Gateway to highly rewarding Cisco career LyPAGE NO Basic networking 5 About Cisco & CCNA (exam & career paths) . 2 TCPAP ADDRESSING... : eee 15 Private & Public IP 28 Subnetting 31 FLSM Examples . 33 Understanding Value 43 VLSM examples 47 Subnetting Questions ... : 50 Understanding LAN Connectivity 51 Introduction to Cisco Routers. 56 Console Connectivity él Basic commands/ Modes of Cisco routers sees 66 Lab: Basic Configurations and Verifications ve TH Understanding WAN connections 86 Rules to assign the Ip address on cisco routers 1 90 Lab: basic IP configuration . 92 Lab: Basic configuration using three routers 95 ‘Troubleshooting Connectivity 98 WAN protocols (PPP/HDLC) 7 99, PPP Authentication (PAP/CHAP) 101 LAB: PPP Authentication using CHAP .. 103 LAB: PPP Authentication using PAP 105 Routing : 107 Static Routing 108 Lab: Static Routing 10 Lab: Static Routing (Brouters) .... rt 5 m4 Default routing: 16 LAB: DEFAULT ROUTING us Dynamic routing 121 Classfull /Classless 123 RIP viv 124 Lab: Routing using RIPv2 122 Administrative Distance . . 131 ‘Autonomous system number 132 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 2EIGRP Lab: EIGRP OSPF (OSPF Areas ese LAB: Configuring OSPF single Area LAB: Configuring OSPF Multiple Area Access control list. LAB : Standard ACL Lab : Extended ACL. oe Named ACL (standard/Extended) Network address translation... LAB: Static NAT LAB: Dynamic NAT LAB: Port Address Translation LAB: PATusing exit interface -..... Basic switchirl Cisco Design hierarchy Initial configuration of a switch VIRTUAL LAN - LAB ~Verify VLAN .ssssvseeenetnseensen Trunking, Lab: Trunking. Inter-VLAN Routing .. LAB: Inter-Vian Routing Using Physical Gateway... Inter VLAN routing using subinterfaces Spanning tree protocol Lab: verifying spanning-tree VPVE sessseenseeneeeteee LAB: Basic configuration of Ipv6 Static and Default IPV6 routing RIPng OSPRV3... EIGRP FOR IPV6 Password reverting on dsco routers Lab: backup and restore IOS and contigs Restore IOS in Rommon Mode. Sub-maring Cabling 275 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 3WAN Technologies Leased lines Frame relay Lab: framerelay Metroethemet Introduction to MPLS technology Virtual private network SAT CABLE and DSL technology (OSI Reference model & TCP/I Troubleshooting user connect Using COP (lab).. Troubleshooting VLAN issues Troubleshooting trunking Troubleshooting WAN connecttivity Troubleshooting Routing (static /Default). Troubleshooting OSPF /EIGRP..... CCNA Routing & Switching Workbook: Mock lab CCNA Mock lab (Subnetting /IP configuration) CCNA Mock lab (PPP Authentication)....... CCNA Mock lab (EIGRP /OSPF) VLAN, and Trunks oss Inter-vian routing .. Spanning-tree protocol Access Control List Network Address Translation NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 4Cisco Certified Network Associate CCNAx 200-120 Sikandar Gouse Moinuddin CC1Ex2 (RS/SP) # 35012 Senior Technical Instructor www.noasolutions.com J\Solutions Network » Group of two or more computers connected to share information and resources. Printer oy a PRT BPs oe NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 5NOAsoreom Wide Area Network ons uN | Local area networks (LAN) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 6LANs, WANs, and Internets The Internet {LANs and WANS may be conectd it intemeters os | Me B NOAsormean Providing Resources in a Network Cavay iy rewg Che cet Networks of Many Sizes ‘Small Home Networks ‘Small OffcelHome Office Networks r ‘Medium to Large Networks Wore Wide Networks NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 7Cisco Switch NOA samen a NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 8Cisco Routers BS: 192.165.2.0/24 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 9Cisco Firewall IP Phones/ Voice Devices Main office location NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 10Device connecting a small home INTERNET mm ff | Connecting to the Wired LAN. | NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 11NOAsorons About Cisco » Leading manufacturer of Networking Devices. » Switches, Routers , Firewalls, Voice Devices, Datacenter , Wireless NOAsorons Cisco Certification Tracks NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolNOAsorron NOAsorom CCNA Certification Exam Secretar een computer based run and administered by pearson VUE www:vue.com Cost 295 $ 90 minutes 50-55 Questions Cisco CCNA Exam Question Types + Multiple choice (MC) + Testlet (4-5 questions on the same scenario diagram) + Drag-and-drop (DND) + Simulated lab (SIM) + Simlets (same as testlet need to use show commands to verify) Passing Score : 825/1000 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 13RESTS Contents for new CCNA 200-120 NOAs revi Cece Operation of IP Data Networks IP addressing (IPv4 / IPv6) LAN Switching Technologies IP Routing Technologies IP Services Network Device Security Troubleshooting WAN Technologies For Detailed Contents www.noasolutions.com www.isco.com )-\Solutions] What you get » World Class training Detailed lab workbooks for practice. Self paced Video trainings. Simulation Tools. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 14TCP/IP addressing NOAsamern Protocol set of rules to follow to have proper communication Network protocols TCP/IP IPx/SPx Appletalk Netbios Os! NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 15)-\Solutions| What is TCP/IP? » TCP/IP is a standard protocol used between computers and network devices for communication. & )-\Solutions| TCP/IP addressing » IP Address is Logical Address given to each and every device in the network. » Ibis a Network Layer address (Layer 3) » Two Versions of IP: Printer + IP version DS sew IP 4 ”S + IP version 6 Poe) ws ys g NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolIPV4 address + Bitis represent by 0 or 1 (i.e. Binary) * IP address in binary form (32 bits): 01010101000001011011111100000001 * 32 bits are divided into 4 Octets: First Octet Second Octet Third Octet Forth Octet 01010101. 00000101. 10111111. 00000001 * IP address in decimal form: 85.5.191.1 | Converting a Binary Address to Decimal A sires ru 3 ¥ le 128) 16 4 2z 1 oO oO NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 17Converting from Decimal to Binary ‘Convert Decimal to Binary 192.168.10.10 ‘11000000 "10101000 v8 > 128, pace atin 128 poston 1 subir 120 <64,placo 0 in 64 postion onl susrect >32, lace a 1 inthe 32 positon Subiret 52 16, place 0 inthe 18 positon 0 not stack 8 =8, poco tn ie poston subir 8 NOAsomon Convert Decimal to Binary 192.168.10.10 AS \™ 192 168 10 10 11000000 10101000 00001010 00001010 | NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 18NOAsomons Assigning a Static IPv4 Address to a Host LAN Interface Properties Configuring a Static IPv4 Address xl coed | )-\Solutions| Assigning a Dynamic IPv4 Address to a Host Sr" Nib rotasccne ‘Assigning @ Dynamic IPv4 Adress DHCP - preferred method of “leasing” IPv4 addresses to hosts on large networks, reduces the burden on network support staff and virtually eliminates entry errors NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 19)-\Solutions| Range of IPv4 address Taking Example for First Octet : Total 8 bits, Value will be 0's and 1's i.e. 28 = 256 combination 27 2° 25 2* 23 22 21 20 Total IP Address Range 0.0.0.0 to 255.255.255.255 )-\Solutions| IP Address Classification IP Addresses are divided into 5 Classes CLASS A 0-127 ae te) Used in LAN & WAN CLASS C 192-223 CLASS D 224-239 ~—_~Reserved for Multicasting CLASS E-240-255 _Reserved for Research & Development NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasol)\Solutions| Types of communication In an IPv4 network, the hosts can communicate one of three different ways: 1. Unicast 2. Broadcast 3. Multicast )-\Solutions| 1. Unicast Transmission the process of sending a packet from one host to an individual host. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 21NOAsomnns 2. Broadcast Transmission the process of sending a packet from one host to all hosts in the network — Routers do not forward a limited broadcast! Directed broadcast + Destination 172.16.4.255 + Hosts within the 172.16.4.0/24 network 3. Multicast Transmission NOAsameons Multicast - the process of sending a packet from one host to a selected group of hosts, possibly in different networks Reduces traffic Reserved for addressing multicast groups - 224.0.0.0 to 239.255.255.255. oO # NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 22NOAsomons Live TV and Radio Broadcast Ces to the Desktop )-Solutions| Network & Host portions IP address is divided into Network & Host Portion CLASS A N.H.H.H CLASS B N.N.H.H CLASS C N.N.N.H a specific device in the network set of devices NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 23NOAsorno Network & Broadcast Address Sway hs eating Cs sae Network ID: Identify complete network First IP of the range All ZERO’s in the host portion Broadcast address Used to send broadcast to all with in the same network Last IP address of the range © All ONE'S in the host portion Valid 1P Valid IP Addresses lie between the Network Address and the Broadcast Address. Only Valid IP Addresses are assigned to hosts/clients Example - Class C 192.168.1.0 ———» Network Address 192.168.1.1 192.168.1.2 192.168.1.3 Valid IP Addresses 192.168.1.253 192.168.1.254 192.168.1.255 ——> Broadcast Address NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolExample - Class B Class B 172.16.0.0 —_—_—_—_———» Network Address 172.16.0.1 172.16.0.2 172.16.0.3 Valid IP Addresses 172.16,255,253 172.16.255.254 172.16.255.255 ———» Broadcast Address | Example - Class A 10.0.0.0 _— Network Address 10.0.0.1 10.0.0.2 10.0.0.3 Valid IP Addresses 110.255.255.254 10.255.255.255 ———» Broadcast Address Pe NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 25)-\Solutions] Subnet-mask Subnet Mask differentiates Network portion and Host Portion 1 represent network O represent hosts Class A NH.H.H 255.0.0.0 Class B N.N.H.H 255.255.0.0 Class N.N.N.H 255.255.255.0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 26Reserved Address » Class D&E » Network ID & Broadcast ID » O.x.x.x not valid » 127.x.x.x for loopback address | 127.x.x.x - loopback address NOAsomim » Loopback address used for testing local TCP/IP protocols NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 27J\Solutions Private & Public IP . local network 7 The (Privete IP Address serena gy — 72169 peut Oe 192.168.1004 tn: 72 192.168.1008 @ Default Gateway 145121317 Internet 19216811 (Public IP Address) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 28)-\Solutions| PRIVATE IP PUBLIC IP Used with the LAN or within Used on public network( INTERNET) the organization Recognized on internet Not recognized on internet Given by the service provider ( from Given by the administrator (ANA) Unique within the network or Globally unique organization Pay to service provider ( or |ANA ) Free Registered Unregistered IP Private IP Address » There are certain addresses in each class of IP address that are reserved for Private Networks. These addresses are called private addresses. Class A 10.0.0.0 to 10.255.255.255 (10.x.x.x) Class B 172.16.0.0 to 172.31.255.255 Class C 192.168.0.0 to 192.168.255.255 — (192.168.x.x) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 29A simmers Assignment of IP Addresses Regional Internet Registries (RIRs) The major registries are: (IANA.org) hitp://www.iana.org/assignments/ipv4-address-space/ipv4-addres [Assignment of Addresses NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 30NOAsorons Subnetting » isthe process of Dividing a Single Network into Multiple smaller networks. » Subnetting helps in minimizing the wastage of IP address. )-\Solutions| FLSM & VLSM Subnetting can be performing in two ways. FLSM (Fixed Length Subnet Mask) VLSM (Variable Length subnet mask) Subnetting can be done based on requirement. Requirement of Hosts? Requirement of Networks? H=hostbits, N= Network Bits What we do in Subnetting Converting Host bits into Network Bits (reducing number of host bits) i.e. Converting 0's into I's NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 31NOAsomon 2 Power Table 2 NOAsomrn Value in Subnet mask NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 32Cu chass, Req = So hesig (FSM), N.N 2a rele WCHL « CMT (f( [LU - 6 BO00090 hask> 255-255-056. a 2 Rese) HB —G Greta Nos = ToBI — Dy. # Bb 8-622 toh BIH = ou, 2 9g Range 7 ah t-@ Nelwk Ip RyoJses+ fo 1 f\4r-(6R-1-Q > (Ar- lee -1-68 (Sr be-] 64 > (4b- e127 ASL ME] 128 SAL lee] Av ler. [42 4 Wr- (eetease FLSM: Example—1 Req = 40 hosts using C-class address network 192.168.1.0/24 © Host bits required (h) = 6 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 33Converted network Bits (n) = Total. H. Bits ~ req. H. Bits Converted network Bits (n) = 2 Total .N. Bits = default N bits + converted N bits = 24+ Hosts/Subet = 2%-2 = 25-2 = 64-2 = 62. Hosts/Subet Subnets = 2"= 2? = 4 Subnets Customized subnet mask = (/26) = 255.255.255.192 Range: 2h 25 = 64 Network ID Broadcast ID 192.168.1.0/26 192.168.1.63/26 192.168.1.64/26 192.168.1.127/26 192.168.1.128/26 192.168.1.191/26 192.168.1.192/26 192.168.1.255/26 FLSM: Example—2 Req = 30 hosts using C-class address network 192.168.1.0/24 2.2 >= req B-2 >=30 32-2 >=30 30 30 Host bits required (h) = 5 Converted network Bits (n) = Total. H. Bits ~ req. H. Bits 5=3 Converted network Bits (n) = 3 Total . N. Bits = default N bits + converted N bits = 2443 = /27 Hosts/Subet = 2"-2 = 2°-2 = 32-2 = 30 Hosts/Subet Subnets = 2"= 2 = 8 Subnets Customized subnet mask = (/27) = 255.255.255.224 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 34Range: 2-25 = 32 Network ID -- Broadcast ID © 192.168.1.0/27 192,168.1.31/27 © 192.168.1.32/27 - 192.168.1.63/27 192.168.1.64/27 192.168.1.95/27 192.168.1.96/27 192.168.1.127/27 192.168.1.128/27 192.168.1.159/27 192.168.1.160/27 - 192.168.1.191/27 192.168.1.192/27 - 192.168.1.223/27 192.168.1.224/27 192.168.1.255/27 = 30 Hos, C-Class NAGA sean ~ J (rfid + LaCie. (quell - PPfooose —_ s gz = 3 e Mak 956 AT 26. 224 Subrets = 2 = 22.2 9 Sines Gos kn) = 8 deh Ube 2443 =/2% NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolRey ate af @) LG!) > [a (ep 3 su ——+—> 02 64 —__-> as ab | (27 12g ———_ 954 o> (41 © e-l6¢-t i 0 bi 138 UNDERSTANDING — SvgneETS me neh £ { 972. [68 [-lo } D (hee) ne vie Now # aha 28 QD) be i S55: WS -YSS- 192] 0-83 FF OF DT] SS baie Ogeren- 4k je 14 22 @ (Hh — 255 FLSM: Example—3 Req = 500 hosts using B-class address network 172.16.0.0/16 28-2 >= req 2?-2>= 500 512-2 >= 500 510 >= 500 Host bits required (h) = 9 Converted network Bits (n) = Total. H. Bits ~ req. H. Bits NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 36=16—-9=7 Converted network Bits (n)= 7 Total. N. Bits = default N bits + converted N bits =16+7= /23 Hosts/Subet = 2%-2 = 29-2 = 512-2 510 Hosts/Subet Subnets = 2" = 27 = 128 Subnets Customized subnet mask = (/23)= 255.255.254.0 Range: 2"= 2° = 512 Network ID Broadcast ID 172.16.0.0/23 172.16.1.255/23 172.16.2.0/23 172,16.3.255/23 172.16.4.0/23 172.16.5.255/23 172.16.6.0/23 172.16.7.255/23 172.16.254,0/23 172.16.255.255/23 FLSM: Example—4 Req = 4000 hosts using B-class address network 172.16.0.0/16 2.2 >= req 28-2 >= 4000 4096-2 >= 4000 4094>= 4000 Host bits required (h) = 12 Converted network Bits (n) = Total. H. Bits~ req. H. Bits =16-12=4 Converted network Bits (n)= 4 Total. N. Bits = default N bits + converted N bits =16+4= /20 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 37Hosts/Subet = 20-2 = 22-2 = 4096-2 = 4094 Hosty/Subet Subnets = 2° = 24 = 16 Subnets Customized subnet mask = (/20)= 255.255.240.0 Range: 2"= 2" = 4096 Network ID - Broadcast ID 172.16.0.0/20 -— 172.16.15.255/20 172.16.16.0/20 -—- 172,16.31.255/20 172.16.32.0/20 -—- 172.16.47.255/20 172.16.48.0/20 172.16.63.255/20 172.16.64.0/20 172.16.79.255/20 172.16.240.0/20 - 172.16.255.255/20 Req afo00 Jost 1 USHg h-class (O-sssu) NEN. eH (LUCUII AMM. G9%¢Po0 -CC0COOCD Seen tpeee, [ora — Valid host * * pose AST QS. 252-0 hn Coote = Ib-lo -& Tort wb = lee = fan NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolw : + 172+ [6-252 \12-l6 265 BSH FLSM: Example—5 Req = 2000 hosts using A-class address network 10.0.0.0/8 20-2 >= req 2"—2 >= 2000 2048 —2 >= 2000 2046 >= 2000 Host bits required (h)= 11 Converted network Bits (n) = Total. H. Bits -- req. H. Bits = 24-1 =23 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 39Converted network Bits (n) = 13 Total. N. Bits = default N bits + converted N bits = 8+ 13 =/21 Hosty/Subnet = 2-2 = 2"-2= 2048-2 = 2046 Hosts/Subnet Subnets = 2" = 2 = 8192 Subnets Customized subnet mask = (/21) = 255.255.248.0 Network ID © 10.0.0.9/21 + 10.0.8.0/21 © 10.0.16.0/21 10.0.248.0/21 10.1.248.0/21 10.2.0.0/21 10.2.8.0/21 10.2.16.0/21 10.2.248.0/21 10.255.0.0/21 Broadcast ID 10.0.7.255/21 10.0.15.255/21 10.0.23.255/21 10.0.255.255/21 10.1.7.255/21 10.1.15.255/21 — — 10.1.23.255/21 10.1.255.255/21 10.2.7.255/21 10.2.15.255/21 10.2.23.255/21 10.2.255.255/21 10.0.7.255/21 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 40© 10.255.8.0/21 10.0.15.255/21 © 10.255.16.0/21 10.0.23.255/21 © 10.255.248.0/21 10.255.255.255/21 FLSM: Example—6 Req = 32000 hosts using A-class address network 10.0.0.0/8 2-2 >= req 26-2 >= 32000 32768 —2 >= 32000 32766 >= 32000 Host bits required (h)= 15 Converted network Bits(n) = Total. H. Bits ~ req. H. Bits =24-15=9 Converted network Bits (n) = 9 Total. N. Bits = default N bits + converted N bits. = 8+ 9 = 17 Hosts/Subnet = 2-2 = 28-2 = 32768-2 = 32766. Hosts/Subnet Subnets = 2" = 2? = 512 Subnets Customized subnet mask = (/17) = 255.255.128.0 32768 Network ID Broadcast ID 10.0.127.25517 10.0.255.255/17 10.1.127.255/17 10.1.255.255/17 10.2.127.25517 10.2.128.017 ss 10.2.255.255/17 10.3.0.017 ss 10.3.127.255/17 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 4110.3.128.017 ss 10.3.255.25517 10.4.0.0/17 a 10.4.127.255/17 10.4.128.017 w+ 10,4.255.255/17 10.5.0.017 10.5.127.255/17 5.128.017 10.5.255.255/17 10.255.0.0/17 = 10.255.127.255/17 10.255.128.097 ve 10.255.255.255/17 Aeclets 2 Dap er[lesooe}hovs Nv ne Sp pecowe + 2000000 92.9 2 dex yeti m ee Mo 2 2 bore . “wary 2 > Ga uwias Qss- Q5s- (42-0 ( hale Guvald Abs ~ 24-14 ~© Toh = Flo ~ [ie Svbnes - gh 22! (024 sumels NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolRenge- 24. 9 10:0 oo —» 64.0 \23-0 \4r-0 lot. oo Wo Qr-o he FLSM exercises C-Class Requirment © Requirment Requirment B-Class Requirment © Requirment Requirment Acclass Requirment © Requirment i lo-o- 4 [6384 Ca 28F 129. 155° (91 297 tw UT [p= 267 eo 7 lo 260" 65 288 en 12-2 isa au wr les > lo. 28s 275 7 NOAsonns 50 hosts 100 hosts 30 hosts 1,000 hosts 4,000 hosts 500 hosts 16,000 hosts 32,000 hosts NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 43Ropresen fob. NA ~ other Hay of Lvthry Subher mesic Wfmehin wi a a Qe 2H WT By Subnet mask 255.255.240.0 ABs 255.255.192.0 (23 255.255.254.0 25 3.8.8.1 255.255.255.128 AQ 255.255.224.0 (28 255.255.255.240 (29 255.255.255.248 730 255.255.255.252 (22 255.255.252.0 | l20: Fed 260 f22: I Wl ABr-0 i fas: eo 6 |x i> 96¢ ay 2st ty he : Eye NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolVLSH : a besQ42 225 Yor rene b ee ate a lo hate : y 0-124 ]o¢ Orr- 297} 29 fo hosts (@EO) caebss: Arey = 20 Pre ofeo] cae te 2 ® 2 2 by-2 be et = 32-2 Pr zh @pauies a . NUNN. 0 D000 29-2 =D) wares) N. Gpoooeee] ppp Gp coe = [29, N-N.N - Booooc0o a fe ee we v eee 1 alas | 6-2 25 Kr ASS 1365 BS5- 12k oa = oy lo a2 2. oia2 ~@) NNN - OBp 00x NNN. Gyo 0000 Ree 6 jor a = [27] asr ay 265 D0 SF 2H 2 2ey L NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 45Reng. - ahe : o?-ing A> [l4a.be- 4 -Opes => Br Ie. 1-129 [2s t H28) 2'=& => [T4e 8-1. 12%/26 142 Ker 4) oO [he ker a 2%-() >| 14r-(er-( © «(4 [xe NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 46\VLSM Design Examples Below you can find some of the sample scenario diagram where it mentions the reqquirments (ie No of hosts) account aes serene ss2.i683.0724 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 47MARKETING so pans” SALES | soheats” NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 481000 hosts 172.16.0.0/22 0.0 to 3.255 200 hests 172.16.7.0/24 ar 7.0 t0 7.255 172,16.6.0/26 6.0 t0 6.288 60 hosts 172.16.9. 8 100 hosts 172.16.8.128/25 172.16.9.64/26 172.16.9.160/27 8.128 to 8.258 9.64 t0 9.127 9.160 t0 9.191 NOAsonmno arm VLSM Exercises C- class Req Req B-Class Req Req Acclass Req Req 100, 50, 20,10 120, 40 , 12, 4 4000, 1000 , 500, 200 16000, 2000 , 200, 120, 100 32000, 8000 . 1000, 500, 200 4000, 200 , 120 , 60, 30,12, 10 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolNOAsomnns Subnetting Questions Find subnet-mask , Range (network ID and Broadcast ID) , Valid Host, Subnets + 28.10.145.10/18 + 150.12.110.10/25 + 150.50.50.50/23 + 100.10.185.10/20 + 50.1.112.10/21 + 112,10.78.40/22 + 172.16.221.10/19 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolIntroduction to Switch & Router OAsumnnns Switch NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 51NOAsamem Media Types 1. Fiber Optic 2. Copper cables ( UTP & Co-axial) 3. Wireless | UTP cable )-\Solutions| NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 52; NOAsormon Straight & Cross Cables Carey Gi os Sg oy eg o- | Straight & Cross Cables )-\Solutions| PC STRAIGHT-THRU HUB PC CROSSOVER PC 11 ————— 1 TH —A|\ya'» {2 2 RX. He? 2% 3 I PKS AG —— 4 4 4 s——=—s 5 5 Xe § 6 1x. RK —=S=— —_— —— § — | | NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 53Co-axial Cable NOAsomens Fiber Cables Transmission over longer distances and at higher bandwidths ps NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 54NOAsorron Wireless LAN NOAsomens Basic LAN setup using packet Tracer » Connect 4 computers in the LAN using Switch » Configure IP addressing on all PC using 192.168.1.0/24 network. » Check Connectivity between all the PC using Ping command NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 55NOAsoraons Router Itis an internetworking device used to connect two or more different networks NOAsomens ‘Which Routers to buy ? Many companies are manufacturing Router : + Cisco Nortel Multicom, Cyclades Juniper Dlink Linksys 3Com NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 56NOAsormeans Cisco’s Hierarchical Design Model 1. Access Layer Router 2. Distribution Layer Router 3. Core Layer Router 7000 Seis Cataat 6500 Series )-\Solutions| Access Layer Router » Routers which are used by the Small Organization and are also known as Desktop or Company Layer Routers. Router Series : 800, 1000, 1600, 1700, 1800,2500 isco 1700 al 2 — | NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 57Distribution Layer Router NOAsomerns » Routers which are used by the ISPs and are also known as ISP Layer Routers Router Series : 2600, 3200, 3600, 3700, 3800 Cisco 2821 ‘clases Cisco 2800 Series integrated Services Routers NOAsormeons Core Layer Router Routers which are used by the Global ISPs and are also known as Backbone Routers Router Series : 6400, 7200, 7300, 7400, 7500, 7600,10000, 12000 Cisco 7000 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 58NOAsomeans Cisco XR 12000 Series Routers | Router Classification Sar oy edge cae NOAsormos FIXED ROUTER MODULAR ROUTER, All ports are integrated on Have Slots where you can add or motherboard (no Slots) remove cards Non Upgradable cannot add and Distribution and Core Layer Routers remove the interfaces example of Modular Router 2500, 800 series routers 1600.1700,1800, NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 59External Ports of Router LAN , WAN , admin ports LAN Ports: (RJ45) Ethernet 10 Mbps Fast Ethernet 100 Mpbs Gig Ethernet 1000 Mbps NOAsorron NOAsormon WAN ports Serial ports 60 pin or 26 pin smart serial Por “Pot” Satcn——Canmaston NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 60NOAsorro Console Port » Used for local administration ,Initial Configuration, Password Recovery > Itis RI45 Port Roto Riis 2088 Comper eb ‘seer )-\Solutions| Auxiliary Port » Used for remote administration. » Itsan RU-45 port » Aconsole or a rollover cable is to be used. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 61NOAsomons 2500 Cisco router Attachment Unit lntertace ‘viony Power ‘AKO supply NOAsomen Attachment Unit Interface AUI pin configuration is 15 pin female. It is known as Ethernet Port or LAN port or Default Gateway. It is used for connecting LAN to the Router. Transceiver is used for converting 8 wires to 15 wires. ie. RJ45 to 15 pin converter. Transceiver a NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 62A simran External Ports of Router (Contd) ee ee » LAN interfaces - Ethernet ‘AUI (Attachment Unit Interface) (E0)~ 15 pin TObaseT — R45 » WAN interfaces Serial interface (50, S1, 50/0, s0/1 , s0/0/0 ete) ~ 60 pirv26 pin(smart serial) ISDN interface(BRIO ete) ~ RI45 (used for ISDN wan connections ) » Administration interfaces Console ~ RJ45 — Local Administration Auxillary — RJ45 — Remote Administration A Sirens Internal Components POST power on self test Checks the hardware ROM loads the bootstrap programs and searches for the 10S (Flashy TFTP/ROM) FLASH Stores 105 NVRAM. Stores configurations ( permanent) Startup-config RAM. Stores Configurations ( temporary) Running-contig, NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 63Internal Components Internal Flash Memory (Compact Flash) Perform Post | Locate andiosd | 3. Locate the 10s | Operating system 4. Load the 1S 5. Locate the Configuration file 6. Execute the Configuration fle (or 7. Enter Setup Mode 1. Performing the POST and Loading the Bootstrap Program * The power-on self test (POST) is a process that occurs on almost every computer when it boots. The POST is used to test the router hardware. After the POST, the bootstrap program is loaded. The bootstrap program locates the Cisco IOS and loads it into RAM. 2. Locating and Loading the IOS Software NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 64* The location of the IOS file is specified by the value of the configuration register setting. The bits in this setting can instruct the device to load the IOS file from the following location: = Flash memory = ATFTP server * To load the IOS normally from flash, the configuration register setting should be set to 0x2102. 3. Locating and Executing the Startup Configuration File or Entering Setup Mode After the IOS is loaded, the bootstrap program searches for the startup configuration file (startup-config) in NVRAM. This file contains the previously saved configuration commands and parameters, including Interface addresses, Routing information , Passwords , other configuration parameters If no configuration file is located, the router prompts the user to enter setup mode to begin the configuration process * Ifa startup configuration file is found, a prompt containing a hostname will display. The router has successfully loaded the IOS and the configuration file. Integrated Services Router (ISR). © It gets its name because many of the services, like security, are built into it. It's a modular device like the 2600, © but it’s much faster and a lot more sleek—it's elegantly designed to sup-port a broad new range of interface options. ‘+ 800,1800,2800,3800, 1900,2900,3900, NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 65NOAsomes BASIC COMMANDS NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 66NOAsonmeons Console Connectivity Console Port os een RoE yastoons COMP Console Connectivity Connect a rollover cable to the router console port (RJ-45 connector). Connect the other end of the rollover cable to the RJ-45 to DB-9 converter Attach the female DB-9 converter to a PC Serial Port. Open emulation software on the PC. IN WINDOWS + Start > Programs > Accessories > Communications > HyperTerminal > HyperTerminal. Give the Connection Name & Select Any leon Select Serial (Com) Port where Router is connected. In Port Settings > Click on Restore Defaults LAN apz.nen.t.0/24 IN LINUX + # minicom —s (used instead of HyperTerminal in Windows) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 67Terminal Emulation Programs Software available for connecting to a networking device HyperTerminal PUTTY Tera Term SecureCRT OS X Terminal NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolNOAsormeans HyperTerminal for console access Sym Press RETURN to get stort NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolNOAsorons Putty Software for Console access of router NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 70- NOAsoreo Modes on Cisco Routers ‘Goncway 0 highly rewarding Cleo carer Setup Mode :- IF NVRAM I Blank User Mode: ‘Only some basie monitoring Privileged Mode:- monitoring and some troubleshooting Global Configuration mode:- {All Configurations that effet the router globally Interface mode:- + Configurations done on the specific interface Rommon Mod Reverting Password NOAsorons Setup Mode IFNVRAM js blank (router without configurations) cisco 1961 (revision 5.0) with 114600K/16904" bytes of menory MBGO processor: part number 0, mask 49 2 Fastienernet/Isee 802.3 intersace (2) J63400K bytes of ATA CompactFlash (Read/Hrite) technical support: heep: //wrw.ciace.con/techaupport by cisco systema, ine. S2 by pt_tean continue with configuration dfalog? [yes/no] leoneinue wil on diaiog? (yes/no) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 71)-\Solutions| User Mode: ‘Only some basic monitoring Router>show flash System fash directory File Length Name/status 3 5571586 <2600-1me.122-28.bin [5827403 bytes used, 58188981 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write) Router>sh ip interface brief ote IPAddest OR? Method status Protect FasEthemetO/0 —unawlgned-YESunet administratively down down Facethemet—unauigned YES unt sdminitatvely down down” )\Solutions| Router>ping 1.1.1.1 Type excape sequence to abort. Sending 5, 100-byte ICMP Echos 10 1.1.1.1, timeout is 2 seconds Succes ate is O percent (0/3) Router>traceroute 1.1.1.1 ‘Type scape sequence to abort, Teacing the route to 1.1.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 72NOAsorrons Router>show version Cisco Internetwork Operating System Software 108 (ten) C2600 Softwrare (C2600+4M), Version 12.2(28), RELEASE SOFTWARE (fe5) “Technical Suppor: hitp:/Awwwcisea convtechsuppart Copyright (2 1986-2005 by cisco Syste, ne. Compiled Wed 27-Apr-04 19:01 by miwang Image text-base: OxB000808C, deta-base: OxBOATFECC ROM: System Bootstrap, Version 12.1(3rJT2, RELEASE SOFTWARE (el) Copyright () 2000 by clsco Systems, Inc. ROM: C2600 Software (C2600-LM}, Version 12.2(28), RELEASE SOFTWARE (fe5) System retuined to ROM by reload System image files "Mash:e2600+-mz.122-28.bin* «sco 2621 (MPC8ED) processor (revision 03200) with 6O416K/SIZOK bytes of memory Processor board ID JADOSISOMTZ (4292891495) 'MB6O processor: part number 0, mask 49 Bridging sofware X25 software, Version 3.0.0 2 FastEthornoV/IEEE 802.3 interfae(s) 32K byte of non-volatile configuration memory. {63488K bytes of ATA CompactFlash (Read AWite) Conguration register Is x2102 NOAsorons Privilege Mode » Complete monitoring » All show commands, Copy . erase commands Router> enable Router # show flash Router # show version. Router #show ip interface brief Router#! ping 1.1.1.1 Router # traceroute 50.1.1.1 Router # show running-config Router # show startup-config Router # Copy Router # erase NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 73NOAsorrons ‘Without names, network devices are difficult to identify for configuration purposes. TES Global configuration mode NOAs reotng Cicer Router # configure terminal Router (config) # Configuring Device Names Router (config) # hostname NOA Hostnames allow devices to be identified by network administrators over a network or the Internet. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 74NOAsorrom Assigning Passwords » Console > Auxiliary » VTY line (telnet) p93 LAN - 192.168.1.0/24 NOAsoron Assigning console password: Router(config)# line con 0 Router(configline) # password Router(config-ine) # login (ine mode) Router(configtline) # exit Assigning Auxiliary password: Router(contfig)# line aux Router(config-line) # password Router(configrine) # login (ine mode) Router(configrline) # exit Assigning Telnet password: Router(contfig)# line vty 04 Router(configtine) #password Router(config-ine) #login (line mode) Router(configtline) #exit NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 75NOAsonns Enable Password Router> enable Password: Router(config) # enable password The will be password saved in clear text OR Router(config) # enable secret. The password will be saved in encrypted text NOAsome Encrypting Password Display Care ty eng St (config)# service password-encryption NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 76)-\Solutions| To save the configuration: Gare or woe Ce cae Router # copy running-config_ startup-config (oR) Router # write memory (oR) Router # write Erase all Configurtions NOA # erase startup-config NOA # reload )\Solutions] Banner Messages (config)# banner motd # ... # Limting Device Access - MOTD Banner NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 77LAB:_BASIC CONFIGURATIONS AND VERIFICATIONS )-\Solutions| Console Connectivity Console Port Rollover Computer Cine RAS to DBS ‘Converter TASK: Connect the router via Console cable on console port (as per diagram) POWER on the router and observe the booting Process (sample Output shown below) System Bootstrap, Wersionll2i(3r)T2, RELEASE SOFTWARE (fcl) Copyright (c) 2000 by cisco Systems, Ine. {dso 2621 (MPC86O) processor (revision Ox200) with BOBTERISIZOK bytes of memory Self decompressing the image: Restricted Rights Legend Use, duplication, or disclosure by the Government is, subject to restrictions as set forth in subparagraph (0) of the Commercial Computer Software - Restricted, Rights clause at FAR sec. 52.227-19 and subparagraph (©) () (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013 cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 78Cisco Intemetwork Operating System Software IOS (tm) C2600 Sefiware (C2600=-M)y Version 12/2(28), RELEASE SOFTWARE (fc5) Technical Support: http:/Avww.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Wed 27-Apr-04 19:01 by miwang EB 2BDITMPCREO) BRSEEHEE (rion 0%:200) with BOATGRISTAOK bytes of memory Processor board ID JADOSISOMTZ (4292891495) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. ~- System Configuration Dialog —- Continue with configuration dialog? [yes/no]: % Please answer 'yes' or no’. Continue with configuration dialog? [VE7ROIInS Router> Router>show flash System flash directory: File Length Name/status 3. 5571584 e2600+ieme122-28.bin [5827403 bytes used, 58188981 available, 64016384\tetal) 63488K bytes of processor board System flash (Read/Write) Router>show version Cisco Intemetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M). Version 12.2(28), RELEASE SOFTWARE (fc5) Technical Support: http:/Avww.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Wed 27-Apr-04 19:01 by miwang Image text-base: 0x8000808C, data-base: Ox8OAIFECC ROM: System Bootstrap, WersiOn|T2i(3r)T2, RELEASE SOFTWARE (fel) Copyright (c) 2000 by cisco Systems, Inc. ROM: €2600)S6ftWare (C2600-I-M). Version 12.2(28), RELEASE SOFTWARE (fe5) System returned to ROM by reload System image file is GS€8)2621 (MPC860) processor (revision 0x200) with BOIBK/SIZOK bytes of memory NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 79Processor board ID JADOSISOMTZ (4292891495) M860 processor: part number 0, mask 49 Bridging software, X.25 software, Version Configuration register is Ox2102 Router>sh ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/O unassigned YES unset administratively down down FastEthernet0/I unassigned YES unset administratively down down" Router>ping 1.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: Success rate is 0 percent (0/3) Router> traceroute 1.1.1.1 Type escape sequence to abort. Tracing the route to 11.1.1 To enter in to privilege mode Router> enable By typing the clock 2command, you'll get a list of the next possible parameters and what they do. Notice that you should just keep typing a command, a space, and then a question mark until (carriage return) is your only option If you're typing commands and receive To enter in to privilege mode Router# configure terminal Enter configuration commands, one per line. End with CNTU/Z. TO change the Hostname of the router Router(config)# hostname HYDERABAD HYDERABAD (config)# NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 80‘TO ASSIGN CONSOLE PASSWORD HYDERABAD(config)#line console 0 HYDERABAD(config-line)#password ciscol23 HYDERABAD(config.line)#login HYDERABAD(config-line)#end SEVSSCONAG, | Confered om consle by once HYDERABAD# exit HYDERABAD cond is now available Press RETURN to get started. User Access Verification (Enter the console password which was configured) HYDERABAD> HYDERABAD>enable HYDERABAD# conf terminal Enter configuration commands, one per line. End with CNTL/2. HYDERABAD(config)# line vty 0.4 HYDERABAD (config-line)# password ccnal23 HYDERABAD(config-line}# login HYDERABAD(config-line)# exit HYDERABAD (config)# enable password ccnp123 HYDERABAD (config)# exit HYDERABAD# exit HYDERABAD cond is now available Press RETURN to get started. User Access Verification Password: (Enter the console password which was configured) HYDERABAD> enable NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 81(Enter the enable password which was configured) HYDERABAD# HYDERABAD# show running-config Building configuration... Current configuration : 480 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption 1 hostname HYDERABAD HYDERABAD# configure terminal HYDERABAD(config)# enable secret cciel23 HYDERABAD(config)# exit HYDERABAD# show running-config Building configuration... Current configuration : 527 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname HYDERABAD ! ! I! enable secret BSISERES2R/BDARAXARITSDV7ARY, enable password cenpl23 ! HYDERABAD# erase startup-config NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 82Erasing the nvram filesystem will remove all configuration files! Gntinle? [ESRF] [OK] Erase of nvram: complete HYDERABAD# reload Proceed with reload? [confirm] °@SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command. System Bootstrap, Version 12.1(31)T2, RELEASE SOFTWARE (fel) Copyright (c) 2000 by cisco Systems, Inc. cisco 2621 (MPCBEO) processor (revision 0x200) with 60416K/5120K bytes of memory Self decompressing the image : HHAYHAEBEUHHAARHOERHDRREAEHOUOHEBUHEERHOLEHEAHHEUREOGEEGHEEOEURHBLEBHEEE [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (0) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (©) () (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Intemetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fe5) Technical Support: http:/Avww.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Wed 27-Apr-04 19:01 by miwang cisco 2621 (MPC860) processor (revision 0x200) with 60416K/S120K bytes of memory Processor board ID JADOSISOMTZ (4292891495) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 2 FastEthernet/IEEE 802.3 interface(s) 32K bytes of non-volatile configuration memory. 63488K bytes of ATA CompactFlash (Read/Write) NOTE: The router enters in to setup mode as the startup-config been erased NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 83UNDERSTANDING LAN CONNECTIVITY: PC STRAIGHT-THRU HUB CROSSOVER Te 1 2 2 FX. Re 3 ———— 4 s————s Re 6 ES 6 TX — °F RI-45 Plug 56 Sagh Tough ee able RJ 45 CONNECTOR: + RU45is a standard type of connector for network cables. RJ45 connectors are most commonly seen with Ethernet cables and networks. RU45 connectors feature eight pins to which the wire strands of a cable interface electrically. Standard RJ- 45 pinouts define the arrangement of the individual wires needed when attaching connectors to a cable. Several other kinds of connectors closely resemble RJ45 and can be easily confused for each other. The RJ-Il connectors used with telephone cables, for example, are only slightly smaller (narrower) than RU-45 connectors. ‘* Also Known As: Registered Jack 45 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 84‘Sma LAN using hub ‘as ura sich at eT et aera) eee gera NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 85Wide Area Network Service Provider j == 5 es NOAA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 86NOAsorom WAN Connection Types Synchronous Serial Asynchronous Serial, ISDN Layer 1 Circuit-Switched eS - Sompany ‘Synchronous Serial Packet-Switched Se- NOAsone Modern WAN Connections MPLS Metro Ethernet Virtual Private Network (VPN) DSL Cable SAT NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolLeased Lines 2 pairof Copper Wire LAN - 10.0.0.0/8, LAN -20.0.0.0/8 HYDERABAD BANGLORE OFFICE OFFICE .703 G.703 Modem Modem HYDERABAD |__ BANcIORE ‘MUX MUX Serial Point-to-Point Connections Router Connections End-Usor Devies DCE = eS [on =] ==) —— =. EINTIA-232 EATIAGAS V5 «X21 EIA-530 Network Connections at the CSU/DSU NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 88Sate tgs evading Cena Data Termination Equipment Data Communication Equipment Accept clocking (i.e. Speed). 2. Generate clocking (i.e. Speed) Example of DTE device in >. Example of DCE device in Leased Leased line setup : Router line setup : V.35 & G.703 Modem Example of DTE device in Dial Serene (Neca e NUS up setup : Computer Example of DCE device in Dial up setup : Dialup Modem Lab Setup NOAsamms Wen Representation ee » A Back to Back Cable is used which emulates the copper wire, modems and MUX, the complete exchange setup. 335 Back to Back Cable NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 89NOAsorom Rules to assign the IP address to the router: \ Allthe LAN and WAN should be in different networks (or should not repeat the same networks). Router Ethernet IP and the LAN network assigned should be in the same network. Both the interfaces of router facing each other should be in the same network. All the interfaces of routers should be in the different network. NOAsomeos eee iy evi ths a5 anes vgs ena “IRRS Ga RAYA NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 90_ : NOAsomeon Assigning IP address on Cisco routers ie een (config) # interface (config-if) # ip address (config-if) # no shutdown NOAsomens Assigning a Static IPv4 Address to a Host Some aes LAN interface Properties Configuring a Static IPv4 Address a Tener reenter ace cd SSS 5 tae te at = eee NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolLAB: BASIC IP CONFIGURATION: 192.168.1.3, 192.168.1.1 192.168.1.4 192.168.1.2 192.168.2.1 192.168.2.2 192.168.1.0/24 192.168.2.0/24 TASK: 1. Design the topology as per the above diagram 2. Configure Ip address as per the diagram and rules 3. Verify the Interface status using command. # show ip interface brief ON ROUTER -1 Router> enable Router configure terminal Router (config) # hostname R-1 Rel(config)# interface fastEthernet 0/0 R-(config-i# ip address 192.168.1100 255.255.255.0 Rel(config-if}# no shutdown Ra(configifht Re(config-if}exit Rel(config)interface serial 0/0 Rel(config-iffip address 10.0.0.1 255. Rel(config.if}# no shutdown NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 92R-l(config-if}# clock rate 64000 NOTE: * clock rate is only required in the lab scenario as we are using a back to back cable instead of the real exchange where the modems will be installed which will generate the clocking here clock rate has to be generated manually using clock rate command Rel#fshow ip interface brief Interface IP-Address OK? Method Status Protocol FastEthemet0/O 192.168.1100 YESmanualup = up FastEthernet0/1 nasser YES unset ae down down Serial unassigned YES unset administratively down down ON ROUTER -2 Router> enable Router# configure terminal Router(config)# hostname R-2 R.2(config# interface fastEthernet 0/0 R-2(config-if# ip address 192.168.2100 255.255.255.0 R-2(config-if)#fno shutdown R-2(config-iffexit R-2(config)# interface serial 0/0 R-2(config-iffip address 10.0.0.2. 255.0.0.0 R-2(config-i}#no shutdown R.2(config.i# clock rate 64000 R-2#show ip interface brief Interface IP-Address OK? Method Status Protocol Festthemet0/0 192.168.2100 YES manval up wp FastEthernet0/I__unassigned __YES unset administratively down down SerialO/t unassigned YES unset administratively down down NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 93Relfshow ip interface brief Interface IP-Address FastEthernet0/0 (OK? Method Status FastEthernetO/1 Protocol 192.168.1.100 YES manual up up unassigned YES unset administratively down down SerialO/t unassigned YES unset administratively down down R.2#ping 10.0.0.1 Type escape sequence to abort. Sending 5. 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: ‘5), round-trip min/avg/max = 2/4/8 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 94RTETTTS LAB : Assigning IP address NOAsomens 9216511 A ES on essa eigen 19216822 192.16561.0/28 192.168:2.0/24 BASIC CONFIGURATI THREE ROUTERS 192.168.1.1 192.168.1.2 192.168.1.0/24 192.168.2.0/24 192.168.2.1 192.168.2.2 192.168.3.1 192.168.3.2 192.168.3.0/24 ROUTER -1 Router(config)# hostname R-1 R-l(config)# interface fastEthernet 0/0 RA(config-if}# ip address 192.168.1.100 255.255.255.0 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 95RA(configif}# no shutdown %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up ‘LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R-(config.iffexit Rul(config)finterface serial 0/0 RAl(config.if}fip address 10.0.0.1 255.0.0.0 RAlconfigif}#ne shutdown Re(config-if}# clock rate 64000 NOTE: * clock rate is only required in the lab scenario as we are using a back to back cable instead of the real exchange where the modems will be installed which will generate the clocking + here clock rate has to be generated manually using clock rate command Relifshow ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/O 192.168.1100 YES manual up up FastEthernet0/1 ae YES unset a: down down SerialO/1 unassigned YES unset administratively down down ROUTER -2 R-2>enable R-2(config)# interface fastEthemet 0/0 R-2(config if ip address 192.168.2.100 255.255.255.0 R-2(config-iffno shutdown R-2(config-if}#exit R.2(config)# interface serial 0/0 R-2(config-i# ip address 10.0.0.2 255.0.0.0 R-2(config.if}#no shutdown R-2(config-ifi#eclock rate 64000 R-2(config)# interface serial O/1 R-2(config-if}# ip address 11.0.0.1 255.0.0.0 R-2(config-if}# no shutdown. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 96R-2(config-if\#clock rate 64000 R-2#tshow ip interface brief Interface IP-Address OK? Method Status Protocol up up FastEthernetO/I__unassigned _YES unset_administratively down down ROUTER- 3 Router>enable Router#tconf t Router(config)#hostname R-3 R-3(config)finterface fastEthemet 0/0 R-3(configi# ip address 192.168.3.100 255.255.255.0 R-3(config-i#no shutdown R-3(config-iffexit R.3(config)#interface serial 0/0 R-3(config-iffip address 11.0.0.2 255.0.0.0 R-3(config-if}#no shutdown R-3 (contig. clock rate 64000 R-3(config-if}# end R-3#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernetO/I_ unassigned _YES unset administratively down down SerialO/t unassigned YES unset administratively down down R.2#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: ma Success FAEBNSTOO BERRIES /5), round-trip min/avg/max = 4/12/44 ms R-2#ping 11.0.0.2 Type escape sequence to abort. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 97Sending 5, 100-byte ICMP Echos to 11.0.0.2, timeout is 2 seconds mn Success FSRSNISIIOOIBEREERE (5/5), round-trip min/avg/max = 4/7/20 ms NOTE: Once the interfaces are up you should be able to ping to the directly connected interfaces of the other routers NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 98NOAsomns Troubleshooting Connectivity R-l#show ip interface brief Invecface Raddress OK? Method — Status Protocol FastEthernetO/O 192.168.1100 YES manual up up FastEthernetO/l unassigned YES unset__ administratively down down, SerislO/0 10.001 YES manual up up Seralon unasigned YES unset administratively down down )-\Solutions| Troubleshooting Connectivity(contd) seiaimeateaied a + Connectivity is fine. _ 2) Serial is down, line protocol is down + remote device turned off + remote port is in shutdown state + interface on the remote router has to be configured + problem with connectivity 3) Serial is administratively down, line protocol is down local port is in shut down state + No Shutdown has to be given on the local router interface 4) Serial is up, line protocol is down Encapsulation mismatch lock rate command not given on serial interface ( only applies in lab scenario ) if using PPP , then authentication mismatch NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 99WAN PROTOCOLS NOAsanmnn HDLC PPP Higher level data link Control Point to Point Protocol protocot Cisco Proprietary Standard Protocol NO support Authentication, Supports Authentication, compression & Compression & error correction | error correction Default on serial links Change to PPP. NOAsomens Retésh interfaces solo Serials up, line protocol is up (connected) Hardware s 064570 Internetaddressis 10.0.0.18 [MTU 1500 bytes, BW 1544 Kbit, LY 20000 usec, reliabilty255/255, txload 1/255, xload 9255, Encapsulation HDLC, leopback not set, keepalive set (10 see) Configuration of PPP: Router# configure terminal outer(config interface serial ofo Router(configif}* encapsulation ppp NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 100PPP Authentication Gran hs evading Ce ar PAP ‘CHAP: Password Authentication Protocol Challenge Handsheke Authentication Protocol PAP provides a simple method fora ‘After the PPP link establishment phase Is complete, the remote node to establish Is identity using_| local router sends a unique “challenge” message fo the a two-way handshake, remote node. PAP Is done only upon titi ik “The remote node responds with a value (MDS) establishment PAP Is nat a strong authentication “The local router checks the response against lis own protocol calculation ofthe expected hash value Password: are sent across the link in clear | Ifthe values match, the euthentication is text. acknowledged. Otherwise the connection i terminated immediately NOAsomens PAP vs CHAP Sascnay hihi erty Che ar PPP Authentication Protocols Tea Te NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 101NOAsormons .I[config) tusemame R2 password cixeol23 R-1{config) #in 30/0, PAP Configuration --I(config-)4encapsulation ppp RI(config:#Ppp authentication pap 2.!(contg.)ppp pap sentusername R:1 password clzeol23 Reljcontig.i) Wend -2[conlig) #usermame R-1 password cisco123 .2[contig) tnt 30/0 i)#encapsuiation ppp (9:1)ppp outhentication pap iN¥ppp pap sent-username R-2 password clscol23 Toanesaz4 waresz0/20 NOAcormons CHAP configuration on RI/R2 Serre ieiroeen escent rayne Rex(config) int 30/0 J \ Rx{contigst}# encapsulation ppp B. Rx{confgsi)® ppp outhentication chop ssa. fect eees Ra(contgitj# exit ae R.J(config|#username R-2 password ciscol23 -2[config| tusemame R-1 password cisco123 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 102LAB: PPP Authentication using CHAP ‘ike \ ~ Sw lea 19216814 op. sos2.1 192.108.22 192.465.1.0/24 192.168.2.0/24 TASK: ‘Continue with the same previous lab connecting RI/R2 where IP address is pre-configured. © configure RI/R2 to use PPP authentication using PAP Relifsh ip int brief Interface IP-Address OK? Method Status Protocol ‘ES manual up up FastEthernetO/1 unassigned ‘YES unset administratively down down Seal(0——-EMOIGOA YES manval up up Serial unassigned YES unset administratively down down R-lfsh int sO/O Setial0/0 is up. line protocol is up (connected) Hardware is HD64570 Internet address is 10.0.0.1/8 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255. txload 1/255. rxload 1/255 not set, keepalive set (10 sec) Configure PPP Authentication using CHAP on both RI/R2 R-x(config)#int $0/0 R-x(config-if# encapsulation ppp R-x(config-i# ppp authentication chap Rex(config-if exit R-l(config)#username R-2 password ciscol23 R.2(config)#fusemame RA password ciscol23 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 103R.2sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 —_192.168.2.100 YES manual up up FastEthernetO1_ unassigned —_YES unset administratively down down Serial0/0 10.0.0.2 YES manual up up Serial unassigned YES unset administratively down down R-2#ping 10.0.0.1 Type escape sequence to abort. Sending 5. 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: unt Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/14 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 104LAB: PPP Authentication using PAP N * aS swe Se2=2 s 192.168.1.2 N2A68.14 oa s65.2.1 192.168.22 102.465.1.0/24 102.168.2.0/24 TASK: ‘+ Continue with the same previous lab connecting RI/R2 where IP address is pre-configured. + Remove the encapsulation PPP and reconfigure PPP Authentication using PAP. R-I(config)ftusemname R-2 password ciscol23 R-l(confighfint s0/0 R-l(config-if}#no encapsulation ppp R-l(config-i#encapsulation ppp Re(config-if}#ppp authentication pap RAl(config-i}#ppp pap sent-username RA password ciscol23 R-I(config-if}#end R-2#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthemet0/O —_192.168.2.100_ YES manual up up FastEthemet0/I unassigned YES unset administratively down down SerialO/0 10.0.0.2 YES manual up down Serial” Unassigned YES unset administratively down down R-2(config)#username R-l password ciscol23 R-2(config)#int s0/0 R-2(config-if) Hencapsulation ppp R.2(config-if)#ppp authentication pap R-2(config-if)#ppp pap sent-username R-2 password ciscol23 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 105R-2(configeifHend R.2#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEtheret0/O 192.168.2100 YES manual up up FastEthernetO/l unassigned YES unset administratively down down Serial0/0 10.0.0.2 YES manual up up Serial Unassigned YES unset administratively down down R-2#ping 10.0.0.1 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: mu Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/7 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 106Routing Static , Dynamic, Default NOAsorron Routing aren iret he cer Forwarding of packets from one network to another network choosing the best path from the routing table. sn25 5 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 107J\Solutions Types of Routing 1. Static Routing 2. Default Routing 3. Dynamic Routing NOAsommeo Static Routing eee eens » It is configured by Administrator manually. Mandatory need of Destination Network ID Itis Secure & fast Used for Small organizations with a network of 10-15 Routers Administrative distance for Static Route is O and 1. Irs the “trunworttines” of the routing information. esr the Adminitrative tance, higher Disadvantages :- Used for small network. Everything to manually Network change effect complete nw NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 108NOAsoron Configuring Static Route Router(config)# ip route NOAsomion LAB : Static Routing Carey ey vt Chew caer Ra(config)# ip route 192.168.2.0 255.255.255.0 10.0.0.2 R.2(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 109LAB: STATIC ROUTING = 90 192.168.2.4 192.168.1.3, 192.168.1.4 '192.168.1.4 aeateete 192.168.2.1 192.168.2.2 192.168.1.0/24 192.168.2.0/24 Pre-requirement for LAB (check previous labs) ‘+ Design the topology (connectivity ) ‘+ Assign the IP address according to diagram. ‘+ Make sure that interfaces used should be in UP._UP state TASK: © Configure Static routing © Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) R-l#show ip route Gateway of last resort is not set easasied is directly connected, FastEthemet0/O R-2i/show ip route Gateway of last resort is not set c {Pe lei cones 4 is directly connected, FastEthernet0/O NOTE: «The above routing table displays only the networks which are directly connected © By default router don’t know about the networks which are not directly connected and that the reason there is no reachability between the two LAN's Soto provide reachability we need to implement any type of the routing NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 110PC> ipconfig IP Address.nsesen Subnet Mask. 55,255.255.0 Default Gateway.. 192.168.1.100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply Reply from 192.168.1.100: Destination host unreachable. Reply from 192.168.1.100: Destination host unreachable. Ping statistics for 192.1682. Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), + From the above output we can see there is no communication between 192.168.1.1 and 192.168.2.1 and they are on different networks. * In order to communicate we need to implement any of the routing (here in this we use static routing ) On RA RA(configl# ip route 192.168.2.0 255.255.255.0 10.0.0.2 R-l(config)# end R-l#sh ip route Gateway of last resort is not set C_ 10.0.0.0/8 is directly connected, Serial0/O C_ 192.168.1.0/24 is directly connected, FastEthemet0/0 OnR2 R-2(confighfip route 192.168.1.0 255.255.255.0 10.0.0.1 R-2(config}#end R-2#show ip route Gateway of last resort is not set C_10.0.0.0/8 is directly connected, SerialO/O C 192.168.2.0/24 is directly connected, FastEthemet0/0 PC> ipconfig IP Address 192468. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 111Default Gateway. PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply Reply from 192.168.2.1 Reply from 192.168.2.1: bytes=32 time=2Ims TTL=126 PC> ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data: Request timed out. 2 time=21ms TT! Reply from 192.168.2.2: bytes=32 time=19ms TTI Reply from 192.168,2.2: bytes=32 time=12ms TT PC>tracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: R-2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is [OOJBEREAE (5/5), round-trip min/avg/max = 10/15/18 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 112NOAsomos LAB : Static Routing aren irvine cer Re (config)# ip route 192.168.2.0 255.255.255.0 10.0.0. R-l(config)# ip route 192.168.3.0 255.255.255.0 10.0.0.2 R-l(config)# ip route 1.0.0.0 255.0.0.0 10.0.0.2 NOAcormons LAB : static Routing R-2(config)# ip route 192.168.1.0 255.255.255.0 10.0.0.1 R-2(config)# ip route 192.168.3.0 255.255.255.0 11.0.0.2 R-3(config)# ip route 192.168.2.0 255.255.255.0 11.0.0.1 R-3(config)# ip route 192.168.1.0 255.255.255.0 11.0.0.1 R.3(config)# ip route 10.0.0.0 255.0.0.0 11.0.0.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 113LAB : STATIC ROUTING USING THREE ROUTERS 192.168.1.1 192.168.1.2 192.168.1,0/24 192.168.2.0/24 192.168.2.1 192.168.2.2 192.168.3.1 192,168.32 192.168.3.0/24 Pre-requirement for LAB (check previous labs) ‘+ Design the topology (connectivity ) ‘+ Assign the IP address according to diagram. ‘+ Make sure that interfaces used should be in UP UP state TASK: * Configure Static routing * Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) RAldsh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, SerialO/0 CC 192.168.1.0/24 is directly connected, FastEthemet0/O R.2#sh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, SerialO/O C_11.0.0.0/8 is directly connected, SerialO/1 C_ 192.168.2.0/24 is directly connected, FastEthemet0/0 R.3#sh ip route Gateway of last resort is not set C_11.0.0.0/8 is directly connected, SerialO/O CC 192.168.3.0/24 is directly connected, FastEthemet0/0 Router- 1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 114R-l(config)# ip route 192.168.2.0 255.255.255.0 10.0.0.2 R-l(config)# ip route 192.168.3.0 255.255.255.0 10.0.0.2 Re(config)# ip route 11.0.0.0 255.0.0.0 10.0.0.2 Router — 2 R-2(config)# ip route 192.168.1.0 255.255.255.0 10.0.0.1 R-2(config)# ip route 192.168.3.0 | 255.255.255.0 11.0.0.2 Router ~ 3 R-3(config)# ip route 192.168.2.0 255.255.255.0 11.0.0.1 R.3(config)# ip route 192.168.1.0 255.255.255.0 1.0.0.1 R-3(config)# ip route 10.0.0.0 255.0.0.0 11.0.0.1 Reli/show ip route Gateway of last resort is not set 10.0.0.0/8 is directly connected, Serial0/0 0/24 is directly connected, FastEthernet0/O R-2#show ip route C 10.0.0.0/8 is directly connected, SerialO/O C_11.0.0.0/8 is directly connected, SerialO/1 C_ 192.168.2.0/24 is directly connected, FastEthernet0/0 S 192.168.3.0/24 [1/0] via 11.0.0.2 R.3show ip route C_11.0.0.0/8 is sive connected, Serial0/O C_ 192.168.3.0/24 is directly connected, FastEthernet0/0 PC>ipconfig IP Address. 192.168.1.1 Subnet Mask. 255.255.255.0 Default Gateway. 192.168.1.100 Pc>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 115Request timed out. Pc>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. Reply from 192.168.3.1 Reply from 192.168.3.1: bytes=32 time=25ms TTL=125 PC> tracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 1 5ms 8ms_ 8 Trace complete. Relping 192.168.3.1 Type escape sequence to abort. Sending 5. 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate is {OO lpereent (5/5), round-trip min/avg/max = 9/16/31 ms R-3#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is [OOJBEREAE (5/5), round-trip min/avg/max = 10/15/18 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 116Default Routing » A Default routing protocol is configured for unknown destinations. Generally wed in the Internet where the destinations are unknown. + Example : The address of yahoo is unknown. Also can be used at end locations. It is the last preferred routing Default routes help in reducing the size of your routing table. R-l(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2 NOAsomin Default Routing - Real Time Example 192.168.1150/24 aa LAN 192.168.1.0/24 1P202.54.30.1124 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 117NOAsomens LAB: Verifying Default Route _“_— Ra (contig)#ip route 0.0.0.0 0.0.0.0 10.0.0.2 R.2(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.1 R-2{config)#ip route 192.168.3.0 255.255.255.0 11.0.0.2 R.3(config)# ip route 0.0.0.0 0.0.0.0 11.0.0.1 LAB: DEFAULT ROUTING 192.168.1.1 192.168.1.2 192.168.1.0/24 192.168.2.0/24 192.168.2.1 192.168.2.2 192.168.3.1 192.168.3.2 192.168.3.0/24 Pre-requirement for LAB (check previous labs) ‘+ Design the topology (connectivity ) ‘© Assign the IP address according to diagram. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 118Make sure that interfaces used should be in UP UP state Configure Default route used on RI and R3_, static routing on R2 Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) Relish ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, SerialO/O C_ 192.168.1.0/24 is directly connected, FastEthemet0/O R-2#sh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, SerialO/O C_ 11.0.0.0/8 is directly connected, SerialO/1 C 192.168.2.0/24 is directly connected, FastEthernet0/0 R.34sh ip route Gateway of last resort is not set C 11.0.0.0/8 is directly connected, SerialO/0 C_ 192.168.3.0/24 is directly connected, FastEthernet0/O Router- 1 R-l(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2 Router ~ 2 R-2(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.1 R-2(config)fip route 192.168.3.0 255.255.255.0 11.0.0.2 On Router ~ 3 R-3(config)# ip route 0.0.0.0 0.0.0.0 1.0.0.1 Relétsh ip route Gateway of last resort C 10.0.0.0/8 is directly connected, SerialO/0 C_ 192.168.1.0/24 is directly connected, FastEthemet0/O R-2#sh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, SerialO/O C_11.0.0.0/8 is directly connected, SerialO/1 C_ 192.168.2.0/24 is directly connected, FastEthernet0/0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 119R-3ish ip route Gateway of last resort is fMNOIOMRSIREWOFROLOIOIO C 11.0.0.0/8 is directly connected, Serial0/O C_ 192.168.3.0/24 is directly connected, FastEthernet0/O PC>ipconfig IP Address. Subnet Mas 255.255.255.0 Default Gateway. 192.168.1.100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. PC> ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. PC>tracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 15ms 8ms 8ms 2 ms 9ms 8ms 1 3 17ms 6ms_ Iams 4 24ms 27ms 25 ms Trace complete. Relping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 second: Success rate is [OOJBEREent (5/5), round-trip min/avg/max = 9/16/31 ms R3#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is [OOBERAL (5/5), round-trip min/avg/max = 10/15/18 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 120NOAsonrons Dynamic Routing Dynamic Routing NOAsamons Advantages of Dynamic over static : Works with advertisements ( of directly connected networks) No need to know the destination networks, Updates the topology changes dynamically. Administrative work is reduced Used for large organizations. Neighbor routers exchange routing information and build the routing table NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 121Types of Dynamic Routing Protocols + Distance Vector Protocol * Link State Protocol + Hybrid Protocol NOAsormons Distance Vector Link State Hybrid (Advance Distance vector Protocol) ‘Works with Belinan Ford agortim | Works wh Dike algorthm | Werks wth OUAL algorithm Unk state updates, Fall Routing abies oe exchange ‘Misng routes ae exchanged] Misng routes are exchanged las oug protecl ‘lases routng protoeal ‘hae oating provoeo} Updates are tough beadeat Upiatesaretivough malo | Updoesaretwough mula Eranple RiP Branple OSPR IS ‘Bramples FIGRP ay Yo configs Ditiait to conigue Easfo congue NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 122)-\Solutions| Classful Protocols: Classfl routing protocol do not carry the subnet mask information along with updates ‘which means that all devices in the network must use the same subnet mask (FLSM or default ) + Be: RIPUT, IGRP Classless Protocols: Classless routing protocol carry the subnet mask information along with updates ‘That's why they support sub networks( VLSM and FLSM) and default networks also + Ex: RIP2., EIGRP , OSPE 5-15 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 123NOAsomms Routing Information Protocol Open Standard Protocol Classful routing protocol Updates are broadcasted via 255.255.255.255 Metric : Hop count Load Balancing of 4 equal paths Max Hop counts : 15 Max routers : Used for small organizations Exchange entire routing table for every 30 second Administrative distance is 120 Rip Timers NOAsomons + Update timer : 30 sec Time between consecutive updates + Invalid timer : 180 sec — Time a router waits to hear updates — The route is marked unreachable if there is no update during this interval. ‘+ Flush timer : 240 sec Time before the invalid route is purged from the routing table — Hold Down timer : 180 Sec = Stabilizes routing information and helps preventing routing loops during periods when the topology is converging on new information. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 124)A samen RIP VI RIP V2 » Classful routing protocol _» Classless routing protocol » No authentication. » Supports authentication » Uses broadcasts » Uses multicast address 224.0.0.9. NOAsomnns Advantages of RIP Easy to configure No design constraints ( unlike OSPF) Less overhead Disadvantage of RIP Bandwidth utilization is very high as broadcast for every 30 second Works only on hop count Not scalable as hop count is only 15 Slow convergence NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolNOAsorrons Configuring RIP v1 Router(config)# router rip Router(config-router)# network Configuring RIP v2 Router(config)# router rip Router(config-router)# network Router(config-router)# version 2 NOAsomions LAB : Routing using RIPv2 arn es mein Cicer R-l(contfig)#router rip R-2(config)#router rip, Rel(config-router}#version 2 R-2(config-router)#version 2 Re(config-router)#network 192.168.1.0 R-2(config-router) inetwork 192.168.2.0 Ral(contfig-router)#network 10.0.0.0 R-2(config-router}fnetwork 10.0.0.0 Rel(config-router}#end R-2(config-router)#network 11.0.0. R-2(config-router) fend AD i scntoroanie witty R-3(config-router)#version 2 ]__ R-3(config-router)#network 192.168.3.0 eS R-3{config-router)#network 1.0.0.0 2. 3(config-router)#end Sp? gs NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 126LAB: DYNAMIC ROUTING USING RIPV2 Sa "| 102.1082.104 192.168.1, meee 92.168.1.2 192.168.1.0/24 192.168.2.0/24 192.168.2.1 192.168.2.2 192.168.3.1 192.168.32 192.168.3.0/24 STEPS: Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state ‘What we do in this lab 4) Dynamic routing using RIPV2 5) Verify Routing table and reachability between the LAN's (using PING and TRACE commands ) Relish ip route Gateway of last resort is not set is directly connected, SerialO/O 1/24 is directly connected, FastEthemet0/O R-2ifsh ip route Gateway of last resort is not set directly connected, SerialO/O is directly connected, Serial0/1 4 is directly connected, FastEthernet0/0 R-3#sh ip route Gateway of last resort is not set rectly connected, Serial0/O 0/24 is directly connected, FastEthernet0/0 Router- 1 R-l(config)#router rip NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 127R-l(config-router}éversion 2 R-l(config-router)#network 192.168.1.0 R-l(config-router)#network 10.0.0.0 R-l(config-router}#end Router —2 R-2(config)#router rip R-2(config-router}#version 2 R-2(config-router)#network 192.168.2.0 R.2(config-router}#network 10.0.0.0 R-2(config-router)#network 11.0.0.0 R-2(config-router}#end Router ~3 R-3(config)#router rip R-3(config-router}#version 2 R-3(config-router}#network 192.168.3.0 R-3(config-router)#network 11.0.0.0 R-3(config-router)#end R-lsh ip route Gateway of last resort is not set C _10.0.0,0/8 is directly connected, SerialO/O C19. 0/24 is directly connected, FastEthernet0/O R-2#sh ip route Gateway of last resort is not set C 10.0.0,0/8 is directly connected, SerialO/O C_11.0.0.0/8 is jo connected, SerialO/1 C_ 192.168.2.0/24 is aa connected, FastEthernet0/O R.3ffsh ip route Gateway of last resort is not set C_ 11.0.0.0/8 is directly connected, Serial0/O C_ 192.168.3.0/24 is directly connected, FastEthernet0/O NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 128Routing Protocol Sending updates every Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: rip Default version control: send version 2, receive 2 Interface Send Recy Triggered RIP Key-chain Automatic network summarization is in effect Maximum path: 4 Routing for Networks: Passive Interface(s) Routing Information Sources: Gateway Distance _Last Update 10.0.0.2 120 00:00:02 Distance: (default is 120) Rel#show ip route rip R_11.0.0.0/8 [120/1) via 10.0.0.2, 00:00:24, Serial0/O R_ 192.168.2.0/24 [120/1] via 10.0.0.2, 00:00:24, Serial0/O R_ 192.168.3.0/24 [120/2] via 10.0.0.2, 00:00:24, Serial0/0 PC>ipconfig IP Address. Subnet Maskieascssacsiunnet 255.255.255.0 Default Gateway. 192.168.1100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim PC> ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. Reply from 192.168.3.1: bytes=32 tim Reply from 192.168,3.1: bytes=32 tim PC>tracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 1 5ms 8ms 8ms 192.168.1100 2 2ms 9ms 8ms 10.0.0.2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 1293. 7ms 6ms Iams 1.0.0.2 4 24ms 27ms 25ms 192.168.3.1 Trace complete, Relping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168,3.1, timeout is 2 seconds: Success rate is TOOMBEREERE (5/5), round-trip min/avg/max = 9/16/31 ms R-3#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is JOOIBEREERE (5/5), round-trip min/ave/max = 10/15/18 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 130)-\Solutions] Administrative Distance Serre » Trust worthiness of the information received by the router. » The Number is between 0 and 255 » Less value is more trusted. » Default administrative distances Directly Connected = 0 Static Route = 1 IGRP = 100 EIGRP = 90 OSPF = 110 RIP = 120 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 131NOAsomnms Autonomous System Number * Aunique number identifying the Routing domain of the routers. * An autonomous system is a collection of networks under a common administrative domain Ranges from 1- 65535 Public AS (in between muliple SP) 1- 64512 Private AS ( same SP) 64513 — 65535 Routing Protocol Classification IoP Interior Gateway Protocol . Exterior Gateway Protocol used within an autonomous . used between different system autonomous systems All routers will be routing within | 3. Routers in different AS need an the same Autonomous boundary EGP 4. RIP IGRP, EIGRP, OSPF. IS-15 Border Gateway Protocol NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 132NOAsomenns IGPs: RIP, OSPF, IGRP IGPs: RIP, OSPF, IGRP, EGPs: BGP XYZ- AS 100 ABC - AS 200 — IGPs operate within an autonomous system EGPs connect different autonomous systems NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 133Enhanced Interior Gateway Routing Protocol NOA: rearing Chew cee + Advanced distance vector * Standard protocol ( initially was cisco proprietary) * Classless routing protocol Includes all features of IGRP Max Hop count is 255 (100 by default) Administrative distance is 90 Flexible network design Multicast and unicast instead of broadcast address 100% loop-free classless routing Easy configuration for WANs and LANs NOAsomens Carey py ening Caer Fggc] "am roe A, wo is on the ik? © [ise | 'neuer who's ones ichbor ris Hel, lam router. Hore is my complet routing information am = Topoloay BO 6 5c] tans ter ® sere sn compte ete iefomation. pate Thanks forthe formation cy eet Dace is Converged NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 134Updates are through Multicast (224.0.0.10 ) Hello packets are sent every 5 seconds Convergence rate is fast Supports IP. IPX and Apple Talk protocols It uses DUAL (diffusion update algorithm) Supports equal cost an unequal cost load balancing EIGRP Tables 1. Neighbor table + Contains list of directly connected routers + # show ip eigrp neighbor Topology table + List ofall the best routes learned from each neighbor + # Show ip eigrp topology Routing table + The best route to the destination + # show Ip route NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 135EIGRP Metric EIGRP uses BW + Delay + load + MTU + reliability By default uses BW and Delay in the metric calculation Formula with default K values (KI = 1, K2 = 0, K3 = 1, K4 = 0, KS = 0): Metric = [KI * BW + ((K2 * BW) / (256 - load) + K3 * delay] NOAsomons EIGRP Metrics Calculation Example 256 kbps Delay 2000 256 kbps 256 kbps Delay 2609. Delay 2600 A>BICID Least bandwidth 64 kbps Total delay 6,000 ADX9Y9Z9D Least bandwidth 256 kbps. Total delay 8,000 * Delay is the sum of all the delays of the links along the paths: Delay = [delay in tens of microseconds] x 256 * Bandwidth is the lowest bandwidth of the links along the paths: Bandwidth = [10,000,000 / (bandwidth in kbps)] x 256 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 136)-\Solutions| Configuring EIGRP Router(config)# router eigrp Router(config-router)# network NOAsomin LAB : Routing using EIGRP Ee agesaee R-2(config)#router eigrp 100 R-2(config-router)# network 192.168.2.0 R2(config-router}# network 11.0.0.0 R-2(config-router}# network 10.0.0.0 Rel(config)# router elgrp 100 Rel(config-router)# network 192.168.1.0 Rel{config-router)# network 10.0.0.0 R3(config)# router elgrp 100 R-3(config-router)# network 192.168.3.0 R-3(config-router}# network 11.0.0.0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 137LAB: DYNAMIC ROUTING USING EIGRP 192.168.1.3, ‘s92.168.1.4 192.168.2.1 192.168.2.2 192.168.3.1 192.168.3.2 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 _Pre-requirement for LAB (check previous labs) © Design the topology (connectivity ) © Assign the IP address according to diagram + Make sure that interfaces used should be in UP. UP state TASK ‘© Configure Dynamic routing using EIGRP 100 « Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) R-lsh ip route Gateway of last resort isnot set C 10.0.0.0/8 is directly connected, SerialO/O C__192.168.1.0/24 is directly connected, FastEthemet0/O R-2itsh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0/O C_11.0.0.0/8 is directly connected, SerialO/1 C 192.168.2.0/24 is directly connected, FastEthernet0/0 R:3#fsh ip route Gateway of last resort is not set C_11.0.0.0/8 is directly connected, Serial0/O C_ 192.168.3.0/24 is directly connected, FastEthernet0/0 ROUTER-1 Rel(config)# router eigrp 100 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 138R-l(config-router)# network 192.168.1.0 R-(config-router)# network 10.0.0.0 ROUTER - 2 R-2(config)frouter eigrp 100 R.2(config-router}# network 192.168.2.0 R-2(config-router# network 11.0.0.0 R.2(config-router}# network 10.0.0.0 ROUTER - 3 R-3(config)# router elgrp 100 R-3(config-router}# network 192.168.3.0 R-3(config-router}# network 1.0.0.0 R-2#/show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address” Interface Hold Uptime SRTT RTO Q Seq (sec) ms) Cnt_ Num Rufshow ip route Gateway of last resort is not set C_10.0.0.0/8 is directly connected, SerialO/O D__11.0.0.0/8 [90/2681856] via 10.0.0.2, 00:05:45, Serial0/0 C_ 192.168.1.0/24 is directly connected, FastEthernet0/O Relishow ip route eigrp D_ 11.0.0.0/8 [90/2681856] via 10.0.0.2, 00:06:05, Serial0/O D_ 192.168.2.0/24 [90/2172416] via 10.0.0.2, 00:06:08, Serial0/0 D__ 192.168.3.0/24 |90/2684416] via 10.0.0.2, 00:03:09, Serial0/0 R.2#/show ip route eigrp D_ 192.168.1.0/24 [90/2172416] via 10.0.0.1, 00:07:26, SerialO/O D_ 192.168.3.0/24 [90/2172416] via 11.0.0.2, 00:04:52, SerialO/. R-34sh ip route eigrp D_ 10.0.0.0/8 [90/2681856] via 11.0.0.1, 00:04:32, SerialO/O NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 139D_192.168.1.0/24 [90/2684416] via 11.0.0.1, 00:04:32, Serial0/O D__192.168.2.0/24 [90/2172416] via 11.0.0.1, 00:04:32, Serial0/O R-lfsh ip protocols Routing Protocol is "igepNIOO” Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight KI=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum EIGRP maximum metric variance 1 Redistributing: eigrp 100 ‘Automatic network summarization is in effect Automatic address summarization: Maximum path: 4 Routing for Networks: Routing Information Sources: Gateway _Distance__Last Update 10.0.02 90 18606786 Distance: intemal 90 external 170 Relish ip eigrp topology IP-EIGRP Topology Table for ASHIOO Codes: P- Passive, A - Active, U - Update. Q - Query. R - Reply. = Reply status P 192.168.1.0/24, 1 successors. FD is 28160 via Connected, FastEthernet0/O P'10.0.0.0/8, 1 successors, FD is 2169856 via Connected, Serial0/0 P 192.168.2.0/24, 1 successors, FD is 2172416 via 10.0.0.2 (2172416/28160), SerialO/O P'11.0.0.0/8, 1 successors, FD is 2681856 via 10.0.0.2 (2681856/2169856), Serial0/0 P 192,168,3.0/24, 1 successors, FD is 2684416 via 10.0.0.2 (2684416/2172416), SerialO/O PC>ipconfig IP Address. Subnet Mask. 255.255.255.0 Default Gateway. :192.168.1.100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from192168.2.1:)bytes=32 time=19ms TTL=126 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 140Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim PC> ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed 04 j= 32 time=27ms TTL=125 PC>tracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 1 5ms 8ms 8ms 192.168.1100 2 12ms 9ms Bms 10.0.0.2 3. 17ms 6ms 12ms_ 1.0.0.2 4 24ms 27ms 25ms 192.168.3.1 Trace complete, Rel#ping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: Success rate is {OOBereent (5/5), round-trip min/avg/max = 9/16/31 ms R-3#ping 192.168.1.1 Type escape sequence to abort. Sending 5. 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is TOO|pereent (5/5), round-trip min/avg/max = 10/15/18 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 141OSPF NOAsaman OSPF stand for Open Shortest path first Standard protocol It’s link state protocol It uses SPF (shortest path first) or dijkistra algorithm Unlimited hop count Metric is cost (cost=10 ~8/B.\) Administrative distance is 110 It is a classless routing protocol It supports VLSM and CIDR It supports only equal cost load balancing Introduces the concept of Area's to ease management and control traffic NOAsomens Updates are sent through multicast address 224.0.0.5 Faster convergence. Sends Hello packet every 10 seconds & Dead = 40 sec Incremental updates NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 142NOAsomons Establishing Bidirectional Communication 172.16.5.1728 172.16.8.2124| Eo Et =A |.am router ID 172.16.6.1, and | see no one. to 244.0.05 Raton Peers RCRA a) {lam router 1D 172.16.6.2, and | see 172.16.5.1. Unicast to A. Router A Neighbors List 172.46.5.2124, int £0 NOAsomens Eo| 0 172.16.5.4 172.16.5.3 {will start exchange because | have router ID 172.16.5.1 {ill start exchange because | have router IP 172.16.5.5: Discovering the Network Routes No, | will start exchange because | have a higher router ID. Here is a summary of my LSDB. Hore is a summary of my LSDB. Bao | NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 143Router ID + The highest IP address of the active physical interface of the router is Router ID. If logical interface is configured, the highest IP address of the logical interface is Router 1D Lo 192.168.1.1/8 so ss 172.16.0.1/16) 202.15.32.2/24 £0 10.0.0.1/8 NOAsomen Adding the Link-State Entries Se E0 172.16.5.3 ‘Thanks for the information! {need the complete entry for network 172.16.6.0/24 Heres the ont for network 17216.6.0724, >] Lisi tere is the entry for network 172:16.6.0/24._ ‘Thanks for the information! NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 144OSPF Tables Neighbor Table Also known as the adjacency database + Contains list of directly connected routers (neighbo-s) + # Show ip ospf neighbor Database Table + Typically referred to es LSDB (link state database) + Contains information about all the possible routes to the networks with in the + # show ip ospf database Routing Table + Contains lst of best paths to each destination + # show ip route )-\Solutions| OSPF Areas » All the routers maintain same database. » Any change impact all the routers. » Area is logical grouping of Routers. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 145NOAsoron Issues with Maintaining a Large OSPF Network OSPF Area 0 1am receiving aa SPF is running too| too many LSAs. often for me to route. My routing table is too big, Jand | am running low on memory.| NOAsomern The Solution: OSPF Hierarchical Routing Secretar eee Minimizes size of database Restrict any changes with in that area.( not flood outside area) Routers with in the same area participate in Algorithm NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 146NOAsoron OSPF Areas Area is logical grouping of Routers OSPF Provides hierarchical network design with multiple different areas All the routers maintain same database with in the same Area. Any change impact all the routers with the same area. Rules: |. Must have one area called as area 0 ( its backbone area) All the areas must connect to area 0. At least one Area Border Router. Interfaces of both routers facing must be in the same Area. NOAsornos OSPF router Types Area 1 Backbone Area 0 Area 2 ABR and Backbone/ Internal Routers. Internal Routers SER and External) ABR and Backbone Autonomous Backbone Router “System. Router NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 147NOAsorron Configuring OSPF (config}# router ospf (config-router}# network area NOAsomens LAB: OSPF Single Area 10 Ny mang Cnn care Rol (config) #router ospf 2 Rel (config-router) ¢metwork 192.168.1.0 0.0.0.255 lonfig-router) ¢network 10.0.0.0 0.255.255. 255 Area 0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 148NOAsorons R-2 (config) #router ospf 1 Cava reg Cece R-2(config-router) inetwork 192.168.2.0 0.0.0.255 area 0 R-2(config-router) #network 11.0.0.0 0.255.255.2558 area 0 R-2(config-router) #network 10.0.0.0 0.255.255.255 area 0 ntig) frouter ospf 1 network 192.168.3.0 0.0.0.255 area fmetwork 11.0.0.0 0.255.255.255 area 0 Mrotuescoe 192.168.2.1 192.168.2.2 192.168.2.0/24 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 149Pre-requirement for LAB (check previous labs) «Design the topology (connectivity ) Assign the IP address according to diagram Make sure that interfaces used should be in UP UP state Configure Dynamic routing using OSPF single area as per the diagram Verify Routing table and reachability between the LAN's (using PING and TRACE commands } Relish ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, SerialO/0 C_ 192.168.1.0/24 is directly connected, FastEthemet0/O R-2#sh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, SerialO/0 C_ 11.0.0.0/8 is directly connected, SerialO/1 C_ 192.168.2.0/24 is directly connected, FastEthernet0/O R.3fsh ip route Gateway of last resort is not set C 11.0.0.0/8 is directly connected, Serial0/0 C 192.168.3.0/24 is directly connected, FastEthemet0/0 Router- 1 R-l(config)#router ospf 1 R-l(config-router)#network 192.168.1.0 0.0.0.255 area 0 R-l(config-router) network 10.0.0.0 0.255.255.255 area Router —2 R-2(config)#router ospf 1 R-2(config-router)#network 192.168.2.0 0.0.0.255 area 0 R-2(config-router)#network 11.0.0.0 0.255.255.255 area 0 R.2(config-router}#network 10.0.0.0 0,255.255.255 area 0 —————— eee Router — 3 R.3(config)#router ospf 1 R-3 (config-router}#network 192.168.3.0 0.0.0.255 area 0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 150R-3(config-router)#network 1.0.0.0 0.255.255.255 area O — ee R.2#/show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.1100 0 FULL/- 00:00:35 10.0.0.1 _Serial0/0 192.168.3.100 0 FULL/- 00:00:37 11.0.0.2_SerialO/1 Rel/show ip route Gateway of last resort is not set 10.0.0.0/8 is directly connected, SerialO/0 C_ 192.168.1.0/24 is directly connected, FastEthernet0/O Relish ip route ospf O 11.0.0. [110/128] via 10.0.0.2, 00:04:25, Serial0/O O 192.168.2.0 [110/65] via 10.0.0.2, 00:04:25, SerialO/O © 192.168.3.0 [110/129] via 10.0.0.2, 00:03:23, Serial0/O R-2#show ip route ospf © 192.168.1.0 [110/65] via 10.0.0.1, 00:05:09, Serial0/0 © 192.168.3.0 [110/65] via 11.0.0.2, 0 , SerialO/t R-3#show ip route ospf © 10.0.0.0 [110/128] via 11.0.0.1, 00:04:49, Serial0/O O 192.168.1.0 [110/129] via 11.0.0.1, 00:04:49, Serial0/O © 192.168.2.0 [110/65] via 11.0.0.1, 00:04:49, Serial0/0 Relitshow ip protocols Routing Protocol is SS3BfI" Outgoing update filter Iist for all interfaces is not set Incoming update filter list for all interfaces is not set Router Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: Routing Information Sources: Gateway Distance __Last Update 0 00:05:46 Distance: (default is 110) Rel'show ip ospf database OSPF Router with ID (192.168.1.100) (Process ID 1) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 151Router Link S¥aES(ARESIO) Link ID. ADV Router Age Seq# ‘Checksum Link count 192.168.1100 192.168.1100 468 0x80000003 Ox00d1f4 3 192.168.2.100 192.168.2.100 411 Ox80000005 0x0054e6 5 192.168.3.100 192.168.3.100 411 0x80000003 0x0010ad 3 PC> ipconfig IP Address + Subnet Mask... 255.255,255.0 Default Gateway. 92.168.1.100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim PC> ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. PC>tracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 1 5ms 8ms 8ms — 192.168.1.100 2 ms 9ms Bms 10.0.0.2 3.17ms 6ms 12ms 1.0.0.2 4 24ms 27ms 25ms 192.168.3.1 Trace complete, Rel#ping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168,3.1, timeout is 2 seconds: Success rate is [OOJBEREENE (5/5), round-trip min/avg/max = 9/16/31 ms R-3#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is TOOJBEREERE (5/5), round-trip min/avg/max = 10/15/18 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 152NOAsomens LAB: OSPF using Multiple Areas een R-l (config) trouter ospf 1 R-L(config-router) tnetwork 192.168.1.0 0.0.0.255 area 10 R-l(config-router) #network 10.0.0.0 0.255.255.2585 area 10 NOAsomim Reieenaeenee feces Canvas iy reg Cheer R-2(config-router) fnetwork 192.168.2.0 0.0.0.255 area 0 R-2(config-router) #network 11.0.0.0 0.255.255.255 area 20 R-2iconfig-router)fnetwork 10.0.0.0 0.255.255.255 area 10 R-3 (config) #router ospf 1 R-3 (config-router) #network 192.168.3.0 0.0.0.255 area 20 config-router) fnetwork 11.0.0.0 0.255.255.255 area NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 153LAB:_ DYNAMIC ROUTING USING OSPF MULTIPLE AREA 192.168.1.4 19216543499. 168.1.4 192.108.12 192,168.21 192,168.22 192.168.3.1 192.168.3.2 192.168.1.0/24 192.168.2.0/24 102.168.3.0/24 Pre-requirement for LAB (check previous labs) © Design the topology (connectivity ) ‘© Assign the IP address according to diagram. © Make sure that interfaces used should be in UP UP state TASK: ‘* Dynamic routing using OSPF multiple area ‘* Verify Routing table and reachability between the LAN’s (using PING and TRACE commands ) Rilfsh ip route Gateway of last resort is not set C_ 10.0.0.0/8 is directly connected, Serial0/O C _ 192.168.1.0/24 is directly connected, FastEthemet0/O R-2ifsh ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, SerialO/O C_11.0.0.0/8 is directly connected, SerialO/1 C 192.168.2.0/24 is directly connected, FastEthernet0/0 R.3#fsh ip route Gateway of last resort is not set C_11.0.0.0/8 is directly connected, Serial€/0 C_ 192.168.3.0/24 is directly connected, FastEthemet0/0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 154Router-1 R-l(config)#router ospf 1 R-l(config-router) #network 192.168.1.0 0.0.0.255 area 10 R-l(config-router)#network 10.0.0.0 0.255.255.255 area 10 Router —2 R-2(config)#router ospf 1 R-2(config-router}#network 192.168.2.0 0.0.0.255 area 0 R.2(config-router)#network 11.0.0.0 0.255.255.255 area 20 R-2(config-router)#network 10.0.0.0 0.255.255.255 area 10 EEE Router — 3 R-3(config)#router ospf 1 R-3(config-router)#network 192.168.3.0 0.0.0.255 area 20 R-3(config-router)#network 11.0.0.0 0.255.255.255 area 20 eee R-2#show ip ospf neighbor Neighbor ID Pri. State Dead Time Address Interface 192.168.3.100 0 FULLY - — 000% 1.0.0.2 Serial 192.168.1100 0 FULL/- 00:00:39 10.0.0.1 _Serial0/0 Relitshow ip route Gateway of last resort is not set C_ 10.0.0,0/8 is directly connected, SerialO/O C19. 0/24 is directly connected, FastEthernet0/O Relitshow ip route ospf 1A 1.0.0.0 [110/128] via 10.0.0.2, 00:06:24, SerialO/O 1A 192.168.2.0 [110/65] via 10.0.0.2, 00:06:24, Serial0/0 1A 192.168.3.0 [110/129] via 10.0.0.2, 00:05:53, SerialO/O R.2#show ip route ospf © 192.168.1.0 [110/65] via 10.0.0.1, 00:08:31, Serial0/0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 155O 192.168.3.0 [110/65] via 11.0.0.2, 00:08:04, SerialO/1 R-3f/show ip route ospf 1A 10.0.0.0 [110/128] via 11.0.0.1, 00:08:21, Serial0/0 1A 192.168.1.0 [110/129] via 11.0.0.1, 00:08:21, SerialO/0 1A 192.168.2.0 [110/65] via 11.0.0.1, 00:08:21, Serial0/O R-lfsh ip ospf database OSPF Router with ID (192.168.1.100) (Process ID 1) Router Link States (ARSENIO) LinkID ADVRouter Age Seq# Checksum Link count 192.168.1.100 192.168.1100 902 0x80000003 0x003b8b 3 192.168.2.100 192.168.2.100 902 0x80000002 0x00e758 2 Summary Net Link States (AR@aI0) LinkID ADV Router Age Sea#_—_ Checksum 192.168.2.0 192.168.2.100 905 0x80000001 0x0057cb 1.0.0.0 192.168.2.100 905 080000002 0x00063d 192.168.3.0 192.168.2.100 870 _ 0x80000003 Ox00cal5 R.2#show ip ospf database OSPF Router with ID (192.168.2.100) (Process ID 1) Router Link States (APBAIO) LinkID ADV Router Age Seq# Checksum Link count 192.168.2.100 192.168.2100 708 0x80000002 0x0070d6 1 Summary Net Link States (Area 0) LinkID ADV Router Age Seq =~ Checksum 1.0.0.0 192.168.2100 698 0x80000001 0x00083¢ 10.0.0.0 192.168.2.100 689 —_ 0x80000002 0x001331 192.168.1.0 192.168.2100 689 0x80000003 0x00e001 192.168.3.0 192.168.2100 663 0x80000004 Ox00c816 Router Link States (AFRITO) LinkID ADV Router. Age Seq# Checksum Link count 192.168.2.100 192.168.2100 694 — 0x80000002 0x00e758 2 192.168.1.100 192.168.1100 694 — 0x80000003 0x003b8b 3 Summary Net Link States (Area 10) LinkID ADV Router Age Seq# Checksum 192.168.2.0 192.168.2100 697 _ 0x80000001 0x0057cb 11.0.0.0 192.168.2100 697 0x80000002 0x00063d 192.168.3.0 192.168,2.100 662 0x80000003 Ox00cal5 Rovter Link ERTARE2O) LinkID ADV Router Age Seq# Checksum Link count 192.168.2.100 192.168.2100 668 — 0x80000002 0x000a33 2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 156192.168.3.100 192.168.3100 668 — 0x80000003 Ox00I0ad 3 Summary Net Link StSH@S(ARE&/20) Link ID, ADV Router Age. Seq# ‘Checksum 192.168.2.0 192.168.2.100 703 0x80000001 0x0057cb 10.0.0.0 192.168.2.100 689 0x80000002 0x001331 192.168.1.0 192.168.2.100 689 0x80000003 0x00e001 PC> ipconfig IP Address Subnet Mask. Default Gateway. PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 time PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. Pc>tracert 192.168.3.1 Tracing route to 192.168.3.1 over a maximum of 30 hops: 15ms Sms 8ms 192.168.1.100 2 ms 9ms &ms 10.0.0.2 3 17ms 6ms 12ms 1.0.0.2 4 24ms 27ms 25ms 192.168.3.1 Trace complete. Relping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168,3.1, timeout is 2 seconds: Success rate is TOOBERERE (5/5), round-trip min/avg/max = 9/16/31 ms R-3#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is [OOJBEREAE (5/5), round-trip min/avg/max = 10/15/18 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 157NOAsamons ACCESS CONTROL LIST SETS ACCESS CONTROL LIST (ACL) NOAsommns ACLis a set of rules which will allow or deny the specific traffic moving through the router Itis @ Layer 3 security which controls the flow of traffic from one router to another. Its also called as Packet Filtering Firewall NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 158NOAsommons NOAsomons STANDARD ACCESS LIST EXTENDED ACCESS LIST The access-list number range is!— |1. 99 . Can block a Network, Host and Subnet . All services are blocked. Implemented closest to the destination. Filtering is done based on only source IP address The access-list number range is 100 199 We can allow or deny a Network, Host, Subnet and Service Selected services can be blocked. Implemented closest to the source. Filtering is done based on source IP , destination IP , protocol, port no NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 159Lab : standard access-list NOAsomens ‘TASK: Configure the Appropriate router as per the rules given Deny the host 192.168.1.1 communicating with 192.168.2.0 2 Deny the host 192.168.1.2 communicating with 192.168.2.0 Deny the network 192.168.3.0 communicating with 192.168.2.0 Permit all the remaining traffic NOTE: the Above ACL rules should not affect the other communication NOAsomon Creation of Standard Access List Router(config)# accesslist =i ‘ a as oatesa/20 watenz026 Nenitstoiat NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 160NOAsornms To write ACL Statement ae tat vin sere 1. On which Router to implement ACL 2. Identify Source & Destination 3 Infout Ensure that the router you are implementing ACL must be the transit router Think your router as destination ( incoming as source). Wild card mask Tells the router which portion of the bits to match or ignore. eee 255.255.255.255 eee ~255.255.255.0 Global Subnet Mask = Customized Subnet Mask Wild Cord Mask 295.255.255.255 255.255.255.240 » Wild Card Mask for Network will be Inverse mask Cale » Wild Card Mask for a Host will be always 0.0.0.0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 161NOAsornoms Creation of Standard Access List Router(config acceselst R2(configh# access-list 15 deny 192.168.1.1 0.0.0.0 R.2(config) access. deny host 192.168.1.2 R2(confightaccesslist 15 deny 192.168.3.0 0.0.0.255 R-2(confightaccess.list 15 permit any Understanding IN / OUT » Into the router Ss: » Out of the router NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 162NOAsornms R2{configh# access-list 15 deny 192.168.1.1 0.0.0.0 R2(configitaccesslist 15 deny host 192.168.1.2 R2{confightaccessist 15 deny 192.168.3.0 0.0.0.255 R-2(confightaccesslist 15 permit any Implementation: R-2(contfig) interface fastEthernet 0/0 R-2(config ip access-group 15 out RDA access Standard IP access ist 15 deny host 192.168.1.1 te anes oman deny host 192.168.1.2 deny 192.168.3.00 permit any STANDARD ACCESS-LIST 3, mara aeiecee ORAS 14 192.168.2.1 192.168.2.2 192.168.3.1 192.168.3.2 192.165.1.0/24 192.168.2.0/24 192.168.3.0/24 Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram 3) Make sure that interfaces used should be in UP UP state 4) Any dynamic routing Protocol or static routing NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 1635) Verify Routing table and reachability between the LAN’s ( using PING and TRACE commands) TASK: Configure the Appropriate router as per the rules given Deny the host 192.168.1.1 communicating with 192.168.2.0 Deny the host 192.168.1.2 communicating with 192.168.2.0 Deny the network 192.168.3.0 communicating with 192.168.2.0 Permit all the remaining traffic NOTE: the Above ACL rules should not affect the other communication NOTE: Before creating the ACL, make sure that the routing configured is correct and all the three LAN devices are able to communicate with each other using PING command PC> ipconfig IP Address Subnet Mask. 255.255,255.0 Default Gateway. : PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 time=1 PC>ipconfig IP Address. 192.168.1.2 Subnet Mask... + 255.255.255.0 Default Gateway. 192.168.1.100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 time=IIms TTL=126 PC>ipconfig IP Address. 192,168.31 Subnet Mas : 255.255.255.0 Default Gateway. 92.168.3.100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 tim NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 164ROUTER -2 Creating the ACL rules according to requirement: R-2(configh# accesslist 15 deny 192.168.1.1 0.0.0.0 R-2(configHaccesslist 15 deny host 192.168.1.2 R-2(confighfaccesslist 15 deny 192.168.3.0 0.0.0.255 R-2(confighfaccess-list 15 permit any Implementation: R-2(config)#interface fastEthernet 0/0 R.2(config-i#ip access-group 15 out Verification: R-2sh access-lists Standard IP access list 15 deny host 192.168.1.1 deny host 192.168.1.2 deny 192.168.3.0 0.0.0.255 permit any PC> ipconfig IP Address, Subnet Mas 255.255.255.0 Default Gateway.rarenennen? 192.168.1.100 Pc>ping 192.6821 Pinging 192.168.2.1 with 32 bytes of data: Reply from Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. PC> ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Reply from 192.168,3.1 Reply from 192.168,3.1 PC>ipconfig 1 Acres T9262 Subnet Mask, 255.255.255.0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 165Default Gateway. 192.168.1100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. Reply from 10. Destination host unreachable. PC> ipconfig IP Address. + Subnet Mask. 255.255.255.0 Default Gateway. 192.168.1.100 PC>ping 192168:24 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 time Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim PC>ipconfig 1 Acres TOGA Subnet Mask. 255.255.255.0 Default Gateway. :192.168.3.100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Rep from 1.0.0. Destination host unreachable Reply from 11.0.0.1: Destination host unreachable. Reply from 11.0.0.1: Destination host unreachable. Reply from 11.0.0.1: Destination host unreachable. PC> ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1 Reply from 192.168.1 Reply from 192.168.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 166NOAsornms Extended Access-list The access-list number range is 100 ~ 199 We can allow or deny a Network, Host, Subnet and Service Selected services can be blocked. Implemented closest to the source. Filtering is done based on source IP , destination IP , protocol, port no NOAsormos TASK: Configure the Appropriate router as per the rules given below Suse un Deny the users on LAN 192.168.2.0 should not access 192.168.1.3 HTTP service Deny the usetson LAN 192.168.3,0 should not access 192.168.1.4 FTP service Deny the userson LAN 192.168.3.1 should not access 192.168.1.3 HTTP service Deny the users on LAN 192.168.2.0 should not get DNS service from DNS server 192.168.1.4 Deny the users from the host betwen 192.168.3.2 and 192,168.12 should not be able to send ICMP (ping trace ) messages Remaining hols and services should be permitted NOTE: the Above ACL rules should net affect the other communication mses NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 167NOAsornms Operators: eq (equal to) neq (not equal to} It (less than) at (greater than) NOAsormons Relconfgyfaccessiit 145 deny tep192.168.2.0 0.0.0.255 host 192.168..3 eq wun Re(confg)faccssist 145 deny tp 192.168.3.0 0.0.0.255 host 192.168.14 eq fp Re(conng) access 145 deny tp host 192.1683.1 host 192,168.13 eq worw Riconfgyfaccestit 145. deny udp 192.168.2.0 0.0.0.255 host 192.168.14 eq domain Rl(config)taccesslt 145 deny lemp host 192.168.3.2 host 192.168.1.2 echo Rel(configaccet-lit 145 deny lemp hort 192.168.3.2 hot 192.168.1.2 echo-reply Rllconfig)Waccestlit 145 permit Ip any any NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 168NOAsornms Implementation: RA(config)# interface fastEthernet 0/0 RA(config-iN# ip access-group 145 out OR RAl(config)# interface serial 0/0 RA(config-if# ip access-group 145 in LAB: EXTENDED ACCESS-LIST 192.168.1.3, ned ee 192.168.2.1 192.168.2.2 192.168.3.1 192,168.32 192.168.1.2 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 Pre-requirement for LAB (check previous labs) 1) Design the topology (connectivity ) 2) Assign the IP address according to diagram NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 1693) Make sure that interfaces used should be in UP UP state 4) Any dynamic routing Protocol or static routing 5) Verify Routing table and reachability between the LAN’s ( using PING and TRACE commands) TASK: Configure the Appropriate router as per the rules given below Deny the users on LAN 192.168.2.0 should not access 192.168.1.3 HTTP service Deny the users on LAN 192.168.3.0 should not access 192.168.1.4 FTP service Deny the users on LAN 192.168.3.1 should not access 192.168.1.3 HTTP service . Deny the users on LAN 192.168.2.0 should not get DNS service from DNS server 192.168.1.4 . Deny the users from the host between 192.168.3.2 and 192.168.1.2 should not be able to send ICMP ( ping /trace ) messages Remaining hosts and services should be permitted NOTE: the Above ACL rules should not affect the other communication Router —1 Rel(config)#accesslist 145 deny tep 192.168.2.0 0.0.0.255 host 192.168.1.3 eq www Rel(config)#accesslist 145 deny tcp 192.168.3.0 0.0.0.255 host 192.168.1.4 eq ftp Rel(config)accesslist 145 deny tep host 192.168.3.1 host 192.168.1.3 eq www Rel(config) #accesslist 145 deny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq ? <0-65535> Port number bootpe Bootstrap Protocol (BOOTP) client (68) bootps Bootstrap Protocol (BOOTP) server (67) isakmp Internet Security Association and Key Management Protocol (500) nonSO0-isakmp Intemet Security Association and Key Management Protocol (4500) snmp Simple Network Management Protocol (161) tftp Trivial File Transfer Protocol (69) Rel(configh#accessist 145 deny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq domain RA(config)#accesslist 145 deny icmp host 192.168.3.1 host 192.168.1.1 ? <0-256> type-num_ host-unreachable — host-unreachable net-unteachable —_net-unreachable port-unreachable —_port-unreachable protocol-unreachable protocol-unreachable tthexceeded _ttl-exceeded unreachable unreachable Rel(configh#access-list 145 deny icmp host 192.168.3.2 host 192.168.1.2 echo NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 170Rel(config)#accesslist 145 deny icmp host 192.168.3.2 host 192.168.1.2 echo-reply Re(config)#accesslist 145 permit ip any any Implementation: R-l(config)# interface fastEthernet 0/0 R-l(config-if# ip accessgroup 145 out OR R-l(config)f interface serial 0/0 R-l(config-f}# ip accessgroup 145. in Verificatior PC>ipconfig IP Address. : Subnet Mask. 255.255.255.0 Default Gateway. 92.168.3.100 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Request timed out. Request timed out. Request timed out. PC>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1.1: bytes=32 time=20ms TTI Reply from 192.168.1 Reply from 192.168.1.1: bytes=32 time=13ms TTL=125 Reply from 192.168.1.1: bytes=32 time=25ms TTL=125 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 171STE Named ACL NOAsammem Access-lists are identified using Names rather than Numbers. Names are Case-Sensitive No limitation of Numbers here. (One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACL is possible. 10S version 11.2 or later allows Named ACL NOAsormoms tion of Standard Named Access List Router|contig)# ip access-list standard Routerlconfig-sid-noci}# Implementation of Standard Named Access List Router{contig| tinterface Router|contig-# #ip access-group NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 172LAB:_ STANDARD NAMED ACL. 192.168.1.1 192.168.1-3, 9 1681.4 192.168.1.2 192.168.1,0/24 192.168.2.0/24 192.168.2.1 192.168.2.2 192.168.3.1 192.168.3.2 192.168.3.0/24 TASK: ‘+ Configure Standard Named ACL ‘* Use the same Rules as Lab-1 Before creating the ACL, make sure that the routing configured is correct and all the three LAN devices are able to communicate with each other using PING command PC>ipconfig IP Address. 192.168.1.1 Subnet Mask. 255,255,255.0 Default Gateway. PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of dat Reply from 192.168,2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 time=20ms TTL=126 Reply from 192.168.2.1 Reply from 192.168.2.1 PC>ipconfig IP Address. 192.168.1.2 Subnet Mask. 255.255.255.0 Default Gateway. :192.168.1.100 PC>ping 192.168.2.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 173Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1 Reply from 192.168.2.1: bytes=32 time=23ms TT Reply from 192.168.2.1: bytes=32 time=IIms TTI PC> ipconfig IP Address :192.168.3.1 Subnet Mask... 255.255.255.0 Default Gateway. 92.168.3.100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim Creating an Accesslist as per the given rules R.2(config)#ip access-list standard CCNA R-2(config-std-nacl)#deny 192.168.1.1 0.0.0.0 R-2(config-std-nacl)#deny host 192.168.1.2 R-2(config-std-nacl)#deny 192.168.3.0 0.0.0.255 R-2(config-std-nacl)#permit any R.2(config-std-nacl)#exit, Implementation: R-2(config)# interface fastEthernet 0/0 R-2(contig-i# ip access-group CCNA out R-2#sh access-lists Standlard IP access ist CONIA deny host 192.168.1.1 deny host 192.168.1.2 deny 192.168.3.0 0.0.0.255 permit any PC>ipconfig IP Address. : Subnet Mask... 255.255.255.0 Default Gateway. 192.168.1.100 ec>ping 192.168.21 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 174Pinging 192.168.2.1 with 32 bytes of data: Reply from Reply from 1 Destination host unreachabl Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. PC> ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Reply from 192.168,3.1 Reply from 192.168.3.1: bytes=32 time=13ms TTL=125 FC>ipeontig IP AdresSNS268A2 Subnet Mask... 255.255.255.0 Default Gateway. 92.168.1,100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Repiy from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. Reply from 10.0.0.2: Destination host unreachable. SERVER> ipconfig IP Address. Subnet Mask. 255.255,255.0 Default Gateway. 192.168.1.100 SERVER> ping 192:168.21 Pinging 192.168.2.1 with 32 bytes of data Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim Reply from 192.168.2.1: bytes=32 tim PC> ipconfig IP AddressfiiiiiaiainiaianT92168.32 Subnet Mask... 255.255.255.0 Default Gateway. 92.168.3.100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply Reply from 11.0.0.1: Destination host unreachable. Reply from 11.0.0.1: Destination host unreachable. Reply from 11.0.0.1: Destination host unreachable. PC>ping 192.168.1.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 175Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1 2 time=1éms TTI Reply from 192.168.1 2 time=29ms TT Reply from 192.168.1.1: bytes=32 time=16ms TTL=125 Reply from 192.168.1 25 NOAsomeon Creation of Extended Named Access List Router{config)# ip access-list extended Router(config-ext-nacl) # < destination wildcard mask> Implementation of Extended Named Access List Router(config) #interface Router(config-it|#ip access-group NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 176LAB: NAMED EXTENDED ACL 192.168.1.1 192.168.1-3, 09 168. 4 192.168.1.2 192.168.1.0/24 192.168.2.0/24 192.168.2.1 192.168.2.2 192.168.3.1 192.16832 192.168.3.0/24 Configure Standard Named ACL Use the same Rules as Lab-2 Rel(config)#ip access-list extended CCNP Rel(config-ext-nacl)#deny tep 192.168.2.0 0.0.0.255 host 192.168.1.3 eq www Rel(config-ext-nacl)# deny tep 192.168.3.0 0.0.0.255 host 192.168.1.4.eq ftp Rel(config-ext-nacl)# deny tcp host 192.168.3.1 host 192.168.1.3 eq www Rel(config-ext-nacl)#deny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq domain Rel(config-ext-nacl)# deny icmp host 192.168.3.1 host 192.168.1.1 echo Re(config-ext-nacl)#deny icmp host 192.168.3.1 host 192.168.1.1 echo-reply Rel(config-ext-nacl)# permit ip any any Implementation: R-l(config)# interface fastEthernet 0/0 Re(config.if}# ip access-group CCNP out oR R-l(config)# interface serial 0/0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 177R-l(config-if}# ip access-group CCNP_ in Relish accesslists Extended IP access deny tcp 192.168.2.0 0.0.0.255 host 192.168.1.3 eq www deny tep 192.168,3.0 0.0.0.255 host 192.168.1.4 eq ftp deny tep host 192.168.3.1 host 192.168.1.3 eq www deny udp 192.168.2.0 0.0.0.255 host 192.168.1.4 eq domain deny icmp host 192.168.3.1 host 192.168.1.1 echo deny iemp host 192.168.3.1 host 192.168.1.1 echo-reply permit ip any any Verification: PC>ipconfig IP Address.. Subnet Mask. 255.255.255.0 Default Gateway. 92.168.3.100 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. PC> ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1 Reply from 192.168.1.1: byt Reply from 192.168.1 Reply from 192.168.1.1: bytes: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 178Network address translation » NAT is the method of Translation of private IP address into public IP address" » In order to communicate with internet we must have registered public IP address ‘Address translation was originally developed to solve two problems: |. tohandle a shortage of Pvt sdesses 2, Hide network addressing schemes. )-\Solutions| Private Address range nena highs rewarding Che caer There are certain addresses in each class of IP address that are reserved for Private Networks. These addresses are called private addresses. Class A 10.0.0.0 to 10.255.255.255, Class B 172.16.0.0 to 172.31.255.255 Class C 192.168.0.0 to 192.168.255.255 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 179J\Solutions} Types of NAT: : - + Static NAT + Dynamic NAT * Port Address Translation (PAT) NOAsomens Static NAT a » One to one mapping done Manually » For every private IP needs on registered IP address ( one : one) 213.48.123.441 3 1szeo a » NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolJ\Solutions Dynamic NAT Spee by ont Ce er » One to one mapping done automatically » For every private IP needs on registered IP address ( one : one) Wimws ne were pv 23.113 192.608.3231) 213.48.25.148|82.168.32.2) 20am 23.195 192.100.3211 NOAsomen Port Address Translation (Dynamic NAT Overload) » Allows thousands of users connect to the Internet using only one real global IP address » Maps many-to-one—by using different ports » PAT is the real reason we haven't run out of valid IP address on the Internet 243.48.423.100% NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 181NOAcommns Lab setup for NAT bnew t iy ewardag Ce caer |. Configure IP address as per the diagram. Configure default route towards ISP from RI 3. Configure static route from ISP to public IP used for translation NOAsomos LAB : Static NAT Canepa Ce TASK: Configure Static Nat using the following translations PRIVATE IP PULIC IP 192.168.1.1 50. 192.168.1.2 50. 192.168.1.3 50. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 182NOAsorron (Config) # IP nat inside source static Configuration of static NAT R-1(confia) tip nat inside source static 192.168.1.1 0.1.1.1 -1(contfi)#ip nat inside source static 192.168.1.2 50.1.12 -1(contfg)#ip nat inside source static 192.168.1.3 0.1.1.3 Implementation -1(contfg)#interface fastethemet 0/0 e1(confige #ip nat inside Rel(confige texit (interface facing towards LAN) f1(config interface serial 0/0 R-1(confige #ip nat outside LAB-1_ STATIC NAT ‘TASK: Configure Static NAT using the following translations PRIVATE IP PULIC IP 192.168.1.1 192.168.1.2 192.168.1.3 \ a8 192.168.1.4 1921688 809 165.14 sonata ide users 192.168.1.0/24 ~ 200.1.4.2 / ‘Servers onthe / Internet —_/ N 7 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 183STEPS Configure IP address according to the diagram. Configure default route towards ISP from RI Configure static route from ISP to public IP used for translation Configure NAT ( static NAT according to the requirement ) Implementation Verify by generating some traffic from LAN to ouside servers # show ip nat translations Relish ip int brief Interface IP-Address OK? Method Status Protocol IFaREthePiGO/ONEHNS2AEBILNOO YES manual up up FastEthernetO/1 cnr YES unset_administratively down down SerialO/1 unassigned YES unset administratively down down Re(config# ip route 0.0.0.0 0.0.0.0 100.1.1.2 ISP#sh ip int brief Interface IP-Address__ OK? Method Status Protocol [Fastthem€tO/ONH 1200141008 YES manuel up op FastEthernetO/I___unassigned YES unset administratively down down ES manual up up SerialO/1 unassigned YES manual administratively down down sP#conf terminal ISP(config)# ip route 50.0.0.0 255.0.0.0 100.1.1.1 Configuration of static NAT R-l(config)#ip nat inside source static 192.168.1.1 50.1.1.1 R-l(config)#ip nat inside source static 192.168.1.2 50.1.1. R-l(config)#ip nat inside source static 192.168.1.3 50.1.1. Implementation R-l(config)#interface fastEthernet 0/0 R-l(config-iffip nat inside Rel(config.iffexit (interface facing towards LAN) R-l(config)finterface serial 0/0 R-l(config.if}fip nat outside (Interface facing towards ISP) Generate Traffic from Inside User PC (192.168.1.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 184PC>ipconfig IP Address. : Subnet Mas 255.255.255.0 Default Gateway. 192.168.1.100 Pc>ping 200.1.1.1 poe 204 with 32 bytes of data: Reply from 200.1. Reply from 200.1.1 Reply from 200.1.1 Pc>ping 200.1.1.2 Pinging 200.1.1.2 with 32 bytes of data: Request timed out. Reply from 200.1.1.2: bytes=32 tim Reply from 200.1.1.2: bytes=32 time: Reply from 200.1.1.2: bytes=32 time=32ms TTL=126 Generate Traffic from Inside User PC (192.168 PC> ipconfig IP Address. Subnet Mask. Default Gateway. PC> ping 200.1.1.1 Pinging 200.1.1.1 with 32 bytes of data: Reply from 200.1.1.1: bytes=32 time=25ms TTL=126 Reply from 200.1.1 Reply from 200.1.1 Reply from 200.1.1 Generate Traffic from Inside User PC (192.168 PC>ipconfig IP Address. Subnet Mask. 255.255.255.0 Default Gateway. 192.168.1.100 Pc>ping 2001.11 Pinging 200.1.1.1 with 32 bytes of data: Reply from 200.1.1.1: byt Reply from 200.1.1.1: bytes=32 time=l6ms TTL=126 Reply from 200.1.1 Reply from 200.1.1 Relfsh ip nat translations NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 185Pro Inside global Inside local © Outside local Outside global icmp SOAMMZIUMS2MRMA:21 200.1.1.2:21 200.1.1.2:21 iemp 50.1.1:22 192.168.1.1:22 200.1.1.2:22 — 200.1.1.2:22 iemp 50.11.1:23 192,168.11 1. 200.1.1.2:23 iemp 50.1.1.1:24 — 192.168.1.1 1. 200.1.1.2:24 icmp SOMMUZTMMUISANEBAZ:1 © 200-1111 -200.1.4.1: icmp 50.1.1.2:2 192.168.1.2: icmp 50.1.1.2:3 192.168.1.2: ‘iemp 50.1.1.2:4 iemp 50.1.1.3:3 192.168.1.3:3 2001.11:3 200.1113 icmp 50.113:4 — 192.168.1.3:4 200.1.1.1:4 | 200.1.1.1:4 — 504.11 192.168.1.1 = 50.1.1.2 192.168.1.2 = 504.13 192.168.1.3 To verify generate telnet traffic From Inside User PC's © 192.168.1.1 © 192.168.1.2 © 192,168.13 PC>telnet 100.1.1.2 Trying 100.1.1.2 ...Open User Access Verification Relish ip nat translations Pro Inside global Inside local Outside local Outside global — 504.11 192.168.1.1 — 50.1.1.2 192.168.1.2 — 50.113 192.168.1.3 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 186NOAsoreom LAB : Dynamic NAT Gaaenarn hiss rewarding Chee caer TASK: + Remove the NAT Configurations done in the previous Lab. ‘© Configure Dynamic NAT and make sure that the inside LAN users (192.168.1.0/24) get translated to public IP with the range of 0.1.1.1 ~ §0.1.1.200/24 ; NOAsumman LAB: Dynamic NAT esena serine Che oer Syntax: Contig) # eccess-t < ACLNO> permit |Contig| tip nat pool nefmask [Configl# jp nat inside source fit pool Configuration of DYNAMIC NAT Rel(confightaccesssist $5 permit 192.168.1.0 0.0.0.255 R-l(contig) ip nat pool CCNA $0.1.1.1 01.1.200 netmask 255.255.2550 .1(config) tip nat inside source ist 55 pool CCNA Implementation -I (contig) tinletace fasléthemet 0/0 .I(contg. #p nat inside Rel(config.t}Wext (interface facing towards LAN) .I(contg)tntertace seal 0/0 Rel(contig. tp nat cutie (intertace facing toward ISP) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 187LAB -2 Dynamic NAT 192.168.1.1 192.168.1.2 Inide users 200.1.1.1 200.1.1.2 / Servers onthe | Internet 192.168.1.0/24 AS TASK: * Remove the NAT Configurations done in the previous Lab. © Configure Dynamic NAT and make sure that the inside LAN users (192.168.1.0/24 ) get translated to public IP with the range of 50.1.1.1 - 50.1.1.200/24 EBS: ‘© Continue with the same pre-configurations in the LAB —1 ‘Remove the static NAT configurations. ‘* Implementation is same as previous lab R-l#clear ip nat translation * NOTE: © Make sure that you clear the translation table before you edit or remove the any NAT configurations Rel(config)# no ip nat inside source static 192.168.1.1 50.1.1.1 Rel(config)# no ip nat inside source static 192.168.1.2 50.1.1.2 Rel(config)# no ip nat inside source static 192.168.1.3 50.1.1.3 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 188Configuration of DYNAMIC NAT Rel(confighfaccesslist 55 permit 192.168.1.0 0.0.0.255 R-l(config)fip nat pool CCNA 50.1.1.1 50.1.1.200 netmask 255.255.255.0 R-l(config)#ip nat inside source list 55 pool CCNA Implementation R-l(config)#interface fastEthernet 0/0 Rel(config-iffip nat inside Rel(config.if}fexit (Interface facing towards LAN) R-l(config)finterface serial 0/0 R-l(config.iffip nat outside (Interface facing towards ISP) Verification: Generate some telnet traffic from inside LAN devices = 192.168.1.1 = 192,168.12 = 192,168.13 192.168.1.4 PC>telnet 100..1.2 Trying 100.1.1.2 ...Open User Access Verification IsP> Relish ip nat translations Pro Inside global Inside local_ Outside local Outside global tep 027 1027 100.1.1.2:23 100.1.1.2:23 tep 1025 £1025 100.1 100.1.1.2:23 tep 1025 1025 100.1. tep 1025 £1025 100.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 189NOAsoreom LAB : PORT ADDRESS TRANSLATION acne eg Cheer TASK: Remove the NAT Configurations done in the previous Lab. ‘Configure PAT (Dynamic NAT Overload) and make sure that the inside LAN users (192.168.1.0/24) {get franslated fo single public IP (50.1.1.1/32) given by service provider )\Solutions| Syntax Sean tp adng Cenc (Config) access-tst < ACL-NO> permit (Config) tip nat inside pool netmask < mosk> (Config) fp nat inside touree lst pool overload PAT Configuration Rel(config) Haccessulist 55 permit 192.168.1.0 0.0.0.255 (config) #ip nat poo! CCNA $0.1.1.1 $0.1.1.1 netmask 255.255.255.255 -1(config) ip nat inside source list 55 pool CCNA BVHBBE Implementation 1(config) Hinterace festethemet 0/0 Rel{contig-t] tip not inside Rel(contig-#) Hexit (interface facing towards LAN) R-1(contig) interface serial 0/0 R-1(confg-f} ip nat outside (antertace facing towards ISP ) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 190LAB3 PORT ADDRESS TRANSLATION 192.168.1.1 192.168.1.2 inide users 200.1.1.1 200.1.1.2 / Servers onthe | ton tes.40/24 a, TASK: * Remove the NAT Configurations done in the previous Lab. ‘+ Configure PAT (Dynamic NAT Overload) and make sure that the inside LAN users (192.168.1.0/24) get translated to single public IP (50.1.1.1/32) given by service provider Continue with the same pre-configurations in the LAB — 2 Remove the dynamic NAT configurations. Implementation is same as previous lab R-l#clear ip nat translation * NOTE: * Make sure that you clear the translation table before you edit or remove the any NAT configurations R-l(config) #no ip nat inside source list 55 pool CCNA R-l(config) #no ip nat pool CCNA _50.1.1.1 50.1.1.200 netmask 255.255.255.0 R-l(config) #no accesslist 55 PAT Configuration NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 191R-l(confighfaccesslist 55 permit 192.168.1.0 0.0.0.255 R-(config)#ip nat pool CCNA 50.1.1.1 50.1.1.1 netmask 255.255.255.255 R-1(config)#ip nat inside source list 55 pool CCNA SVSHead Implementation R-l(config) #interface fastEthernet 0/0 R-l(config-if) #ip nat inside RAl(config-if) #exit (Interface facing towards LAN) R-l(config)#interface serial 0/0 R-l(config-if}#ip nat outside (Interface facing towards ISP) Verification: ‘© Generate some telnet traffic from inside LAN devices (192.168.1.1 //192.168.1.2 //192.168.1.3, 1N92.168.1.4//) PC>telnet_1001.1.2 Trying 100.1.1.2 ...Open User Access Verification Relish ip nat translations Pro Inside global Inside local Outside local Outside global 192.168.1.1:1029 100.1.1.2:23 100.1.1.2:23 100.1.1.2:23 192.168.1.3:1026 100.1. 100.1.1.2:23, 192.168.1.4:1026 100.1 100.1.1.2:23 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 192RTE ETITS LAB : PAT using Exit Interface NOkewers ‘+ Configure PAT (Dynamic NAT Overload) and make sure that the inside LAN users (192.168.1.0/24) Get translated fo single public IP on the ‘given by service provider. R-l[config] taccess-lst $5 permit 192.168.1.0 0.00.25 Implementation R-I[contig) Hintertace fastéthemet 0/0 &-[contig:t} lp nat inside R-1[confiyi text (interface facing towards LAN) R:I[contg) Winertace serial 0/0 R-l[contg.} ip nat oukide (interface facing towards SP) LAB-4 PORT ADDRESS TRANSLATION using Exit Interface 7 192.168.1.3, ( 192.168.1.1 eeseettia 192.168.1.2 \ 200.4.1.1 200.112 ae Saar) 192.168.1.0/24 ae NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 193‘ASK: Remove the NAT Configurations done in the previous Lab. Configure PAT (Dynamic NAT Overload) and make sure that the inside LAN users (192.168.1.0/24) get translated to single public IP on the Sulside interfae® (100A) given by service provider. STEPS: ‘* Continue with the same pre-configurations in the LAB ~ 3 ‘+ Remove the PAT configurations. ‘+ Implementation is same as previous lab R-liéclear ip nat translation * NOTE: * Make sure that you clear the translation table before you edit or remove the any NAT configurations R-l(config)#no ip nat inside source list 55 pool CCNA overload R-l(config)#no ip nat pool CCNA 50.1.1.1 50.1.1.1 netmask 255.255.255.248 Rel(config)#no accesslist 55 PAT Configuration Rel(configh#accesslist_ 55 permit 192.168.1.0. 0.0.0.255 R-l(config)#ip nat inside source list 55 interface serial 0/0. overload Implementation R-l(config)finterface fastEthemet 0/0 R-l(config-i#ip nat inside RA(config-if}#es (interface facing towards LAN) R-l(config)#interface serial 0/0 R-l(config:if#ip nat outside (Interface facing towards ISP ) Verificatior * Generate some telnet traffic from inside LAN devices (192.168.1.1 //192.168.1.2 //192.168.1.3 //192.168.1.4//) PC>telnet 100.1.1.2 Trying 100.1.1.2 ...Open NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 194User Access Verification Relish ip nat translations Pro Inside global Inside local__ Outside local_ Outside global tep 1029 i tep 1026 1. tep 1024 1026 100.1.1.2:23 tep 1025 1026 100.1.1.2:23 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 195Basic Switching Concepts Router & Switch NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 196NOAsoron Hub Switch 3, 4. 5. 6, 2. Ithas no intelligence. It always do broadcasts It works with O's and I's (Bits) It works with shared bandwidth Ithas 1 Broadcast Domain Ithas 1 Collision Domain, How ARP works 1 Its is An Intelligent device & maintains a MAC address table. It uses broadcast. and Unicast It works with Physical addresses (ie MAC addresses) It works with fixed bandwidth Ithas 1 Broadcast domain by default Number of Collision domains depends upon the number of ports. NOAsono NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 197How switch Learn MAC address Broadcast Domain » Set of all devices that receive broadcast frames originating from any device within the set. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 198NOAsorrom Broadcast Domain (Contd) NOAsomens » Carrier Sense Multiple Access /Collision Detection is the protocol for carrier transmission access in Ethernet networks. Collisions are identified using Access Methods called CSMA/CD and CSMA/CA CSMAYCD works in wired LAN. & CSMAYCA works in wireless LAN NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 199NOAsomeans Collision Domain A collision domain is a network segment with two or more devices sharing the same bandwidth. (where there is a chance of collision) Types of Switches NOAsamens » Unmanageable switches These switches are just plug and play No configurations and verifications can be done There is no console port. » Manageable switches These switches are also plug and play It has console port and CLI access. We can verify and modify configurations and can implement and test some advance switching technologies ( VLAN, trunking , STP) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 200Cisco’s Hierarchical Design Model Catalyst 2900 LEE Catalyst 1900 Access Layer 1900 & 2900 (12 switches) Distribution Layer 3550, 3560 (L3 switches or ‘multilayer switches) Core Layer 4500, 6500 (L3 switches (or multi-layer switches) NOAsomens Carey hy ann Initial configuration of a switch: » Console Connectivity » Emulation Software ( hyperterminal, putty, Secure CRT) oda NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolSolutions] Basic Commands NOA‘ red Chae switch>enable switch# Show running-config switch# Show startup-config switch# Show version switch# Show flash switch# Show mac-address-table (To see the entries of the MAC table) switch# Show interface status switch#config terminal Switch(config)# )-\Solutions| Passwords NOAsamon TO assign telnet Password switch(config) # line vty 0.4 switeh(config-line) # password switch(config-line) # login To assign Console Password switch(config) # line con 0 switch(configeline) # password switch(config-line) # login To assign Enable Password switch(config) #enable secret < password> OR switch(config) #enable password < password> NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 202J\Solutions Initial configuration of Switch for telnet Access To assign IP to a Switch switch(config)# Interface Vlan 1 7 switch(config-if)# ip address. BS \ 5 switch (config-if)# no shutdown BS =. To assign Default Gateway to a Switch isztest0728 switch(config)# ip default-gateway 192.168.1.100 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolVLAN & Trunks NOAsamens Virtual LAN bes vides a Single Broadcast domain into Multiple Broadcast domains. A Layer 2 Security Vian 1 is the default VLAN. We can create vians from 2 ~ 1001 Can be Configured on a Manageable switches only NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 204)A smn Benefits of VLANs » Limit the number of broadcast » Better performance » Security NOAsomons Types of VLAN eS 1. Static VLAN 2. Dynamic VLAN a NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 205NOAsorons Static VLAN ‘+ Static VLAN’s are based on port numbers + Need to manually assign a port on a switch to a VLAN + Also called Port-Based VLANs + One port can be a member of only one VLAN Vian Creation : Switeh(con‘g)# vlan Switeh(con{igVan)# name Switeh(eonfigVlan}# Exit Assigning ports in Vian Switeh(config)# interface Suiteh(configi# switehport mode access Switch(configswitchport acces Vian NOAsorrons 2002 £4di-default act/onese 1003 token-ring-default act/ansup 2004 fédinet-detault — act/anowp 1005 trnet-defauit sct/ansee ‘Al ports assigned to VLAN 1 to forward data by default "Nate VUAN is VLAN 1 by dtaut, ‘Management VLAN is VLAN 1 by defaut YVLAN 1 cannot be renamed or deleted NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 206NOAsorron TASK: Create four VLANs ( VLAN 10,20,30.40) Switch config)#vlan 10 Switch(config-vian)#name sales a a Switch(config-vian)#vlan 20 Switch(config-vian)#name marketing Switch(config-vian)#vlan 30 wan name Switch(config-vlan)#vlan 40 ‘ete Fo od. od. Fi 7) Fol a0. fo 09 Fo fo Fo 12 Feo) roi F001 Fos Switch(config-vian)#end 20/17 Foo Foo Fo 20 2 Fo Fo 23 Fo 4. sin NOAsorrons Configure port fa0/8_ in to vlan 10 Configure multiple ports ( 4-7 and10) to vlan 20 Switeh(config)¥int 10/8 Switch(config-if#switchport mode access Switch(config-if\#switehport access vlan 10 Switeh(config-ifexit ‘Switch config) ¥interface range f0/4 - 7 , f0/10 ‘Switch config-ifrange)/switchport mode access Switch config-if-range)#switchport access vlan 20 Swtchteh von NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 207192.168.1.1 192.168.1.3 99 168.1.4 192.168.1.2 192.168.1 STERS: 1. Ping between 192.168.1.1 and 192.168.1.3 a. (they can communicate with each other and they are on the same network (logically) and same VIAN ( default vian 1) 2. Create VLAN 20 3. Shift port f0/3 . 0/4 in to VLAN 20 4. Ping between 192.168.1.1 and 192.168.1.3 ‘a. they cannot communicate with each other and they are on the same network (logically) but on different VLAN (VLANI and vlan 20) Switchish vlan VLAN Name Status Ports active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/S, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, FaO/I1, Fa0/12 Fa0/13, Fa0/14, Fa0/15, FAO Fa0/7, Fa0/18, Fa0/19, Fa0/20 FaQ/21, Fa0/22, Fa0/23, Fa0/24 Gigl/1, Gigl/2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 tmet-default act/unsup NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 208PC>ipconfig IP Address Subnet Mask... 255.255.255.0 Default Gateway. + 192.168.1100 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply HSRRIOZSBIZ: bytes! 32 time Reply from 192.168.1.2: bytes=32 time Reply from 192.168.1.2: bytes=32 tim Reply from 192.168.1.2: bytes=32 tim Pc>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply Fromil92:168:1:3: bytes—32 tim Reply from 192.168.1.3: bytes=32 tim Reply from 192.168.1.3: bytes=32 tim Reply from 192.168.1.3: bytes=32 time: PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: : bytes=32 time= Reply from 192.168.1.4: bytes=32 tim Reply from 192.168.1.4: bytes=32 tim Reply from 192.168.1.4: bytes=32 tim All the Four devices in the LAN can communicate with each other and they are on the same network (logically) and same VLAN ( default vlan 1) TASK: Create Vian 20 And Shift The Ports 3 And 4 In To Vian 20 ‘Switch (configh#vlan 20 Switch(config-vlan)#name SALES Switch(config-vlan)#exit ‘Switch (config)#interface fastEthemet 0/3 Switch (config-i#switchport mode access Switch(config-if#switchport access vlan 20 Switch(config-ifHexit Switch(config)#interface fastEthemet 0/4 Switch (config-if}#switchport mode access Switch(config-i}#switchport access vlan 20 Switch#sh vlan VLAN Name Status Ports NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 209TUS ae active FAO FA0/29F 20/5, Fa0/e Fa0/7, Fa0/8, Fa0/9, Fa0/10 FaQ/11, FaO/12, FaO/13, Fa0/4 Fa0/15, Fa0/16, Fa0/17, FaO8 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gigl/I, Gigl/2 1002 fdi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 tmet-default act/unsup PC>ipconfig IP Adress Subnet Mask... 255.255.255.0 Default Gateway. 192.168.1.100 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data Reply frOmm92H68MI23 bytes=32 tim Reply from 192.168.1.2: bytes=32 tim Reply from 192.168.1.2: bytes=32 time= Reply from 192.168.1.2: bytes=32 tim PC>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out. PC>ping 192.168.1.4 pari 192.168.1.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 210LAB -2 CREATING BASIC VLAN CONFIGURATION ON SWITCHES * Create four VLANs ( VLAN 10,20,30.40) © Configure port fa0/8_ in to vlan 10 © Configure multiple ports( 4-7 and10) to vlan 20 Switch(config)#vlan 10 Switch(config-vian)#name sales Switch(config-vian}fvian 20 Switch{config-vlan)#name marketing Switch(config-vlan}#vlan 30 Switch{config-vlan)#vlan 40 Switch(config-vlan)#end Switch#sh vlan Status Ports 1 default active _Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, FaOAO, Fa0/1, Fa0/12 Fa0/13, Fa0/14, Fa0/15, F016 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gigi/l, Gigl/2 ‘There are no active ports in the new vlan which we created To shift the ports NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 211Switch(config)#int 10/8 Switch(config-i#switchport mode access Switch(config-if}#switchport access vlan 10 Switch(config-if}#exit Switch(config)#interface range f0/4 - 7 . f0/10 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 20 Switchish vlan VLAN Name Status Ports active Fa0/l, Fa0/2, Fa0/3, Fa0/9, FaQ/11, FaQ/12, Fa0/3 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/B, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24 )-\Solutions] Dynamic VLAN NO, ips wn Cie se Dynamic VLAN’s are based on the MAC address of a PC Switch automatically assigns the port to a VLAN. Each port can be a member of multiple VLAN's For Dynamic VLAN configuration, a software called VMPS( VLAN Membership Policy Server) is needed [rant [ond [var vlan contguation NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 212NOAsomean Trunking » Asingle VLAN can span over Multiple Switches PN lee NOAsomens Passing VLAN Traffic Using Separate Links for each VLAN Passing VLAN Traffic Using Single Links NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolNOAsormeans Types of links/ports Access links Connecting to end devices ( Hosts or router) part of one VLAN. ‘Trunk links Do not belong to any VLAN carry multiple VLANs trafic. link between two switches. were =e NOAsomens Frame Tagging In oder to make sure that same vlan users on different switches communicate with ‘each other there is a method of tagging happens on trunk links Tag is added before a frame is send and removed once it is received on trunk link. Frame tagging happens only on the trunk links Frame Tagging NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 214NOAsorro Trunking protocols ISL IEEE 802.1Q It's a Cisco proprietary © Open standard It works with Ethernet, Token ring, «It works only on Ethernet FDDI + Only 4 Byte tag will be added to It adds 30 bytes of tag original frame. AILVLAN traffic is tagged NOAsomens Trunk Configuration Switch(config)# interface Switch(config-i# switchport mode trunk Switch(config-if}# switchport trunk encapsulation dotlq/ISL NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 215)-\Solutions] LAB : Trunking es TASK: Create Vian 10 , Vian 20 on both Switches Shift ports in to their respective VLAN as per the diagram. Confiure F0/20 port between SWI and SW2 as Trunk link Ensure That users of same VLAN on different Switches must communicate with each other | Sg Ss Ss Ss NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 216LAB: TRUNKING. 992.1681. B / 192.168.2.9 soto’ eet08at Se 192.168.464 7 ro2.16824 VLAN 10 VIAN 20 f92.168.1.1 vu 10 VIAN 20 TASK: Create Vian 10 , Vian 20 on both Switches Shift ports in to their respective VLAN as per the diagram. Confiure F0/20 port between SWI and SW2 as Trunk link Ensure That users of same VLAN on different Switches must communicate with each other On Sw Switch(config)#hostname SW-1 SW-1(config)finterface range f0/1 - 2 SW-I(config-if-range)#switchport mode access SW. cools eo Ne SW-I(config-ifrange)#exit SW-1(config)#interface range 0/3 - 4 SW-1(config-if-range)#switchport mode access i-range)#switchport access vlan 20 f-range)#end SW-l#sh vlan, VLAN Name Status Ports active _Fa0/5, Fa0/6, Fa0/7, FaQ/8 Fa0/9, Fa0/10, FaQ/I1, Fad/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gigi/1, Gig/2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 2171002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 tmet-default act/unsup On sw-2 Switch (config)#hostname SW-2 SW-2(config)finterface range fO/1 - 2 SW-2(config-ifrange)#switchport mode access SW-2(config-ifrange) #switchport access vlan 10 SW.-2(config-if-range)#exit SW.-2(config)#finterface range 0/3 - 4 SW.-2(config-if-range)#switchport mode access sw-2 ore ce access vlan 20, SW-2(config-ifrange)#end SW.-2#sh vlan VLAN Name Status Ports active _Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, FaO/10, FaQ/I1, FaO/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, FaQ/24 Gigl/1, Gigt/2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup. 1004 fddinet-default act/unsup 1005 trnet-default act/unsup From PC 192.168.1.1 PC>ipconfig IP Address. Subnet Mask. 255.255.255.0 Default Gateway. :192.168.1.100 Pc> Pinging 192.168.1.3 with 32 bytes of data: Request timed out. Request timed out. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 218Request timed out. Request timed out. PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 time=13ms TTL=128 Reply from 192.168.1.2: bytes=32 time=9ms TTL=128 Reply from 192.168.1.2: bytes=32 time=8ms TTL=128 Reply from 192.168.1.2: bytes=32 time=8ms TTL=128 PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. From PC 192.168.2.1 PC>ipconfig IP Address Subnet Maske. .:255.255.255.0 Default Gateway. 192.168.2.100 PC> ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data: Reply from 192.168.2.2: bytes=32 tim Reply from 192.168.2.2: bytes=32 tim Reply from 192.168.2.2: bytes=32 tim Reply from 192.168.2.2: bytes=32 time=8ms TTL=128 SERVER> ping 192.168.2.3 Pinging 192.168.2.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. SERVER>ping 192.168.2.4 Pinging 192.168.2.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. NOTE: * From the above verification * Users of the same VLAN connected on the same switch can ping each other NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 219* Same vlan users on different switches are not able to ping each other * In oder to communicate between same vian on different switches , there should be trunking configured on link (f0/20) between the switches To configure trunking ‘SW-1(config)#interface fastEthernet 0/20 SW-1(config-if}#switchport mode trunk ‘SW-1(config-if}#switchport trunk encapsulation dotlq SW-2(config)fint 0/20 SW-2(config-if}#switchport mode trunk ‘SW-2(config-if)#switchport trunk encapsulation dotlq ‘SW-l#sh interfaces trunk Port Mode __ Encapsulation Status _ Native vlan trunking 1 Port Vians allowed on trunk Fa0/20 11005 Port Vians allowed and active in management domain Fa0/20 1.10.20 Port Vians in spanning tree forwarding state and not pruned Fa0/20 1.10.20 SW.-2#sh interfaces trunk Port Mode _ Encapsulation Status Native vlan trunking 1 Port Vians allowed on trunk Fa0/20 11005 Port Vlans allowed and active in management domain Faq/20 — 1,10,20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 — 1,10,20 From PC 192.168.1.1 PC> ipconfig IP Address, 192.168.1.1 Subnet Mask. 255.255.255.0 Default Gateway. 192.168.1.100 PC>ping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 220PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: j= 32 time=25ms TTL=128 Reply from 192.168.1.4: bytes=32 tim From PC 192.168.2.1 Pc>ipconfig IP Address. 192,168.21 Subnet Mask. 255.255.255.0 Default Gateway. 192.168.2.100 PC> ping 192.168.2.3 Pinging 192.168.2.3 with 32 bytes of data: Reply from 192.168.2.3: bytes=32 time=13ms TTL=128 Reply from 192.168.2.3: bytes=32 tim Reply from 192.168.2.3: bytes=32 tim Reply from 192.168.2.3: bytes=32 tim PC>ping 192.168.2.4 Pinging 192.168.2.4 with 32 bytes of dat Reply from 192.168.2.4: bytes=32 time=26ms TTL=128 Reply from 192.168.2.4: bytes=32 time=12ms TTL=128 TASK: Configure The Trunk Link Such That It Only Allow The Vian 10 , 20, 30 , 40 Traffic Should Only Be Allowed (No Other Vian Traffic Should Be Send ) On both switches (SWI/SW2) ‘W-x(config)fint 10/20 SUW-x(config-if}#switchport trunk allowed vlan ? WORD VLAN IDs of the allowed VLANs when this port is in trunking mode add add VLANsto the current list all all VLANs except all VLANs except the following one no VLANs remove remove VLANs from the current list NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 221‘SW-x(config-if)#switchport trunk allowed vlan 10,20,30,40 SW-lifsh interfaces trunk Port Mode Encapsulation Status Native vlan FaQ/20 on 802.1q trunking 1 Port __Vians allowed on trunk Port Vians allowed and active in management domain Fa0/20 10,20 Port Vians in spanning tree forwarding state and not pruned Fa0/20 10,20 SW-2#sh interfaces trunk Port Mode Encapsulation Status _ Native vlan Fa0/20 on 802.1q trunking 1 Port Vians allowed on trunk Port Vians allowed and active in management domain Fa0/20 10,20 Port Viansin spanning tree forwarding state and not pruned FaQ/20 10,20 TASK: * Create vian 50, 60,70,80 on both switches © Configure the trunk link {0/20 to add vlan 50 ,60,70,80 to the existing trunk allowed list On both switches (SW1/SW2) ‘SW-x(config)#vlan 50 SW-x(config-vlan}#vlan 60 SW-x(config-vlan}#vlan 70 SW-x(config-vian}#vlan 80 SW-x(config-vlan)ffend ‘SW-x(config-if#switchport trunk allowed vlan add 50,60,70,80 ‘SW-l#fsh interfaces trunk Port Mode Encapsulation Status _ Native vlan Fa0/20 on 8021q trunking 1 Port __ Vians allowed on trunk Port Vians allowed and active in management domain Fa0/20 — 10,20,50,60 Port Vians in spanning tree forwarding state and not pruned Fa0/20 10,20,50,60 SW-24sh interfaces trunk NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 222Port Mode Encapsulation Status Native vlan FaQ/20 on 802.1q trunking 1 Port Vlans allowed on trunk Port Vians allowed and active in management domain Fa0/20 10,20,50,60 Port Vians in spanning tree forwarding state and not pruned Fa0/20 — 10,20,50,60 TASK * Configure the trunk link 0/20 to remove vlan 70,80 to the existing trunk allowed lis SW-1(config)fint f0/20 SW-I(config-if}#switchport trunk allowed vlan remove 70.80 SW-1fsh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Port Vians allowed on trunk Port Vians allowed and active in management domain FaQ/20 — 10,20,50,60 Port Vlans in spanning tree forwarding state and not pruned. FaQ/20 — 10,20,50,60 SWW-2itsh interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/20 on 802.1q trunking 1 Port Vians allowed on trunk Port Vians allowed and active in management domain Fa0/20 — 10,20,50,60 Port Vians in spanning tree forwarding state and not pruned FaQ/20 — 10,20,50,60 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 223Inter Vian Routing NA. packets in one VLAN nnot cross into another VIAN. emaaal ‘To transport packets 4 between VLANs, you must use a Layer 3 device. The router must have a physical or logical ‘connection to each VLAN 0 that it can forward ee a ene packets between them. This is known as inter- VLAN routing, Inter-VLAN routing can be performed by an external router that connects to each of the VLANs on a switch, Inter-Vian Routing NA Methods A. Separate Physical Gateway on Router B. Using Sub-interfaces C. Using Layer 3 Switch Vana ££ wan? gino tr VAN = VLANs 1.2.3 a , ee Tune ws vant vUN2 Mastlayer Switch vuNs NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 224Inter-Vian Routing using Separate NGA, : Physical Gateway on Router Router(contig|#intetace Fastethemet0/0 Rovlerlcong-}a ip address 192,168.1.100 255.285.2550 rion foutericonto+ ano shutdown > Router|configit}#exit ovtericonfig|#ntertace Fastetheret0/1 Router|config.t)# Ip address 192.168.2.100 255.255.255.0 Routericonigy ino shutdown ‘Switch vlan fase Gmee Fa0/9,Fa0/12, Fa0/3, Fa0/14 a ae , Fa0/I, Fo0/18, Fo0/17,Fo0/18 Fa0/I9, 0/20, Fo0/21, Fo0/22 Fo0123, Fo0/24, Gigi, Ggh/2 ‘10 sales = ctve. FO. Fa /2. FaO/0 20 matketing active. Fo0/3,Fo0/s,Fad/t 1002 taa-detault actiursu an Routing Using Legacy Method 192.168.1.100 For 192.168.141 9208.24 192.1681. 192.1682 wav vuN20 192:168.1.0/24 192.168.2.0/24 TASK Create Vian 10, Vian 20 on SWI and assign ports in to their respective VLAN as per the diagram. Ensure That users of VLAN 10 and 20 communicate with each other Switch (config)#vlan 10 ‘Switch (config-vlan}#name sales NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 225Switeh(config-vian)#exit Switch (config)#vlan 20 Switch (config-vlan)#name marketing Switch(config-vian)fexit Switch (config)#interface FastEthernetO/1 Switch(config-if)# switchport access vlan 10 Switch (config-if)# switchport mode access Switch (config-if}#interface FastEthernet0/2 Switch(config-if)# switchport access vlan 10 Switch (config-if}# switchport mode access Switch (config-if)#interface FastEthernet0/3 Switch (config-if)# switchport access vlan 20 Switch (config-if)# switchport mode access Switch (config-if}#interface FastEthernet0/4 Switch (config-if)# switchport access vlan 20 Switch(configeif)# switchport mode access Switch(config-if#exit Switch (config)¥interface FastEthernet0/10 Switch (config-if)# switchport access vlan 10 Switch (config-if}# switchport mode access Switch (config-f)finterface FastEthernetO/I1 Switch (config-if}# switchport access vlan 20 Switch(config-if)# switchport mode access Switch (config-if}#end Switchish vlan VLAN Name Status Ports active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/12, Fa0/13, Fa0/4 Fa0/5, Fa0/16, Fa0/17, Fa0/18 FaQ/9, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gigl/l, Gigl/2 10 sles == active Fa, Fa0/2, Fa0/10 20 marketing active Fa0/3, Fa0/4, Fa0/1 1002 fddi-default act/unsup NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 226Router(config)#interface FastEthernet0/O Router(config.if}# ip address 192.168.1.100 255.255.255.0 Router(config.if}#no shutdown Router(config-if}exit Router(config)#interface FastEthernetO/l Router(config.if}# ip address 192.168.2.100 255.255.255.0 Router(config.if}#no shutdown Router(config.if}#exit Router(config)#end Routerdsh ip int brief Interface IP-Address OK? Method Status astetherniet0/0NI92A68AT 001 ES manual up up FastEthernetO/I 192.168.2100 YESmanualup = up Router#/sh ip route P - periodic downloaded static route Gateway of last resort is not set C_ 192.168.1.0/24 is directly connected, FastEthemet0/O C_ 192.168.2,0/24 is directly connected, FastEthernet0/l PC>ipconfig FastEthernetO Connection:(default port) Link-local IPv6 Addres # IP Addressinitnnisniet 192168.1.1 Subnet Mask. +: 255,255.255.0 Default Gateway.. 92.168.1.100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168.2.1: bytes=32 time=Oms TT| Reply from 192.168.2.1: bytes=32 time=Oms TT! Reply from 192.168.2.1: bytes=32 time=Oms TT| PC> tracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: 1 13ms Oms Oms — 192.168.1.100 2 Oms Oms Oms 192,168.21 Trace complete. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 227INTER VLAN-ROUTING USING ROUTER NA,, (Router On Stick) SW-1t2h an Fo0/, Fa a0? For Gigi. Gigi 2 Trunk ik coniguration ‘1 [coni interface fstheret 0/20 (interface facing Router) 502 [confi wtchpod mode hunk WI [contin Hawilchpot unk encapsulation det INTER VLAN-ROUTING USING ROUTER NOA (Router On Stick) ‘ Creoting sub interfaces on outer interface 10/0, -I{confial in 0/0 ReI[config)# no shutdown Reliconfig:ii# exit R-I[config) #in f00/0.10 a a. R-I[configsub-f)# encopsulation dota 10 ae ——— Itshould be the exact vian no (vlan 10) R-I[configsubi tip add 192.168.1.100 255,255.255.0 Rel{contigsubi# ext -1[config) in f00/0.20 Rel[configsub-i}# encapsulation dot@ 20 Ht should be the exact vian no ( vlan 20) Rel[config-subsit jp odd 192.168.2.100 255.255.255.0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 228LAB: INTER VLAN-ROUTING USING ROUTER (Router On Stick) 10/010 192.168.1.100 py 10/0.20 192.165.2.100 192.168.14 1 —192.108.1.2 t yo2.10842 wav v0 van 20 192:168.1.0/24 192:168.2.0/24 TASK: Create Vian 10 . Vian 20 on SWI Shift ports in to their respective VLAN as per the diagram. Confiure FO/20 port as Trunk link. Create sub interfaces on router port f0/0 Ensure That users of VLAN 10 and 20 communicate with each other On swt Switch (config)#hostname SW-1 SW-I(config)#interface range f0/1 - 2 SW-I(config-if-range)#switchport mode access SW-I(config-if-range)#switchport access vlan 10 SW-1(config-if-range)#exit SW-1(config)finterface range 0/3 - 4 SW-1(config-if-range)#switchport mode access SW/-1(config-if-range)#switchport access vlan 20, SW-1(config-if-range) end SW-l#sh vlan VLAN Name Status Ports active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, FaO/0, FaO/11, FaO/12 Fa0/13, Fa0/14, Fa0/15, FANG NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 229Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gigl/I, Gigl/2 10 VLANOOIO = active Fa0/1, Fa0/2 20 VIANO020 active Fa0/3, Fa0/4 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 tmet-default act/unsup ‘Trunk link configuration SW-1(config)#interface fastEthemet 0/20 (Interface facing Router) SW-I(config-if}#switchport mode trunk SW-1(config-if}#switchport trunk encapsulation dott + Arrouter on a stick an be used to route between VLANS using either ISL or 802.1 as the trunking protocol. * Arrouter on a stick requires subinterfaces, one for each VLAN. Creating sub interfaces on router interface f0/O R-l(config)#int fa0/0 RA(config-if}# no shutdown R-l(config-ifi# exit R-l(configh#int fa0/0.10 Rel(config-sub-if}# encapsulation dotlQ 10 It should be the exact vlan no ( vlan 10) RA(config-sub-if}# ip add 192.168.1.100 255.255.255.0 Re(config-sub-if}# exit R-l(configh#int fa0/0.20 R-l(config-sub-if}# encapsulation dotlQ 20 It should be the exact vlan no ( vlan 20) R-l(config-sub-i}# ip add 192.168.2.100 255.255.255.0 Router#/sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/O unassigned _—_YES unset up. up Verify connectivity NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 230PC>ipconfig IP Address + 192.168.1.1 Subnet Mask + 255,255,255.0 Default Gateway. :192.168.1.100 PC> ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168,2.1: byte: Reply from 192.168.2.1: byte Reply from 192.168.2.1: bytes=32 time=109ms TTL=127 PC>tracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: 1 47ms 63s 62 ms _192.168.1.100 2 109ms 125ms 78ms 192.168.2.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 231Spanning-tree protocol NOAsormnn Bridging loops Redundant link between switches provides redundancy. Also possibility to create loops when switches do broadcasts. 1. Broadcast storms 2. Mac-table instability 3. Multiple frame transmissions NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 232NOAsormens Bridging loops (solution) 1. Only one link between switches (no redundancy) 2, Shutdown extra link temporarily 1. Manually ( shutdown command) 2. Automatically block extra links (done by STP) NOAsomens Spanning-tree Protocol STP stop the loops which occurs when you have multiple links between switches STP stops avoiding Broadcast Storms, Multiple Frame Copies & Database instability. STP is a open standard (IEEE 802.1D) STP is enabled by default on all Cisco Catalyst switches 20/1 #201 a0/2 ———Fa0/2: Switcha ‘SwitchB NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 233NOAsoron How STP works ie ae 1. Selecting the Root Bridge 2 Selecting the Root Port 3. Selecting Designated port & Non Designated port | | NOAsomens 1) Selecting the Root Bridge ary iy stig Cn » The bridge with the Best (Lowest) Bridge ID. » Bridge ID = Priority + MAC address of the switch » Out of all the switches in the network, one is elected as a root bridge that becomes the focal point in the network. To » Every LAN will have only one Root Bridge and all the remaining switches will be considered as Non-root Bridges. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 234RTEETTS 2) Selecting the Root Port: NOAs ewe Chew cae Shortest path to the Root bridge Every Non-root Bridge looks the best way to go Root-bridge 1. least cost (Speed) 2. The Lowest forwarding Switch ID = 3. Lowest Physical Port Number. le » For every non-root bridge there is only one root port. NOAsomeo STP Port Cost rene) Gren 4 Mbps 250 10 Mbps 100 16 Mbps @ 45 Mbps 39 100 Mbps 19 155 Mbps 4 622 Mbps 6 1Gbps 4 10 Gbps 2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 235NOAsoron 3) Selecting Designated port & Non Designated port 1. least cost (Speed) 2. The least local Switch ID. 3. Lowest Physical Port Number. NOAsome BPDU Al switches exchange information through what is called as Bridge Protocol Data Units (BPDUs) BPDUs are sent every 2 sec and dead = 20 sec A.BPDU contains information regarding ports, switches, port priority and addresses. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 236)\Solutions] STP port states > Blocking 20 Sec or No Limits. » Listening 15 Sec. » Learning 15 Sec. » Forwarding No Limits. Disable No Limits. )-\Solutions| Lab : verifying spanning-tree # Show Spanning-tree NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 237LAB: VERIFYING SPANNING-TREE TASK: Verify the Spanning-Tree Behaviour SW-li#sh spanning-tree VLANO001 Spanning tree enabled protocol ieee Root ID Pd Cot 19 Port 20(FastEthernet0/20) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Pric.Nbr Type Fa0/21 9128.21 P2p Fa0/20 128.20 P2p SW-2#show spanning-tree VLANOOO1 Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 000C.CF2D.0388 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 238Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys.id-ext 1) Address 000C.CF2D.0388 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio.Nbr Type Fa0/20 DesgFWDI9 128.20 P2p Fa0/22 DesgFWD19 128.22 P2p SW-3#tshow spanning-tree VLANOOO1 Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 000C.CF2D.0388 Cost 19 Port 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) ‘Address. OOEO.BOE9.E389 Hello Time 2 see Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost__Prio.Nbr Type FO/RMAIRIBLRS 128.21 2p Fad/22, Root FWD 19 128.22 P2p SW-2(config)#interface f0/20 SW-2{config-if)#shutdown %LINK-5-CHANGED: Interface FastEthernet0/20, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/20, changed state to down. SW-3#show spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 000C.CF2D.0388 Cot 19 Port _22(FastEthernet0/22) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 239Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address OOEO.BOE9.E389 Hello Time 2 see Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. —_Prio.Nbr Type Fao/21 Desg URN = 128.21 P2p Fa0/22 Root FWD19 128.22 Pap SW-3#show spanning-tree VLANOOOT Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 000C.CF2D.0388 Cot 19 Port __ 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address QOEO.BOE9.E389 Hello Time 2 see Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost. Prio.Nbr Type Fa0/2t— DesgiEWDNS 128.21 Pap Fa0/22 Root FWD 19 128.22 P2p SW-2(config-if}# no shutdown, %LINK-5-CHANGED: Interface FastEthernet0/20, changed state to up SW-3#show spanning-tree VLANOOO1 Spanning tree enabled protocol ieee Root ID Priority 32769 ‘Address 000C.CF2D.0388 Cot 19 Port __ 22(FastEthernet0/22) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address OOEO.BOE9.E389 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 240Aging Time 20 Interface Role Sts Cost Prio.Nbr Type Fao/21 ANERIBUKMS = 128.21 P2p Fa0/22 Root FWD19 128.22 Pap NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 info@noasolutions com Page 241IPV6 IP Address IP Address is Logical Address. It is a Network Layer address (Layer 3). IP address is given to every device in the network and it is used to identify the device with in the network. » Two Versions of IP: IP version 4 is a 32 bit address IP version 6 is a 128 bit address NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 242IPv6 is an extension of IP with several advanced features: Larger address space. No more need for NAT. Simpler header for increased router efficiency. Aggregation-based address hierarchy No more broadcasts. Stateless auto-configuration. Built-in support for Mobile IP. Built-in support for IPsec security. Rich transition features. Easy IP address renumbering Capability to have multiple addresses per interface. » Techniques to reduce address shortage in IPv4 + Subnetting * Classless Inter Domain Routing (CIDR) + Network Address Translation (NAT) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 243IPV6 address Types >» Unicast >» Multicast >» Any cast | IPV6 Addressing » 128 bit address » Hexadecimal format 2001:0db8:0000:0000:1234:0000:0000:3c4d 2001:db8:0:0:1234:0:0:3c4d 2001:db8::1234::3c4d 2001:db8::1234:0:0:3c4d a NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjara hills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 [email protected] Page 244