 [90/2172416] via 11.0.0.1, 00:04:32, Serial0/O R.litship protocols Routing Pretoco! i GASB ‘Galpin eaiate er ta tr asia Incoming aptite fer is forall interteces ix ol set Default networks flagged in outgoing updates Detenlt twas acttpend ont ecg pas EIGRP metric weight K1=1, K2=0, K3=1, K4 KS=0 EIGRP maximum ROBEBUAOIOO EGR? maximan metre variance 1 Redistributing: eigrp 100 “Automatic network summarization isin ellect [Bessonte accrwmn macooacioas Mezinura pate ¢ = Routing Information Sources: Gateway Distance _ Last Update 100.02 90 18608786 Distance: internal 90 extemal 170 R-lish ip eigrp topology [P-EIGRP Topology Table for ASUIOO Codes: P - Passive, A - Active, U- Update, Q- Query, R - Reply, r- Reply status P 192. 168.1.0/24, 1 successors, FD is 28160 via Connected, Fastéthernet0/0 P 10.0.0.0/8, 1 successors, FD is 2169856 via Connected, Serial0/0 P 192.168.2.0/24, 1 successors, FD is 2172416 via 10.0.0.2 (2172416/28160), Serial0/0 P11.0.0.0/8, | successors, FD is 2681856 a 10.0.0.2 (2681856/2 169856), Serial0/0 P 192.168.3.0/24, 1 successors, FD is 2684416 via 10.0.0.2 (2684416/2172416), Serial0/0 PC>ipconfig IP Address... . Subnet Masi... nn! 858.255.255.0 Default Gateway. 192.168.1.100 PC>ping 192.168.2.1 Pinging 192. 168.2.1 with 32 bytes of data cadres Repl 1168 UEEPB=22 ume=19ms 7r.=126 Reply trom 192,168.2.1: bytes~32 time=20ms TTL=126 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 (etwerk All contents are copyright @2012 2014 All rights reserved. Bas certReply from 192,168.2.1: bytes=32 time=14ms TTL=126 PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out 32 time=27ms TTL=125 Reply from 192.168.3.1: bytes=32 time=22ms TTL=125 Reply from 192, 168.3.1: bytes=32 time=25ms TTL=125, PC>tracort 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 1 Sms 8ms &ms 192.168.1.100 2 12ms 9ms 8ms 10.002 3.17ms 6ms lms 11.002 4 24ms 27ms 25ms 192.168.3.1 Trace complete. Reliping 192.168.3.1 Type escape sequence to abort Sending 6, 100-byte ICMP Echos to 192,168.31 tinteot is 2 seconds: Success rate is HOOBGREGHN (5/5), round-trip in/avg/max = 9/16/81 ms R-3tping 192.168.1.1 Type escape sequence fo abort Sending 6, 100-byle ICMP Echos to 192.168.1.1, timeouts 2 seconds: Success rate is JOO/peieeht (5/5), round-trip min/avg/max = 10/18/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 Getwerk Alll contents are copyright @2013 - 2014 All rights reserved.OSPF (OSPF stand for Open Shortest path first OSPF is an open standard routing protocol that’s been implemented by a wide variety of network vendors, including Cisco It's a link state protocol OSPF works by using the Dijkstra algorithm, First, a shortest path tree is constructed, and Then the routing table is populated with the resulting best paths. Unlimited hop count Metric is cost (cost=10 *8/B.W.) Administrative distance is 110 Itis a classless routing protocol supports VLSM and CIDR Isupports only equal cost load balancing Introduces the concept of Area’s to ease management and control traffic Provides hierarchical network design with multiple different areas Must have one area called as area 0 All the areas must connect to area 0 Scales better than Distance Vector Routing protocols. Supports Authentication Updates are sent through multicast address 224.0.0.5 Faster convergence. Sends Hello packet every 10 seconds Trigger/Incremental updates + Router's send only changes in updates and not the entire routing tables in periodic updates Router ID Lo The highest IP address of the active physical 92.168.1.118 interface of the router is Router ID. so Si Iflogical interface is configured, the highest address of the logic! inerlace isRouter 1D {22.16.0116 202.15.32.2/24 Manual router-is most preferred CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RAS, SP) #35012 Getwerk All contents are copyright @2013 - 2014 All rights reserved.OSPF SEVEN STAGE PROCESS 1) Establishing Bidirectional Communication 172.16.5.1/24 172.16.5.2724 0 et 4 lam router 1D 172.16.5.1, and I see no one. to244.005 Par 11am router IO 172.18,5.2, and I see 172.16.5.1. ae rh RS 2) Discovering the Network Routes | £0 172.4654 721883 = (extort State] Lil tat exchange because | have router 10 172.185. No, | will start exchange because | have a higher router 1D. — on oe ee = Deo Horo ls a summary of my L308. ae Here is a summary of my LSDB. DED (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.3) Adding the Link-Sta ‘Thanks for the information! Hore is the entry for network 172.16.6.0/24. og eres tha aniry Sox nateark (721 ROK, [need the complete entry for network 172.16.6.0/24. guid tp cone ps: entry ox maven 172 16. Thanks for the information! OSPF maintains three tables: Neighbor Table Also known as the adjacency database © Contains list of directly connected routers (neighbors) + # Show ip ospf neighbor Database Table * Typically referred to as LSDB (link state database) * Contains information about all the possible routes to the networks with in the area © # show ip ospf database Routing Table © Contains list of best paths to each destination + #showip route All the routers should have common database Link-State Data Structure: Network Hierarchy Link-state routing can have hierarchical network This two-level hierarchy consists of the following: ~ Transit area (backbone or area 0) = Regular areas (non-backbone areas) CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved. (etwerk1am receivin ‘The SPF is running too| too many LSAs. ‘often for me to route. My routing table is too big, ‘and | am running low on memory, Autonomous System + OSPF is supposed to be designed in a hierarchical fashion, which basically means that you can separate the larger intermetwork into smaller internetworks called areas. + The following are reasons for creating OSPF in a hierarchical design: + To decrease routing overhead + To speed up convergence + Toconfine network instability to single areas of the network CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 (NETWGRI ‘conatnarecopyeoh 2018. 2048s dgus reseed NETWORKThis does not make configuring OSPF easier, but more elaborate and difficult. Types of OSPF Routers Backbone Area 0 Backbone Autonomous Backbone Router “\ System Router OSPF Networking Hierarchy: ‘© OSPFis a hierarchical routing protocol. it enables better administration and smaller routing tables due to segmentation of entire network into smaller areas. OSPF consists of a backbone (Area 0) network that links all other smaller areas within the hierarchy. The following are the important components of an OSPF network: Areas: An area consists of routers that have been administratively grouped together. Usually, an area as a collection of contiguous IP subnetted networks. Routers that are totally within an area are called internal routers. All interfaces on internal routers are directly connected to networks within the area, Within an area, all routers have identical topological databases. Area Border Routers: Routers that belong to more than one area are called area border routers (ABRs). ABRs maintain a separate topological database for each area to which they are connected, Backbone Area: An OSPF backbone area consists of all routers in area 0, and all area border routers (ABRs). The backbone distributes routing information between different areas. Autonomous System Boundary Routers (ASBRs): Routers that exchange routing information with routers in other Autonomous Systems are called ASBRs. They advertise externally learned routes throughout the AS. Internal Ronters are routers whose interfaces all belong to the same area. These routers have a single Link State Database. Advantages of OSPF © Open standard ‘+ Nohop count limitations + Loop free + Faster convergence Disadvantages + Consume more CPU resources © Complex to design and implement * Support only equal cost balancing (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.‘+ Support only IP protocol don't work on IPX and APPLE Talk Configuring OSPF ‘Router(config)t# router ospf Router(config-router)' network area LAB ; DYNAMIC ROUTING USING OSPF IN SINGLE AREA 19216844 WITS 9165.14 1924 192.168.00/24_ 192.168.2.0/24 sons6s24 10216822 Pre-requirement for LAB (check previous labs) ‘© Design the topology (connectivity ) ‘© Assign the IP address according to diagram * Make sure that interfaces used should be in UP UP state TASK ‘© Configure Dynamic routing using OSPF single area as per the diagram © Verify Routing table and reachability between the LAN's (using PING and TRACE commands ) Relish ip route Gateway of last resort is not set C 10.0.0.0/8is directly connected, Serial0/0 C 192.168. 1.0/24 is directly connected, FastEthernet0/0 R-2Hsh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Sertal0/0 C 11.0.0.0/8 is directly connected, Serial0/1 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 G TWORI eee saad (NETWORKC 192.168.2.0/24 is directly connected, FastEthernet0/0 R-Sttsh ip route Gateway of last resort is not set C 11.0.0.0/8is directly connected, Serial0/0 © 192,168.3.0/24 is directly connected, FastEthernet0/0 Router-1 R-1(contig)#trouter ospf 1 R-I(config-router)#network 192.168.1.0 0.0.0.255 area 0 R-I(config-router)#network 10.0.0.0 0.255.255.255 area 0 Router~2 R-2(config)t#router ospf I R-2(conlig-router)#inetwork 192.168.2.0 0.0.0.255 area 0 R-2(config-router)#network 11.0.0.0 0.255.255.255 area 0 R-2(config-router)#network 10.0.0.0 0.255.255.255 area 0 ___ eee Router-3 -3(config)#trouter ospf 1 R-3(config-router) network 192.168.3-0 0.0.0.255 area0 R-3(config-router)#network 11.0.0.0 0.255.255.255 area 0 Eee R-2Htshow ip ospfneighbor NeighborID Pri State Dead Time Address _interface 192,168.1.100 0 FULL/- 00:00:35 10.0.0.1 _Serial0/0 192.168.3.100 0 FUbl/- 00:00:37 1.0.0.2 Serial0/1 R-Iitshow ip route Gateway of last resort is not set C 10.00.98 ee connected, Serial0/0 C_ 192.16 oat FastEthernet0/O R-I#tsh ip route ospf © 11.0.0.0 [110/128] via 10.0.0.2, 00:04:28, Serial0/0 © 192.168.2.0 [110/65] via 10.0.0.2, 00:04:26, Serial0/0 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (etwerk All contents are copyright @2013 ~ 2014 All rights reserved. abe soeO 192.168.3.0 [110/129] via 10.0.0.2, 00:03:23, Serial0/0 R-2Hshow ip route ospf O 192.168.1.0 [110/65] via 10.0.0. 1, 00:08:09, Serial0/0 O 192.168.3.0 [110/65] via 1.0.0.2, 00:04:14, Serial0/1 R-3ttshow ip route ospf 10.0.0.0 [110/128] via 11.0.0.1, 00:04:49, Serial0/0 O 192.168.1.0 [110/129] via 11.0.0.1, 00:04:49, Serial0/0 O 192.168.2.0 [110/65] via 11.0.0.1, 00:04:49, Serial0/0 R-lttshow ip protocols Routing Protoco! is (OE? Outgoing update fiter ist forall interfaces is not set Incoming update filter list forall interfaces is not set Router! Number of areas inthis router is 1. ! normal O stub O nssa Maximum path: 4 “tea tworks: Routing Information Sources: Gateway Distance Last Update 10.002 110 00:05:46 Distance: (default is 110) R-Iiishow ip ospf database OSPF Router with ID (192.168.1.100) (Process ID 1) Router Link: Link ID. ADVRouter Age — Seqit_ Checksum Link count 192.168.1.100 192.168.1.100 468 0x80000003 Ox00dif4 3 192168.2.100 192.168.2.100 411 0x80000005 Ox0054e6 5 192.168.3.100 192.168.3.100 411 0x80000003 Ox0010ad 3 PC>ipconfig IP Address... 7 Subnet Mask..erunoné 258.258.255.0 Default Gateway. vw! 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. =32 time=19ms TTL=126 Reply from 192, 168.2.1: bytes=32 time=20ms TTL=126 Reply from 192.168.2.1: bytes=32 time=14ms TTL=126 PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. $=92 time=27ms TTL=125 Reply from 192,168.3.1: bytes=32 time=22ms TTL=125 Reply from 192,168.3.1: bytes=32 time=25ms TTL=125 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 95012 @ All contents are copyright @2013 ~ 2014 All rights reserved. NETW@RKPC>tracert 192.168.3.1 Tracing route to 192,168.3.1 over a maximum of 30 hops: 1 Sms 8ms 8ms 192.168.1.100 2 l2ms 9ms 8ms 100.02 3.17ms 6ms Iams 11.0.0.2 4 24ms 27ms B5ms 192.168.3.1 Trace complete. Reliping 192.168.3.1 Type escape sequence to abort Sending 6, 100-byte ICMP Echos to 192.168.3.1, timeouts 2 seconds Success rate is HOOSREGHM (5/5), round-trip min/avg/max = 9/16/31 ms R-3Hping 192.168.1.1 Type escape sequence to abort Sending & 100-byte ICMP Echos to 192.168.1.1, timeouts 2 seconds Success rate is WOOBBIEGRL (5/8), round:-tnp min/avg/max = 10/18/18 ms CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RAS, SP) #35012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.seesont a! 192.168.2.1 192.16822 192.168.3.4 192.168.32 192.165. 192.168.2.0/24 192.168.3.0/24 Pre-requirement for LAB (check previous labs) ‘+ Design the topology (connectivity ) Assign the IP address according to diagram ‘Make sure that interfaces used should be in UP_UP state Dynamic routing using OSPF multiple area Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) Relish ip route Gateway of last resort is not set C 10.0.0.0/8 isdirectly connected, Serial0/0 C 192,168.1,0/24 is directly connected, FastEthernet0/0 R-titsh ip route Gateway of last resort is not set © 10.0.0.0/8 is directly connected, Serial0/0 C 11.0.0.0/8 is directly connected, Serial0/1 192,168.2.0/24 is directly connected, FastEthernet0/0 R-ittsh ip route Gateway of last resort is not set C 11.0.0.0/8 is directly connected, Serial0/0 C 192,188.3.0/24 is directly connected, FastEthernet0/0 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.Router-1 R-I(contig)ttrouter ospf 1 R-I(contig-router)#inetwork 192.168.1.0 0.0.0.255 area 10 R-I(contig-router)##network 10.0.0.0 0.255.255.255 area 10 Router-2 R-2(config)t#router ospf I R-2(config-router)#network 192.168.2.0 0.0.0.255 area 0 R-2(conlig-router)t#network 11.0.0.0 0.255.255.255 area 20 R-2(config-router)#network 10.0.0.0 0.255.255.255 area 10 eee Router— R-3 (contig) #router ospf 1 R-3(config-router)##network 192.168.3.0 0.0.0.255 area 20 R-8(config-router)#inetwork 1.0.0.0 0.255.255.255 area 20 | eeenemer weve semen! R.2Hishow ip ospf neighbor NeighborID Pri State Dead Time Address Interface 192.168.3.100 0 FULL - 00:00:39 1.0.0.2 Serial0/I 192.168.1.100. 0 FULL/- 00:00:39 10.0.0.1 Serial0/0 R-litshow ip route Gateway of last resort is not set C_10.0.0.0/8 is directly connected, Serial0/0 C_192.168.1.0/24 is ios FastEthernet0/O R-litshow ip route ospf (O1A 11.0.0.0 [110/126] via 10.0.0.2, 00:06:24, Serial0/0 (OIA 192.168.2.0 [110/65] via 10.0.0.2, 00:06:24, Serial0/0 (O1A 192.168.3.0 [110/129] via 10.0.0.2, 00:08:53, Serial0/0 R-2Hshow ip route ospf O 192.168.1.0 [110/65] via 10.0.0.1, 00:08:31, Serial0/0 192,168.30 [110/65] via 11.0.0.2, 00:08:04, Serial0/1 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 5012 All contents are copyright @2013 - 2014 All rights reserved.R-3itshow ip route ospf (Q1A 10.0.0.0 [110/126] via 1.0.0.1, 00:08:21, Serial0/0 (OIA 192.168. 1.0 [110/129] via 11.0.0.1, 00:08:21, Serial0/0 (O1A 192.168.2.0 [110/65] via 11.0.0.1, 00:08:21, Serial0/0 R-Iiish ip ospf database (OSPF Router with ID (192.168.1.100) (Process ID 1) Router Link States: LinkID ADVRouter Age — Seq# — Checksum Link count 192.168.1.100 192.168.1.100 902 0x80000003 0x003b8b 3 192.168.2.100 192.168.2.100 902 0x80000002 Ox00e758 2 Summary Net Link States (A830) LinkID-ADVRouter Age Seq Checksum 192.168.2.0 192.168.2.100 905 0x60000001 0x0057cb 11.000 192.168.2.100 $05 0x80000008 ax00063d 192.168.3.0 192.168.2.100 870 0x80000003 Ox0dca15 R-2iishow ip ospf database OSPF Router with ID (192.168.2.100) (Process ID 1) Router Link States LinkID ADVRouter Age — Seq# Checksum Link count 192.168.2.100 192.168.2.100 708 0x80000002 Ox0070d6 1 Summary Net Link States (Area 0) LinkID ADVRouter Age — Seq##__— Checksum 11,0.0.0 192.168.2.100 698 _0x80000001 ax00083¢ 10.0.0.0 — 192.168.2.100 689 0x80000002 0x001331 192,168.1.0 192.168.2.100 689 0x80000003 0x002001 192.168.3.0 192.168.2.100 663 0x80000004 Ox00c816 Router Link States (A#6@00) LinkID ADVRouter Age — Seq# — Checksum Link count 192,168.2.100 192:168.2.100 694 0x80000002 0x00e758 2 192,168.1.100 192.168.1.100 694 0x80000003 Ox003b8b 3 ‘Summary Net Link States (Area 10) LinkID. ADVRouter Age — Seqit Checksum 192,168.20 192.168.2.100 897 0x80000001 Ox0057cb 1.0.0.0 192.168.2.100 697 0x80000002 x00063d 192.168.3.0 192.168.2.100 862 0x80000003 0x00calS outer tank Slate 20) LinkID ADVRouter Age — Seqt Checksum Link count 192.168.2.100 192.168.2.100 668 0x80000002 0x000a33 2 192.168.3.100 192.168.3.100 668 0x80000003 Ox0010ad 3 ‘Summary Net Link StatéS(Ar@a/20) LinkID ADVRouter Age Seqi# Checksum 192,168.2.0 192.168.2.100 703 0x60000001 Ox00s7c 10.0.0.0 _192.168.2.100 889 0x80000004 Ox001331 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ TWGRI All contents are copyright @2012~ 2014 All rights reserved. NE K192.168.1.0 192.168.2.100 689 0x80000003 0x00e001 PC>ipconfig IP Address. Subnet Ma: 155.255.255.0 Default Gateway. sew! 198.168.1100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data Request timed out. j=32 time=19ms TTL=126 Reply from 192,168.2.1: Reply from 192.168.2.1: bytes=32 time=14ms TTL=126 PC>ping 192.168.3.1 Pinging 192.168.3.1 wath 32 bytes of data: Request timed out. =32 time=27ms TTL=125 Reply from 192.168.3.1: bytes=32 time=22ms TTL=125 Reply from 192. 168.3.1: bytes=32 time=25ms TTL=125 PC>tracort 192.168.3.1 Tracing route to 192,168.3.1 over a maximum of 30 hops: 1 5ms 8ms 8ms 192.168.1.100 2 12ms 9ms 8ms 100.02 3.17ms 6ms 12ms 11.0.0.2 4 24ms a7ms a5ms 192.168.3.1 Trace complete. Relitping 192.168.3.1 Type escape sequence to abort iz ling 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate is JOO@REERL (5/5), round-trip min/avg/max = 9/16/31 ms Reattping 192.168.1.1 ‘Type escape sequence to abort. Sending §, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is HOOBGREGHR (5/8), round!-tip min/avg/max = 10/18/18 ms CCNA R&S Workbook by Sikandas Gouse Moinuddin CCIE (RAS, SP) #25012 (etwerk All contents are copyright @2013 - 2014 All rights reserved.ACCESS CONTROL LIST * ACLisaset of rules which will allow or deny the specific traffic moving through the router * Iisa Layer 3 security which controls the flow of trafic from one router to another. © Itis also called as Packet Filtering Firewall TANDARD EXTENDED A ‘The access-list number range is 1= © The access-list number range is 100 199 99 ‘© Wecanallow or deny a Network, Host, Can block a Network, Host and Subnet and Service Subnet ‘+ Selected services can be blocked. Allservices are blocked. ‘© Implemented closest to the source. Implemented closest to the ‘© Filtering is done based on source IP, destination. destination IP, protocol, port no Filtering is done based on only source IP address ‘Three Things are very important to know before writing any ACL statement 1. Selecting appropriate router to configure ACL 2. Decide who is Source and destination 3. Understand in /out and Decide the right direction to implement ACL Rules of Access List © Works in Sequential order. (itll always start with the first line of the access list, then go to line 2, then line 3, and so on) All deny statements have to be given First (preferable most cases ) ‘There should be at least one Permit statement (mandatory ) An implicit deny blocks all traffic by default when there is no match (an invisible statement). Can have one access-list per interface per direction. (i.e.) Two access-lists per interface, one in inbound direction and one in outbound direction. Any time a new entry is added to the access list, it will be placed at the bottom of the list. Using a text editor for access lists is highly suggested. You cannot remove one line from an access list. Ifyou try to do this, you will remove the entire list. It is best to copy the access list o a text editor before trying to edit the list. The only exception is when using named access lists. Wild Card Mask Tells the router which portion of the bits to match or ignore. It's the inverse of the subnet mask, hence is also called as Inverse mask. Abit value of 0 indicates MUST MATCH (Check Bits) Abit value of 1 indicates IGNORE (Ignore Bits) Wild Card Mask for a Host wall be always 0.0.0.0 Awild card mask can be calculated using formula : CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 (etwerk All contents are copyright @2013 ~ 2014 All rights reserved.Global Subnet Mask Customized Subnet Mask Wild Card Mask 288.255.255.258 Global Subnet Mask -255.285.258.0 Customized Subnet Mask 0. 0. 0.255 Wild Card Mask 258,255,255,255 888.258.258.240 00. 0.18 258,255,255.255 258,255,255,224 00. 0.31 + Wildcards are used with the host or network address to tell the router a range of available Addresses to filter. + To specify.a host, the address would look like this: 172.16.30.5 0.0.0.0 Creation of Standard Access List Router(config)#t access-list Implementation of Standard Access List Router(config)it interface Router(conlig-iN#? ip access-group To Verify : Router# show access-list Router show access-list Creation of Extended Access List Router(config)i# access-list destination address> < destination wildcard mask> CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R6S, SP) #95012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.Implementation of Extended Access List Router(config)itinterface Router(config-ifttip access-group Operators: eq (equal to) neg (not equal to) It ess than) gt (greater than) Ityou want to iter by Application layer protocol, you have to choose the appropriate layer # transport ‘protocol after the permit or deny statement. For example, to filter Telnet or FTP, you choose TCP since both Telnet and FTP use TCP at the Transport Jayer. Ifyou were to choose IP, you wouldn't be allowed to specify a specific application protocol later CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (Ne eee ee ieee CetwarkNamed Access List ‘Named access lists are just another way to create standard and extended access lists. Acccess-lists are identified using Names rather than Numbers. Names are Case-Sensitive No limitation of Numbers here. (One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACLis possible, 10S version 11.2 or later allows Named ACL Creation of Standard Named Access List Router(contig)t ip access-list standard Router(config-std-nacl)## Implementation of Standard Named Access List Router(config)ttinterface Router(config-iN Hip access-group Creation of Extended Named Access List Router(contig)t ip access-list extended Router(canfig-ext-nacl)#t < destination wildcard mask> Implementation of Extended Named Access List Router(config)itinterface Router(contig-ifitip access-group CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 @ TWORI All contents are copyright @2013~ 2014 All rights reserwed. NE KTEASE TEASE WEIS. WZIELSE 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 Pre-requirement for LAB (check previous labs) 1). Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state 4) Any dynamic routing Protocol or static routing 5) Verify Routing table and reachability between the LAN's (using PING and TRACE commands) TASK: Configure the Appropriate router as per the rules given Deny the host 192.168.1.1 communicating with 192,168.2. Deny the host 192.168.1.2 communicating with 192.168.2. Deny the network 192.168.3.0 communicating with 192.1 Permit all the remaining traffic NOTE: the Above ACL rules should not affect the other communication NOTE: Before creating the ACL, make sure that the routing configured is correct and all the three LAN devices are able to comniinicate with each other using PING command PC>ipconfig IP Address. Subnet Mask. : 258.255.255.0 Default Gateway... PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 time=17ms TTL=126 Reply from 192. 168.2.1: bytes=32 time=20ms TTL=126 Reply rom 192.168-2.1: Reply from 192,168.21; ytes=32 time=17ms TTL=126 CCNA R&S Workbook by Sikandar Gouse Moinuddia CCIE (R&S, SP) # 25012 (Wetwerk ‘All contents are copyright @2012 - 2014 All rights reserved. bascoPC>ipcontig IP Address... Subnet Mask. Default Gateway. + 192,168.12 : 258.285.258.0 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192,168.2.1: bytes=32 time=16ms TTL=126 Reply from 192.168.2.1: bytes=32 time=22ms TTL=126 Reply from 192. 168.2.1: bytes=32 time=23ms TTL=126 Reply from 192,168.2.1: bytes=32 time: PC>ipcontig IP Address. seveet 198.168.3.1 Subnet Mast. + B58,.255.255.0 Default Gateway. 192.168.3.100 PC>ping 192.168.2.1 Pinging 192,168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 time Reply from 192.168.2.1: byte Reply from 192. 168.2.1: bytes=32 time=: Reply from 192,168.2.1: byte ROUTER-2 Creating the ACL rules according to requirement: R-2(config)# access-list 15 deny 192.168.1.1 0.0.0.0 R-&(config)#access-list 18 deny host 192.168.1.2 R-2(config)#access-list 15 deny 192.168.3.0 0.0.0.255 R-2(config)#access-list 15 permit any Implementation: R-2(config)itinterface fastEthernet 0/0 F-2(config-if tip access-group 15 out Verification: R2itsh access-lists Standard IP access list 1S deny host 192. 168.1. deny host 192.168.1.2 deny 192.168.3.0 0.0.0.255 permit any (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 Alll contents are copyright @2013 - 2014 All rights reserved. (etwerkPC>ipconfig IP Address. | Subnet Masi... nn: 258.255.255.0 Default Gateway... 192.168.1100 PC>piagseGea Pinging 192.1682. with 2 bytes of dat: Reply rom 10.08: Destnabon st ireaeNEBI. Reply from 10.0.0.2: Destination hast unreachable. Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Reply from 192,168.31: bytes=32 time: Reply from 192. 168.3.1: byte: Reply from 192.168.3.1: bytes=32 time=24ms TTL=125 Reply from 192. 168.3.1: bytes=32 time=13ms TTL=125 PC>ipconfig IP Addie: Subnet Mask. + 255.255.255.0 Default Gateway. 192.168. 1.100 PC>ping 192.169.2.1 gag for t6m277 won:2s orale Reply fom 10002: Destination host nreachale Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. PC>ipconfig IP Address. a Subnet Mask..scrnenon: 258.258.255.0 Default Gateway. ww! 192.168.1100 PC>ping Pinging 192.168.2.1 with 32 bytes of data: Reply from 192,168.2.1: bytes=32 time: Reply from 192,168.2.1: bytes=32 time=17ms TTL=126 Reply from 192. 168.2.1: bytes=32 time=23ms TTL=126 Reply from 192.168.2.1: bytes=32 time=24ms TTL=126 PC>ipcontig pPAddre Subnet Mask. 2 258.255.258.0 Default Gateway. 198. 168,3.100 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 Getwerk Alll contents are copyright @2013 - 2014 All rights reserved.PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply’ Reply from 1.0.0.1: Destination host unreachable. Reply from 1.0.0.1: Destination host unreachable. Reply from 11.0.0.1: Destination host unreachable. PC>ping 192.168.1.1 Pinging 192. 168.1.1 with 92 bytes of data: Reply from 192.168.1.1: bytes=32 tim Reply trom 192.168. 1.1: bytes=32 time Reply from 192.168. 1.1: bytes=32 time Reply from 192,168.11: bytes=32 time: CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.Ss => Se25 se sor.s684.4 '102.168.1.4 ns - Ml ‘192.160.1.2 yA VOSLY TEAL EIS WZIESe 192.168.1.0/24 192.168.2.0/24 192.108.3.0/24 Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state ®) Any dynamic routing Protocol or static routing 9) Verify Routing table and reachability between the LAN’s (using PING and TRACE commands) TASK: Configure the Appropriate router as per the rules given below . Deny the users on LAN 192.168.3.0 should not access 192.168.1.4 FTP service 1. Deny the users on LAN 192,168.31 should not access 192.168.1.3 HTTP service Deny the users on LAN 192.168.2.0 should not get DNS service from DNS server 192.168.1.4 Deny the users from the host between 192.168.3.2 and 192.168. 1.2 should not be able fo send ICMP (ping /trace ) messages 3. Remaining hosts and services should be permitted NOTE; the Above ACL rules should not affect the other communication Router-1 Rel(config)#access-list 145 deny tcp 192.168.2.0 0.0.0.255 host 192.168.1.3 oq www R-l (config) #access-list 145 deny top 192.168.3.0 0.0.0.255 host 192.168.1.4 eq fp Rel (config)#access-list 145 deny tcp host 192.168.3.1 host 192.168.1.3 eq www R-l (config) ttaccess-list 145 deny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq ? <0-65535> Port number bootpe Bootstrap Protocol (BOOTP) client (68) CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RES, SP) # 25012 é mee eg ae enc (NeTWoRKboot Bootstrap Protocol (BOOTP) server (67) isakmp Internet Security Association and Key Management Protocol (500) ‘non500-isakmp Internet Security Association and Key Management Protocol (4500) snmp _ Simple Network Management Protocol (161) ip ‘Trivial File Transfer Protocol (68) Rel(config)#access-list 145 deny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq domain R-l(config)#access-list 145 deny icmp host 192.168.3.1 host 192.168.1.1 ? <0-256> type-num host-unreachable — host-unreachable net-unreachable _net-unreachable port-unreachable _port-unreachable protocol-unreachable protocol-unreachable tilexceeded _ttl-exceeded unreachable unreachable R-I(config)#taccess-list 145 deny icmp host 192.168.3.2 host 192.168.1.2 echo R-l(config)#access-list 145 deny icmp host 192.168.3.2 host 192.168.1.2 echo-reply R-l(config)#taccess-list 145 permit ip any any Implementation: R-1(config)# interface fastEthemet 0/0 R-l(config-if'# ip access-group 145 out OR R-I(config)# interface serial 0/0 R-1(config-i# ip access-group 145 in Verification: PC>ipconfig IP Address. . Subnet Mask.ssnravnn! 255.255.255.0 Default Gateway: 192.168.3100 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: ‘Request timed out. Request timed out. Request timed out. PC>ping 192.168.1.1 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 Alll contents are copyright @2013 - 2014 All rights reserved.Pinging 192.168.1.1 with 32 bytes of data Reply from 192.168.1.1: bytes=32 time’ Reply from 192,168.11: bytes=32 tim Reply from 192.168. 1.1: bytes=32 ume Reply from 192.168. 1.1: bytes=32 time CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.192.168.2.1 192.158.2.2 r921683.1 19216832 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 Configure Standard Named ACL + Use the same Rules as Lab-1 Before creating the ACL, make sure that the routing configured is correct and all the three LAN devices are able to communicate with each other using PING command PC>ipcontig IP Address. Subnet Mask. Default Gateway. PC>ping 192.168.2.1 Pinging 192.168.2.1 with 22 bytes of data: Reply from 192.168.2.1: bytes=32 time=17ms TTL=126 Reply from 192.168.2.1: bytes=32 time=20ms TTL=126 Reply from 192,168.2.1: bytes=32 time=16ms TTL=126 Reply from 192. 168.2.1: bytes=32 time=17ms TTL=126 PC>ipconfig IP Address. vet 198,168.12 : 955.255.255.0 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 time=16ms TTL=126 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.Reply from 192, 168.2.1: bytes=32 time=22ms TTL=126 Reply from 192.168.2.1: bytes=32 time=23ms TTL=126 Reply from 192,168.2.1: bytes=32 time: PC>ipconfig IP Address. 192,168.3.1 Subnet Mask. : 288.255.255.0 Default Gateway. vont 192. 168.3.100 PC>ping 192.168.2.1 Pinging 192. 168.2.1 with 92 bytes of data: Reply from 192.168.2.1: bytes=32 tim Reply trom 192. 168.2.1: bytes=32 time Reply from 192.168.2.1: bytes=32 time Reply from 192.168.2.1: bytes=32 time: (Creating an Access-list as per the given rules R-2(config)#ip access-list standard CCNA R-2(config-std-nacl)##deny 192.168.1.1 0. R-2(config-std-nacly##deny host 192.168.1.2 R-2(contig-std-nacl)#deny 192.168.3.0 0.0.0.255 R-2(config-std-nacl)tipermit any R-&(config-std-naclHtexit Implementation: R-2(contig) # interface fastEthernet 0/0 R-2(config-i# ip access-group CCNA out Retlish access-lists Standard IP access ist CONA deny host 192.168.1.1 deny host 192.168.1.2 deny 192. 168.3.0 0.0.0.255 permitany PC>ipcontig IP Address. Subnet Mask. sone! 955,255. 255.0 Default Gateway. 192.168.1.100 Pe>ping 198:168.2:1 Pinging 192.168.2.1 with 32 ined (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Reply from 192.168.3.1: bytes=32 time=21ms TTL=125 Reply from 192.168.3.1: bytes=32 time=17ms TTL=125 Reply from 192. 168.3.1: bytes=32 time=24ms TTL=125 Reply from 192, 168.3.1: bytes=32 time=13ms TTL=125, PC>ipconfig IP Adare: Subnet Mask. 1! 855,255,255, Default Gateway... 192.168, 1.100 PC>ping 192.168.2.1 ging 192 1682.1 with 2 bytes of date Reply fom 1000.2: Destination os nreschabe Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. SERVER>ipconfig IP Address. Subnet Mask nent 955.255. 255.0 Default Gateway..nerrnnnn! 192-168.1.100 SERVER>ping Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168. Reply from 192.168.2.1: bytes=32 time=17ms TTL=126 Reply from 192,168.2.1: bytes=32 time=23ms TTL=126 Reply from 192. 168.2.1: bytes=32 time=24ms TTL=126 PC>ipconfig IP Address.ssssinsissit 198 1683.1 Subnet Masi. vnnnnn: 855,255.255,0 Default Gateway. ve! 192.168.3.100 PC>ping 192.168.2.1 Pinging 19216021 with 32 bytes of dat: Reply fom 11.001: Destination hos unreachable Reply from 11.0.0.1: Destination host unreachable. Reply from 1.0.0.1: Destination host unreachable. Reply from 11.0.0.1: Destination host unreachable. PC>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1.1: bytes=32 time=16ms TTL=125 Reply from 192. 168.1.1: byte: Reply from 192,168.11: bytes=32 time=I6ms TTL=125 Reply from 192.168. 1.1: bytes=32 time=21ms TTL=125 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ TWORI ‘Montes are copyight Q1013~ 2018 rights reserved. NETSBRt 192.165. 100 7 = 192.168.1.3, 5 emery ee 19216821 192.1682.2 192.1683.1 192168.22 192.168.1.2 192.168.1.0/24 192.168.2.0/24 192.168.2.0/24 Configure Standard Named ACL Use the same Rules as Lab-2 R-l (contig) tip access-list extended CCNP Rel(config-ext-nacldeny tcp 192.168.2.0 0.0.0.255 host 192.168.1.3 oq www Rel(config-ext-nacl)# deny fep 192.168.3.0 0.0.0.255 host 192.168.1.4 eq fip Rel (config-ext-nach# deny tcp host 192.168.3.1 host 192.168.1.3 eq www R-I(config-ext-nacl#deny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq domain Rel (conig-ext-nach# deny icmp host 192.168.3.1 host 192.168.1.1 echo R-I(config-ext-nacl)iideny icmp host 192.168.3.1 host 192.168.1.1 echo-reply Rel(config-ext-nacl)# permit ip any any Implementation: R-l(conlig)# interface fastEthernet 0/0 Rel(config-i0# ip access-group CCNP out OR CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #95012 Getwerk All contents are copyright @2013 - 2014 All rights reserved.R-1(config)# interface serial 0/0 R-1(config-iN'# ip access-group CCNP in Relish access-lists Extended P access: deny tep 192. 168.2.00.0.0.255 host 192.168.1.3.eq www deny tcp 192. 168.3.0 0.0.0.255 host 192.168. 1.4 eq ftp deny tep host 192,168.31 host 192, 168.1.3 eq www deny udp 192,168.2.0 0.0.0.255 host 192.168.1.4 eq domain deny icmp host 192.168.3.1 host 192.166.1.1 echo deny icmp host 192.168.3.1 host 192.168.1.] echo-reply permit jp any any Verification: PC>ipconfig IP Address, 5 Subnet Mask.rcnnnen! 855.255.255.0 Default Gateway. vet 192. 168,3. 100 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: ‘Request timed out, Request timed out. Request timed out. PC>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168. 1.1: bytes=32 time=20ms TTL=125 Reply from 192.168. 1.1: bytes=32 time= Reply from 192,168.1.1: bytes=32 time=13ms TTL=125 Reply from 192.168. 1.1: bytes=32 time=25ms TTL=125 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #35012 (etwerk All contents are copyright @2013 - 2014 All rights reserved.LAB-S: Restricting Telnet Access To The Router To Specified Networks Or Hosts Should You Secure Your Telnet Lines on a Router? + You're monitoring your network and notice that someone has telnetted into your core router by using the show users command. You use the disconnect command and they are disconnected from the router, but you notice they are back into the router a few minutes later. You are thinking about putting an access list on the router interfaces, but you don't want to add a Jot of latency on each interface since your router is already pushing a lot of packets. The access-class command illustrated in this lab is the best way to do restrict the users who can telnet and who should not Because it doesn’t use an access list that just sits on an interface looking at every packet that is coming and going. This can cause overhead on the packets trying to be routed. When you put the access-class command on the VIY lines, only packets trying to telnet into the router will be looked at and compared. This provides nice, easy-to-configure secunity for your router. TASK: Allow only the hosts 192.168.1.1 and 192.168.1.2 {o telnet RI. any other host should be denied of they tty to telnet RI Creating ACL which permits only hosts 192.168.1.1 and 192.168.1.2 (means by default deny all the other hosts) R-1(config)#taccess-list 20 permit host 192.168.1.1 R-I(config)#access-list 20 permit host 192.168.1.2 Implementation R-l(config)#tline vty 04 R-1(config-line)tpassword cisco R-I(configrline)##login R-I(config-line)# access-class 20 in R-l(config-line)#end Verification: PC>ipcontig Subnet Mask... 858.255.255.0 Default Gateway 192.188.1.100 PC>telnet 192.168.1.100 Trying 192,168, 1.100 ..Qpen User Access Verification CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RES, $P) #35012 @ ‘Ereonens are coppht @201- 20142 igh eserwed NETWORKPC>ipconfig BP Addresssnrennnet 192,168.12 Subnet Mask. 1: 955,255.255.0 Default Gateway. 192.168.1100 PC>telnet 192.168.1.100 Trying 192.168, 1.100 ..Qpen User Access Verification NOTE: J+ From both the host (192.168.1.1 and 192.168, 1.2) telnet to R! is successfil (irom above outputs) Telnet from any other users should be denied automatically as per our requirement (verify below outputs) Try Telnet from 192.168.1.3 fo RI PC>ipcontig IP Address Srnmnnnnint 198 168-13 Subnet Mask. 255.255.255.0 Default Gateway.. 192.168. 1.100 PC>telnet 192.168.1.100 aise 168. 1.100. IP Address. Subnet Mask. 155,255.255.0 Default Gateway. 1 198.168.1.100 PC>teinet 192.168.1.100 Trying 192.168.1.100 % Connection refused by remote host Try Telnet from R2 fo RI R-2>¢enable R-2Htelnet 10.0.0.1 rae ait (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 Alll contents are copyright @2013 - 2014 All rights reserved.Rilftsh access-lists Standard IP access list 12 permit host 192.168.1.1 (2 match(es)) permit host 192,168. 1.2 (2 match(es)) deny any (13 match(es)) Relish users Line User Host(s) Idle Location idle 00:00:00 00:00:54 00:00:39 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (Wetwerk Alll contents are copyright @2013 - 2014 All rights reserved.NAT is the method of Translation of private IP address into public IP address" Inorder to communicate with internet we must have registered public IP address. Address translation was originally developed to solve two problems: 1. tohandle a shortage of IPvd addresses 2. Hide network addressing schemes. Small companies typically get their public IP addresses directly from their ISPs, which have a limited number. Large companies can sometimes get their public IP addresses from a registration authority, such as the Internet Assigned Numbers Authority (IANA). (Common devices that can perform address translation include firewalls, routers, and servers. Typically address translation is done at the perimeter of the network by either a firewall (more commonly) or a router. There are certain addresses in each class of IP address that are reserved for Private Networks. These addresses are called private addresses. ClassA ——_10.0.0.0 to 10.288.255.255 ClassB ——_172,16.0.0 to 172,31,285.255 Class ——192.168.0.0 to 192.168.255.255 Here's a list of situations when it's best to have NAT on your side: * You need to connect to the Internet and your hosts don't have globally unique IP addresses. © You change to a new ISP that requires you to renumber your network. © You need to merge two intranets with duplicate addresses. Advantages + Conserves legally registered addresses. © Reduces address overlap occurrence. Increases flexibility when connecting to Internet. ‘Eliminates address renumbering as network changes Disadvantages ‘© Translation introduces smiching path delays. ‘© Loss of end-to-end IP traceability. ‘© Certain applications will not function with NAT enabled. NAT Terminology Inside Local Addresses ~ Name of inside source address before translation ( private IP ) Inside Global Address - Name of inside host after translation (public IP ) Outside Local Address - Name of destination host before translation Outside Global Address ~ Name of outside destination host after translation Types of NAT:- 1. Dynamic NAT 2. Static NAT 3. PAT CCNA R&S Workbook by Sikandar Gouse IMoinuddin CCIE (R&S, SP) # 35012 @ All contents are copyright @2012 ~ 2014 All rights reserved. NETW@RKStatic NAT + This type of NAT is designed to allow one-to-one mapping between local and global addresses. + Keep in mind that the static version requires you to have one real Internet IP address for every host on your network. ili oa ee (Config)# IP nat inside source static Implementation : (Config) # interface 10/0 (Config-i0# ip nat inside (interface facing towards LAN) (Contig) interface 50/0 (Contig-:# ip nat outside (interface facing towards ISP ) Dynamic NAT + This version gives you the ability to map an unregistered IP address to a registered IP address from out of a pool of registered IP addresses You don't have to statically configure your router to map an inside to an outside address as you would use static NAT, but you do have to have enough real IP addresses for everyone who's going to be sending packets to and receiving them from the internet. Twa eee ea 243.16.123.115 1 192.168.32.311 243.18.123.188 (192.168.32.7) CCNA R&S Workbook by Sikandar Gouse Molnuddin CCIE (R&S, SP) #25012 Genwer All contents are copyright @2013 - 2014 All rights reserved. NE’ KSyntax : (Config)# access-list < ACL-NO> permit (Config)#ip nat pool netmask (Config)# ip nat inside source list pool Implementatio: (Config) # interface 10/0 (Config-i0# ip nat inside (interface facing towards LAN) (Config)# interface 0/0 (Config-if# ip nat outside (interface facing towards ISP ) Dynamic NAT Overload This is the most popular type of NAT configuration. Understand thal overloading really isa form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address— many-to-one—by using different ports Itis also known as Port Address Translation (PAT), and by using PAT (NAT Overload), you get to have thousands of users connect o the Intemet using only one real global IP address. 2000 How STURT OTK Syntax: (Config)## access-list < ACL-NO> permit (Config)itip nat inside pool netmask (Config)# ip nat inside source list pool overload Implementatio: (Contig) #t interface £0/0 (Contig-i0# ip nat inside (interface facing towards LAN) (Config) intertace 0/0 (Config-i0# ip nat outside (interface facing towards ISP ) CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 @ TWORI All contents are copyright @2013~ 2014 All rights reserved. NE KLAB-1 STATICNAT TASK: Configure Static Nat using the following translations PRIVATE IP PULIC IP 192.168.1.1 50.1.1.1 192,168.12 192,168.1.3 192,168.14 192.168.1.2 Inide users 192.168.1.0/24 Configure IP address according to the diagram Configure default route on both routers to Provide Reachability. Configure NAT (static NAT according to the requirement ) Implementation Verify by generating some tralfic from LAN to ouside servers © show ip nat translations R.Iiish ip int brief Interface ___IP-Address OK? Method Status Protocol ‘manual up up FastEthemet0/1 unassigned _ YES unset administratively down down Serial0/1 unassigned YES unset administratively down down R-A(config)# ip route 0.0.0.0 0.0.0.0 100.1.1.2 (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.ISPish ip int brief Interface IP-Fiddress _OK? Method Status Protocol ‘manual up up Ce Te yrs une! adttratively down down ‘Senalo" ood YES manual up = Serial0/I unassigned YES manual administratively down down IsP#conf terminal ISP(config)#t iproute 0.0.0.0 0.0.0.0 100.1.1.1 (Configuration of static NAT Rel (config) #ip nat inside source static 192.168.1.1 50.1.1. R-I(config)ttip nat inside source static 192.168.1.2 50.1.1.2 Rel (config) Hip nat inside source static 192.168.1.3 50.1.1.3, Implementation R-l (config) #interface fastEthernet 0/0 R-I(config-if tip nat inside R-I(config-ifitexit (interface facing towards LAN) Rel (config) #interface serial 0/0 R-l (config-i tip nat outside (Interface facing towards ISP) Generate Traffic from Inside User PC (192.168.1.1) PC>ipconfig 255,255,255, Default Gateway. 192.168.1.100 PC>ping 200.1.1.1 PC>ping 200.1.1.2 Pinging 200.1.1.2 with 32 bytes of data: Request timed out. Reply from 200. 1.1.2: CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R8S, SP) #35012 (Wetwerk Alll contents are copyright @2013 - 2014 All rights reserved.Generate Traffic from Inside User PC (192.168.1.2 PC>ipcontig IP Address Subnet Maske. 258.255.255.0 192.168.1.100 PC>ping 200.1.1.1 Pinging 200. 1.1.1 with 32 bytes of data: Reply from 200, . 1.1: bytes=32 time=22ms TTL=126 Generate Traffic from Inside User PC (192.168.1.3) PC>ipconfig IP Address... Subnet Mask. son! 255.255.255.0 Default Gateway. vont 192.168, 1.100 PC>ping 200.1.1.1 Pinging 200.1. 1.1 with $2 bytes of dat Reply from 200.1. 1. Reply from 200.1. 1.. Reply from 200.1. 1.1: Relftsh ip nat translations Pro Inside global Insidellocal Outside local Outside global ‘cmp SONMMBTONUGANGBN:21° 200.1.1.2:21 200.1.1.2:21 femp 50.1.1.1:22 192.168.1122 200.1.1.222 200.1.1.2:28 femp §0.1.1.1:28 — 192.168.11:28 200.1.1.2:28 200.1.1.2:23 femp 50.1.1.1:24 ” 192.168.1.1:24 200.1.1.2:24 200.1.1.2:24 ‘camp SOUMMANOUUG2NGEN:1 — 200.1.1.1:1 — 200.1.1.1:1 femp 0.1122 192.168.1.2:2 200.10.1:2 200.1112 fiemp 501.123 192.168.12:3 200..1.1:9 | 200.1.1.1:3 femp 50.1.1-2:4 | 192.168.1.2:4 2000.11: — 200.L1.1:4 femp 501.13:1 192,168.13: 2001111 2001111 emp s01.132 192.168.132 pontine icmp $0.1.1.3:3 198.168.1.3:3 LLL 200.1.1.1:3 fempsoliss [9B lea tad eO0LLIS | 20RLL TS $0.111 — 192.168.1.1 SO.112 — 192.168.1.2 SOLIS 192.168.1.3 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 95012 All contents are copyright @2013 - 2014 All rights reserved. GetwerkTo verify generate telnet traffic From Inside User PC's © 192.168.1.1 © 192.168.1.2 © 192.168.1.3 PC>telnet 100.1.1.2 Trying 100.1.1.2 ..Open User Access Verification R-I#tsh ip nat translations Pro Inside global Inside local Outside Jocal Outside global SO.1I1 192,168.10 — e $0.18 192,168.12 SO.113 192,168.13 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.Inide users ( 192.168.141 ten.se.12 Sees =) 192.168.1.0/24 OO TASK: + Remove the NAT Configurations done in the previous Lab. Configure Dynamic NAT and make sure that the inside LAN users (192.168.1.0/24) get translated to public IP with the range of 50.1.1.1~ 50.1.1.200/24 ‘Continue with the same pre-configurations in the LAB ~ 1 Remove the static NAT configurations. Implementation is same as previous lab 2-1 clear ip nat translation * NOTE: © Make sure that you clear the translation table before you edit or remove the any NAT configurations Rel(config)# no ip nat inside source static 192.168.1.1 0.1.1.1 Rel(contig)# no ip nat inside source static 192.168.1.2 50.1.1.2 Rel(config)# no ip nat inside source static 192.168.1.3 0.1.1.3 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R6S, SP) #95012 Wetwerk All contents are copyright @2013 - 2014 All rights reserved.(Configuration of DYNAMIC NAT R-l(conlig)ttaccess-list 55 permit 192,168.1.0 0.0.0.255 Rel (config)#ip nat pool CCNA 50.1.1.1 50.1.1.200 netmask 255.255.255.0 R-I(config)ttip nat inside source list 55 pool CCNA Implementation R-I(config)t#interface fastEthernet 0/0 R-I(contig-if tip nat inside Rel(contig-iDitexit (Interface facing towards LAN) R-I(config) #interface serial 0/0 R-I(contig-if\#tip nat outside (terface facing towards ISP) Verification: Generate some telnet traffic from inside LAN devices 192,168.1.1 PC>teinet 100.1.1.2 Trying 100. 1.1.2 ..Open User Access Verification ISP> R-Iitsh ip nat translations Pro Inside global Inside local Outside local _ Outside global tep 1087 1027 100.1.1.2:23 tep 1085 [1025 100.1.1.2:23 tep 1025 1025 100.1.1.2:23 tcp 1085 1085 100.1.1.2:23 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RAS, SP) #95012 (etwerk All contents are copyright @2013 - 2014 All rights reserved.is { ) 192.168:1.1 \ Go0.tt.1 2001.12 / 192.168.1.2 - Servers on the meres ea / 192.168.1.0/24 sali RD ee TASK: ‘Remove the NAT Configurations done in the previous Lab. Configure PAT (Dynamic NAT Overload) and make sure that the inside LAN users (192.168.1.0/24) get translated to single public IP (50-1.1.1/32) given by service provider Continue with the same pre-configurations in the LAB - 2 Remove the dynamic NAT configurations. Implementation is same as previous lab R-Ificlear ip nat translation * NOTE: © Make sure that you clear the translation table before you edit or remove the any NAT configurations R-1(config) #no ip nat inside source list 55 pool CCNA Rel(contig) #no ip nat pool CCNA. §0.1.1.1 50.1.1.200 netmask 255.255.255.0 R-I (contig) #no access-list 55 PAT Configuration CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 é TWGRI en saad (NeTwaRKRel (Config) #access-list 55 permit 192.168.1.0 0.0.0.255 R-1(config)#tip nat pool CCNA $0.1.1.1 §0.1.1.1 netmask 255.255.255.255 Rel (config) tip nat inside source list 55 pool CCNA pyéiloaa Implementation R-I(config) Hinterface fastEthernet 0/0 R-l(config-if tip nat inside R-I(contig-if #exit (interface facing towards LAN) R-I(config)#interface serial 0/0 R-I(config-i0 ip nat outside (lnterface facing towards ISP) Verification: ‘* Generate some telnet traffic from inside LAN devices (192.168.1.1 //192.168.1.2 //192.168.1.3 11192.168.1.4//) PC>teinet 100.1.1.2 Trying 100. 1.1.2 ..Open User Access Verification R.Iitsh ip nat translations Pro Inside global Inside local Outside local Outside global tep 50.1.1.1:1029 192.168.1.1:1029 100,1.1.8:23 100,1.1.8:23 top 50.1.1.1:1026 192.168.1.2:1026 100.1.1.2:23 100.1.1.8:23 tep §0.1.1.1:1024 192.168.1.3:1026 100.1.1.2:23 100.1.1.2:23 tep $0.1-1.1:1025 192.168.1.4:1026 100,1.1.2:23 100.1.1.2:23 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R6S, SP) #35012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.soa 16s11 ee 15001614 (Shee my 192.168.1.2 Servers on the toznest024 A inert TASK: + Remove the NAT Configurations done in the previous Lab. Configure PAT (Dynamic NAT Overload) and make sure that the inside LAN users (2192.168.1.0/24) get translated to single public IP on the Bitsidalint@raee (1001.10) given by service provider. STEPS: + Continue with the sarne pre-configurations ia the LAB -3 «Remove the PAT configurations. « Implementation is same as previous lab R-1#clear ip nat translation * NOTE: ¢ -Make'sure that you clear the translation table before you edit or remove the any NAT configurations R-1(config)t#no ip nat inside source list 55 pool CCNA overload R-I(contig)#no ip nat pool CCNA $0.1.1.1 50.1.1. netmask 255.255.255.248 Rel(config)#ino access-list 55 PAT Configuration CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RAS, SP) #95012 Getwerk All contents are copyright @2013 - 2014 All rights reserved.R-I(conig)#access-list 55 permit 192.168.1.0 0.0.0.255 R-I(config)#ip nat inside source interface serial 0/0 overload Implementation R-I(config)ttinterface fastEthernet 0/0 R-l (config-iD #ip nat inside R-I(conlig-i exit (interface facing towards LAN) R-(config)#interface serial 0/0 R-I(config-i0 ip nat outside (interface facing towards ISP) Verification: © Generate some telnet traffic from inside LAN devices (192.168.1.1 //192.168.1.2 //192.168.1.3 11192.168.1.4/1) PC>telnet 100.1.1.2 Trying 100.1.1.2...Open User Access Verification Ish ip nat translations Pro Inside global Inside local Outside local Outside global tp 1029 1029 100.1.1.2:23 100.1.1.2:23 tep 11026 1086 100.1.1.2:23 100.1.1.2:88 tep 1024 1026 100.1.1.2:23 100.1.1.2:23 tep (1025 J026 100.1.1.2:23 100.1.1.2:23 CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (RAS, SP) #95012 (etwerk Alll contents are copyright @2013 - 2014 All rights reserved.Hub itis a Physical layer device (Layer 1) Ithas no intelligence. It works with 0's and I's (Bits) It always do broadcasts It works with shared bandwidth Ithas 1 Broadcast Domain Ithas 1 Collision Domain Collisions are identified using Access ‘Methods called CSMA/CD and CSMA/CA Broadcast Domain ‘Set ofall devices that receive broadcast frames originating from any device within the set. Collision domain Tis Data-link layer device (Layer 2) Its is An Intelligent device Itworks with Physical addresses (ie. MAC addresses) Ituses broadcast and Unicast It works with fixed bandwidth Ithas 1 Broadcast domain by default ‘Number of Collision domains depends upon the number of ports. Itmaintains a MAC address table ‘© In Ethemet, the network area within which frames that have collided are propagated is called a collision domain. ‘= A collision domain is a network segment with two or more devices sharing the same bandwidth. (CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 25012 All contents are copyright @2013 - 2014 All rights reserved.ARP protocol helps the switch to resolve the IP address in to respective MAC address. © tis inbuilt protocol in TCP/AP Note: Switches sends broadcasts (flood ) frames out of all the ports ifit receives a frame with the destination ‘MAC address is not present in the MAC table of switch (sends with destination address FF:FF:FF-FF) Ifthe destination MAC address is present then it will be send only on specific port as per Mac-table Update of the Mac-table happens based on the source address of the frames. By default Mac-adidress-table aging time is 300 seconds (5 minutes) of the traffic inactivity with that Mac-address. Types of Switches + Unmanageable switches * These switches are just plug and play * No configurations and verifications can be done * There is no console port. + Manageable switches * These switches are also plug and play * Ithas console port and Cli access. + We can verify and modify configurations and can implement and test some advance switching technologies ( VLAN, trunking , STP) Hierarchical network design (Cisco) model involves dividing the network into discrete layers. Each layer provides specific functions that define its role within the overall network. The typical hierarchical design model is broken up in to three layers: © access © Distribution o Core. CCNA R&S Workbook by Sikandar Gouse Moinuddin CCIE (R6S, SP) #35012 Getwerk All contents are copyright @2013 - 2014 All rights reserved.