Escolar Documentos
Profissional Documentos
Cultura Documentos
Since the early 1990s, Cisco has taken a new approach towards device modularity on enterprise
network devices. In the past; the Cisco 2500 Series Routers, excluding the 2524 had fixed port(s)
configuration ranging from Ethernet, Serial, Token Ring, ISDN and Terminal Lines which in this case it
imposed a limit for network investment protection and scalability within an enterprise networks.
With the announcement and release of the Cisco 3600 Series Routers in 1996, businesses felt a relief in
investment protection as they were not required to replace an entire router when upgrading WAN
and/or LAN link aggregation. Companies could easily migrate from using an ISDN line to a content line
with the swap of a WIC (WAN Interface Module) as well as upgrade LAN ports from 10Base-T to
10/100Tx with the change of a NM (Network Module).
The Cisco 2600 Series routers, announced in March of 1998 was the next milestone for Cisco Systems
Inc., a new generation Multi-Service router(s) engineered to provide secure, wire-speed delivery of
simultaneous voice, data, video, and wireless services. However, the Cisco 2600 Series platforms lacked
one feature that was available on the Cisco 3600 Series routers which upset several network engineers
throughout the industry which was the PCMCIA flash card slots. Engineers that were familiar with the
3600 Series platforms found that during disaster recover, the restoration of configuration files as well as
IOS images was simple with the change of a PCMCIA Flash card.
The 3700 Series platforms which include the 3725 and the 3745 were announced around the same time
as the Cisco 2600 Series. These platforms was a major stepping stone in Ciscos device architecture as
these platforms introduced the removable Compact Flash (CF) card memory which is commonly used
with Digital Cameras. Even today, devices such as the 2800, 3800 Series ISR (Integrated Services
Routers), ASA 5500 Series Firewalls, and countless other platforms were designed to utilize Compact
Flash (CF) Cards. CF cards proved to be several times faster and more resilient than previous storage
technology utilized by Cisco devices.
In May of 2002, Cisco launched the new Cisco 2600XM Series Multi-Service Routers which included
several upgraded system architecture features such as a revision of the current Motorola Processor,
125MHZ SDRAM, 16MB integrated flash with a max flash of 48MB, and support of 128MB RAM.
Later, with the release of 12.2(8r) bootrom, the 2600XM Series Multi-service Routers physically
supported 256MB RAM. However, when 12.2(8r) was first introduced it only provided the futureability to use 256MB RAM. At that given time the Cisco IOS for the 2600XM were still limited to 128MB
RAM, however the benefit from using 256MB RAM and the 12.2(8r) bootrom is that the bootrom would
decompress the Cisco IOS image into address space not addressed by IOS kernel. Traditionally when the
images got larger on the 2600XM platform the processor addressable memory space shrunk as the
images are decompressed and loaded into memory upon boot (unlike the 2500 series which are ran
directly from flash) This gave a significant performance boot on the 2600XM platforms. At that time the
upgrade was offered, using 256MB RAM on a 2600XM platform gave you an additional 50-60MB or so as
the decompressed image did not reside in IOS processor addressable memory. If you do the show
memory command on a 2600XM with 256MB RAM running 12.3T youll see that the process should
have 128MB available to address. IOS versions released after October of 2004 had the ability to address
the full 256MB ram minus the decompressed image.
The Cisco 2691 router was also released at the same time as the 2600XM and its the fastest platform in
the 2600 Series portfolio. Designed with higher throughput, scalability, and versatility in mind. The Cisco
2691 Series router was the baby brother to the Cisco 3725 Series router. In a side by side comparison,
they look very similar; However performance and modularity and PRICE sets them apart.
The 1800, 2800 and 3800 Series routers support the HWIC (High-speed WAN Interface Cards) which
supports 400Mbps aggregate (shared among all slots) whereas previous WIC technology only supported
8Mbps aggregate per PCI BUS.
Example; the 2600XM Series has two integrated WIC slots on a shared bus. The 2600XM supports a
single WIC-2T port operating at 8Mbps speed or two ports at 4Mbps but due to the shared bus, the
other WIC slot cannot be used. This limitation also applied to the NM-1FE2W, NM-1FE1R2W, NM-2FE2W
and NM-2W network modules.
The 2800 Series ISR Routers (Excluding 2801) have four HWIC slots supporting 400Mbps aggregate
(400Mbps per all slots on a chassis) and one or more NME (Network Module Enhanced) slots operating
at a shared 1.2Gbps across all slots within the platform whereas its predecessor; Network Module was
only capable of operating at shared speeds up to 600Mbps across all network module slots within the
platform.
Several platforms including but not limited to the 2600 Series, 3700 Series and even newer Integrated
Services Routers have internal expansion slot(s) called AIM slots. AIM, which stands for Advanced
Integration Module is used for expanding the capabilities of a particular platform. There are a vast range
of Advanced Integration Modules available from Cisco such as the AIM-CUE which is the Cisco Unity
Express module that provides voice mail functionality for the Unified Communications Manager Express
platform or even the AIM-VPN module which is a cryptographic processor which offloads cryptographic
functions from the routers processor thus increasing router performance.
Click on the Router Matrix Chart tab to view charts of common routers including ports, slots,
performance, max RAM and FLASH;
ISDN
2H
16MB
2H
16MB
2H
16 Hub Ports
Router
RAM
Flash
Serial*
2501
16MB
16MB
2H
2502
16MB
16MB
2H
2503
16MB
16MB
2504
16MB
2507
16MB
Ethernet RJ45
AUI
Async
Lines*
2509
16MB
16MB
2H
8 Lines
Octal
2509RJ
16MB
16MB
1H
8 Lines
RJ-45
2510
16MB
16MB
2H
8 Lines
Octal
2511
16MB
16MB
2H
16 Lines
Octal
2511RJ
16MB
16MB
1H
16 Lines
RJ-45
2512
16MB
16MB
2H
16 Lines
Octal
2513
16MB
16MB
2H
2514
16MB
16MB
2H
2515
16MB
16MB
2H
2516
16MB
16MB
2H
14 Hub Ports 1
Ethernet Port
2518
16MB
16MB
24 Port Module
2520
16MB
16MB
2H 2L
2521
16MB
16MB
2H 2L
2522
16MB
16MB
2H 8L
1
Shared
2523
16MB
16MB
2H 8L
2524
16MB
16MB
1
Shared
2525
16MB
16MB
Notes: This chart was compiled for lab use only; these routers should NEVER be used in
production. 2500s have a Motorola 68030 20 MHz processor. Have 1x 80pin SIMM RAM slot & 2x pin
SIMM Flash slots. Some 2500 series routers have 2MB DRAM soldered onto the mainboard used for
buffer/shared memory. Async Lines can be used as modem ports or terminal lines used in access
servers. *H = High Speed Synchronous Serial Interface. *L = Low Speed Synchronous/Asynchronous
Serial Interface.
Performance
4k pps
4k pps
AUI RJ45
Shared
1 BRI
4k pps
33Mhz
AUI RJ45
Shared
1
Ncontent
4k pps
33Mhz
1 RJ45 1
Shared
4k pps
Router
RAM
Flash*
CPU
Ethernet
WIC
1601
24MB
16MB
33Mhz
AUI RJ45
Shared
1602
24MB
16MB
33Mhz
AUI RJ45
Shared
1603
24MB
16MB
33Mhz
1604
24MB
16MB
1605
24MB
16MB
ISDN
Notes: 1600 Series used PCMCIA Flash Cards. 1600 Series routers use a Motorola 68360 33Mhz
Processor.
RAM
Flash
CPU
3620
64MB
32MB
80Mhz
3631-CO
256MB
128MB
3640
128MB
3660
Ethernet
WIC
NM
AIM
Performance
None
20-40k pps
240Mhz
None
70k pps
32MB
100Mhz
None
50-70k pps
64MB
64MB
225Mhz
1 or 2 Fast Eth
100-120k pps
3661-CO
64MB
64MB
225Mhz
1 or 2 Fast Eth
100-120k pps
3662
256MB
64MB
225Mhz
1 or 2 Fast Eth
100-120k pps
Notes: 3600 Series routers are completely modular and support PCMCIA Flash Cards. 3620 & 3640 use
an IDT R7000 RISC Processor 3631 uses a PMC-Sierra RM7061A RISC Processor 3660s use a QED
RM5271 RISC Processor
RAM
Flash
CPU
Ethernet
WIC
NM
AIM
Performance
2610
64MB
16MB
40Mhz
(1) 10Base-T
15k pps
2611
64MB
16MB
40Mhz
(2) 10Base-T
15k pps
2612*
64MB
16MB
40Mhz
(1) 10Base-T
15k pps
2613*
64MB
16MB
40Mhz
None
15k pps
2620
64MB
16MB
50Mhz
(1) FastEthernet
25k pps
2621
64MB
16MB
50Mhz
(2) FastEthernet
25k pps
2650
128MB
32MB
80Mhz
(1) FastEthernet
37k pps
2651
128MB
32MB
80Mhz
(2) FastEthernet
37k pps
2610XM
128MB
48MB
40Mhz
(1) FastEthernet
20k pps
2611XM
128MB
48MB
40Mhz
(2) FastEthernet
20k pps
2620XM
128MB
48MB
50Mhz
(1) FastEthernet
30k pps
2621XM
128MB
48MB
50Mhz
(2) FastEthernet
30k pps
2650XM
128MB
48MB
80Mhz
(1) FastEthernet
40k pps
2651XM
128MB
48MB
80Mhz
(2) FastEthernet
40k pps
2691
256MB
128MB
160Mhz
(2) FastEthernet
70k pps
Notes: The 2600 Series utilize the MCP860 PowerQUICC Processor. The 2612 & 2613 have an RJ45
Token Ring port. The 2691 supports both internal and CF (Compact Flash) Storage. 2620 & 2621 can
support 32MB Flash with 12.1(3r) bootrom or later. The 2600XM Series can support 256MB DRAM using
12.2(8r) bootrom or later.
RAM
Flash
CPU
Ethernet
128MB
32MB
40Mhz
(1) FastEthernet
ISDN
WIC
VIC
Performance
12k pps
1710
1711
96MB
64MB
16MB
16MB
48Mhz
(1) FastEthernet
& (1) 10Base-T
7k pps
100Mhz
(1) FastEthernet
& (4) 10/100
Switch Ports
13.5k pps
13.5k pps
1712
128MB
32MB
100Mhz
(1) FastEthernet
& (4) 10/100
Switch Ports
1720
48MB
16MB
48Mhz
(1) FastEthernet
8.5k pps
1721
128MB
32MB
48Mhz
(1) FastEthernet
12k pps
1750
48MB
16MB
48Mhz
(1) FastEthernet
8.5k pps
1751
96MB
32MB
48Mhz
(1) FastEthernet
12k pps
1760
128MB
64MB
80Mhz
(1) FastEthernet
4*
16k pps
Notes: 1700 Series Routers use a Motorola MCP RISC PowerQUICC Processor 1711 & 1712 have an
integrated VPN Hardware services module. Models 1720 and later support an installable VPN Hardware
Services Module. The 1711 Router has an integrated 56k v.90 analog modem. The 1760 has 4 available
VIC slots, two of which can only support WICs.
RAM
Flash
CPU
Ethernet
WI
C
N
M
AI
M
HDS
M
Performanc
e
3725
256M
B
128M
B
240Mh
z
(2)
FastEthern
et
100k pps
3745
256M
B
128M
B
350Mh
z
(2)
FastEthern
et
225k pps
Notes: 3700 Series routers support High Density Service Modules (HDSMs) 3745 Can support 512MB
DRAM (2x256MB SODIMM) using 12.3(6r) Bootrom. 3700 Series routers support Online Insertion &
Removal (OIR) of NMs and Power Supplies.
Rout
er
RAM
Flas
h
Ethernet
aDSL
HWI
C
WiF
i
US
B
Performan
ce
1801
384M
B
128M
B
(1)
FastEthern
et
aDSL
Over
Pots
Yes
70k pps
1802
384M
B
128M
B
(1)
FastEthern
et
aDSL
over
ISDN
Yes
70k pps
1803
384M
B
128M
B
(1)
FastEthern
et
SHDS
L
Yes
70k pps
1805
384M
B
128M
B
(1)
FastEthern
et
None
Yes
70k pps
1811
384M
B
128M
B
(2)
FastEthern
et
None
Yes
70k pps
1812
384M
B
128M
B
(2)
FastEthern
et
None
Yes
70k pps
1841
384M
B
128M
B
250Mh
z
(2)
FastEthern
et
Yes*
No*
1*
75k pps
1861
384M
B
128M
B
250Mh
z
(2)
FastEthern
et
None
No
75k pps
CPU
Notes: All 1800 Series use a QED RM52xx Processor All 1800 Series excluding the 1841 have an 8 Port
10/100 Managed Switch. The 1841 does not have integrated WiFi but supports WiFi via the HWICAP The 1841 has a single USB 1.1 Port, Other 1800 Series have USB 2.0 The 1841 supports the aDSL
& G.SHDSL WIC and HWICs.The 1841 has an AIM Slot (Advanced Integration Module) The 1841
supports the majority of existing WICs, VWICs and VICs (Data Mode Only) The 1805 has an integrated
Cable DOCSIS 2.0 port and a 4 10/100 Port Managed Switch The 1861 has 4x Integrated FXS ports, 2x
BRI S/T, 8 Port 2x POE 10/100 Managed Switch.
RAM
Flas
h
CPU
Ethernet
HWI
C
NM
E
AI
M
DS
P
Performan
ce
2801
512M
B
256M
B
250Mh
z
(2)
FastEthernet
90k pps
2811
768M
B
256M
B
350Mh
z
(2)
FastEthernet
120k pps
1GB
256M
B
466Mh
z
(2)
GigabitEther
net
170k pps
1GB
256M
B
466Mh
z
(2)
GigabitEther
net
220k pps
2821
2851
Notes: The 2800 Series Routers have an Integrated Cryptographic Processor for VPN Services. The
2800 Series Routers have installable Digital Signal Processors (DSPs) for voice Services. The 2801
Does not support the HWIC-1GE (1 Port SFP HWIC) The 2800 Series supports the HWIC-1FE but not
the HWIC-2FE. HWIC-2FEs require 3800 Series.
3825
3845
RA
M
Flas
h
CPU
Ethernet
HWI
C
NM
E
1GB
256M
B
500Mh
z
(2)
GigabitEther
net
1GB
256M
B
650Mh
z
(2)
GigabitEther
net
AI
M
DS
P
Performan
ce
350k pps
500k pps
Notes: The 3800 Series routers support High Density Service Modules (HDSMs) The 3800 Series routers
have a single Small Pluggable Form-factor (SFP) port. The 3825 Uses a Single-core Broadcom
BCM1125H 500 MHz Processor. The 3845 use a Dual-Core Broadcom BCM1250 650 MHz Processor.
Core Knowledge
So you take a brand new Cisco Router or switch out of the box and the very first thing you must do prior
to installing it is to put a basic configuration on it. In order to configure the basics on a Cisco device you
must first Console into the device.
If you ever take a brand new Cisco device out of the box youll see that it comes with a blue flat cable
that has a DB9 serial connector on one end and a network RJ45 connector on the other. Dont be fooled,
this is not a next generation Ethernet cable or some token ring cable but rather a Cisco Console Cable.
You use this cable to connect to he Cisco device via Serial Port so you can configure the device using
command line.
Because Cisco devices do not have graphics cards or the ability to use a mouse and keyboard, you must
connect to the device using another computer that provides that functionality so you can configure the
device via Console CLI.
In order to connect to a Cisco device via Console youll need to use a Terminal Emulator application.
Applications that you commonly use to perform this task can be Windows HyperTerminal which is
included with Windows XP however Windows Vista and newer requires you to manually
download/install this application.
An extremely popular terminal emulator is Putty which is completely free to download, you can get this
by clicking the Putty Terminal Emulator link found in the useful links menu section in the footer.
The most popular paid terminal emulator is known as SecureCRT which is developed by VanDyke. This
application at the time of writing this lab is $99 per single user license and supports SSH/Telnet/Serial
and a bunch of other protocols commonly not used anymore. SecureCRT however provides extremely
useful scripting functionality and logging capabilities along with the ability to save sessions in different
folders so you can easily connect to existing equipment later.
In many situations in real life you may be required to connect to a Cisco device via console when you
lock yourself out making an error in configuration such as misconfiguring an Access Control List or
perhaps you peg the processor by executing a processor intensive debug command. None the less, as a
Network engineer you must know how to console into a Cisco device.
Lab Prerequisites
In order to complete this lab you will need a real Cisco Router or Switch.
Prior to attempting this lab you must have a terminal emulator application installed such as
HyperTerminal, Putty or SecureCRT.
Lab Objectives
To complete this lab you will perform the following objectives;
Connect your PC to your Cisco Router or Switch using the blue Cisco Console Cable.
Execute putty and connect to your Cisco Router or Switch using Serial COM1 or your respective
COM port at the speed of 9600bps.
Power on your Cisco device and verify your console session by watching the device boot up on
the terminal emulator.
own with the use of the core knowledge section found in this lab. You should only resort to the Lab
Instruction section to verify your work.
Lab Instruction
While most terminal emulation software differs in available features and/or protocols, all terminal
emulators achieve the same goal. In this walk through, Putty will be used, which is freely available (See
Lab Summary) to connect to a Cisco device and establish a console session to the Cisco Command Line
Interface.
Step 1: Connect your Cisco console cable or terminal adapter to a Serial port on your computer.
Step 2: Connect the RJ45 end of the console cable to the Console port on your Cisco Lab Access Server
(Cisco 2509, 2511 or a Cisco router with a NM-xxA/S Network Module) do not power on your router yet.
Step 3: When first running the Putty executable you will be presented with the Putty Configuration
Window as shown below;
Step 4: After the Putty configuration window appears, move the bullet from SSH to Serial;
Note: COM1 is the default communications port for Putty Serial communications; you may need to
change your COM port to match the port which your console cable is connected to. 9600 BAUD is the
default speed for Putty. 9600 is also the default speed for Cisco devices using the configuration register
of 02102 (Configuration registers will be discussed in a later chapter)
Step 5: Once youve verified the COM port and Speed click Open and a new window will appear. This
window will be the terminal window. Once the COM# Putty terminal window has appeared, power on
your Cisco Device. After the device has booted; assuming that the NVRAM is clear, you will be prompted
with a Setup Configuration Dialog:
After you are presented with the Setup Configuration Dialog type n for no and press enter. You will
then be prompted to press Return to Get Started!, after pressing Enter you will be at the routers user
mode command line interface which looks like the following;
After you have reached this point you have completed the objectives of this lab.
Real World Application
This lab will help you will identify the Cisco Internetwork Operating System (Cisco IOS) Running on a
Cisco Device. Knowing what Cisco IOS Version and Feature Set is running on your Cisco devices is crucial
to planning and deploying required features. Think of Feature Sets as Windows Vista Distributions, you
have Basic, Home Edition, Home Premium, Business, Ultimate and Enterprise. In Cisco IOS, we have
similar distributions called Feature Sets that dictate which features will be available for you to
configure. Each feature set have different prices. Some feature sets contain the same features as others;
this will be discussed later in the lab.
Lab Prerequisites
Complete Lab 1.2 before attempting this lab or have a current Cisco console session open to
your Cisco device.
Lab Objectives
Identify what IOS Version and Features Set your Cisco device is currently running.
Lab Instruction
There are several ways to identify which Cisco IOS your Cisco device is running. First way being to
examine the boot dispatch, this will display the image name that is loaded from flash which in return can
be used to identify the IOS Version and Feature Set of the image.
Provided below is an example of the required dispatch from the boot process which can be used to
identify which IOS Version and Feature Sets the router is currently loading.
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IK9O3S7-M), Version 12.3(25), RELEASE SOFTWARE (fc1)
Turn your attention to line 2 where you see C3620-IK9O3S7-M; this displays the features that are
included in the image and the loading type (which will be discussed later)for the image that is currently
be loaded by the Router. Following the feature set being loaded you can also see the Version of the IOS.
As shown in this example, the router is currently booting IOS Version 12.3(25)
The most common way of obtaining IOS identification information is by using the show
version command. This command shows various information pertaining to the Cisco IOS Version and
Feature Set as well as hardware information about the router.
The textbox below shows the dispatch of the show version command.
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IK9O3S7-M), Version 12.3(25), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 28-Jan-08 20:16 by alnguyen
ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
cisco 3620 (R4700) processor (revision 0x81) with 60416K/5120K bytes of memory.
Processor board ID 24807256
R4700 CPU at 80MHz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
32 terminal line(s)
DRAM configuration is 32 bits wide with parity disabled.
29K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
Router#
As you can see lines 2, 3 & 4 are identical to previously discussed boot dispatch information. However
take look at line 13 and youll seeSystem image file is flash:c3620-ik9o3s7-mz.123-25.bin This is the
actual image file name that is currently running on the router. This image name is very helpful in
identifying the IOS Version and Feature set.
Prior to Cisco IOS Version 12.4, Cisco had a very complex naming convention for their Feature Sets. This
naming convention consisted of letters identifying certain features in the image.
Below is a chart comprised of common pre-standing naming convention identification letters;
Image Letter
Feature Set
IP
IP Plus
S6
IP Plus No ATM
S7
IP Plus No Voice
Enterprise
Cryptorgaphy/IPSEC/SSH
K8
K9
H323
Apple Talk
Novel IP/IPX
Vox
IBM
Unlawful Intercept
Service Provider
Telco
Boot
Now lets break down the naming convention of the image name for our previous image; flash:c3620ik9o3s7-mz.123-25.bin;
Now lets break down the Features included with this image as shown below;
Image Letter
The example 3620 image used in this lab executes from RAM and uses ZIP compression.
As of 2006, Cisco has introduced a new naming convention for feature sets. This new naming convention
started in 12.3 and was implemented as the feature set naming standard in 12.4
Below is a feature tree comprised of the new naming convention used for Cisco router images 12.3T and
greater;
You can see that IP Base is the basic image, from this image it branches off into IP Voice, Advanced
Security or Enterprise Base.
IP Voice also has an upgrade to Service Provider Services, which includes SP Services Features, IP Voice
Features and IP Base features.
Only Advanced Images contain Advanced Encryption Standard (AES) Cryptography
The following categories summarize the new naming convention:
Feature Set
Description
Base
Services
addition of IP Telephony Service, MPLS, Voice over IP, Voice over Frame
Relay and ATM (Included in SP Services, Enterprise Services)
Advanced
Addition of VPN, Cisco IOS Firewall, 3DES encryption, SSH, Cisco IOS IPSec
and Intrusion Detection Systems (IDS) (Advanced Security, Advanced IP
Services)
Enterprise
Just like the new naming convention for Cisco Router IOS, Cisco has given the Switch IOS a new naming
convention as well. This naming convention is very similar to the router IOS naming convention. Shown
below is a feature tree of the new switch IOS naming convention;
Below are some examples of images using the new Cisco naming convention;
Example images for a Cisco 2800 Series Router: c2800nm-adventerprisek9-mz.124-21.bin c2800nmipbase-mz.124-21.bin
Example Images for a Cisco Catalyst 3750 Series Switch: c3750-advipservicesk9-mz.12244.SE.bin c3750-ipservicesk9-mz.122-44.SE.bin c3750-ipbase-mz.122-44.SE.bin
IP Base; formally known as Standard Multilayer Image (SMI) on Cisco Catalyst 3550 Series switches
includes advanced quality of service, rate limiting, access control lists (ACLs) and basic static and RIP
routing functionality.
IP Services; formally known as Enhanced Multilayer Image (EMI) on Cisco Catalyst 3550 Series Switches
has a more feature rich set of enterprise-class routing functionality as well as advanced hardware-based
IP Unicast and IP Multicast routing, policy based routing (PBR).
Advanced IP Services is not available as a pre-installed license but is available as an upgrade license. This
feature set includes IPv6 routing and IPv6 ACL support.
Enterprise Services & Advanced Enterprise Services are the cream of the crop. The images includes all
features available to the platform; also these license(s) are the most expensive. These license(s) are only
supported on various modular switches such as the Catalyst 4500, 4900, 6500 and others.
Below are a few examples of switch models you can purchase and the software license thats bundled
with the platform(s).
C3560-24PS-S = Cisco 3560 Series 24 Ports PoE with Standard Image (IP Base) C3750-48TS-E = Cisco 3750
Series 48 Port Non-PoE with Enhanced Image (IP Services)
The Cisco Catalyst 2960 Series has a different license model due to the switch being strictly layer 2. The
Catalyst 2960 Series license model is similar to the Catalyst 2950 Series which includes two separate
feature sets, Standard Image and Enhanced Image however, the new feature sets are called LAN LITE &
LAN BASE. These new feature sets do have a significant difference including Quality of Services (QoS),
Gigabit Ethernet Support, RPS, Rapid Spanning Tree, Link State Tracking, 802.1x enhancements, DHCP
Snooping and many more features which can be found on the Cisco website.
Cisco IOS 15.0 was released October 1st 2009 and with this new mainline IOS release, well see the use
of the Universal Image. The feature sets have not changed but now with the use of these new universal
images, image feature sets have to be licensed using a license file stored in NVRAM. Upon boot, the IOS
looks at this license file and activates the features specified in the license; that of which youve
purchased.
Each license file is specific to each platform serial number so therefore license files will not be
swappable. No doubt with all the Cisco IOS piracy that occurs in the Cisco networking world today, Cisco
systems is losing millions if not billions in license profit.
The next generation Integrated Services Routers which include the 1900 Series, 2900 Series and 3900
Series will use a single universal image file and require feature sets to be licensed. As part of the license
management suite, Cisco offers a license management server as well as an IOS feature that can
automatically download the license file from Cisco if your router is able to access the internet.
Cisco also utilized this technology with the 3560E and 3750E Switches. Example IOS IMAGE names
shown below; c3560e-universalk9-mz.122-50.SE2.bin c3750e-universalk9-mz.122-50.SE2.bin c3900universalk9-mz.150-1M.bin [/text]
Configuring a Cisco Access Server
Moving your console cable from one device to another can be time consuming. This lab will discuss and
demonstrate configuration and verification of a Cisco terminal server such as a Cisco 2509, 2511 or the
Cisco NM-16A/S and NM-32A/S
Real World Application:
This lab will teach you how to configure a Cisco Access Server which can be used to access all your Cisco
Lab devices from a single point of administration.
Often times, many companies will utilize Access Servers for direct console access to a Cisco device in a
network rack, this allows the remote administrator(s) to reload the router and examine the bootstrap
dispatch as well as boot into ROM Monitor mode remotely for password recovery, image recovery and
access control list configuration.
Lab Prerequisites
Complete Lab 1.2 before attempting this lab or have a current Cisco console session open to the
access server.
Make sure that the Access Server Async Lines are connected to the respected devices. Example;
Line Number
Device
Router 1
Router 2
Router 3
Router 4
Router 5
Switch 1
Switch 2
Switch 3
Lab Objectives
Configure local ip host(s) for reverse telnet to the loopback interface on the correct lines that
are plugged into their respective devices. See Lab Prerequisites for example.
Prevent the Async lines from establishing an EXEC session with the access server.
Optional Prevent reverse telnet sessions on the Async lines from timing-out.
Lab Instruction
Step 1: Assign a Hostname to the Access Server of your preference.
Router>enable
Router#configure terminal
Router(config)#hostname Access_Server
Access_Server(config)#
Step 2: Configure a loopback interface for use in reverse telnet sessions.
Access_Server(config)#interface loopback 0
Access_Server(config-if)#ip address 10.10.10.10 255.255.255.255
Access_Server(config-if)#exit
Access_Server(config)#
Step 3: Configure local ip host(s) to utilize the loopback0 interface and the respected Async line for
reverse telnet. To view the available line numbers on your platform issue the do show line command
from global configuration.
Access_Server(config)#ip host r1 2001 10.10.10.10
Access_Server(config)#ip host r2 2002 10.10.10.10
Access_Server(config)#ip host r3 2003 10.10.10.10
Access_Server(config)#ip host r4 2004 10.10.10.10
Access_Server(config)#ip host r5 2005 10.10.10.10
Access_Server(config)#ip host r6 2006 10.10.10.10
Access_Server(config)#ip host sw1 2007 10.10.10.10
Access_Server(config)#ip host sw2 2008 10.10.10.10
Access_Server(config)#ip host sw3 2009 10.10.10.10
Step 4: Prohibit the async lines from establishing an EXEC session with the access server.
Access_Server(config)#line 1 16
Access_Server(config-line)#no exec
Step 5: Configure the transport input protocol on the async lines to Telnet.
Access_Server(config-line)#transport input telnet
Step 6: Optional Prevent reverse telnet sessions on the Async lines from timing-out.
Access_Server(config-line)#exec-timeout 0 0
Access_Server(config-line)#end
Access_Server#
After you have configured the device, be sure to test each and every line by typing in the hostname of
the device you wish to establish a console session with.
Access_Server#r1
Access Server#
You will have several commands available to you for trouble shooting and diagnostics. Such as the show
host command shown below;
Access_Server#show host
Default domain is not set
Name/address lookup uses domain service
Host
Port
Flags
r1
2001
(perm, OK) 0
IP
10.10.10.10
r2
2002
(perm, OK) 0
IP
10.10.10.10
r3
2003
(perm, OK) 0
IP
10.10.10.10
r4
2004
(perm, OK) 0
IP
10.10.10.10
r5
2005
(perm, OK) 0
IP
10.10.10.10
sw1
2006
(perm, OK) 0
IP
10.10.10.10
sw1
2007
(perm, OK) 0
IP
10.10.10.10
sw3
2008
(perm, OK) 0
IP
10.10.10.10
Access_Server#
Also another command available is the show session command. This command will display information
about your current telnet sessions.
Access_Server#show session
Conn Host
* 1 r1
Address
10.10.10.10
r1
Access_Server#
You may often be required to clear an Async line because the line is already in use and when trying to
establish a connection to a device may be refused as shown below;
Access_Server#r1
Trying r1 (10.10.10.10, 2001)...
% Connection refused by remote host
Access_Server#
To clear a line that a device is connected to, you must first know the line number which the device is
connected to, this can be found out by doing the show host command as previously discussed. To clear
an Async line, you will use the clear line tty xx. The example shown below is used to clear the Async line
that r1 is connected to.
Access_Server#clear line tty 1
[confirm]
[OK]
Access_Server#
Step 3. After you are presented with the Installation Wizard click next to continue. You are required to
agree to and accept the License Agreement for GNS3, if you do not accept this agreement then you must
have a physical lab to do the labs found on this website.
Step 4. After accepting the License Agreement you will be presented with the option to rename the
default folder name found on the Start Menu from GNS3 to whatever you like. If you wish to change the
name of the folder then type it in manually or you can accept the default of GNS3 and click next.
Step 5. Now you are presented with the list of packages included in this GNS3 Installer. WinPCAP is a
Packet Capture/Network Monitoring Library that is included with the GNS3 Installer for packet analysis.
Dynamips is the actual router emulator software that GNS3 uses; GNS3 is just a graphical user interface
for Dynamips. PemuWrapper is a Cisco PIX hardware emulator which allows you to run a PIX device in
GNS3 to simulate networks with PIX Firewalls. You can leave all of these packages Checked and click
next.
Step 6. You are now presented with the folder to where the Installer will install GNS3 to. By default
GNS3 will install to the location of C:\Program Files\GNS3 If you are running a 64bit OS then GNS3 will
install to C:\Program Files (x83)\GNS3
Step 7. The GNS3 installer will automatically download WinPCAP and prompt you to install it as shown
below; Click next on the WinPCAP Installer advertisement screen.
Step 9. You must accept the License Agreement for WinPCAP to install the software.
Step 10. After accepting the License Agreement for WinPCAP, the software will install, click finish
afterwards;
Step 11. After WinPCAP installs GNS3 will install and after its installed Youve successfully installed
GNS3. Click finish to exit the installer.
Step 3. Load the GNS3 topology by double clicking on the file, GNS3 should load automatically and
import the topology.
Step 4. After GNS3 loads and the topology is imported, you can then start R1 by right clicking on R1 and
clicking start on the context menu. Once youve started this device, you can right click the device again
and click Console to bring up the Putty terminal emulation window. This will present you with console
access to R1 in the topology.
After making sure that the router has booted up into user mode; if prompted you can type n to skip
the Initial Configuration Dialog and wait till you receive the prompt Router>
After youve received the user mode prompt youll need to wait about 10 seconds till the router is idling
then youll need to configure the router with its own IDLE PC value. Dynamips is a very processor
intensive application and each device running within Dynamips will need an IDLE PC value that can be
applied to the device so the application can reduce the physical processor load. Note that an IDLE PC
value is REQUIRED for each device.
Experiment with your IDLE PC values as these values are different on a per machine basis. Be sure to
watch your processor utilization when experimenting with IDLE PC values to determine which values
would best suit your machine. You can view your current processor utilization by starting task manager
when clicking on your task bar; Afterward click on performance.
Once youve successfully started all devices in the topology and applied IDLE PC values to each device,
you should then familiarize yourself with the Free CCNA Workbook topology. You can do so by clicking
the Topology link in the top navigation bar or by clicking HERE!
This page will show you the physical WAN, LAN and Switching topologies used by all labs published by
Free CCNA Workbook. Please note that the most labs found on the website can be completed using
GNS3 v1.0 however all Switching labs require Cisco 3560 Switches. You can get free access to these
switches via the Stub Lab.
Device
Name
Device
Model
R1
*(CME)*
Cisco
2811
R2
Cisco
2811
R3
Cisco
2811
R4
Cisco
2811
R5
Cisco
2811
256MB
SW1
Cisco
356024PS
Flash
Memory
Ethernet
Interfaces
WIC
Cards
Software
2x FastEthernet
2x WIC1DSU-T1V2
15.1(4)M7 Adv
IP Services
2x FastEthernet
2x WIC1DSU-T1V2
15.1(4)M7 Adv
IP Services
2x FastEthernet
2x WIC1DSU-T1V2
15.1(4)M7 Adv
IP Services
2x FastEthernet
2x WIC1DSU-T1V2
15.1(4)M7 Adv
IP Services
512MB
2x FastEthernet
2x WIC1DSU-T1V2
15.1(4)M7 Adv
IP Services
32MB
128MB
24x FastEthernet, 2x
Gigabit Ethernet
Not
Applicable
12.2(55)SE8 IP
Services
SW2
Cisco
356024TS
32MB
128MB
24x FastEthernet, 2x
Gigabit Ethernet
Not
Applicable
12.2(55)SE8 IP
Services
SW3
Cisco
356024TS
32MB
128MB
24x FastEthernet, 2x
Gigabit Ethernet
Not
Applicable
12.2(55)SE8 IP
Services
SW4
Cisco
356024TS
32MB
128MB
24x FastEthernet, 2x
Gigabit Ethernet
Not
Applicable
12.2(55)SE8 IP
Services
FW1
Cisco
ASA
5510
256MB
1GB
5x FastEthernet
Not
Applicable
ASA 9.1(5)
Security Plus
FW2
Cisco
ASA
5510
256MB
1GB
5x FastEthernet
Not
Applicable
ASA 9.1(5)
Security Plus
512MB
256MB
256MB
256MB
768MB
512MB
512MB
512MB
BB1
Cisco
2811
BB2
Cisco
2811
BB3
Cisco
2811
64MB
64MB
64MB
256MB
256MB
256MB
2x FastEthernet
2x WIC1DSU-T1V2
15.0(1)M10
Adv IP Services
2x FastEthernet
2x WIC1DSU-T1V2
15.0(1)M10
Adv IP Services
2x FastEthernet
2x WIC1DSU-T1V2
15.0(1)M10
Adv IP Services
The following matrix is a list of circuit information related to the WAN Topology:
Local Router
Local Interface
Remote Router
Remote Interface
R1
Serial0/0/0
R2
Serial0/1/0
R2
Serial0/0/0
R3
Serial0/1/0
R3
Serial0/0/0
R4
Serial0/1/0
R4
Serial0/0/0
R5
Serial0/1/0
R5
Serial0/0/0
R1
Serial0/1/0
The following matrix is a list of circuit information related to the backbone router WAN Topology:
Local Router
Local Interface
Remote Router
Remote Interface
BB1
Serial0/0/0
BB2
Serial0/1/0
BB2
Serial0/0/0
BB3
Serial0/1/0
BB3
Serial0/0/0
BB1
Serial0/1/0
Local Router
Local Interface
Remote Switch
Switch Port
R1
FastEthernet0/0
SW1
FastEthernet0/1
R1
FastEthernet0/1
SW2
FastEthernet0/1
R2
FastEthernet0/0
SW1
FastEthernet0/2
R2
FastEthernet0/1
SW2
FastEthernet0/2
R3
FastEthernet0/0
SW1
FastEthernet0/3
R3
FastEthernet0/1
SW2
FastEthernet0/3
R4
FastEthernet0/0
SW1
FastEthernet0/4
R4
FastEthernet0/1
SW2
FastEthernet0/4
R5
FastEthernet0/0
SW1
FastEthernet0/5
R5
FastEthernet0/1
SW2
FastEthernet0/5
BB1
FastEthernet0/0
SW1
FastEthernet0/10
BB2
FastEthernet0/0
SW2
FastEthernet0/10
BB3
FastEthernet0/0
SW3
FastEthernet0/10
Local Router
Local Interface
Remote Switch
Switch Port
BB1
FastEthernet0/0
SW1
FastEthernet0/10
BB2
FastEthernet0/0
SW2
FastEthernet0/10
BB3
FastEthernet0/0
SW3
FastEthernet0/10
Local Switch
Local Interface
Remote Switch
Remote Interface
SW1
FastEthernet0/19
SW3
FastEthernet0/19
SW1
FastEthernet0/20
SW3
FastEthernet0/20
SW1
FastEthernet0/21
SW4
FastEthernet0/21
SW1
FastEthernet0/22
SW4
FastEthernet0/22
SW1
FastEthernet0/23
SW2
FastEthernet0/23
SW1
FastEthernet0/24
SW2
FastEthernet0/24
SW2
FastEthernet0/21
SW3
FastEthernet0/21
SW2
FastEthernet0/22
SW3
FastEthernet0/22
SW2
FastEthernet0/19
SW4
FastEthernet0/19
SW2
FastEthernet0/20
SW4
FastEthernet0/20
SW3
FastEthernet0/23
SW4
FastEthernet0/23
SW3
FastEthernet0/24
SW4
FastEthernet0/24
from another device within your LAN, however connecting to the GNS3 Cisco device via local host will
have a high probability of crashing the Dynamips Engine.
Please note that you may have compatibility issues with Windows 7 and Windows Vista 64bit loopback
interfaces, a 32bit operating system is recommended.
Lab Prerequisites
Load the Free CCNA Workbook GNS3 topology and establish a console session to SW1
Lab Objectives
Install a MS Loopback interface on Windows XP
Configure an IP address on the newly created MS Loopback adapter.
Create a Cloud interface in GNS3 and bind it to the newly created MS Loopback Adapter.
Verify your connectivity by assigning an IP address to SW1 in the same subnet that you assigned
to the MS Loopback adapter. For lab demonstration purposes, Free CCNA Workbook devices will
use 192.168.255.1-8/24 and the host machine is 192.168.255.10/24
Lab Instruction
Step 1. Navigate to the Control Panel by clicking Start > Control Panel or by loading My Computer and
clicking Control Panel down the left side bar within Other Places
Once in control panel double click the Add Hardware icon and the Add Hardware Wizard will pop up as
shown below;
After clicking next the Wizard will automatically search for new hardware; this may take a few minutes;
Once the Wizard has finished searching for new hardware and none is found you will be asked rather or
not the new hardware is already connected, bullet the Yes, I have connected the hardware and click next
Slide the scroll bar on the right side of the list down to the bottom and highlight Add new hardware
device as shown below and click next;
You will now be prompted rather or not you want the Add New Hardware wizard to automatically
search for the new hardware. Click the bottom bullet that says Install the hardware that I manually
select from a list (Advanced) as shown below and click next;
Youre now given a list of different types of hardware you can choose to install. Scroll down the list and
select Network Adapters as shown below and click next;
The next window will display a Manufacture list on the left hand side and devices available to install by
that manufacture on the right. Some computers may have multiple manufacture options to choose
from, if so then select the Microsoft manufacture in the list on the left hand side then select the
Microsoft Loopback Adapter in the list on the right hand side as shown below and click next;
You are now shown the hardware device you are attempting to install prior to installing it as shown
below, just click next and Windows will install the device. A window with a progress bar may pop up
showing the progress of the device driver installation;
Once the Microsoft Loopback Adapter is installed click finish as shown below and restart your computer;
Once the Cloud is in the topology pane, double click the cloud and you will see the Cloud tree and the
list of Clouds available for configuration. Click Cloud 1 named CL1 as shown below;
Once in the Cloud configuration you will notice 2 text boxes under Generic Ethernet NIO (require
Administrator access). If you have multiple network adapters you will see them all listed when clicking
on the first textbox. Find the Adapter that has the name Network Adapter: MS LoopBack and add that
adapter by clicking the ADD. Once completely you will see the Ethernet uid in the large textbox as shown
below;
After Binding the MS Loopback network adapter to Cloud 1 (CL1) its time to logically connect Cloud 1 to
SW1 in the Free CCNA Workbook GNS3 topology. This is done by clicking on the RJ-45 Ethernet plug as
shown in the picture below and selecting FastEthernet;
When logically connecting devices in GNS3, you can only connect the medium that the interfaces on the
virtual devices are rated at. e.g; you cannot connect GigaEthernet to a FastEthernet interface on SW1.
After selecting the FastEthernet medium from the Add a Link button shown in the previous picture
click on the cloud as shown below and you will be given the NIO UID that is associated with that cloud,
highlight and click the NIO UID;
Now drag the link sourced from Cloud 1 (CL1) over to SW1 in the topology and click SW1. This will
automatically terminate the link to the FastEthernet1/0 interface as its the only available interface to
terminate the link to.
Step 4. Verify your connectivity by assigning an IP address to SW1 in the same subnet that you
assigned to the MS Loopback adapter. For lab demonstration purposes, Free CCNA Workbook devices
will use 192.168.255.1-8/24 and the host machine is 192.168.255.10/24.
Now its time to test connectivity so assign an IP address to SW1s FastEthernet1/0 interface and ping the
local host from SW1s command line as shown below;
Router con0 is now available
Press RETURN to get started!
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname SW1
SW1(config)#interface FastEthernet 1/0
SW1(config-if)#ip add 192.168.255.1 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#end
SW1#ping 192.168.255.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.10, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5)
SW1#ping 192.168.255.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
SW1#
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Ever get stuck on trying to figure out a forgotten password on a Cisco 2500 Series Router? This lab will discuss and
demonstrate how to bypass the existing passwords to allow you to recover your configuration or reset the password.
Lab Prerequisites
A Cisco 2500 Series router that has an unknown console or enable password.
An active Serial Console session to the device that youre unable to login to.
Lab Objectives
Break the boot sequence when powering on the Cisco 2500 Series router to place yourself in rom monitor mode.
Change the configuration register to 0x2142 to make the router bypass the contents of NVRAM when booting then initialize the
router (boot the router into IOS)
(Option 1) Once booted, place yourself into privileged mode and copy the start up-config to the running config. Afterward,
you may change the line password or enable password and write the configuration by to NVRAM by issuing the copy run start
command.
(Option 2) Once booted, place yourself into privileged mode and do a write erase to clear the contents of the NVRAM.
Now change the configuration register back to 0x2102 to boot set the router to boot normally and load the NVRAM contents
upon boot.
Lab Instruction
Shown below is a Cisco 2501 router that has a console password on the device. With such password you will not be able to access
exec mode without authenticating this password correctly. When buying routers used, you may commonly be faced with scenario.
Router con0 is now available
Press RETURN to get started.
User Access Verification
Password:
Step 1 Power cycle the router or power on the router initially. While the router is booting youll need to break the boot sequence to
boot the router into bootrom, you do this by holding down CTRL and pressing PAUSE BREAK. Do this repeatedly till you are placed
at the bootrom prompt.
System Bootstrap, Version 11.0(10c), SOFTWARE
Copyright (c) 1986-1996 by cisco Systems
2500 processor with 14336 Kbytes of main memory
Abort at 0x10B1F3C (PC)
>
Step 2. Change the configuration register so that the router will ignore the contents of the NVRAM when booting into Cisco IOS. Set
the configuration register to 0x2142 and initialize the router (Boot the router to IOS).
>o/r 0x2142
>i
Step 3a (Option 1) After the router has booted into Cisco IOS, youll be prompted by the initial configuration dialog, type n here
and press enter and youll be placed into user mode. Now youre able to place your self into privileged mode by typing enable. Once
in privileged mode you can copy the startup configuration to the running configuration and then change the passwords manually then
saved the configuration by to NVRAM by typing copy run start.
--- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
Router>enable
Router#copy start run
Destination filename [running-config]?
506 bytes copied in 3.868 secs (168 bytes/sec)
ARCVRSR01#configure terminal
ARCVRSR01(config)#enable secret NEWENABLEPASSWORD
ARCVRSR01(config)#line con 0
ARCVRSR01(config-if)#password NEWPASSWORD
ARCVRSR01(config-if)#end
ARCVRSR01#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
ARCVRSR01#
Step 3b (Option 2) After the router has booted into Cisco IOS, youll be prompted by the initial configuration dialog, type n here
and press enter and youll be placed into user mode. Now youre able to place your self into privileged mode by typing enable. Once
in privileged mode you can erase the contents of NVRAM by issuing the write erase command.
--- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
Router>enable
Router#write erase
Erasing the nvram filesystem will remove all files! Continue? [confirm]
[OK]
Erase of nvram: complete
Router#
Step 5 Once youve performed a password reset or NVRAM sanitation, youll need to set the configuration register back to 0x2102
so the router will boot normally and load the NVRAM contents upon a reboot or power failure.
Router#configure terminal
Router(config)#config-register 0x2102
Router(config)#end
Previous Lab
Like
178 Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Have you ever forgotten the password to a modern Cisco Router and need to reset it? This lab will discuss and
demonstrate resetting the password modern Cisco routers starting with the 2600 Series and later.
Lab Prerequisites
A Cisco 2600 Series router or greater that has an unknown console or enable password.
An active Serial Console session to the device that youre unable to log into.
Lab Objectives
Break the boot sequence when powering on the Cisco 2600 Series router to place yourself in ROM monitor mode.
Change the configuration register to 0x2142 to make the router bypass the contents of NVRAM when booting then reset the
router.
(Option 1) Once booted, place yourself into privileged mode and copy the start up-config to the running config. Afterward,
you may change the line password or enable password and write the configuration by to NVRAM by issuing the copy run start
command.
(Option 2) Once booted, place yourself into privileged mode and do a write erase to clear the contents of the NVRAM.
Now change the configuration register back to 0x2102 to boot set the router to boot normally and load the NVRAM contents
upon boot.
Now change the configuration register back to 0x2102 to boot set the router to boot normally and load the NVRAM contents
upon boot.
Lab Instruction
As shown below is a Cisco 2651XM router that has a console password on the device. With such a password you cannot access
exec mode without authenticating this password correctly. When buying routers used, you may commonly be faced with scenario.
Router con0 is now available
Press RETURN to get started.
User Access Verification
Password:
Step 1 Power cycle the router or power on the router initially. While the router is booting youll need to break the boot sequence to
boot the router into bootrom, you do this by holding down CTRL and pressing PAUSE BREAK. Do this repeatedly till you are placed
at the bootrom prompt.
System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)
Copyright (c) 2003 by cisco Systems, Inc.
C2600 platform with 262144 Kbytes of main memory
monitor: command "boot" aborted due to user interrupt
rommon 1 >
Step 2 Change the configuration register so that the router will ignore the contents of the NVRAM when booting into Cisco IOS. Set
the configuration register to 0x2142 and boot the router.
rommon 1 >confreg 0x2142
rommon 2 >reset
Step 3a (Option 1 Reset Password) After the router has booted into Cisco IOS, youll be prompted by the initial configuration
dialog, type n here and press enter and youll be placed into user mode. Now youre able to place your self into privileged mode by
typing enable. Once in privileged mode you can copy the start-up configuration to the running configuration and then change the
passwords manually then saved the configuration by to NVRAM by typing copy run start.
--- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
Router>enable
Router#copy start run
Destination filename [running-config]?
506 bytes copied in 3.868 secs (168 bytes/sec)
IMAROUTER#configure terminal
IMAROUTER(config)#enable secret NEWENABLEPASSWORD
IMAROUTER(config)#line con 0
IMAROUTER(config-if)#password NEWPASSWORD
IMAROUTER(config-if)#end
IMAROUTER#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
IMAROUTER#
Step 3b (Option 2 Factory Reset) After the router has booted into Cisco IOS, youll be prompted by the initial configuration
dialog, type n here and press enter and youll be placed into user mode. Now youre able to place your self into privileged mode by
typing enable. Once in privileged mode you can erase the contents of NVRAM by issuing the write erase command.
By issuing the write erase command it will erase the startup configuration which is stored in NVRAM and reset the router back to the
factory default. This will remove ALL configuration from the router. If you just want erase the configuration on a Cisco Router or
Switch, using the write erase command followed by reload will complete the task.
--- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
Router>enable
Router#write erase
Erasing the nvram filesystem will remove all files! Continue? [confirm]
[OK]
Erase of nvram: complete
Router#
Step 4. Once youve performed a password reset or NVRAM sanitation, youll need to set the configuration register back to 0x2102
so the router will boot normally and load the NVRAM contents upon a reboot or power failure.
Router#configure terminal
Router(config)#config-register 0x2102
Router(config)#end
Previous Lab
Next Lab
Like
10 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Forget the console or enable password(s) to your Catalyst Switch? Not a problem. This lab will discuss and
demonstrate how to reset the password(s) on Cisco fixed configuration Catalyst series switches
Lab Prerequisites
Youll need an active Console session with the switch youre unable to access.
Youll need to be physically located near the switch to perform this procedure.
Lab Objectives
http://www.freeccnaworkbook.com/workbooks/ccna/fixed-configuration-catalyst-switch-password-reset/[4/12/2015 6:41:32 PM]
Boot the switch into SWITCH ROM by holding the MODE button down and plugging in the power to the switch.
Rename the configuration file in flash to a different name such as; config.old
Boot the switch and copy the contents of flash:config.old into the running configuration after youve obtained privilege level
access.
Copy the updated configuration to NVRAM by syncing the running config with the start-up config.
Lab Instruction
Step 1 Boot the switch into SWITCH ROM by holding down the MODE button on the front left hand side of the switch and plugging
the power into the switch. Note that different switches require you to hold the MODE button for different periods of time.
Shown below is a table showing the time youre required to hold down the MODE button after powering plugging in the power to the
switch;
Release the Mode button after the LED above port FastEthernet0/1 goes out.
2940, 2950
Release the Mode button after approximately 5 seconds when the Status (STAT) LED
goes out. When you release the Mode button, the SYST LED blinks amber.
2960, 2970
Release the Mode button when the SYST LED blinks amber and then turns solid green.
When you release the Mode button, the SYST LED blinks green.
3560, 3750
Release the Mode button after approximately 15 seconds when the SYST LED turns
solid green. When you release the Mode button, the SYST LED blinks green.
Step 2 Once youve successfully booted into SWITCH ROM, youll see the following dispatch;
Boot Sector Filesystem (bs) installed, fsid: 2
Base ethernet MAC Address: 00:14:f2:d2:41:80
Xmodem file system is available.
The password-recovery mechanism is enabled.
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
boot
switch:
Step 3 Once your at the SWITCH ROM prompt youll need to initialize the flash by typing the flash_init command.
switch:flash_init
Initializing Flash...
flashfs[0]: 5 files, 1 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 12282368
flashfs[0]: Bytes available: 3716608
c3560-advipservicesk9-mz.122-44.SE6.bin
vlan.dat
private-config.text
config.text
multiple-fs
Step 5 Youll see in the given example above the config.text file which is 1654 bytes, rename this file to config.old
If you wish to just erase the configuration instead of resetting the password you can use the delete flash:config.text command.
switch:rename flash:config.text flash:config.old
Step 6 After youve renamed the config.text file to config.old verify that the file was indeed renamed correctly by doing the dir flash:
command. Once youve verified that the config file has been renamed boot the switch with the boot command.
Step 7 Once the switch has booted you will be prompted by the initial configuration setup prompt, disregard this to gain user mode
access.
--- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n
Switch>
Step 8 OPTIONAL If you do not intend to reset the password as stated by the NOTE in step 5, you can stop now. If you wish to
reset the password on the previous configuration continue to step 9.
Step 9 Change to privileged mode and copy the contents of the old start-up configuration to the running config using the command
copy flash:config.old run
Switch>enable
Switch#copy flash:config.old run
Destination filename [running-config]?
1654 bytes copied in 9.647 secs (171 bytes/sec)
ARSCORESW1#
Step 10 After youve loaded the old configuration file as the running configuration and youre in privileged mode youll be able to
change the passwords such as enable secret or line passwords. Once youve changed these passwords you can save the
configuration by issuing the copy run start command.
Switch#configure terminal
Switch(config)#enable password NEWENABLEPASSWORD
Switch(config)#line con0
Switch(config-line)#password NEWCONSOLELINEPASSWORD
Switch(config-line)#end
Switch#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
0 bytes copied in 1.309 secs (0 bytes/sec)
Switch#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
So that annoying little prompt you get each time you boot a Cisco Router or Switch up with no config on it asking you
about initial setup can actually be somewhat helpful. This lab will discuss and demonstrate the Initial Configuration
Dialog.
Lab Prerequisites
If Youre using GNS3 than load the Free CCNA Workbook GNS3 topology and start R1 than establish a console session with
R1.
Lab Objectives
Lab Instruction
When opening a brand new Cisco box rather it be a Cisco Switch or Router, after booting the device youll be prompted by the Initial
Configuration Dialog. Youll also be prompted by this dialog if you do the write erase command in privileged mode and reload the
device as it erases the contents of NVRAM. When a Cisco device does not have a startup-config located in NVRAM, the device will
prompt you rather or not to start the Initial Configuration Dialog.
Another reason as to why you may see this is that your configuration register is set to 0x2142 which ignores the contents of NVRAM
upon boot which is commonly used for password recovery.
As shown below in the configuration box youll see the Initial Configuration Dialog prompt; select yes and press return.
--- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: yes
After starting the System Configuration Dialog, the step by step process is relatively easy and the dialog will explain options in details.
This lab will only demonstrate the basic management configuration, however it is up to you to walk through the entire system
configuration dialog by typing no at the 2nd prompt as shown below;
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: yes
After typing yes at the basic management setup prompt youll be given the options to configure the hostname and passwords as
shown below;
Configuring global parameters:
Enter host name [Router]: R1
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: CISCO
The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password: cisco
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: cisco
After setting the passwords in the basic management dialog, youll be prompted to enable SNMP (Simple Network Management
Protocol) which is an industry standard protocol to allow device management via an API. After you say yes to this option youll be
required to configure a snmp community string as shown below;
After configuring the SNMP options youll be required to configure a single interface within the management network, keep in mind
youll need to type out the entire name of the interface as shown below;
Current interface summary
Any interface listed with OK? value "NO" does not have a valid configuration
Interface
Interface
FastEthernet0/0
FastEthernet0/1
Serial1/0
Serial1/1
Serial1/2
Serial1/3
IP-Address
IP-Address
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
OK?
OK?
NO
NO
NO
NO
NO
NO
Method
Method
unset
unset
unset
unset
unset
unset
Status
Status
up
up
up
up
up
up
Protocol
Protocol
up
up
down
down
down
down
Once youve selected an interface that will participate in the management network, youre required to configure the IP parameters for
that interface as shown below;
Configuring interface FastEthernet0/0:
Operate in full-duplex mode? [no]:
Configure IP on this interface? [yes]:
IP address for this interface: 10.1.1.1
Subnet mask for this interface [255.0.0.0] : 255.255.255.0
Class A network is 10.0.0.0, 24 subnet bits; mask is /24
Once youve set those options the router will display a script of the changes to be made to the running configuration as shown below;
The following configuration command script was created:
hostname R1
enable secret 5 $1$kGQ2$tr6bd7mW9zjqzfkUHhnCE0
enable password cisco
line vty 0 4
password cisco
no snmp-server
!
no ip routing
!
interface FastEthernet0/0
no shutdown
half-duplex
ip address 10.1.1.1 255.255.255.0
no mop enabled
!
interface FastEthernet0/1
shutdown
no ip address
!
interface Serial1/0
shutdown
no ip address
!
interface Serial1/1
shutdown
no ip address
!
interface Serial1/2
shutdown
no ip address
!
interface Serial1/3
shutdown
no ip address
!
end
Afterwards the router gives you the option to save that configuration, start setup over again or disregard the setup information you
just provided to the initial configuration dialog. For this lab Im going to accept the configuration by entering option 2 to save the
configuration to NVRAM and exit to CLI.
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]: 2
The enable password you have chosen is the same as your enable secret.
This is not recommended. Re-enter the enable password.
Building configuration...
Use the enabled mode 'configure' command to modify this configuration.
% Crashinfo may not be recovered at bootflash:crashinfo
% This file system device reports an error
Press RETURN to get started!
R1>
Previous Lab
Like
Next Lab
96 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Finding your way around the Cisco Command Line is crucial to becoming a successful Cisco network engineer. This
lab will discuss and demonstrate the different operational modes, shortcuts and more.
Lab Prerequisites
If you are using GNS3 than load the Stub Area Networking GNS3 topology than start and establish a console session with R1.
Lab Objectives
Familiarize yourself with the different modes on a Cisco IOS based Device.
Familiarize yourself with legacy terminal keystroke combinations for CLI navigation.
Lab Instruction
Mastering the navigation through the Cisco command line interface is an absolute requirement for any Cisco engineer. There are
several different types of modes in the Cisco CLI. User mode is the mode youre first placed into upon pressing return after entering
your user authentication information, vty or line password. Once youre placed into User Mode, youre limited as to the commands
youre able to execute from the CLI.
However, many commands at the user level can be very informative such including but not limited to; ping, traceroute, show cdp
neighbors, show version and show interface command(s).
In privileged mode, youre given the ability to configure the device and execute management commands including but not limited to;
configure, clear, reload, more, copy, delete, erase and debug.
As shown below in the terminal box you can see that after pressing return youre placed into Cisco CLI with the > greater then sign
next to the hostname. This is called user mode.
Router con0 is now available
Press RETURN to get started.
Router>
At any point in the Cisco CLI you can use the question mark to get a context mode sensitive help list of available commands to
execute from your current privilege level. shown below;
Router>?
Exec commands:
access-enable
access-profile
clear
connect
crypto
disable
disconnect
emm
enable
ethernet
exit
help
lat
lock
login
logout
mrinfo
mstat
mtrace
name-connection
--More--
You can use return to show line by line or space bar to show the next paragraph of available commands. If you wish to exit the list
without pressing space bar continuously to reach the end of the list, press the Q key.
When in user mode you can elevate your privileges by issuing the command enable from the user mode cli prompt. If you have an
enable password or enable secret configured then youll be prompted to provide such authentication information to elevate your
privileges.
Take note that when entering the password on a Cisco device, you will NOT see the password typed out. This is intentionally done by
When youre in privileged mode you can configure the router by entering the command configure terminal. This command will place
you into global configuration mode where you can make device configuration changes. Note that this may not always be the case, if
a Cisco Access Control Server is used for command authorization then each command you execute will be authorized by the Cisco
ACS server prior to execution. The ACS Server (which is outside of the scope of the CCNA Certification) allows security engineers to
control which users can execute which commands based on configured policies.
Router#configure terminal
Enter configuration commands, one per line.
Router(config)#
Within global configuration mode (denoted by the (config)# prompt) you have access to different configuration modes such as
interface configuration mode, router configuration mode, VLAN Database configuration mode, access-list configuration mode and
many others;
Router(config)#interface f0/0
Router(config-if)#router eigrp 1
Router(config-router)#ip access-list extended example_acl_name
Router(config-ext-nacl)#line con 0
Router(config-line)#
To exit a specific mode to the previous mode just execute the command exit
In the early days of the Cisco IOS, keystroke navigation was used. Now days this type of navigation is considered legacy and no
longer used but there is that .001% change that one day youll need it so its good to be aware of its existence.
Key
Result
ESC + F
ESC + B
ESC + DEL
ESC + D
ESC + C
ESC + U
ESC + L
CTRL + A
CTRL + E
CTRL +
Erase entire command line youre working on (to the insertion points left).
CTRL + T
CTRL + K
CTRL + R
Tab
UP Arrow
DOWN Arrow
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Knowing how to assigning IP Addresses to Cisco hardware is a deal breaker when it comes to the CCNA and any
networking job dream you have. This lab will discuss how to assign IP addresses to specific interfaces on Cisco
Routers and/or Switches.
>Lab Prerequisites
If youre using GNS3 than load the Stub Area Networking GNS3 topology than Router 1.
Establish a console session with Router 1.
Lab Objectives
Lab Instruction
Configuring an IP address on a Cisco router and/or switch is a very common task and youre required know how to do it without
referencing any documentation as a CCNA.
To get started, navigate your way into Global configuration mode as shown below;
Router con0 is now available
Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line.
Router(config)#
Step 1. Configure the IP address 10.234.51.254 on interface FastEthernet0/0. In order to to this configuration youll need to place
yourself into FastEthernet0/0 interface configuration mode as shown below;
To view the available interfaces for configuration execute the interface ? from global configuration mode.
Router(config)#interface FastEthernet 0/0
Router(config-if)#
Once in interface configuration mode you use the command syntax ip address n.n.n.h s.s.s.m; to complete the first lab objective well
need to execute the ip address 10.234.51.254 255.255.255.0 from the FastEthernet0/0 interface configuration mode as shown
below;
Router(config-if)#ip address 10.234.51.254 255.255.255.0
Router(config-if)#
Router(config-if)#
Step 3. Activate the FastEthernet0/0 Interface. By default, all interfaces on a Cisco router are placed in Administratively Down. To
bring an interface up, issue the no shutdown command.
Router(config-if)#no shutdown
Router(config-if)#
%LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#
Step 4. Verify your configuration changes via the running-configuration.
To verify your configuration changes, exit the interface configuration mode to privileged mode by pressing CTRL + Z and executing
the command show run interface FastEthernet 0/0
Router(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Router#show run interface FastEthernet 0/0
Building configuration...
Current configuration : 148 bytes
!
interface FastEthernet0/0
ip address 172.27.48.254 255.255.255.0 secondary
ip address 10.234.51.254 255.255.255.0
duplex auto
speed auto
end
Router#
Previous Lab
Like
Next Lab
126 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
When it comes to configuring interface parameters, there are several that you know know off the top hand. This lab will
discuss and demonstrate the most common interface specific configurations that you need to memorize to become a
great network engineer.
Lab Prerequisites
If youre using GNS3 than load the Stub Area Networking GNS3 topology than start Router 1.
Establish a console session with Router 1.
Lab Objectives
Statically set the speed of interface FastEthernet0/0 to 100.
Statically set the duplex of interface FastEthernet0/0 to Full.
Configure interface FastEthernet0/0 with an MTU of 1520 bytes.
Configure the bandwidth on interface FastEthernet0/0 to 10Mbps.
Lab Instruction
There are several key interface configurations that youll be required to know as a Cisco engineer. This lab lists some of the most
common interface configuration attributes for a Cisco router.
The first objective of this lab is to statically set the speed of interface FastEthernet0/0 on Router 1 to 100Mbps. This is accomplished
by using the speed command within interface configuration mode as shown below;
Router con0 is now available
Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line.
Router(config)#interface FastEthernet 0/0
Router(config-if)#speed 100
When statically setting the speed of an interface on a Cisco device, its best practice to statically set the duplex as well, this is
accomplished by executing the duplex command within interface configuration mode;
Router(config-if)#duplex ?
auto Enable AUTO duplex configuration
full Force full duplex operation
half Force half-duplex operation
Router(config-if)#duplex full
When dealing with Ethernet WAN links or ipsec tunnel interfaces (outside of the ccna scope) it is common to change the Maximum
Transmission Unit (MTU); which is the maximum payload a single packet can encapsulate. To complete Objective 3, youll need to
execute the MTU # within interface configuration mode.
Router(config-if)#mtu ?
<1500-1530> MTU size in bytes
Router(config-if)#mtu 1520
Objective 4. Configure the bandwidth on interface FastEthernet0/0 to 10Mbps. Do not get this confused with the actual speed of the
link as the bandwidth command is used by routing protocols to calculate the dynamic metric. This interface configuration will be
discussed further in detail in the upcoming sections.
Router(config-if)#bandwidth ?
<1-10000000>
inherit
receive
Bandwidth in kilobits
Specify that bandwidth is inherited
Specify receive-side bandwidth
Router(config-if)#bandwidth 10000
Objective 5. Setting the Delay is very much like the bandwidth command; it does not statically set the delay but rather it is used in
dynamic routing protocol metric calculation which again will be discussed in later sections. To accomplish objective 5, youll need to
execute the delay command in interface configuration mode as shown below;
Router(config-if)#delay ?
<1-16777215> Throughput delay (tens of microseconds)
Router(config-if)#delay 10000
To verify this configuration without exiting interface configuration mode, execute the command do show interface FastEthernet0/0 as
shown below;
Router(config-if)#do show interface FastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Hardware is i82543 (Livengood), address is ca02.0adc.0ef9 (bia ca02.0adc.0008)
Internet address is 10.234.51.254/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
663 packets output, 69307 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Router(config-if)#
Objective 7 requires us to disable keepalives on interface FastEthernet0/0. First off what is a keepalive? Keepalives are a layer2
frame sent from the device to the device to determine if the Ethernet interface link is up. The device sends the frame out on the
transmit ring and if the same frame is not received back then the device knows the the interface is down. To complete objective 7
youll need to use the keepalive command. Keepalives by default are sent every 10 seconds and to disable keepalives manually
configure keepalives to the value of 0 as shown below;
Router(config-if)#keepalive ?
<0-32767> Keepalive period (default 10 seconds)
Router(config-if)#keepalive 0
The last objective of this lab is to disable CDP (Cisco Discovery Protocol) on interface FastEthernet0/0. CDP is a layer 2 protocol
designed by Cisco to exchange device information with no underlying routed network. When you plug two Cisco devices directly into
each other, they will both send and receive CDP frames by default on all ports (excluding frame relay which will be discussed in a
later chapter). To disable CDP on a specific interface, execute the no cdp enable command in interface configuration mode as
shown below;
Router(config-if)#no cdp enable
To verify all configuration changes youve made in this lab you can use the same command you learned in the previous lab do show
run interface FastEthernet 0/0 as shown below;
Router(config-if)#do show run interface FastEthernet0/0
Building configuration...
Current configuration : 245 bytes
!
interface FastEthernet0/0
mac-address ca02.0adc.0ef9
mtu 1520
bandwidth 10000
ip address 172.27.48.254 255.255.255.0 secondary
ip address 10.234.51.254 255.255.255.0
delay 10000
duplex full
speed 100
no keepalive
no cdp enable
end
Router(config-if)#
Previous Lab
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Loopback interfaces are a very common configuration on Cisco devices for that can be used management, logging,
authentication and more. This lab will discuss and demonstrate the creation and removal of loopback interfaces on a
Cisco IOS device.
Lab Prerequisites
If youre using GNS3 than load the Free CCNA Workbook GNS3 topology than start R1.
Establish a Console session with Router 1.
Lab Objectives
Create interface loopback 1 and assign the IP address 10.233.21.251 255.255.255.0 to the interface.
Remove interface Loopback 1.
Lab Instruction
Loopback interfaces are software based logical interfaces that are always up. They are not tied to any physical interface therefore
they cannot go down unless they are administratively shut down.
To create a loopback interface you need to navigate to global configuration mode and execute the command interface loopback #
The interface is created automagically. Configuration shown below;
Router con0 is now available
Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line.
Router(config)#interface loopback ?
Loopback interface number
Router(config)#interface loopback 1
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
Router(config-if)#
After the interface is created youll notice the interface changes to state up instantly. As per the objective youre required to configure
the IP address 10.233.21.251/24 on this interface as shown below;
Router(config-if)#ip address 10.233.21.251 255.255.255.0
Objective 2 request that we remove the Loopback 1 interface, you can remove loopback interfaces by negating the interface
command using the no interface loopback # command as shown below;
Router(config-if)#no interface loopback 1
% Not all config may be removed and may reappear after reactivating the logical-interface/sub-i
nterfaces
Router(config)#
%LINK-5-CHANGED: Interface Loopback1, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down
Once youve removed the interface youll notice a warning that not all config may have been removed and may reappear after
reactivating the logical-interface/sub-interface.
This has been an issue with Cisco IOS for years and it has yet to be fixed. Basically this warning is letting you know that once you
remove a logical or sub-interface using the no interface command there is the potential for some of the previous configuration to
return when re-creating the same interface. If you experience this issue, a router reload will resolve this problem.
Previous Lab
Next Lab
Like
100 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
As a network engineer, we can garuentee you there will come a point in your career where you must upgrade the
Cisco IOS on a Router or Switch. This lab will discuss and demonstrate the upgrade the Cisco IOS update procedure.
Lab Prerequisites
Boot R1 in the Free CCNA workbook GNS3 Lab Topology.
Establish an active Console Session to R1
A Newer Cisco IOS Image compatible with your Cisco Device.
A TFTP Server is required for this lab. You may need to download Solarwinds TFTP Server and configure it prior to attempting
this lab.
Lab Objectives
If needed, Download and Install Solarwinds TFTP Server.
Place the New Cisco IOS Image file in the TFTP Server Root Directory.
Configure your TFTP Server and Cisco device to be within the same ip subnet, ie; 10.1.1.1/24 & 10.1.1.2/24
Ensure you have Ethernet connectivity from your TFTP server to the Cisco device which youre upgrading.
Copy the new image file from the tftp server to your Cisco device, you will be prompted to erase the flash memory.
Once the new Cisco IOS Image is copied to the device flash memory, reboot the device and verify the upgrade was
successful.
Lab Instruction
Please note that this lab requires a REAL Cisco Router or Switch to perform as GNS3 does not load images from flash memory. You
can however perform this procedure on GNS3 but you will not be able to reboot the device and verify a successful upgrade.
Upgrading the Internetwork Operating System (IOS) on a Cisco device is a pretty common procedure as updated IOS images are
released at least once every three months to fix bugs and provide new features and enable new device hardware.
First off youll need a TFTP server installed and running on your PC with a crossover cable running from your PC to a router, or a
regular patch cable running from the PC to a switch.
To complete the 3rd objective of this lab youll need a console session to a Cisco router or Switch. Ensure that the IP Address youre
assigning to the Cisco device is in the same subnet as the PC. For this lab, well use 10.1.1.1/24 for the PC and 10.1.1.2/24 for the
Cisco device. The objective requires you to configure the IP address on the Ethernet interface connected to the PC. In the example
shown below, interface FastEthernet0/0 is directly connected to the PC;
Router con0 is now available
Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 10.1.1.2 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#end
Router#
To ensure you have Ethernet connectivity between the Cisco device and your computer you can execute the ping command as
shown below.
Router#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Router#
Once youve verified that you have IP connectivity to your PC your then ready to copy the new image into the devices flash memory.
You achieve this by executing the copy tftp flash command in privileged mode. After executing this command youll be prompted for
the IP address of the tftp server and the file name of the image you wish to copy from the TFTP Server to the flash memory.
Router#copy tftp flash
Address or name of remote host []? 10.1.1.1
Source filename []? c2600-adventerprisek9-mz.124-15.T11.bin
Destination filename [c2600-adventerprisek9-mz.124-15.T11.bin]?
Accessing tftp://10.1.1.1/c2600-adventerprisek9-mz.124-15.T11.bin...
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased
Erase of flash: complete
Loading c2600-adventerprisek9-mz.124-15.T11.bin from 10.1.1.1 (via FastEthernet0/0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 34634180 bytes]
Verifying checksum... CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC OK (0x8E89)
34634180 bytes copied in 486.894 secs (71133 bytes/sec)
Router#
Once youve copied the image to flash, reboot the Cisco device and verify that the image loads successfully. If the IOS fails to load
youll need to perform an IOS recovery procedure which is in the next lab.
Router#reload
System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]
%SYS-5-RELOAD: Reload requested
TYPE
C2651XM Dual Fast Ethernet
Four port Voice PM
public buffer pools
public particle pools
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Recovering a Corrupt Cisco IOS Image on a 2500 Series Router | Free CCNA Workbook
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
The Cisco 2500 Series routers are a very common lab router however due to their age you may be required to
recover the device from a corrupt IOS image. This lab will discuss and demonstrate the IOS recovery procedure for
the 2500 Series Routers.
Lab Prerequisites
Youll need a Cisco 2500 Series router that has a corrupt image or NO IOS image at all. If you wish to simulate this lab you
can erase the flash on your device and reboot. Please note that youll need to backup the Cisco IOS image prior to erasing it
unless you have another image on hand that you wish to load onto the device.
A console connection to the device is REQUIRED.
Youll need a TFTP server installed on your PC to restore the image.
Lab Objectives
Recovering a Corrupt Cisco IOS Image on a 2500 Series Router | Free CCNA Workbook
Boot the Cisco router into ROM mode by breaking the boot sequence using the keystroke CTRL+Pause Break
Change the configuration register to boot the ROM(BOOT) image. Configuration register to be used is 0x2141
Initialize the router by issuing the i command
Assign an IP address to the ethernet interface and configure a default gateway (if required)
Copy the Cisco IOS image from the TFTP server into flash memory.
Change the configuration register back to its default value and reload the device to ensure that the device boots up properly
with the restored IOS image.
Lab Instruction
Step 1. Boot the router into ROM mode by breaking the boot sequence using the keystroke CTRL+PAUSE BREAK
Copyright (c) 1986-1996 by cisco Systems
2500 processor with 14336 Kbytes of main memory
Abort at 0x10CFA0A (PC)
>
Step 2. Change the configuration register to boot the ROM(BOOT) image. Configuration register to be used is 0x2141
>o/r 0x2141
Step 5. Copy the Cisco IOS image from the TFTP server into flash memory.
Router(boot)#copy tftp flash
Recovering a Corrupt Cisco IOS Image on a 2500 Series Router | Free CCNA Workbook
Recovering a Corrupt Cisco IOS Image on a 2500 Series Router | Free CCNA Workbook
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Recovering a Corrupt Cisco IOS Image on a 2600 Series | Free CCNA Workbook
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Recovering a corrupt Cisco IOS Image on a modern Cisco Router which includes the 2600 Series or later is
significantly easier than the 2500 Series. This lab will discuss and demonstrate the IOS recovery procedure for
modern Cisco Routers.
Lab Prerequisites
Youll need a Cisco 2600 Series router or greater that has a corrupt Cisco IOS image or NO IOS image at all. If you wish to
simulate this lab you can erase the flash on your device and reboot. Please note that youll need to backup the Cisco IOS
image prior to erasing it unless you have another image on hand that you wish to load onto the device.
A console connection to the device is REQUIRED
Youll need a TFTP server installed on your PC to restore the image.
Lab Objectives
Boot the Cisco router into ROM mode by breaking the boot sequence using the keystroke CTRL + Pause Break
Recovering a Corrupt Cisco IOS Image on a 2600 Series | Free CCNA Workbook
Set the TFTPDNLD variables required to execute the procedure which include IP Address, Subnet Mask, Default Gateway,
TFTP Server, TFTP Image name.
Execute the TFTPDNLD command and load the image into RAM using the -r switch.
Once booted into Cisco IOS, configure a router so that you may copy a Cisco IOS image from a TFTP server to Flash.
Once all necessary configuration is done copy the IOS image from the TFTP server to the flash.
After the copy has completed, reboot the router and verify that the image boots successfully.
Lab Instruction
Please note that in order to complete this lab youll need a REAL Cisco 2600 Series Router or greater as this lab cannot be emulated
on the GNS3 application.
Step 1. Assuming that you already have an active console session to the router and the device is powered you should automatically
be placed into ROMMON if youre Cisco IOS image is corrupt or missing. However you have Press Return to get started Prompt
then youve booted into an IOS image, you should power cycle the router and press CTRL+BREAK repeatedly to break the boot
sequence and be placed into ROM Monitor mode as shown below;
System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)
Copyright (c) 2003 by cisco Systems, Inc.
C2600 platform with 262144 Kbytes of main memory
device does not contain a valid magic number
boot: cannot open "flash:"
boot: cannot determine first file name on device "flash:"
rommon 1 >
By executing the help command you can see all the available commands in ROMMON as shown below on the 2651XM;
rommon 1 > help
alias
boot
break
confreg
cont
context
cookie
dev
dir
dis
dnld
frame
help
history
meminfo
repeat
reset
set
stack
sync
sysret
tftpdnld
unalias
unset
xmodem
rommon 2 >
Recovering a Corrupt Cisco IOS Image on a 2600 Series | Free CCNA Workbook
This command will copy an IOS image from a TFTP Server into flash or load it directly into RAM. By executing the tftpdnld you can
view all required variables for the command to operate properly;
rommon 2 > tftpdnld
Missing or illegal ip address for variable IP_ADDRESS
Illegal IP address.
usage: tftpdnld [-r]
Use this command for disaster recovery only to recover an image via TFTP.
Monitor variables are used to set up parameters for the transfer.
(Syntax: "VARIABLE_NAME=value" and use "set" to show current variables.)
"ctrl-c" or "break" stops the transfer before flash erase begins.
The following variables are REQUIRED to be set for tftpdnld:
IP_ADDRESS: The IP address for this unit
IP_SUBNET_MASK: The subnet mask for this unit
DEFAULT_GATEWAY: The default gateway for this unit
TFTP_SERVER: The IP address of the server to fetch from
TFTP_FILE: The filename to fetch
The following variables are OPTIONAL:
TFTP_VERBOSE: Print setting. 0=quiet, 1=progress(default), 2=verbose
TFTP_RETRY_COUNT: Retry count for ARP and TFTP (default=12)
TFTP_TIMEOUT: Overall timeout of operation in seconds (default=7200)
TFTP_CHECKSUM: Perform checksum test on image, 0=no, 1=yes (default=1)
FE_SPEED_MODE: 0=10/hdx, 1=10/fdx, 2=100/hdx, 3=100/fdx, 4=Auto(deflt)
Command line options:
-r: do not write flash, load to DRAM only and launch image
rommon 3 >
As per the objectives, were required to set the required variables to execute the tftpdnld command. You can issue the set command
to view the current set variables.
rommon 3 > set
PS1=rommon ! >
BOOT=
RET_2_RUTC=0
BSI=0
RANDOM_NUM=1492875412
ROM_PERSISTENT_UTC=1016225763
RET_2_RTS=
RET_2_RCALTS=
?=1
rommon 24 > set
PS1=rommon ! >
BOOT=
RET_2_RUTC=0
BSI=0
RANDOM_NUM=1492875412
ROM_PERSISTENT_UTC=1016225763
RET_2_RTS=
RET_2_RCALTS=
?=0
rommon 4 >
Shown below is the required variables to execute tftpdnld successfully.
rommon
rommon
rommon
rommon
rommon
4
5
6
7
8
>
>
>
>
>
IP_ADDRESS=10.1.1.10
IP_SUBNET_MASK=255.255.255.0
DEFAULT_GATEWAY=10.1.1.254
TFTP_SERVER=172.16.20.17
TFTP_FILE=c2600-i-mz.123-26.bin
You do not need a default gateway if your TFTP Server is on the same subnet as the Cisco router youre recovering.
Recovering a Corrupt Cisco IOS Image on a 2600 Series | Free CCNA Workbook
Once you have set the variables you can continue on to objective 3 by executing the tftpdnld command with the -r switch to copy the
Cisco IOS image from a TFTP Server and load it into ram directly.
rommon 9 > tftpdnld -r
IP_ADDRESS:
IP_SUBNET_MASK:
DEFAULT_GATEWAY:
TFTP_SERVER:
TFTP_FILE:
10.1.1.10
255.255.255.0
10.1.1.254
172.16.20.17
c2600-i-mz.123-26.bin
.....
Receiving c2600-i-mz.123-26.bin from 172.16.20.17 !!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
File reception completed.
program load complete, entry point: 0x80008000, size: 0x765238
Self decompressing the image : ##############################################
####################################################################### [OK]
Smart Init is enabled
smart init is sizing iomem
ID
MEMORY_REQ
00036F
0X00103980
000065
0X00031500
0X00098670
0X00211000
TOTAL:
0X003DE4F0
TYPE
C2651XM Dual Fast Ethernet
Four port Voice PM
public buffer pools
public particle pools
Recovering a Corrupt Cisco IOS Image on a 2600 Series | Free CCNA Workbook
Once youre at the IOS command line youll then need to copy an actual image into flash. Youre probably thinking why did we not
just copy it using TFTPDNLD and the answer is quite simple. Using TFTPDNLD will take significantly longer to copy an image via
TFTP to flash verses booting into RAM and doing a quick IOS image recovery as youve done in a previous lab.
If you need reference the previous lab for copying the image back to flash you can click HERE
The next step is to copy the IOS image from the TFTP Server in Cisco IOS. As shown below the typical prerequisite configuration
required to copy an IOS image from a tftp server to flash.
Router>enable
Router#configure terminal
Router(config)#interface fa0/0
Router(config-if)#ip add 10.1.1.10 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.254
Router(config)#end
Router#
After youve configured the required configuration to copy an IOS image via TFTP to the Routers flash you can execute the copy
command as shown below;
Router#copy tftp flash
Address or name of remote host []? 172.16.20.17
Source filename []? c2600-adventerprisek9-mz.124-1.bin
Destination filename [c2600-adventerprisek9-mz.124-1.bin]?
Accessing tftp://172.16.20.17/c2600-adventerprisek9-mz.124-1.bin...
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased
Erase of flash: complete
Loading c2600-adventerprisek9-mz.124-1.bin from 172.16.20.17 (via FastEthernet0/0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 34634180 bytes]
Verifying checksum... OK (0x8E89)
34634180 bytes copied in 279.014 secs (124131 bytes/sec)
Router#
Now that the new IOS image has copied to flash reload your router and verify that the router reboots.
Router#reload
System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]
SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload command.
System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)
Copyright (c) 2003 by cisco Systems, Inc.
C2600 platform with 262144 Kbytes of main memory
program load complete, entry point: 0x80008000, size: 0x2107824
Self decompressing the image : ######################################
Smart Init is enabled
smart init is sizing iomem
ID
MEMORY_REQ
TYPE
00036F
0X00103980 C2651XM Dual Fast Ethernet
000065
0X00031500 Four port Voice PM
0X00098670 public buffer pools
Recovering a Corrupt Cisco IOS Image on a 2600 Series | Free CCNA Workbook
TOTAL:
Cisco IOS Software, C2600 Software (C2600-ADVENTERPRISEK9-M), Version 12.4(1), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 28-Oct-09 18:16 by prod_rel_team
Image text-base: 0x800080F8, data-base: 0x83594B3C
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 2651XM (MPC860P) processor (revision 2.0) with 253952K/8192K bytes of memory.
Processor board ID JAE08030QZL
M860 processor: part number 5, mask 2
2 FastEthernet interfaces
2 Serial interfaces
32K bytes of NVRAM.
49152K bytes of processor board System flash (Read/Write)
--- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]:
After verifying that the new image has booted on your device than youve successfully recovered the IOS on your device and
completed the objectives of this lab.
Previous Lab
Next Lab
Recovering a Corrupt Cisco IOS Image on a 2600 Series | Free CCNA Workbook
Like
74 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Recovering a Corrupt Cisco IOS Image on a Catalyst Switch | Free CCNA Workbook
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Unfortunately there is no easy way to recover a corrupt or deleted IOS image on a fixed configuration Cisco Catalyst
switch. You must use xModem which commonly takes 2+ hours. This lab will discuss and demonstrate the IOS
recovery procedure for fixed configuration Catalyst series switches using xModem.
Lab Prerequisites
This lab will require a REAL switch as this lab cannot be emulated using GNS3.
The Cisco IOS on the switch must be corrupt or missing to perform this lab, to emulate this error you can erase the flash
memory to practice this lab.
An active console session to the device is REQUIRED.
Youll need to use either HyperTerminal or SecureCRT as Putty does not support xModem.
Lab Objectives
Boot the switch into SWITCH ROM mode.
Recovering a Corrupt Cisco IOS Image on a Catalyst Switch | Free CCNA Workbook
Lab Instruction
Recovering the Cisco IOS Image on a fix configuration Cisco Catalyst Series Switch is quite a bit different and more of an old school
way of doing an IOS image recovery. Unfortunately fixed configuration switches require the use of xModem to restore a corrupt or
missing IOS images unlike the Cisco 4500 and Cisco 6500 Series supervisor engines which use compact flash cards
Step 1. Boot your switch into switch ROM mode. This typically involves holding down the STAT button on the front of the switch when
plugging in the power. You can check out the required procedure by clicking HERE!
Once youve booted your switch into Switch ROM mode youll be see the following dispatch;
Boot Sector Filesystem (bs) installed, fsid: 2
Base ethernet MAC Address: 00:14:f2:d2:41:80
Xmodem file system is available.
The password-recovery mechanism is enabled.
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
boot
switch:
Step 2. Once youve booted into Switch ROM mode youll need to initialize the flash file system by executing the flash_init command
as shown below;
switch: flash_init
Initializing Flash...
flashfs[0]: 1 files, 1 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 12474880
flashfs[0]: Bytes available: 3524096
flashfs[0]: flashfs fsck took 10 seconds.
...done Initializing Flash.
switch:
Step 3 OPTIONAL If your image is corrupted you can format your flash file system by executing the format flash: command as
shown below however this will delete your start-up configuration!!!
Recovering a Corrupt Cisco IOS Image on a Catalyst Switch | Free CCNA Workbook
Step 5. Once setting the BAUD rate and reconnecting to the console line of your Cisco switch youre ready to copy the IOS image via
xModem to the switchs flash memory by executing the copy xmodem: flash:filename.bin and starting the xModem file transfer from
the terminal emulator client as shown below;
switch: copy xmodem: flash:c3560-ipservicesk9-mz.122-53.SE.bin
Begin the Xmodem or Xmodem-1K transfer now...
CCC
Starting xmodem transfer. Press Ctrl+C to cancel.
Transferring c3560-ipservicesk9-mz.122-53.SE.bin...
100%
12181 KB
6 KB/s 00:31:56
0 Errors
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................
File "xmodem:" successfully copied to "flash:c3560-ipservicesk9-mz.122-53.SE.bin"
switch:
Step 6. Once the IOS image is copied into flash youll need to update the BOOT parameter by executing the set BOOT
flash:filename.bin command as shown below;
switch: set BOOT flash:c3560-ipservicesk9-mz.122-53.SE.bin
Step 7. Once the boot parameter has been set you can now set the BAUD rate back to the default 9600bps by executing the
command unset BAUD. Note that when doing this youll need to disconnect your current console connection and change the baud
speed on your terminal emulator from 115200 back to 9600.
switch: unset BAUD
Recovering a Corrupt Cisco IOS Image on a Catalyst Switch | Free CCNA Workbook
Step 8 is the last step which is to boot the switch and verify that the switch successfully boots the IOS image placed into flash from
xMODEM. Execute the boot command to load the IOS image specified in the boot parameter as shown below;
switch: boot
Loading "flash:/c3560-ipservicesk9-mz.122-53.SE.bin"...@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
File "flash:/c3560-ipservicesk9-mz.122-53.SE.bin" uncompressed and installed,
entry point: 0x1000000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Recovering a Corrupt Cisco IOS Image on a Catalyst Switch | Free CCNA Workbook
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco WS-C3560-24PS (PowerPC405) processor (revision M0) with 131072K bytes of
memory.
Processor board ID CAT0928Z2EE
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address
: 00:14:F2:D2:D1:AF
Motherboard assembly number
: 73-9673-06
Power supply part number
: 341-0029-03
Motherboard serial number
: CAT09880NNZ
Power supply serial number
: LIT091091ZV
Model revision number
: M0
Motherboard revision number
: A0
Model number
: WS-C3560-24PS-S
System serial number
: CAT0911FAEE
Top Assembly Part Number
: 800-25861-03
Top Assembly Revision Number
: A0
Version ID
: V05
CLEI Code Number
: COM1X1FARB
Hardware Board Revision Number : 0x01
Switch Ports Model
------ ----- ----*
1 26
WS-C3560-24PS
SW Version
---------12.2(53)SE
SW Image
---------C3560-IPSERVICESK9-M
Previous Lab
Like
116 Tweet
Next Lab
Recovering a Corrupt Cisco IOS Image on a Catalyst Switch | Free CCNA Workbook
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Configuring the Login, EXEC & MOTD Banner(s) | Free CCNA Workbook
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
While working with Cisco gear in the field you will notice that banners have their place. Such as to inform the user of
legal rights or scheduled maintenance. This lab will discuss and demonstrate the different types of Cisco IOS
banners.
Lab Prerequisites
If you are using GNS3 than load the Stub Area Networking GNS3 topology file than start R1.
Establish a Console session with Router 1.
>Lab Objectives
Configure a login banner so that any attempted connections to the device are prompted with Legal information.
Configure an EXEC banner so that when a user establishes an exec session with the device the device displays the hostname
and current line the session was established on.
Configuring the Login, EXEC & MOTD Banner(s) | Free CCNA Workbook
Configure a Message of The Day (MOTD) Banner to display current scheduled downtime for device maintenance.
Lab Instruction
Step 1. For objective one youre required to configure a Login banner to inform incoming sessions legal information and privacy
information. When configuring a banner youll need to use a delimiting character; which is a character that only appears at the
beginning and end of the banner. The ^ is commonly used. To set a banner youll use the banner command followed by the type of
banner rather it be login, exec, motd and the delimiting character. As shown below you can see a basic Login banner is configured
and configuration is verified by ending and reestablishing an exec session with the device.
Router(config)#banner login ^
Enter TEXT message. End with the character '^'
##########################################
# This is a Login banner used to show
#
#
legal and privacy information.
#
#
#
#
Unauthorized users prohibited
#
##########################################
^
Router(config)#end
Router#exit
##########################################
# This is a Login banner used to show
#
#
legal and privacy information.
#
#
#
#
Unauthorized users prohibited
#
##########################################
User Access Verification
Password:
Router>
Objective 2 requests that you to configure an exec banner so that any authenticated exec sessions will be shown what the device
hostname is and the line the session is established on. In order to configure this type of banner youll need to know what Banner
Tokens are. Banner tokens are basically a variable you can set in a banner that calls particular information from the device and
dispatches it into the banner. The banner tokens that will be used in this objective are $(hostname) and $(line) which display the
hostname and line number.
To configure the exec banner as required by objective 3, use the following text Session established to $(hostname) on line $(line)
Like the previous Login banner youve configured you execute the same command in global configuration mode but rather executing
banner login ^ youll execute banner exec ^ as shown below;
Configuring the Login, EXEC & MOTD Banner(s) | Free CCNA Workbook
Router>enable
Password:
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#banner exec ^
Enter TEXT message. End with the character '^'
Session established to $(hostname) on line $(line)
^
Router(config)#
After the exec banner is configured, verify your configuration by terminating your exec session and reestablishing an exec session to
the device as shown below;
Router(config)#end
Router#exit
##########################################
# This is a Login banner used to show
#
#
legal and privacy information.
#
#
#
#
Unauthorized users prohibited
#
##########################################
User Access Verification
Password:
Session established to Router on line 0
Router>
To read more about Banner Tokens click Here!
Objective 3 is the last objective of the lab which is to configure a Message of the Day banner, which is commonly used to display
maintenance information on the Cisco device such as This router will undergo routine maintenance on 01/01/10 from 12:00AM to
2:00AM
The MOTD banner is displayed prior to the login banner on a Cisco Router or Switch and is configured the same was as any other
banner which is to execute the banner command followed by the type of banner and the delimiting character in global configuration
mode. As shown below is an example MOTD banner configuration and verification;
Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#banner motd ^
Enter TEXT message. End with the character '^'
This router will undergo routine maintenance on 01/01/10 from 12:00AM to 2:00AM
^
Router(config)#
Configuring the Login, EXEC & MOTD Banner(s) | Free CCNA Workbook
To verify the MOTD banner configuration, exit and reestablish an exec session to the device as shown below;
Router(config)#end
Router#exit
Previous Lab
Like
Next Lab
76 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
Configuring the Login, EXEC & MOTD Banner(s) | Free CCNA Workbook
:( http://t.co/wjL6GYuo2O
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
One of the most things to do is having to negate multiple commands using the no statement. There is a better way to
default IOS configuration in specific sections. This lab will discuss and demonstrate the configuration default function.
Lab Prerequisites
If you are using GNS3 than load the Stub Area Networking GNS3 topology and start R1.
Establish a Console session with Router 1.
Lab Objectives
Configure interface FastEthernet0/0 with the IP Address of 10.1.1.254/24 and hard code the Speed to 100Mbps and Duplex to
full.
Reset the configuration previously made on interface FastEthernet0/0 using the default command in global configuration.
Lab Instruction
Step 1. To simulate a configured interface the first objective states that you need to assign the IP Address 10.1.1.254/24 to interface
FastEthernet0/0 as well ass hard code the speed and duplex to 100Mbps/Full Duplex.
Router con0 is now available
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa0/0
Router(config-if)#ip add 10.1.1.254 255.255.255.0
Router(config-if)#duplex full
Router(config-if)#speed 100
Router(config-if)#no shut
%LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed
state to up
Router(config-if)#
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
end
Router(config)#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
You would never allow anyone in the world to access your email so why would you allow anyone to access your
network hardware? This lab will discuss and demonstrate the configuration and verification of basic password
authentication.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook topology and start R1.
Establish a console session with Router 1.
Lab Objectives
Configure a Console line password so that anyone attempting to establish a console session to the device will be prompted for
a password. Once completed, verify your configuration.
Configure the VTY line 0-4 password so that anyone attempting to establish a telnet/ssh session to the device will be
prompted for a password. Once completed, verify your configuration.
Configure an enable password and enable secret. Once completed, verify these configurations.
Configure a Auxiliary line password so that anyone attempting to established an auxiliary line session to the device (routers
only) will be prompted for a password.
Lab Instruction
Step 1. To meet the first objective of protecting the console line with a console password youll need to navigate to the console line
configuration mode as shown below;
--- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
Router>enable
Router#configure terminal
Router(config)#line console 0
Router(config-line)#
Once in console line configuration mode, you can set the password by executing the password passwordgoeshere As shown below,
the password is being set to Cisco123;
Router(config-line)#password Cisco123
Simply setting the password does not enable password authentication. Youll need to tell the router to prompt incoming sessions on
the console line to require a password. This is done by executing the login command from line configuration mode as shown below;
Router(config-line)#login
Now you can test your console line password but first youll have to end your exec session by typing end and exit then attempting to
establish a new exec session via console as shown below;
Router(config-line)#end
Router#exit
Router con0 is now available
Router(config-line)#password Cisco321
Router(config-line)#login
Notice that in this example the password was set to Cisco321 just to demonstrate you can have different passwords per line. In order
to verify this configuration; typically youd need Ethernet connectivity to the device so as per that requirement youll need to assign
an IP address to an interface. For example assign 10.1.1.1 255.255.255.255 to interface loopback0 as shown below;
Router(config-line)#interface lo0
Router(config-if)#ip add 10.1.1.1 255.255.255.255
Router(config-if)#end
Router#
To verify your vty line password configuration you can telnet to your local interface to initiate a telnet exec session as shown below;
Router#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Password:
Password:
Router>
As you can see youre prompted for the VTY line password. If you enter the console line password, you will be denied access but
upon entering the correct vty line password youll be authorized to start an exec session as shown above.
Once youve established a telnet session to the router, try to gain privileged level access. Youll immediately notice that youll be
prompted for an enable password in which case none is set so therefore you cannot gain privileged level access.
Router>enable
Password:
Password:
Password:
% Bad passwords
Router>
Step 3. Configure an enable password and secret for the Cisco router to gain privileged level access to the device via telnet. This
configuration is done in global configuration mode. If you still have a telnet session open from the previous objective verification, type
exit. To configure an enable password execute the enable password passwordgoeshere command.
To configure an enable secret you simply execute the enable secret passwordgoeshere as shown below;
Router>exit
[Connection to 10.1.1.1 closed by foreign host]
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable password Cisco1
Router(config)#enable secret Cisco2
Router(config)#end
Router#
As shown above the enable password was set to Cisco1 and the enable secret was set to Cisco2
The enable password and enable secret are used for the same authentication, which is to gain access to privileged mode
however if you have both enable password and enable secret set, the enable secret will override the enable password.
Once the enable passwords have been set verify the configuration by executing a reverse telnet to 10.1.1.1 and establishing a telnet
session using the previously set vty lines password then escalate to privileged level access.
Router#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Password:
Router>enable
Password:
Password:
Router#
If you typed in the enable password first youll be rejected as the router also has an enable secret set of Cisco2.
Step 4. The last objective only applies to Cisco devices that have an Auxiliary (AUX) port. The AUX port is very similar to the console
port but has modem control pins where you can attach an external modem to the device and dial-in to the device via external 56k
modem and remote manage the device using POTS dial-up service. This is commonly used in out of band management for single
devices however when there are multiple devices per site and out of band management is required its common to have an accessserver setup with a modem to allow console management of multiple devices through a single dial-in device.
To set the AUX line password youll execute the same commands as youve previously done in the console line password
configuration as shown below;
Router#configure terminal
Enter configuration commands, one per line.
Router(config)#line aux 0
Router(config-line)#password AuxPassword123
Router(config-line)#login
Router(config-line)#end
Router#
Previous Lab
Like
Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Using a single shared password is not the most secure way to control authentication. Giving each individual a
username and password is easier to track. This lab will discuss and demonstrate local user authentication.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology and start R1.
Establish a console session with Router 1.
Configure the Loopback0 interface with a host address of 10.1.1.1
Lab Objectives
Configure a user account with the name Tom with a password of Cisco$123 and assign level 15 privileges to this user.
Configure a user account with the name Sally with a password of LetMeSee! and assign level 1 privileges to this user.
Configure the VTY lines 0 through 4 to authenticate incoming exec sessions with the Local User Database using the login
Lab Instruction
Step 1. As required per the first object, create a user account with the username of tom and password of Cisco$123 and grant this
user level 15 privileges.
Router con0 is now available
Press RETURN to get started.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#username tom privilege 15 secret Cisco$123
Step 2. Create a user account with the username of Sally and password of LetMeSee! and grant this user level 1 privileges.
Router(config)#username sally privilege 1 secret LetMeSee!
Read Me
Creating a user account with level 15 privileges will place the user in privileged mode upon a successful authentication therefore this
user will not need to provide an enable password. Use caution when assigning level 15 privileges.
Step 3. Configure the VTY lines 0 through 4 to authenticate incoming exec sessions to the local user database. This is done by
executing the login local under line configuration mode.
Router(config)#line vty 0 4
Router(config-line)#login local
Step 4. Verify your configuration by using reverse telnet via the Loopback0 interface. You should receive a username and password
prompt and upon a successful authentication based on the credentials provided you should be granted an exec shell session in user
mode if using the username sally or privileged mode if using the username tom as shown below;
Routerconfig-line)#end
Router#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Username: tom
Password:
Router#
Previous Lab
Next Lab
Like
84 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
AAA Authentication lists are commonly used for multiple methods of authentication on a single device such as local
and line. This lab will discuss and demonstrate the configuration and verification of AAA Authentication Lists.
WILL be locked out of the device and will have to perform a password recovery.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology and start R1.
Establish a console session with Router 1.
Configure a username and password of your choice with level 15 privileges in the local database; See Lab 3-2 for reference.
Lab Objectives
Enable AAA by executing the aaa new-model command in global configuration.
Configure a AAA login authentication list named CONSOLE_AUTH and authenticate to the local database only.
Configure the console line to authenticate using the authentication list you created named CONSOLE_AUTH
Verify your configuration by logging completely out of the router and back in.
Lab Instruction
Step 1. Enable AAA by executing the command aaa new-model in global configuration mode. This enables the new authentication
methods and disables the old authentication methods such as line passwords.
Router con0 is now available
Router>enable
Router#configure terminal
Enter configuration commands, one per line.
Router(config)#aaa new-model
Step 2. Configure a AAA login authentication list named CONSOLE_AUTH and authenticate to the local database only.
The syntax for configuring a AAA login authentication list is; aaa authentication login LISTNAME AUTHTYPE
In this objective the list name is CONSOLE_AUTH and the authentication type is LOCAL as shown below;
Router(config)#aaa authentication login CONSOLE_AUTH local
Step 3. Now youre ready to configure configure the console line to authenticate users attempting an exec session to the AAA login
authentication list you just created. This is a single command executed in line configuration mode; login authentication listname
Router(config)#line con 0
Router(config-line)#login authentication CONSOLE_AUTH
Step 4. Verify your configuration by logging completely out of the router and logging back in via the console. If configured properly
you should be prompted for a username and password now as shown below;
Router(config-line)#end
Router#exit
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Most enteprise companies authenticate network users via TACACS+ to a Cisco ACS Server. This is useful for single
sign-on, management and tracking. This lab will discuss and demonstrate the configuration of a TACACS+ AAA
Authentication List.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology and start R1.
Establish a console session with Router 1.
Complete Lab 3-3 prior to attempting this lab.
Create a local user account and password with level 15 privileges.
Lab Objectives
Configure a TACACS+ Server located at 10.1.1.20 with the key of P@s$W0rD!
Configure a login authentication list named CONSOLE_AUTH to authenticate to the tacacs server group then the local
database if authentication to the tacacs server times out.
Assign the authentication list to the console line and verify your configuration. (See Notes)
Lab Instruction
Step 1. First you need to configure the TACACS server host address and key, this is done by executing the tacacs-server host
x.x.x.x key keygoeshere as shown below;
Router con0 is now available
Press RETURN to get started.
Router>enable
Router#configure terminal
Router(config)#tacacs-server host 10.1.1.20 key P@s$W0rD!
Step 2. Now configure the AAA login authentication list name CONSOLE_AUTH to authenticate to the tacacs server first and fail
back to the local user database in the event of a server failure. As previously shown in Lab 3-2 the authtype was just local. The AAA
login authentication list follows the authtype in order from first to last in the syntax. To configure the list to authenticate to the tacacs
server, add group tacacs+ prior to local
To complete the 2nd objective; authenticate to the tacacs server then failback to the local database when the server fails, execute the
Lab 3-2;
Router(config)#line con 0
login
Router(config-line)#login authentication CONSOLE_AUTH group tacacs local
authentication
CONSOLE_AUTH
You will be unable to verify the actual TACACS server authentication as no TACACS server exist in this lab. You can download
with
a trial copy of Cisco ACS and configure the server to authenticate Cisco devices but that is outside of the scope of CCNA and
group
CCNA Security. For verification purposes, use the prerequisites configured local database username and password with level
tacacs
15 privileges.
local
appended
to it as
shown
Router con0 is now available
below;
Press RETURN to get started.
Username: john
Password:
Router>
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Configuring Secure Shell Virtual Terminal Access (SSH) | Free CCNA Workbook
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
When it comes to device management you want to ensure that the traffic is secure and encrypted. Telnet
unfortunately is not encrypted which is why SSH is commonly used for administration of Cisco devices. This lab will
discuss and demonstrate the configuration of SSH v1.99 (v2)
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology and start R1.
Establish a console session with Router 1.
Create a loopback interface and configure it with the IP Address 10.1.1.1/24
Configuring Secure Shell Virtual Terminal Access (SSH) | Free CCNA Workbook
Create an arbitrary username and password in the local user database as required by SSH in order for the VTY lines to
establish a remote exec session.
The VTY Line(s) authentication should be configured to authenticate to the local database. (Note that you can use login local
or a AAA authentication list to accomplish this)
Lab Objectives
Change the hostname from its default hostname Router to something specific to the device. ie; R1
To generate an RSA key, youre required to have a domain name set. Set the domain name executing the ip domain-name
domainname.net command in global configuration.
Create an RSA Genera-Usage certification that is self-signed by the Cisco device.
Configure the transport input protocol on the VTY lines to only accept SSH (this disables telnet and permits only ssh)
Lab Instruction
Step 1. As a requirement to generate an RSA general-usage key youll need to change the hostname to a hostname other then the
default Router hostname. In this case, you can use R1 as shown below;
Router con0 is now available
Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line.
Router(config)#hostname R1
R1(config)#
Step 2. Another requirement prior to generating an RSA certificate on the Cisco device is to set a domain name. For the purposes of
this lab, the domain name will be set to freeccnaworkbook.com as shown below;
R1(config)#ip domain-name freeccnaworkbook.com
Step 3. Now youre ready to generate the RSA certificate. To generate the RSA certification youll execute the crypto key generate
rsa general-keys modulus command followed by the modulus keysize which ranges between [360-2048]. As shown below, an RSA
certificate is generated using a 1024 bit modulus key.
R1(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: R1.freeccnaworkbook.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Configuring Secure Shell Virtual Terminal Access (SSH) | Free CCNA Workbook
R1(config)#
%SSH-5-ENABLED: SSH 1.99 has been enabled
Youll notice that immediately after the RSA General use keys are generated, SSH v1.99 is enabled. Note that the larger the keysize,
the longer it takes to generate.
Once SSH v1.99 is enabled you can connect to the Cisco device remotely using the SSH v2 protocol found in Putty, SecureCRT and
other terminal emulators; excluding HyperTerminal as it does not support cryptographic connectivity.
Step 5. Configure the transport input protocol on the VTY lines to accept only SSH by executing the transport input ssh under the vty
line configuration mode as shown below;
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
Step 6. Verify your SSH configuration by using the Cisco IOS SSH client and SSH to the routers loopback interface 10.1.1.1
Minimal documentation regarding the Cisco IOS SSH client exist. Use the Cisco IOS context help ? to view available ssh command
options.
R1(config-line)#end
R1#ssh -l john 10.1.1.1
Password:
R1#show ssh
Connection Version Mode Encryption Hmac
0
1.99
IN
aes128-cbc hmac-sha1
0
1.99
OUT aes128-cbc hmac-sha1
%No SSHv1 server connections running.
R1#
State
Session started
Session started
Previous Lab
Like
Tweet
Username
john
john
Next Lab
Configuring Secure Shell Virtual Terminal Access (SSH) | Free CCNA Workbook
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Numbered ACLs are commonly used for simple quick configurations where a single match is needed such as
specifying which host is allowed to access the device via SSH. This lab will discuss and demonstrate the configuration
of numbered Access Control Lists (ACLs)
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and SW1.
Establish a console session with devices R1 and R2.
Configure R1s FastEthernet0/0 interface with the IP address 10.1.1.1/24 and R2s FastEthernet0/0 interface with 10.1.1.2/24
Verify you can ping R2s Ethernet interface from R1 and Vice Versa prior to starting this lab.
Lab Objectives
Create a standard numbered access-list (number of your choice) to prevent the host 10.1.1.2 IP access inbound on R1 Fa0/0
and permit all other traffic. (Verify your configuration)
Create an extended numbered access-list (number of your choice) to prevent telnet access outbound R1 interface Fa0/0 to
host 10.1.1.3 and permit all other traffic.
Lab Instruction
There are several different specific ranges of numbered access-list used to perform different types of access control as shown below
from the Cisco CLI context sensitive help;
R1(config)#access-list ?
<1-99>
IP standard access list
<100-199>
IP extended access list
<1000-1099>
IPX SAP access list
<1100-1199>
Extended 48-bit MAC address access list
<1200-1299>
IPX summary address access list
<1300-1999>
IP standard access list (expanded range)
<200-299>
Protocol type-code access list
<2000-2699>
IP extended access list (expanded range)
<2700-2799>
MPLS access list
<300-399>
DECnet access list
<600-699>
Appletalk access list
<700-799>
48-bit MAC address access list
<800-899>
IPX standard access list
<900-999>
IPX extended access list
compiled
Enable IP access-list compilation
dynamic-extended Extend the dynamic ACL absolute timer
rate-limit
Simple rate-limit specific access list
Step 1. To complete the first objective of this lab you need to create a standard numbered access-list. By referencing the context
sensitive help youll notice the standard ip access-list numbers range between 1 and 99. You can choose a number of your own to
complete this objective but for the purposes of demonstration, number 50 will be used. The objective states that you need to block IP
host 10.1.1.2 inbound access at R1s FastEthernet0/0 interface but permit all other traffic. An example is shown below;
R1 con0 is now available
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#access-list 50 deny host 10.1.1.2
R1(config)#access-list 50 permit any
Now that the numbered access-list is created you need to apply it in the ingress direction of interface Fa0/0 on Router 1 as shown
below;
R1(config)#interface fa0/0
R1(config-if)#ip access-group 50 in
You can verify your configuration by pinging R1s Fa0/0 interface from R2, as a prerequisite you should have been able to ping the IP
prior to applying the access-list. Now if configured correctly your pings will be Unreachable;
R2>ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
R2>
You can also verify that the access-list is properly working by executing the show access-list command in privilege mode on R1. As
shown below by the command results youll notice that the first ACE has a hit count of 8;
R1(config-if)#end
R1#show access-list
Standard IP access list 50
10 deny
10.1.1.2 (8 matches)
20 permit any
R1#
Change the IP address on R2s FastEthernet interface to 10.1.1.3/24 and verify test your access-list again to ensure traffic destined
to destinations excluding 10.1.1.2/32 is permitted;
R2>enable
R2#configure terminal
R2(config)#interface fa0/0
R2(config-if)#ip add 10.1.1.3 255.255.255.0
R2(config-if)#end
R2#
Now ping R2s new Fa0/0 interface ip address (10.1.1.3) and verify you have successful communication;
R1#ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/43/76 ms
R1#
Step 2. Now its time to create an extended numbered access-list. As previously shown in the CLI context sensitive help, youll see
extended numbered access-list ranges between 100 and 199, however Cisco later added expanded ranges for both standard and
extended numbered access-lists. In this objective you need to create an access-list to block telnet traffic oubound on R1s Fa0/0
interface to the host 10.1.1.3 equal to telnet and permit all other traffic. Since telnet is TCP traffic, youll need to specifically match
the traffic by specifying the ACE is TCP only and match the protocol following the destination as you need to prevent traffic from
reaching that destination with the destination port number of 22 (telnet) as shown below;
R1#configure terminal
R1(config)#access-list 150 deny tcp any host 10.1.1.3 eq telnet
R1(config)#access-list 150 permit ip any any
Now this access-list needs to be applied in the egress direction on R1s interface Fa0/0;
R1(config)#interface fa0/0
R1(config-if)#ip access-group 150 out
Due to the nature of how the Cisco device sources traffic from its self, this objective cannot be tested unless another network and
static routes are configured which will be discussed in a later section. Traffic sourced from a router does not get processed by an
outbound access-list. However, any traffic that traverses the router from one network to host 10.1.1.3 equal to the telnet protocol will
be dropped.
Access-list can be configured on a Cisco device inbound and/or outbound and you must look at it in a way that the router is the traffic
cop saying what traffic is authorized to pass and what traffic gets smacked into the bit bucket.
There is a general rule of thumb when dealing with access list. In order for access lists to be the most effective you should place an
extended access-list closest to the source as possible and a standard access list closest to the destination as possible.
Also keep in mind that there is an IMPLICIT DENY at the end of every access-list, meaning you cannot see the deny statement but
configuration wise, it is the same thing as configuring deny any any at the end of the access list. So by default, traffic will be
dropped unless you permit it. Engineers often times place an explicit deny statement at the end of the access-list in order to log
denied traffic as a method of access-list troubleshooting.
Previous Lab
Like
Next Lab
100 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
JNCIA Training
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
It is much easier to remember names than numbers. It is also easier to manage named ACLs because you have the
ability to sequence line items in the ACL. This lab will discuss and demonstrate named Access Control Lists (ACLs)
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology and start R1.
Establish a console session with R1 than configure its hostname.
It is recommended that you complete the Previous Lab prior to starting this Lab.
Configure R1s FastEthernet0/0 interface with the IP address 169.254.20.3/29 and R1s FastEthernet0/1 interface with the IP
address 10.1.1.254/24
Lab Objectives
Configured a standard named access-list called INSIDE_IN and permit only 10.1.1.0/24 inbound access; place an explicit deny
statement on line 500 and log denied traffic. Apply this access-list inbound on interface Fa0/1
Configure an extended named access-list called OUTSIDE_IN and deny host 71.23.44.50 and host 204.221.190.5 eq www,
permit all other traffic. Apply this access-list inbound on interface FastEthernet0/0
Lab Instruction
Named access-lists are much like numbered access-list but with names and the addition of line numbers. Now you can specify what
line you wish to place an ACE in the ACL. For example you have an ACL with lines 5, 10, 15, 20, 25, 30 and you need to stick an
entry between line 15 and 20, now you have that ability without having to remove the entire access-list. The new ACE statement will
follow a specific line number when in named access-list configuration mode.
Step 1. The first objective states to create a standard named access-list and permit only the network 10.1.1.0/24 and to configure an
ace on line 500 that denies and logs all denied traffic. The syntax used to completely this objective is; ip access-list standard
ACLNAME as shown below.
R1#configure terminal
Enter configuration commands, one per line.
An extended access-list does not use a subnet mask to identify networks but rather wildcard mask which is the inverse notation
of a subnet mask. To read more about wildcards; CLICK HERE
Now in order to apply this named access-list to an interface you must navigate to the correct interface and execute the ip accessgroup command followed by the ACL name and direction as shown below;
R1(config-std-nacl)#exit
R1(config)#int f0/1
R1(config-if)#ip access-group INSIDE_IN in
You can verify your access-list configuration by executing the show access-list command;
R1(config-if)#do show access-list
Standard IP access list INSIDE_IN
10 permit 10.1.1.0, wildcard bits 0.0.0.255
500 deny
any log
R1(config-if)#
As you can see you have plenty of space between line10 and the explicit deny statement on line 500 to inject more access control list
entries at a later time.
Step 2. Configure an extended named access-list called OUTSIDE_IN and deny host 71.23.44.50 and host 204.221.190.5 eq www,
permit all other traffic. Apply this access-list inbound on interface Fa0/0;
R1(config-if)#exit
R1(config)#ip access-list extended OUTSIDE_IN
R1(config-ext-nacl)#10 deny ip host 71.23.44.50 any
R1(config-ext-nacl)#20 deny tcp host 204.221.190.5 any eq www
R1(config-ext-nacl)#500 permit ip any any
Now assign the newly created extended named access-list inbound on R1s FastEthernet0/0 interface as shown below;
R1(config-ext-nacl)#exit
R1(config)#int f0/0
R1(config-if)#ip access-group OUTSIDE_IN in
To verify your access-list configuration execute the show access-list OUTSIDE_IN command from privileged mode or by using the do
command within a configuration mode as shown below;
R1(config-ext-nacl)#do sh access-list OUTSIDE_IN
Extended IP access list OUTSIDE_IN
10 deny ip host 71.23.44.50 any
20 deny tcp host 204.221.190.5 any eq www
500 permit ip any any
R1(config-ext-nacl)#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Configuring the VTY Lines Access Control List | Free CCNA Workbook
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
When it comes to mgmt traffic, you want to ensure that ONLY authorized host even have the ability to access the
device. This lab will discuss and demonstrate the configuration and verification of applying an ACL to the VTY Lines.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices start R1, R2, R3 and SW1.
Establish a console session with devices R1, R2, R3 and SW1 than configure their respected host names.
Configure the IP address 10.1.1.1/24 on the FastEthernet0/0 interface of R1.
Configure the IP address 10.1.1.2/24 on the FastEthernet0/0 interface of R2.
Configure the IP address 10.1.1.3/24 on the FastEthernet0/0 interface of R3
Configure a local username and password on R1 with level 15 privileges which will be used to authenticate VTY exec sessions
locally.
Configure R1 to accept both Telnet and SSH sessions.
Configuring the VTY Lines Access Control List | Free CCNA Workbook
Lab Objectives
Create a named extended access-list called VTY_ACCESS
Deny host 10.1.1.3 from accessing the vty lines via telnet.
Permit the network range 10.1.1.0/24 to use telnet or ssh
Deny all other traffic and log the denied attempted connections.
Configure the access-list on the vty lines using the access-class command.
Verify your configuration and connectivity using R2 and R3.
Lab Instruction
One of the biggest new management features of 12.3T and 12.4 mainline is the ability to use extended access-lists to permit
particular traffic to establish an exec session to the vty lines of a Cisco device using a particular protocol; ie, telnet and/or ssh.
Step 1. Configure a named access-list on R1 called VTY_ACCESS
R1 con0 is now available
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip access-list extended VTY_ACCESS
R1(config-ext-nacl)#
Step 2. Deny host 10.1.1.3 from accessing the vty lines via telnet. In order to complete this objective youll need to specify the
source as host 10.1.1.3 and destination as any eq telnet as shown below;
R1(config-ext-nacl)#10 deny tcp host 10.1.1.3 any eq telnet
Read Me
When traffic is destined to the control plane of the device, in an ACL it is represented as 0.0.0.0/0; AKA: any
Step 3. Permit the network range 10.1.1.0/24 to use telnet or ssh. This objective will require two access list entries, one for telnet
(tcp port 23) and one for ssh (tcp port 22) as shown below;
R1(config-ext-nacl)#20 permit tcp 10.1.1.0 0.0.0.255 any eq 22
R1(config-ext-nacl)#30 permit tcp 10.1.1.0 0.0.0.255 any eq 23
Step 4. Deny all other traffic and log the denied connection attempts.
R1(config-ext-nacl)#500 deny ip any any log
Configuring the VTY Lines Access Control List | Free CCNA Workbook
Step 5. Configure the access-list on the vty lines using the access-class command.
R1(config-ext-nacl)#line vty 0 4
R1(config-line)#access-class VTY_ACCESS in
R1(config-line)#end
R1#
User
Interface
User
tom
Host(s)
idle
idle
Idle
Location
00:14:12
00:00:00 10.1.1.2
Mode
Idle
Peer Address
R1#exit
[Connection to 10.1.1.1 closed by foreign host]
R2#ssh -l tom 10.1.1.1
Password:
R1#sh ssh
Connection Version Mode Encryption Hmac
0
1.99
IN
aes128-cbc hmac-sha1
0
1.99
OUT aes128-cbc hmac-sha1
%No SSHv1 server connections running.
R1#
State
Session started
Session started
Username
tom
tom
Now using R3 verify that 10.1.1.3/24 is being denied access via telnet and permitted access via SSH to R1 as shown below;
R3#telnet 10.1.1.1
Trying 10.1.1.1 ...
% Connection refused by remote host
R3#ssh -l tom 10.1.1.1
Password:
R1#show ssh
Configuring the VTY Lines Access Control List | Free CCNA Workbook
User
Mode
Idle
Username
tom
tom
Peer Address
R1#
You can verify that telnet was indeed denied using the vty line ACL on R1 by executing the show access-list command in privileged
mode. This will show you a hit count number beside each access control list entry;
R1#show access-list
Extended IP access list VTY_ACCESS
10 deny tcp host 10.1.1.3 any eq telnet (1 match)
20 permit tcp 10.1.1.0 0.0.0.255 any eq 22 (4 matches)
30 permit tcp 10.1.1.0 0.0.0.255 any eq telnet (6 matches)
500 deny ip any any log
R1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
Configuring the VTY Lines Access Control List | Free CCNA Workbook
JNCIA Training
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Allowing people to see your configuration passwords in plain text is a bad idea. This lab will discuss and demonstrate
the configuration of the Cisco IOS password encryption service.
Cisco does not publish how the salt is technically used in the calculation of the md5 hash therefore it is unknown.
Salts are used in a manner to ensure extra security for md5 strings making them unique and proprietary to the salt function written.
For example; lets say we use the password Hello123 and Cisco places the randomly generated salt after the 2nd character in the
actual passphrase, the prehashed password value would than become He$SALTllo123 in which case would give you a unique
md5 string. Ultimately the point Im tryign to make is that the technique in which Cisco uses the SALT function is proprietary. Keep in
mind salt is randomly generated and stored with the password hash which makes it nearly impossible to even create a rainbow for
every current value of the standard md5 rainbow table because you dont know the function in how the Salt is used as well as you
cannot write a script to set the password on a Cisco device to every possible password found in the rainbow table as the salt is
randomly generated every time you use the enable secret XXXX command.
So when someone tells you that the type5 can be cracked by a rainbow table is completely incorrect as a standard rainbow table will
NOT work because a standard rainbow table does not have MD5 hash values for every possible salted password hashed value that
Cisco IOS can generate.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology and start R1.
Establish a console session with Router 1 than configure the devices respected hostname.
Lab Objectives
Configure a user account locally using the username tom and the secret Cisco
Configure a user account locally using the username john and the password Cisco
Verify that the user accounts tom and john were created by viewing the running configuration.
In global configuration mode enable the password encryption service by executing the service password-encryption
Verify that johns username was encrypted after enabling the password encryption service.
Disable the password encryption service and view if type 5 encryption is removed automatically when the password-encryption
service is disabled.
Lab Instruction
Step 1. Configure a user account locally using the username tom and the secret Cisco
R1 con0 is now available
R1>enable
R1#
configure terminal
Enter configuration commands, one per line.
R1(config)#username tom secret Cisco
Step 2. Configure a user account locally using the username john and the password Cisco;
R1(config)#username john password Cisco
Step 3. Verify that the user accounts tom and john were created by viewing the running configuration. TIP: You can view the user
names in the running-configuration by using a regular expression as shown below;
R1(config)#do show run | inc username
username tom privilege 15 secret 5 $1$ID2R$2AKUK4US6yUQVkggSMkLV0
username john privilege 15 password 0 Cisco
R1(config)#
Step 4. In global configuration mode enable the password encryption service by executing the service password-encryption as
shown below;
R1(config)#service password-encryption
Step 5. Verify that johns username was encrypted after enabling the password encryption service by viewing the user names in the
running-configuration as shown below;
R1(config)#do show run | inc username
username tom privilege 15 secret 5 $1$ID2R$2AKUK4US6yUQVkggSMkLV0
username john privilege 15 password 7 106D000A0618
R1(config)#
Step 6. Disable the password encryption service and view if type 7 encryption is removed automatically when the passwordencryption service is disabled.
R1(config)#no service password-encryption
R1(config)#do show run | inc username
username tom privilege 15 secret 5 $1$ID2R$2AKUK4US6yUQVkggSMkLV0
username john privilege 15 password 7 106D000A0618
R1(config)#
When removing the password-encryption service, pre-existing type 7 encrypted passwords will NOT be automatically decrypted.
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Its always good practice to inactivity timeouts on users logged into devices for mgmt purposes. This lab will discuss
and demonstrate the configuration and verification of EXEC and absolute timeouts.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1.
Establish a console session with devices R1 than configure the devices respected hostname(s).
Create a Loopback interface on R1 and assign it the IP address 10.1.1.1/32
Create a username and password with level 15 privileges and set the VTY lines to authenticate locally.
Lab Objectives
Configure a one minute exec-timeout on vty lines 0 through 4 of R1 than verify your configuration by establishing a telnet
session to the Loopback0 interface IP address. Once authenticated wait one minute.
Remove the previously configured exec-timeout configuration on R1s vty lines than configure a two minute absolute timeout
on the VTY lines. Afterwards verify your configuration by establishing a telnet session to the Loopback0 interface IP address
and waiting two minutes. If configured correctly you will be automatically disconnected after 120 seconds.
Lab Instruction
Step 1. Configure a 1 minute exec-timeout on vty lines 0 through 4 of R1 and verify your configuration by telneting to the
Loopback0 ip address, authenticating and then idling for 1 minute.
R1 con0 is now available
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#line vty 0 4
R1(config-line)#exec-timeout 2
R1(config-line)#end
R1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
Step 2. Remove the previously configured exec-timeout configuration on R1s vty lines than configure a two minute absolute
timeout on the VTY lines. Afterwards verify your configuration by establishing a telnet session to the Loopback0 interface IP address
and waiting two minutes. If configured correctly you will be automatically disconnected after 120 seconds.
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#line vty 0 4
R1(config-line)#no exec-timeout
R1(config-line)#absolute-timeout 2
R1(config-line)#end
R1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
*
[Connection to 10.1.1.1 closed by foreign host]
R1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Cisco IOS has its own integrated web server and by best practice you would never want to allow anonymous access
to your devices flash memory. This lab will discuss and demonstrate the IOS web server authentication mechanism.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1.
Establish a console session with devices R1 than configure the devices respected hostname(s).
If youre using GNS3 complete this lab than an Ethernet NIO Cloud is required to be connected to R1s FastEthernet1/0
Interface. Reference Lab 1-8 Configuring a GNS3 Ethernet NIO Cloud for NIO cloud configuration.
Configure a local user account with level 15 privileges used for web authentication in this Lab.
Configure the FastEthernet0/0 interface with DHCP or a Static IP address local to your LAN so you can access the switch via
Internet Explorer or FireFox web browser.
Lab Objectives
Lab Instruction
Step 1. Configure R1 to use the domain name freeccnaworkbook.com as shown below;
R1 con0 is now available
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip domain-name freeccnaworkbook.com
Step 2. Enable the Cisco IOS secure web server by executing the ip http secure-server command in global configuration as shown
below;
R11(config)#ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
%SSH-5-ENABLED: SSH 1.99 has been enabled
R1(config)#
Step 3. Configure the Cisco IOS Web Service to authenticate to the local user database as shown below;
R1(config)#ip http authentication local
Step 4. Verify your configuration by connecting to the devices FastEthernet0/0 IP Address via Internet Explorer or FireFox and
using the credentials configured in the lab prerequisites section.
Read Me
To view the full resolution of the images below, click the thumbnail image(s) to open the image in a new browser tab.
As shown in the image above you are prompted for a username and password. Provide the username and password you created in
the prerequisite. Once authenticated successfully you will be presented with the following page;
Previous Lab
Next Lab
Like
136 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Logging information is crucial to understanding hiccups in your network infrastructure. Commonly this is done by
SYSLog. This lab will discuss and demonstrate the configuration and verification of SYSLog.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1.
Establish a console session with devices R1 than configure the devices respected hostname(s).
If youre using GNS3 youll need to delete the link connecting to R1s FastEthernet0/0 and configure a Cloud interface linking
to R1s FastEthernet0/0 interface. For reference of this configuration refer to Lab 1-8 Configuring a GNS3 Ethernet NIO
Cloud Configuring a GNS3 Ethernet NIO Cloud
For testing purposes, download Solarwinds Kiwi SYSLog Server which can be found HERE
Lab Objectives
Configure R1 to enable logging towards the host IP address assigned to your Cloud 1 Adapter.
Configure the logging option to log level 7 (Debugging) messages and lower.
Generate some SYSLog messages by debugging IP Packet and ping the Clouds interface IP.
Verify the SYSLog messages are correctly sent to the Kiwi SYSLog Server.
Lab Instruction
Step 1. Configure R1 to enable logging towards the host IP address assigned to your Cloud 1 Adapter. To complete this objective
you will use the logging host x.x.x.x command whereas x.x.x.x is the IP address of the SYSLog Server as shown below;
R1 con0 is now available
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#logging host 192.168.2.3
Step 2. Configure the logging option to log level 7 (Debugging) messages and lower. To complete this task you will use the logging
trap command followed by the level highest level you wish to log (1-7)
R1(config)#logging trap 7
R1(config)#end
R1#
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.2.3 port 514 started
- CLI initiated
R1#
Step 3. Generate some manual SYSLog messages by debugging IP Packet and ping the Clouds interface IP.
R1#debug ip icmp
ICMP packet debugging is on
R1#ping 192.168.255.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/24/100 ms
R1#
ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1
ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1
ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1
ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1
ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1
R1#
Step 4. Verify the SYSLog messages are correctly sent to the Kiwi SYSLog Server.
To verify the remote SYSLog is configured properly on R1 youll need a SYSLog server configured on your host machine. For
the purposes of the Free CCNA Workbook lab, Solarwinds Kiwi Server is used for configuration verification. The Kiwi SYSLog
Server IP address is 192.168.255.10/24 and R1s FastEthernet0/0 IP Address is 192.168.255.1/24
A screen shot below that Solarwinds Kiwi is properly receiving the SYSLog messages; Click image to enlarge in new web browser
tab.
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
When working on a network with limited access to documentation you can easily discovery neighboring Cisco devices
using CDP. This lab will discuss and demonstrate the functions of Cisco Discovery Protocol (CDP).
Command
Description
show cdp
Shows CDP hello timer, holdtime and current CDP version running being advertised.
Shows directly connect Cisco device information including hostname, local and remote port(s), Device
capabilities and platform.
Shows detailed information about directly connected Cisco devices such as IOS Version, VTP
management domain, native VLAN and duplex.
Clears the devices CDP table on the local device and relearns all directly connected Cisco devices by
inspecting received CDP frames on local interfaces.
Manually sets the CDP advertisement timer (hello timer) to the specified time in seconds. This
command is configured in global configuration mode.
Manually sets the CDP holdtime (dead timer) timer to the specified time in seconds. This command is
configured in global configuration mode.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1 and SW1
Establish a console session with devices R1 and SW1 than configure the devices respected hostname(s).
Configure the IP Address 192.168.255.1/24 on R1s FastEthernet0/0 interface
Configure the IP address 192.168.255.254/24 on SW1s Vlan1 interface.
Lab Objectives
Using only R1, determine which IOS feature set and version is running on SW1.
Using only SW1, determine the IP address of R1 learned via CDP.
Using only R1, determine the port R1 is connected to on SW1.
Using only R1, determine what the Native VLAN and VTP Domain is on the switchport that R1 is directly connected to.
Change the default timers on both R1 and SW1 from 60/180 to 15/45 and verify your configuration changes.
Lab Instruction
Step 1. Using only R1, determine which IOS feature set and version is running on SW1. To determine this information you will
execute the show cdp neighbor detail command in user or privileged mode on R1 as shown below.
R1>show cdp neighbors detail
------------------------Device ID: Router
Entry address(es):
Platform: Cisco 3640, Capabilities: Router Switch IGMP
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1
Holdtime : 134 sec
Version :
Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a),
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Tue 06-Mar-07 20:25 by prod_rel_team
advertisement version: 2
VTP Management Domain: ''
Duplex: full
R1>
As shown above by the underlined statements; SW1 is running ENTERPRISE/FW/IDS PLUS IPSEC 3DES Version 12.4(13a).
Step 2. Using only SW1, determine the IP address of R1 learned via CDP. To obtain this information you will use the show cdp
neighbors detail command on SW1 in either user or privileged mode as shown below;
SW1#show cdp neighbors detail
------------------------Device ID: R1
Entry address(es):
IP address: 192.168.255.1
Platform: Cisco 3725, Capabilities: Router Switch IGMP
Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/0
Holdtime : 168 sec
Version :
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version
12.4(15)T14, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 17-Aug-10 12:08 by prod_rel_team
advertisement version: 2
VTP Management Domain: ''
Duplex: full
SW1#
As shown above by the underlined statements; R1 has the IP address 192.168.255.1 assigned to the interface which the CDP frame
was sent out.
Step 3. Using only R1, determine the port R1 is connected to on SW1. To obtain this information you can use either the show cdp
neighbors or show cdp neighbors detail command.
R1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID
SW1
R1#
Local Intrfce
Fas 0/0
Holdtme
125
Capability
R S I
Platform Port ID
3640
Fas 0/1
As shown above by the underlined statements; R1 FastEthernet0/0 interface is connected to SW1s FastEthernet0/1 port.
Step 4. Using only R1, determine what the Native VLAN and VTP Domain is on the switchport that R1 is directly connected to. This
information is obtained by using the show cdp neighbors detail command as shown below;
R1>show cdp neighbors detail
------------------------Device ID: SW1
Entry address(es):
IP address: 192.168.255.254
Platform: Cisco 3640, Capabilities: Router Switch IGMP
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1
Holdtime : 157 sec
Version :
Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a),
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Tue 06-Mar-07 20:25 by prod_rel_team
advertisement version: 2
VTP Management Domain: ''
Duplex: full
R1>
As shown above by the underlined statements; the VTP Domain is blank. This is called NULL which simply means that no VTP
domain has been configured on the switch that advertised that CDP Frame. The native VLAN number on the switchs port that R1 is
directly connected to is VLAN 1.
Step 5. Clear the CDP table on R1 and verify that it has been cleared; afterwards verify that R1 relearns about SW1. To clear the
CDP table, use the clear cdp table command in privileged mode as shown below followed by the verification;
R1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID
Local Intrfce
Holdtme
Capability Platform Port ID
SW1
Fas 0/0
173
R S I
2650XM
Fas 1/0
R1#clear cdp table
R1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID
R1#
Local Intrfce
Holdtme
Capability
Platform
Port ID
Step 6. Change the default timers on both R1 and SW1 from 60/180 to 15/45 and verify your configuration changes. To make these
changes you will use the cdp timer and cdp holdtime commands in global configuration. To verify the changes made use the show
cdp command in user or privileged mode as shown below;
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#cdp timer 15
R1(config)#cdp holdtime 45
R1(config)#end
%SYS-5-CONFIG_I: Configured from console by console
R1#show cdp
Global CDP information:
Sending CDP packets every 15 seconds
Sending a holdtime value of 45 seconds
Sending CDPv2 advertisements is enabled
R1#
Previous Lab
Like
Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Understanding the creation and management of VLANs in todays modern networks is crucial to a successful network
engineer. This lab will discuss and demonstrate the configuration and verification of VLANs on the Catalyst Series
Switch.
creating a VLAN on a Cisco switch is now done via global configuration mode using the vlan # name VLAN_NAME command.
Also note that when verifying NM-16ESW switch configurations that the commands will be slightly different then a Cisco Catalyst
Switch running IOS. It is recommended to purchase a Cisco Catalyst switch such as a 2950G or preferably a 3550 to familiarize
yourself with the commands on a Catalyst based switch.
In this lab you will familiarize yourself with the following commands;
Command
Description
vlan database
This command is executed in privileged mode which places you into VLAN Database
configuration mode. If you are using the Free CCNA Workbook GNS3 topology then this
command will be used quite often throughout Section 4 as SW1, SW2 and SW3 are Cisco
3640s with the NM-16ESW Switch module installed in slot0.
This command is executed in VLAN Database configuration mode to create and name a VLAN
when using the NM-16ESW.
abort
This command is executed in VLAN Database configuration mode to exit the VLAN Database
configuration mode without applying any changes that you made while in VLAN Database
configuration mode.
apply
This command is executed in VLAN Database configuration mode will apply any current VLAN
Database configuration changes youve made during your session.
exit
This command is executed in VLAN Database configuration mode and will apply changes that
youve made while in VLAN Configuration mode and exit back to privileged mode.
no vlan #
This command can be executed in VLAN Database configuration mode or VLAN configuration
mode to remove the VLAN that you specify. i.e; no vlan 20
reset
This command is executed in VLAN Database configuration mode will abandon any current
changes made while in VLAN Configuration mode and reread the current VLAN Database.
vlan #
Executed from Global Configuration mode and creates a new VLAN with the specified VLAN
number, once the VLAN is created you will be placed into vlan configuration mode.
vlan VLAN_NAME
This command is executed in VLAN Configuration mode to assign a name to the specified
VLAN number. (Note, Not VLAN Database Configuration Mode)
show vlan
This command can be executed from user or privileged mode on a Catalyst Switch (Cisco
Catalyst 2950, 3500, 3560, 3750 etc) to view the current vlan configuration.
show vlan-switch
This command can be executed in user or privileged mode on a Cisco router that has a Switch
WIC, HWIC, or Network Module such as the NM-16ESW which is included on SW1, SW2 and
SW3 in the Free CCNA Workbook GNS3 topology.
NOTE: The Lab instruction is demonstrated using a Cisco Catalyst switch, not the NM-16ESW which is used in the Free CCNA
Workbook GNS3 Topology. This lab can however be completed on the Stub Lab. If you wish to complete this lab using GNS3
than you will need to reference the commands above for the NM-16ESW.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1.
Establish a console session with devices SW1 than configure the devices respected hostname(s).
Lab Objectives
On SW1, create 3 VLANs. VLAN 10 with the name Sales, VLAN 20 with the name Development, VLAN 30 with the name
Marketing.
Assign Port Fa0/1 to VLAN 10, assign interface Fa0/2 to VLAN 20 and assign interface Fa0/3 to VLAN 30. Afterward, verify
your configuration.
Lab Instruction
Step 1. On SW1, create 3 VLANs. VLAN 10 with the name Sales, VLAN 20 with the name Development, VLAN 30 with the name
Marketing.
To complete this objective using GNS3 you will need to navigate to VLAN Database configuration mode by using the vlan database
command in privileged mode. Once in VLAN Database configuration mode you can create the VLANs by using the vlan number
name vlan_name command.
SW1 con0 is now available
SW1>enable
SW1#config terminal
Enter configuration commands, one per line.
SW1(config)#vlan 10
SW1(config-vlan)#name Sales
SW1(config-vlan)#vlan 20
SW1(config-vlan)#name Development
SW1(config-vlan)#vlan 30
SW1(config-vlan)#name Marketing
SW1(config-vlan)#end
SW1#
Step 2. Assign Port Fa0/1 to VLAN 10, assign interface Fa0/2 to VLAN 20 and assign interface Fa0/3 to VLAN 30. Afterward, verify
your configuration.
To configure switchport interfaces in a specific vlan you will use the switchport access vlan # command in interface configuration
mode. To verify your vlan configuration youll use the show vlan-switch when configuring the NM16-ESW or show vlan on a Cisco
Catalyst Series switch in user or privileged mode as shown below on a Catalyst Series switch.
SW1#configure terminal
SW1(config)#interface Fa0/1
SW1(config-if)#switchport access vlan 10
SW1(config-if)#interface Fa0/2
SW1(config-if)#switchport access vlan 20
SW1(config-if)#interface Fa0/3
SW1(config-if)#switchport access vlan 30
SW1(config-if)#end
SW#show vlan
VLAN Name
Status
Ports
---- ---------------------------- --------- ------------------------------1
default
active
Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10
Sales
active
Fa0/1
20
Development
active
Fa0/2
30
Marketing
active
Fa0/3
1002 fddi-default
act/unsup
1003 token-ring-default
act/unsup
1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup
SW1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
When it comes to switch management, its common to use a dedicated VLAN for management purposes. This lab will
discuss and demonstrate the configuration of a Management VLAN.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1 and SW1.
Establish a console session with devices R1 and SW1 than configure the devices respected hostname(s).
For verification purposes you will need configure a VTY line password on R1 and assign the 10.1.1.1/24 host IP address to
R1s FastEthernet0/0 interface.
Lab Objectives
Create the VLAN number 10 and name it Management.
Create the VLAN 10 interface and assign it an IP address of 10.1.1.10/24
Assign the FastEthernet0/1 interface on SW1 to VLAN 10.
Assign the FastEthernet0/1 interface on SW1 to VLAN 10.
The Lab instruction is demonstrated using a Cisco Catalyst switch, not the NM-16ESW as used in GNS3.
Lab Instruction
You should be familiar with the commands required to complete the objectives of this lab from previous labs in the Free CCNA
Workbook.
Step 1. Create the VLAN number 10 and name it Management.
SW1 con0 is now available
SW1>enable
SW1>configure terminal
Enter configuration commands, one per line.
SW1(config)#vlan 10
SW1(config-vlan)#name Management
SW1(config-vlan)#end
SW1#
To complete this objective you first need to create the VLAN interface by going into global configuration and then VLAN interface
configuration mode by using the command interface vlan # Keep in mind that the VLAN interface number is proportional to the vlan
number created. So Interface Vlan10 is used for VLAN 10 whereas interface Vlan20 would be used for VLAN 20.
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface vlan10
SW1(config-if)#ip address 10.1.1.10 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#
Step 3. Assign the FastEthernet0/1 interface on SW1 to VLAN 10.
SW1(config-if)#interface FastEthernet0/1
SW1(config-if)#switchport access vlan 10
SW1(config-if)#no shut
SW1(config-if)#end
SW1#
By this point you should now be able to ping R1s FastEthernet0/0 interface as shown below;
R1#ping 10.1.1.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/39/100 ms
R1#
Step 4. Verify the management VLAN configuration by using R1 to telnet the IP address of VLAN 10 on SW1.
R1#telnet 10.1.1.10
Trying 10.1.1.10 ... Open
User Access Verification
Password:
SW1>
Previous Lab
Like
13 Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Trunk interfaces are a common deployment to allow multiple switches to share traffic belonging to multiple VLANs.
This lab will discuss and demonstrate the configuration and verification of trunking using ISL and 802.1q.
The Priority Code Point (PCP) is a 3 bit field that refers to the IEEE 802.1p priority. The field indicates the frame priority level which
can be used for the prioritization of traffic. The field can represent 8 values (0 through 7).
The Canonical Format Indicator (CFI) is a 1 bit value; on or off that determines rather or not the MAC address is is in noncanonical
format.
The VLAN Identifier (VID) is a 12-bit field. It uniquely identifies the VLAN to which the frame belongs. The field can have a value
between 0 and 4095.
It is by Ciscos recommendation that all deployments use the IEEE 802.1q standard as this is inter-vendor operable whereas Cisco
ISL is specific to only Cisco switches.
In this lab you will familiarize yourself with the following commands;
Command
Description
This command when executed in interface configuration mode on a switch port will
configure the switchport as a trunk port which carries all VLAN traffic.
This command is executed in interface configuration mode to specify that the trunk will
use the Cisco Inter-Switch Link (ISL) encapsulation protocol.
This command is executed in interface configuration mode to specify that the trunk will
use the IEEE 802.1q standard encapsulation protocol.
This command is executed in privileged mode to show which interfaces are currently
trunking and which trunking protocol is used.
This command when executed in privileged mode will show information relating to the
specified interface such as the interface operational mode (trunk or access), native
vlan, trunking VLANs permitted on the trunk link and more.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2, R1 and R2.
Establish a console session with devices SW1, SW2, R1 and R2 than configure the devices respected hostname(s).
Configure R1s FastEthernet0/0 interface with the IP Address 10.1.1.1/24 and R2s FastEthernet0/1 interface with the IP
address of 10.1.1.2/24
Create VLAN 10 as a layer 2 VLAN on SW1 and SW2. (Layer 2 VLANs do not have Layer 3 VLAN interfaces representing the
VLAN; ie, no interface Vlan10.)
Configure SW1s FastEthernet0/1 and SW2s FastEthernet0/2 interfaces as static access interfaces for VLAN 10.
Lab Objectives
Shutdown interfaces FastEthernet0/11 and FastEthernet0/12 on both SW1 and SW2 and configure an IEEE 802.1q trunk on
Lab Instruction
Step 1. Shutdown interfaces FastEthernet0/11 and FastEthernet0/12 on both SW1 and SW2 and configure an IEEE 802.1q trunk
on interface FastEthernet0/10 of both SW1 and SW2.
To configure an interface as a static trunk youll first need to configure the encapsulation type first as an interface whose trunk
encapsulation is Auto can not be configured to trunk mode.
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config-if)#interface range Fa0/11 - 12
SW1(config-if-range)#shutdown
SW1(config-if-range)#interface fa0/10
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#no shut
SW1(config-if)#end
SW1#
And now the same configuration on SW2;
SW2 con0 is now available
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config-if)#interface range Fa0/11 - 02
SW2(config-if-range)#shutdown
SW2(config-if-range)#interface fa0/10
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config-if)#no shut
SW2(config-if)#end
SW2#
Step 2 . Verify your trunk link configuration by using the show interface FastEthernet0/10 trunk command as shown below on both
SW1 and SW2;
SW1#show interface FastEthernet0/10 trunk
Port
Fa0/10
Mode
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Port
Fa0/10
Port
Fa0/10
Port
Fa0/10
SW1#
Mode
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Port
Fa0/10
Port
Fa0/10
Port
Fa0/10
SW2#
You can also test this further by placing SW2s interface that is connected to R2 in a different vlan and attempt to ping R2 from R1
and no doubly it will fail as shown below;
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#interface FastEthernet0/2
SW2(config-if)#switchport access vlan 5
% Access VLAN does not exist. Creating vlan 5
SW2(config-if)#end
SW2#
R1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#
As demonstrated in this lab you can use trunk links to pass traffic in multiple VLANs between multiple switches using a single link.
Due to the NM-16ESW and Cisco 2950 not supporting the ISL trunk encapsulation, a configuration example is given below. Note that
the only configuration difference between Dot1q and ISL is the switchport trunk encapsulation isl | dot1q command option.
c3560-Switch1>enable
c3560-Switch1#configure terminal
c3560-Switch1(config)#interface fa0/10
c3560-Switch1(config-if)#switchport trunk encap isl
c3560-Switch1(config-if)#switchport mode trunk
c3560-Switch1(config-if)#end
c3560-Switch1#sh int fa0/10 trunk
Port
Fa0/10
Mode
on
Encapsulation
isl
Status
trunking
Port
Fa0/10
Port
Fa0/10
Native vlan
1
Port
Vlans in spanning tree forwarding state and not pruned
Fa0/10
none
c3560-Switch1#
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Configuring an EtherChannel
Etherchannels are used to build redundant links and bundle multiple links to increase aggregate bandwidth. This lab
will discuss and demonstrate the configuration and verification of static etherchannel links.
(which will be discussed in another lab); only one of the links will be fowarding at any given time to prevent layer two loops known as
broadcast storms. If you have two or more links in an ether-channel, the multiple links appear as a single logical link and is utilized as
such by the device which includes spanning-tree and therefore the single logical link will forward traffic. Keep in mind if you have two
ether-channels with two links between two of the same switches, one logical link (the ether-channel) will be blocked by Spanning tree
to prevent broadcast storms.
EtherChannel load balancing can be based several configurable options which include destination ip, destination mac address,
source XOR destination IP address, source XOR destination mac address, source ip address or source mac address.
In this lab you will familiarize yourself with the following commands;
Command
Description
channel-group # mode on
This command when execute in interface configuration mode assigns that particular interface to
a channel group number specified and sets the EtherChannel mode to unconditional as stated
by the on
This command when executed from user or privileged mode will display a summary of local
EtherChannel(s) properties such as the channel-group number, ports in the channel group, and
the role the ports the play.
This command when executed from user or privileged mode will display detailed information
relating to the EtherChannel(s) local to the device.
This command when executed from user or privileged mode will display the EtherChannels
logical port-channel group interface properties. This will be discussed in more detail in Lab 4-6.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices;R1, R2, SW1 and SW2.
Establish a console session with devices R1, R2, SW1 and SW2 than configure the devices respected hostname(s).
Configure R1s FastEthernet0/0 interface with the IP Address 10.1.1.1/24 and R2s FastEthernet0/1 interface with the IP
address of 10.1.1.2/24
Create VLAN 10 as a layer 2 VLAN on both SW1 and SW2. (Layer 2 VLANs do not have Layer 3 VLAN interfaces
representing the VLAN; ie, no interface Vlan10.)
Place both SW1s FastEthernet0/1 and SW2s FastEthernet0/2 interfaces into VLAN 10.
Configure Interfaces Fa0/10, Fa0/11 and Fa0/12 on SW1 and SW2 to trunk.
Review Lab 4-4 Configuring Trunk Ports using ISL or 802.1q for more information relating to trunk configuration.
Lab Objectives
Configure Interfaces FastEthernet0/10, FastEthernet0/11 and FastEthernet0/12 on both SW and SW2 as an unconditional
EtherChannel.
Verify that all three interfaces are indeed participating in the EtherChannel by using the show etherchannel summary
command.
Determine what type of load balancing is used on the EtherChannel 1 by using the show etherchannel load-balance
Verify the operation of the EtherChannel trunk link by verifying ip communication between R1 and R2 using the ping
command.
Lab Instruction
Step 1 Configure Interfaces FastEthernet0/10, FastEthernet0/11 and FastEthernet0/12 on both SW and SW2 as an unconditional
EtherChannel.
This is done by using the channel-group # mode on command in interface or interface range configuration mode as shown below;
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface range fa0/10 - 12
SW1(config-if-range)#no shut
SW1(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel1
SW1(config-if-range)#
%EC-5-BUNDLE: Interface Fa0/10 joined port-channel Po1
%EC-5-BUNDLE: Interface Fa0/11 joined port-channel Po1
%EC-5-BUNDLE: Interface Fa0/12 joined port-channel Po1
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed
state to up
SW1(config-if-range)#end
SW1#
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#interface range fa0/10 - 12
SW2(config-if-range)#no shut
SW2(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel1
SW2(config-if-range)#
%EC-5-BUNDLE: Interface Fa0/10 joined port-channel Po1
%EC-5-BUNDLE: Interface Fa0/11 joined port-channel Po1
%EC-5-BUNDLE: Interface Fa0/12 joined port-channel Po1
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed
state to up
SW2(config-if-range)#end
SW2#
Step 2. Verify that all three interfaces indeed participate in the EtherChannel by using the show etherchannel summary command.
Previous Lab
Like
Next Lab
139 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
PAgP was the precursor to LACP, developed by Cisco for link aggregation between network nodes to form redundant
resiliant links. This lab will discuss and demonstrate the configuration and verification of PaGP EtherChannel.
Command
Description
channel-group # mode
desirable
This command when executed in interface configuration mode sets the channel-group number
and PAgP mode to aggressively attempt to form a PAgP EtherChannel. If negotiations fail, the
EtherChannel will not pass traffic.
This command when executed in interface configuration mode sets the channel-group number
and PAgP mode to listen for PAgP packets but not aggressively negotiate a PAgP
EtherChannel.
This command when executed from user or privileged mode will display a summary of local
EtherChannel(s) properties such as the channel-group number, ports in the channel group, and
the role the ports the play.
This command when executed from user or privileged mode will display detailed information
relating to the EtherChannel(s) local to the device.
Lab Prerequisites
Establish a console session with devices R1, R2, SW1 and SW2 than configure the devices respected hostname(s).
Configure interfaces Fa0/10, Fa0/11 and Fa0/12 on both SW1 and SW2 as dot1q trunks.
Configure VLAN 10 on both SW1 and SW2 and assign R1 and R2s switch ports to VLAN 10.
Assign the IP address 10.1.1.1/24 to R1s FastEthernet0/0 interface and 10.1.1.2/24 to R2s FastEthernet0/1 interface.
Lab Objectives
Configure SW1s Fa0/10, Fa0/11 and Fa0/12 interfaces to aggressively attempt to form a PAgP EtherChannel.
Configure SW2s Fa0/10, Fa0/11 and Fa0/12 interfaces to form a PAgP EtherChannel when a device attempts to negotiate a
PAgP EtherChannel only.
Verify that interfaces Fa0/10, Fa0/11 and Fa0/12 on SW1 formed a PAgP EtherChannel correctly.
Ping R2s FastEthernet0/0 interface from R1 to verify communications between the switches.
The NM-16ESW used in the Free CCNA Workbook GNS3 Topology for SW1, SW2 and SW3 does not support the EtherChannel Port Aggregation Protocol (PAgP). This Lab instructional section is demonstrated using two Cisco Catalyst 3560 Series
switches.
Lab Instruction
Step 1 . Configure SW1s Fa0/10, Fa0/11 and Fa0/12 interfaces to aggressively attempt to form a PAgP EtherChannel.
For this youll use the channel-group # mode desirable command in interface or interface range configuration mode as shown below;
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface range f0/10 - 12
SW1(config-if-range)#channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1
SW1(config-if-range)#no shut
SW1(config-if-range)#end
SW1#
Step 2. Configure SW2s Fa0/10, Fa0/11 and Fa0/12 interfaces to form a PAgP EtherChannel when a device attempts to negotiate
a PAgP EtherChannel only.
For this youll use the channel-group # mode auto command in interface or interface range configuration mode as shown below;
SW2 con0 is now available
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#interface range f0/10 - 12
SW2(config-if-range)#channel-group 1 mode auto
Creating a port-channel interface Port-channel 1
SW2(config-if-range)#no shut
SW2(config-if-range)#end
SW2#
Step 3. Verify that interfaces Fa0/10, Fa0/11 and Fa0/12 on SW1 formed a PAgP EtherChannel correctly.
To verify your configuration you can use either the show etherchannel summary or show etherchannel detail command in user or
privileged mode as shown below;
SW1#show etherchannel summary
Flags: D - down
P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3
S - Layer2
U - in use
f - failed to allocate aggregator
M
u
w
d
Previous Lab
Next Lab
Like
128 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
The industry standard LACP is used for link aggregation between multiple network nodes to ensure redundancy and
availiability. This lab will discuss and demonstrate the configuration and verification of LACP EtherChannel.
Command
Description
This command when executed in interface configuration mode sets the channel-group number
and LACP mode to aggressively attempt to form a LACP EtherChannel. If negotiations fail, the
EtherChannel will not pass traffic.
channel-group # mode
passive
This command when executed in interface configuration mode sets the channel-group number
and LACP mode to listen for LACP packets but not aggressively and unconditionally form an
EtherChannel using LACP.
This command when executed from user or privileged mode will display a summary of local
EtherChannel(s) properties such as the channel-group number, ports in the channel group, and
the role the ports the play.
show etherchannel detail
This command when executed from user or privileged mode will display detailed information
relating to the EtherChannel(s) local to the device.
Lab Prerequisites
Establish a console session with devices R1, R2, SW1 and SW2 than configure the devices respected hostname(s).
Configure VLAN 10 on both SW1 and SW2 and assign R1 and R2s switch ports to VLAN 10.
Assign the IP address 10.1.1.1/24 to R1s FastEthernet0/0 interface and 10.1.1.2/24 to R2s FastEthernet0/1 interface.
Lab Objectives
Configure SW1s Fa0/10, Fa0/11 and Fa0/12 interfaces to aggressively attempt to form a LACP EtherChannel.
Configure SW2s Fa0/10, Fa0/11 and Fa0/12 interfaces to form a PAgP EtherChannel only when a device attempts to
negotiate a LACP EtherChannel only.
Verify that interfaces Fa0/10, Fa0/11 and Fa0/12 on SW1 formed a LACP EtherChannel correctly.
Verify IP communication over the newly formed LACP Ether-Channel by pinging R2s Fa0/1 IP Address from R1.
The NM-16ESW used in the Free CCNA Workbook GNS3 Topology for SW1, SW2 and SW3 does not support the EtherChannel Link Aggregation Control Protocol (LACP). This Lab instructional section is demonstrated using two Cisco Catalyst
3560 Series switches.
Lab Instruction
Step 1 . Configure SW1s Fa0/10, Fa0/11 and Fa0/12 interfaces to aggressively attempt to form a LACP EtherChannel.
For this youll use the channel-group # mode active command in interface or interface range configuration mode as shown below;
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface range f0/10 - 12
SW1(config-if-range)#no shut
SW1(config-if-range)#channel-group 1 mode active
Step 2. Configure SW2s Fa0/10, Fa0/11 and Fa0/12 interfaces to form a PAgP EtherChannel only when a device attempts to
negotiate a LACP EtherChannel only.
For this youll use the channel-group # mode passive command in interface or interface range configuration mode as shown below;
SW2 con0 is now available
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#interface range f0/10 - 12
SW2(config-if-range)#no shut
SW2(config-if-range)#channel-group 1 mode passive
Creating a port-channel interface Port-channel 1
SW2(config-if-range)#end
SW2#
Step 3. Verify that interfaces Fa0/10, Fa0/11 and Fa0/12 on SW1 formed a LACP EtherChannel correctly.
To verify the EtherChannel LACP configuration you can use either the show etherchannel summary or show etherchannel detail
command in user or privileged mode as shown below;
SW1#show etherchannel summary
Flags: D - down
P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3
S - Layer2
U - in use
f - failed to allocate aggregator
M
u
w
d
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Port-Channel interfaces are logical interfaces assigned to EtherChannel bundles. This lab will discuss and
demonstrate the configuration and verification of Port-Channel interfaces.
Command
Description
interface port-channel #
When executing this command in global configuration mode you will be placed in Port-Channel
interface configuration mode which configures all bundled links in the specific Ether-Chanel
group number simultaneously.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1 and SW2.
Establish a console session with devices SW1 and SW2 than configure the devices respected hostname(s).
Configure interfaces Fa0/10, Fa0/11 and Fa0/12 on both SW1 and SW2 as an unconditional EtherChannel using channelgroup number 1.
Lab Objectives
Configure interface Port-Channel1 on both SW1 and SW1 to trunk then verify that the changes youve made on the PortChannel interface have propagated to the bundled links; Fa0/10, Fa0/11 and Fa0/12.
Shutdown interface Port-Channel1 and verify that the command issued in Port-Channel1 interface configuration mode is
executed on the channel-group bundled links.
Lab Instruction
Step 1. Configure interface Port-Channel1 on both SW1 and SW1 to trunk then verify that the changes youve made on the PortChannel interface have propagated to the bundled links; Fa0/10, Fa0/11 and Fa0/12.
Navigate to the Port-Channel1 interface and configure the interface to trunk; afterward verify that the configuration has propagated to
the bundled interfaces as shown below;
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface port-channel 1
SW1(config-if)#switchport mode trunk
%EC-5-UNBUNDLE: Interface Fa0/10 left the port-channel Po1
%EC-5-UNBUNDLE: Interface Fa0/11 left the port-channel Po1
%EC-5-UNBUNDLE: Interface Fa0/12 left the port-channel Po1
%EC-5-BUNDLE: Interface Fa0/12 joined port-channel Po1
%EC-5-BUNDLE: Interface Fa0/11 joined port-channel Po1
%EC-5-BUNDLE: Interface Fa0/10 joined port-channel Po1
%DTP-5-TRUNKPORTON: Port Fa0/10-12 has become dot1q trunk
%LINK-3-UPDOWN: Interface Port-channel1, changed state to up
SW1(config-if)#end
SW1#show run
!
interface FastEthernet0/10
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/11
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/12
switchport mode trunk
channel-group 1 mode on
!
SW1#
As shown above when the trunk was configured on the Port-Channel 1 interface, all interface members of the channel-group were
removed from the group, configuration applied then re-added to the channel-group.
Step 2. Shutdown interface Port-Channel1 and verify that the command issued in Port-Channel1 interface configuration mode is
executed on the channel-group bundled links as shown below;
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface port-channel 1
SW1(config-if)#shutdown
%EC-5-UNBUNDLE: Interface Fa0/10 left the port-channel Po1
%EC-5-UNBUNDLE: Interface Fa0/11 left the port-channel Po1
%EC-5-UNBUNDLE: Interface Fa0/12 left the port-channel Po1
%DTP-5-NONTRUNKPORTON: Port Fa0/10-12 has become non-trunk
SW1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down
%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down
SW1(config-if)#
%LINK-5-CHANGED: Interface Port-channel1, changed state to administratively down
SW1(config-if)#do show run
!
interface FastEthernet0/10
switchport mode trunk
shutdown
channel-group 1 mode on
!
interface FastEthernet0/11
switchport mode trunk
shutdown
channel-group 1 mode on
!
interface FastEthernet0/12
switchport mode trunk
shutdown
channel-group 1 mode on
!
SW1#
Previous Lab
Like
Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Static ARP entries are commonly used to administratively define Layer 3 to Layer 2 mappings. This lab will discuss
and demonstrate the configuration and verification of static ARP entries.
Command
Description
This command when executed in global configuration mode injects a static ARP entry into the
ARP/MAC Address table.
show arp
This command can be executed in user or privileged mode to view the current ARP table on a
Cisco device.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1.
Establish a console session with devices R1 than configure the devices respected hostname(s).
Lab Objectives
Configure a static ARP entry on R1 with the IP address 10.1.1.25 and the mac address 00ac.a1f3.01ab
Verify the ARP entry is correct by using the command show arp
Lab Instruction
Step 1. Configure a static ARP entry on R1 with the IP address 10.1.1.25 and the mac address 00ac.a1f3.01ab
When configuring a static ARP entry you use the command arp x.x.x.x 0000.0000.000 arpa command in global configuration as
shown below;
R1 con0 is now available
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#arp 10.1.1.25 00ac.a1f3.01ab arpa
R1(config)#end
R1#
ARPA stands for Advanced Research Projects Agency for those who are curious as to what arpa stands for at the end of the static
ARP statement. ARPA developed the Ethernet II frame which is currently used by the Internet Protocol.
Step 2. Verify the ARP entry is correct by using the command show arp as shown below;
R1#show arp
Protocol Address
Age (min)
Hardware Addr
Type
Interface
Internet
Internet
R1#
10.1.1.1
10.1.1.25
ca00.0d78.0008
00ac.a1f3.01ab
ARPA
ARPA
FastEthernet0/0
Now when R1 sends traffic destined to 10.1.1.25 it will use the MAC address of 00ac.a1f3.01ab regardless. Even if it R1 receives
ARP responses for 10.1.1.25 with a different MAC address. Static ARP entries are more preferred as they are administratively
added.
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Virtual Trunking Protocol, known as VTP is used to share VLAN information from a server switch to multiple client
switches. This makes VLAN management easier across multiple switches. This lab will discuss and demonstrate the
configuration and verification of VTP.
VTP Version 1 was the initial release of this technology gives you the ability to configure the switch as a VTP Server, VTP Client, VTP
Transparent Switch (will be discussed in Lab 4-11) and on CatOS switches, VTP Mode OFF which completely disables VTP.
VTP Version 2 is not to much different from v1 however VTPv2 includes the support for token ring VLANs and VTP Pruning. If
neither of these features are required in a network then there is no need to upgrade from version one to version two.
VTP Version 3 on the other hand has significant advantages over its predecessors, two of the most beneficial features to modern
networks is that VTP v3 supports the entire IEEE VLAN Range 1-4095 and also the ability to propagate Private VLAN information.
VTP v3 also gives better administrative control over the VTP domain by allowing you to configure which devices can update other
devices view of the VLAN topology. You now have the option to turn VTP on or off on a per trunk basis and now the VTP server has
a primary and backup VTP server.
Now take a step back for a second and ask yourself what happens if someone else plugs a switch into the network with the same
VTP domain and a higher revision of the database and completely different VLAN information. The answer is quite simple, youre
network goes into the bit bucket as your VLANs on all switches change, some get removed, new ones added and so on. When a
VLAN is removed on a switch and ports are in that specific VLAN, those ports get shutdown. All in all, if this happens on your watch
and its your fault you better update your resume.
But dont worry, there is hope!! With the a VTP Password, you can prevent unwanted VTP server switches in the network. By using a
VTP password switches can only be a client of a VTP Server if the passwords match.
VTP Domains can be unique to location but there is one domain name that is special; VTP Domain: NULL, this domain name
basically is no domain name, its blank and is represented as the domain name NULL. However when it is changed you cannot
change it back to NULL.
In this lab you will familiarize yourself with the following commands;
Command
Description
This command is executed in global configuration mode and sets the switch as a VTP Server.
This is the default VTP mode for a new switch with the VTP domain set to NULL
This command is executed in global configuration mode and sets the switch as a VTP client
which learns its VLAN information from the VTP Server in its specified VTP Domain.
This command is executed in global configuration mode and sets the VTP domain of a device.
vtp version i
This command is executed in global configuration mode and sets the VTP Version of the device.
This command is executed in global configuration mode and sets the VTP password to prevent
unauthorized VTP Servers and/or Clients in a particular VTP Domain.
This command can only be executed in privileged mode and displays the current VTP
Password.
This command can be executed from user or privileged mode to view the current VTP
configuration such as VTP mode, Domain, Version, Pruning and more.
The Free CCNA Workbook CCNA GNS3 topology uses the NM-16ESW in a Cisco 3640 series switch. The commands listed
above must be executed in VLAN Database configuration mode and will slightly vary. Be sure to use the context sensitive help.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2 and SW3.
Establish a console session with devices SW1, SW2 and SW3 than configure the devices respected hostname(s).
Shutdown interfaces Fa0/13, Fa0/14 and Fa0/15 on SW2 and SW3.
Configure interfaces Fa0/10, Fa0/11 and Fa0/12 on both SW1 and SW2 in an EtherChannel. Use channel-group number 1
and configure the channel group to trunk.
Configure interfaces Fa0/13, Fa0/14 and Fa0/15 on SW1 and interfaces Fa0/10, Fa0/11 and Fa0/12 on SW3 in an
EtherChannel. Use channel-group number 2 and configure the channel group to trunk.
Lab Objectives
Configure SW1 as the VTP Server and configure SW2 and SW3 as VTP Clients. Set the VTP Domain name to CISCO on all
three switches.
Configure VLAN 10 with the name Development on the VTP Server and verify that it propagates to SW2 and SW3 properly.
Set the VTP Version to v2 and secure the VTP Domain by using the password Cisco$123. Verify your configuration.
The instructional section of this lab is demonstrated using three Cisco Catalyst 3560 Series switches.
Lab Instruction
Step 1. Configure SW1 as the VTP Server and configure SW2 and SW3 as VTP Clients. Set the VTP Domain name to CISCO on
all three switches.
Configuring the VTP Mode and VTP Domain are done by the use of the vtp mode modetype and the vtp domain domainname as
shown below; Keep in mind when setting the VTP Domain, this must be set prior to the VTP mode if you are setting the VTP domain
on a client switch. If you need to change the VTP domain you must set it to transparent then change the name and/or password then
set the switch back to VTP mode client.
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line.
SW1(config)#vtp mode server
Device mode already VTP SERVER.
SW1(config)#vtp domain CISCO
Changing VTP domain name from NULL to CISCO
SW1(config)#
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line.
SW2(config)#vtp domain CISCO
Domain name already set to CISCO.
SW2(config)#vtp mode client
Setting device to VTP CLIENT mode.
SW2(config)#
SW3>enable
SW3#configure terminal
Enter configuration commands, one per line.
SW3(config)#vtp domain CISCO
Domain name already set to CISCO.
SW3(config)#vtp mode client
Setting device to VTP CLIENT mode.
SW3(config)#
Step 2. Configure VLAN 10 with the name Development on the VTP Server and verify that it propagates to SW2 and SW3 properly.
To complete this objective you need to create the VLAN on the VTP Server, which in this case is SW1. Create the VLAN as you
would any other VLAN on a Cisco Catalyst Series switch as shown below;
SW1(config)#vlan 10
SW1(config-vlan)#name Development
SW1(config-vlan)#end
SW1#
Now verify that the VLAN is being propagated properly by using the show vlan on SW2 and SW3 as shown below;
SW2(config)#end
SW2#show vlan
%SYS-5-CONFIG_I: Configured from console by console
SW2#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gi0/1, Gi0/2
10
1002
1003
1004
1005
Development
fddi-default
token-ring-default
fddinet-default
trnet-default
VLAN
---1
10
1002
1003
1004
1005
Type
----enet
enet
fddi
tr
fdnet
trnet
SAID
---------100001
100010
101002
101003
101004
101005
MTU
----1500
1500
1500
1500
1500
1500
active
act/unsup
act/unsup
act/unsup
act/unsup
Parent
------
RingNo
------
BridgeNo
--------
Stp
---ieee
ibm
BrdgMode
-------srb
-
Trans1
-----0
0
0
0
0
0
Trans2
-----0
0
0
0
0
0
SW3(config)#end
SW3#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gi0/1, Gi0/2
10
Development
active
1002 fddi-default
act/unsup
1003 token-ring-default
act/unsup
1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup
VLAN
---1
10
1002
1003
1004
1005
Type
----enet
enet
fddi
tr
fdnet
trnet
SAID
---------100001
100010
101002
101003
101004
101005
MTU
----1500
1500
1500
1500
1500
1500
Parent
------
RingNo
------
BridgeNo
--------
Stp
---ieee
ibm
BrdgMode
-------srb
-
Trans1
-----0
0
0
0
0
0
Trans2
-----0
0
0
0
0
0
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#vtp password Cisco$123
Setting device VLAN database password to Cisco$123
SW2(config)#end
SW2#
SW3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)#vtp password Cisco$123
Setting device VLAN database password to Cisco$123
SW3(config)#end
SW3#
To verify the VTP version mode use the show vtp status command in user or privileged mode as shown below;
SW2#show vtp status
VTP Version
: running VTP2
Configuration Revision
: 3
Maximum VLANs supported locally : 1005
Number of existing VLANs
: 6
VTP Operating Mode
: Client
VTP Domain Name
: CISCO
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Enabled
VTP Traps Generation
: Disabled
MD5 digest
: 0x96 0xF1 0x2F 0xDD 0x5F 0x1F 0x37 0x53
Configuration last modified by 192.168.255.1 at 3-2-93 15:11:27
SW2#
To verify the VTP Password you must use the show vtp password command in privileged mode only as shown below;
SW2#show vtp password
VTP Password: Cisco$123
SW2#
Previous Lab
Like
Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Configuring VTP Transparent Mode and VTP Pruning | Free CCNA Workbook
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
While VTP may sound to make things cooler it also introduces vulnerabilities into the infrastructure if configured
incorrectly. VTP pruning is used in conjecture with VTP to ensure that traffic destined to specific VLANs are not
passed to switches that do not need it. This lab will discuss and demonstrate the configuration and verification of
Transparent VTP and VTP Pruning.
Configuring VTP Transparent Mode and VTP Pruning | Free CCNA Workbook
a host on VLAN 112 sends broadcast traffic, does every single switch receive the broadcast? The simple answer is yes, as the distro
will forward the broadcast out every trunk link to every access switch except the one it was received on. If you think about it, that is a
big waste of resources. However VTP addresses this issue by a feature called VTP Pruning.
VTP Pruning will prune VLAN traffic on inter-switch trunk links if the neighboring switch is not requesting any traffic destined to that
switch. If a switch does not have any ports in VLAN 401, why does it need the broadcast traffic from 401?, the simple answer is that
it doesnt and when it receive such traffic; its just a waste of switch resources.
In this lab you will familiarize yourself with the following commands;
Command
Description
This command is executed in global configuration mode on a Cisco Catalyst switch and sets the
switch to transparent mode so it does not participate in VTP at all but it does however pass
VTP traffic.
vtp pruning
This command is executed in global configuration mode on on a Catalyst switch to configure the
VTP server to enable the VTP Pruning feature through out the VTP Domain, this setting is also
propagated to all VTP clients in the domain.
show interface
This command can be executed in user or privileged mode to view the current pruning list on a
per link basis.
This command can be executed from user or privileged mode to view the current settings
configured for VTP.
This command can be executed from user or privileged mode to view which VLANs are being
forwarded down the trunk links and not pruned.
The Free CCNA Workbook GNS3 topology uses the NM-16ESW in a Cisco 3640 series switch. Some of the commands listed
above must be executed in VLAN Database configuration mode and will slightly vary. Be sure to use the context sensitive help.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2 and SW3.
Establish a console session with devices SW1, SW2 and SW3 than configure the devices respected hostname(s).
Configure SW1 as a VTP Server and Switch 3 as a VTP client using the domain name CISCO.
Shutdown interfaces Fa0/11 and Fa0/12 and configure interface Fa0/10 as a dot1q trunk on SW1
Shutdown interfaces Fa0/11, Fa0/12, Fa0/14 and Fa0/15 and configure interfaces Fa0/10 and Fa0/13 as dot1q trunk
interfaces on SW2.
Shutdown interfaces Fa0/10 through Fa0/12, Fa0/14, Fa0/15 and configure Fa0/13 as a dot1q trunk on SW3
Configure VLANs 10, 20 and 30 on the VTP Server and SW2.
Configure layer 3 interfaces for VLAN 10 on SW1 and SW3 using the IP addresses 10.10.13.1/24 and 10.10.13.3/24
Configuring VTP Transparent Mode and VTP Pruning | Free CCNA Workbook
Lab Objectives
Configure SW2 as a VTP Transparent switch and use VTP Version 2, verify your configuration.
Configure VTP Pruning on the VTP server verify and that the configuration was propagated to the VTP Client.
Verify that VTP Pruning is functioning properly by viewing the pruning list on SW1.
The instructional section of this lab is demonstrated using three Cisco Catalyst 3560 Series switches.
Lab Instruction
Step 1. Configure SW2 as a VTP Transparent switch and use VTP Version 2, verify your configuration.
To configure SW2 as a VTP transparent switch youll use the vtp mode transparent command in global configuration; to verify your
configuration change youll use the show vtp status command in user or privileged mode as shown below;
SW2 con0 is now available
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#vtp mode transparent
SW2(config)#vtp version 2
Setting device to VTP TRANSPARENT mode.
SW2(config)#end
SW2#show vtp status
SW2#show vtp status
VTP Version
: running VTP2
Configuration Revision
: 0
Maximum VLANs supported locally : 1005
Number of existing VLANs
: 8
VTP Operating Mode
: Transparent
VTP Domain Name
:
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Enabled
VTP Traps Generation
: Disabled
MD5 digest
: 0x06 0x97 0x82 0xDA 0x39 0x52 0x1E 0xF2
Configuration last modified by 192.168.255.252 at 0-0-00 00:00:00
SW2#
Step 2. Configure VTP Pruning on the VTP server verify and that the configuration was propagated to the VTP Client.
To configure VTP pruning youll use the vtp pruning command in global configuration on the VTP Server only. this setting gets
propagated to all VTP clients in the same VTP domain as shown below;
SW1 con0 is now available
Configuring VTP Transparent Mode and VTP Pruning | Free CCNA Workbook
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vtp pruning
Pruning switched on
SW1(config)#end
SW1#show vtp status
VTP Version
: 2
Configuration Revision
: 2
Maximum VLANs supported locally : 36
Number of existing VLANs
: 8
VTP Operating Mode
: Server
VTP Domain Name
: CISCO
VTP Pruning Mode
: Enabled
VTP V2 Mode
: Enabled
VTP Traps Generation
: Disabled
MD5 digest
: 0x2E 0x9F 0x5E 0x57 0xE3 0x87 0x46 0xFA
Configuration last modified by 10.1.5.1 at 3-1-02 00:10:56
Local updater ID is 10.1.5.1 on interface Vl5 (lowest numbered VLAN
interface found)
SW1#
Show below is the verification that VTP Pruning is being properly propagated to SW3 from the VTP Server (SW1);
SW3#show vtp status
VTP Version
: 2
Configuration Revision
: 3
Maximum VLANs supported locally : 36
Number of existing VLANs
: 8
VTP Operating Mode
: Client
VTP Domain Name
: CISCO
VTP Pruning Mode
: Enabled
VTP V2 Mode
: Enabled
VTP Traps Generation
: Disabled
MD5 digest
: 0x77 0xF2 0x86 0xA4 0x3C 0x21 0x09 0xC0
Configuration last modified by 10.1.5.1 at 3-1-02 00:17:21
SW3#
Step 3. Verify that VTP Pruning is functioning properly by viewing the pruning list on SW1.
To view this information you can use the show interface trunk command in user or privileged mode as shown below;
SW3#show interface trunk
Port
Fa0/13
Mode
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Port
Fa0/13
Port
Fa0/13
Port
Fa0/13
SW3#
As shown above from the SW3 show interface trunk output you can see that on port Fa1/13 the VLANs that are forwarding and not
pruned on that trunk link are VLANs 1 and 10.
When having a transparent switch in a VTP Transit path you obviously must have IP connectivity. Keep in mind for traffic to pass
through the transparent switch, the transparent switch must have the VLAN configure for the traffic. For example, Traffic from SW1
Configuring VTP Transparent Mode and VTP Pruning | Free CCNA Workbook
VLAN 10 going to SW2 VLAN 20, SW3 must have VLAN10 configured on it or the traffic would get dropped.
You can verify this by pinging SW3s VLAN 10 interface from SW1 as shown below;
SW1#ping 10.10.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.13.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
SW1#
The ping is successful because VLAN 10 is already configured on SW2 as per the lab prerequisites. However if you remove VLAN 10
from SW2 and try to ping SW3s VLAN10 interface from SW1 again it will fail as shown below;
SW2#configure terminal
SW2(config)#no vlan 10
SW2(config)#end
SW2#
SW1#ping 10.10.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.13.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
Configuring VTP Transparent Mode and VTP Pruning | Free CCNA Workbook
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Router on a Stick is an uncommon configuration however you must understand the technology concepts to become a
great network engineer. This lab will discuss and demonstrate the configuration and verification of inter-vlan routing
known as Router on a Stick.
Command
Description
encapsulation dot1Q #
This command is executed from ethernet sub-interface configuration mode and binds the sub
This command is executed from global configuration and disables the routers ability to be used
as a router, effectively turning it into a test client machine like a windows box.
ip default-gateway 1.2.3.4
This command is executed in global configuration mode to configure a non-routing device to use
the specific IP Address as a default-gateway.
This command can be executed from user or privileged mode to view the current IP addresses
of all interfaces on the device.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3 and SW1.
Establish a console session with devices R1, R2, R3 and SW1 than configure the devices respected hostname(s).
Create VLANs 20 and 30 on SW1 and configure interface Fa0/1 on SW1 as an 802.1q trunk link.
On SW1 configure interface Fa0/2 to access VLAN20 and Fa0/3 to access VLAN 30.
Configure the IP address 10.1.20.2/24 on R2s FastEthernet0/0 interface.
Configure the IP address 10.1.30.3/24 on R3s Fastethernet0/0 interface.
Lab Objectives
Configure a new Sub-Interface on R1 to match the VLAN 20 (Fa0/0.20) and configure the sub-interface to use 802.1q
encapsulation and the Dot1q tag of 20. Configure the sub-interface to use the IP address 10.1.20.1/24.
Configure a new Sub-Interface on R1 to match the VLAN 30 (Fa0/0.30) and configure the sub-interface to use 802.1q
encapsulation and the Dot1q tag of 30. Configure the sub-interface to use the IP address 10.1.30.1/24. Verify your subinterface configuration.
Disable IP Routing on R2 and R3 and configure the default gateway on R2 and R3 to use R1s respected Sub-interface as the
default gateway.
Verify that R2 can ping R3s FastEthernet0/0 interface using R1 as the default-gateway.
Lab Instruction
Step 1. Configure a new Sub-Interface on R1 to match the VLAN 20 (Fa0/0.20) and configure the sub-interface to use 802.1q
encapsulation and the Dot1q tag of 20. Configure the sub-interface to use the IP address 10.1.20.1/24.
To create a new sub-interface youll use the interface fa0/0.# command in global configuration mode. To enable the sub-interface to
use 802.1q youll use the encapsulation dot1q # command whereas # is the dot1q VLAN tag as shown below;
R1 con0 is now available
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface fa0/0
R1(config-if)#no shut
R1(config-if)#interface fa0/0.20
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip add 10.1.20.1 255.255.255.0
R1(config-subif)#exit
R1(config)#
Step 2. Configure a new Sub-Interface on R1 to match the VLAN 30 (Fa0/0.30) and configure the sub-interface to use 802.1q
encapsulation and the Dot1q tag of 30. Configure the sub-interface to use the IP address 10.1.30.1/24. Verify your sub-interface
configuration.
R1(config)#interface fa0/0.30
R1(config-subif)#encapsulation dot1q 30
R1(config-subif)#ip add 10.1.30.1 255.255.255.0
R1(config-subif)#end
R1#sh run interface fa0/0.20
Building configuration...
Current configuration : 96 bytes
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 10.1.20.1 255.255.255.0
end
R1#sh run interface fa0/0.30
Building configuration...
Current configuration : 96 bytes
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 10.1.30.1 255.255.255.0
end
R1#show ip interface brief | inc FastEthernet0/0
Interface
IP-Address
OK? Method
FastEthernet0/0
unassigned
YES unset
FastEthernet0/0.20
10.1.20.1
YES manual
FastEthernet0/0.30
10.1.30.1
YES manual
R1#
Status
up
up
up
Protocol
up
up
up
Step 3. Disable IP Routing on R2 and R3 and configure the default gateway on R2 and R3 to use R1s respected Sub-interface as
the default gateway.
To disable IP Routing on R2 and R3 use the no ip routing command in global configuration. To specify a default gateway use the ip
default-gateway x.x.x.x as shown below;
R2 con0 is now available
R2>enable
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#no ip routing
R2(config)#ip default-gateway 10.1.20.1
R2(config)#end
R2#
R3>enable
R3#configure terminal
Enter configuration commands, one per line.
R3(config)#no ip routing
R3(config)#ip default-gateway 10.1.30.1
R3(config)#end
R3#
Step 4. Verify that R2 can ping R3s FastEthernet0/0 interface using R1 as the default-gateway as shown below;
R2#ping 10.1.30.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.30.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/23/52 ms
R2#
Previous Lab
Like
Next Lab
10 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Per-VLAN Spanning Tree Protocol is the default STP mode on Cisco Catalyst Series Switches. This lab will discuss
and demonstrate the configuration and verification of PVST+ root bridge election.
The original Spanning Tree protocol (802.1d) is quite outdated by todays standards and only worked on a single VLAN or a single
switch that does not support VLANs. Cisco saw the need for Spanning Tree on all VLANs and create the proprietary PVST and
PVST+ protocols which enable spanning-tree on a per vlan instance. So in this case every single vlan on each switch has its own
STP process running to detect and eliminate loops in a layer two switching network.
Spanning tree uses BPDU (Bridge protocol data units) to transmit information between switches regarding switches cost to the root or
during root election.
Root is elected by the lowest mac address if the priory is left at the default 32768, or by the lowest priority.
Spanning tree uses different port modes to form a layer two switching topology to ensure no layer two loops exist in the network. You
need to be familiar with the different port modes in PVST as given below;
Mode
Description
root
The port that receives the best BPDU that is closest to the root bridge in terms of path cost is called
the root port. The root bridge is the only bride in the network that does not have a root port.
designated
A port is designated if it can send the best BPDU on the segment to which it is directly connected. On
a given LAN segment there can only be a single path towards the root bridge. This port forwards
traffic to the LAN segment. Access ports are considered designated ports.
alternate
An alternate port is the next best path available back to the root bridge shall the root port fail.
backup
A backup port is a port that is connected to a segment where another bridge port already connects.
Command
Description
This command is executed from global configuration mode and configures the VLAN specified
in the syntax on the switch youre currently configuring as the root bridge for the specific VLAN
on the network.
This command is executed from global configuration mode and configures the vlan specified in
the syntax on the switch youre currently on as the backup root bridge shall the root bridge fail
in the network.
This command is executed from global configuration mode and manually sets the bridge priority
per vlan on a switch.
This command can be executed only in privileged mode and displays spanning-tree information
relating to a specific VLAN number.
show spanning-tree
summary
This command can be executed only in privileged mode and displays a summary of all
spanning-tree instances and port counts.
This command can be executed only in privileged mode and displays detailed information on a
per port basis of each port participating in a spanning-tree process.
This command can be executed only in privileged mode and displays all spanning-tree
processes per VLAN on the switch and other information including the priority per vlan, the sum
of the bridge priority (vlan priority + sys-id-ext), Bridge MAC address, timers and effective
spanning tree protocol.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2 and SW3.
Establish a console session with devices SW1, SW2 and SW3 than configure the devices respected hostname(s).
Configure interfaces Fa0/10, Fa0/11 and Fa0/12 on both SW1 and SW2 in an EtherChannel and configure the channel to
trunk.
Configure interfaces Fa0/13, Fa0/14 and Fa0/15 on SW1 and interfaces Fa0/10, Fa0/11 and Fa0/12 on SW3 in an
EtherChannel and configure the channel to trunk.
Configure interfaces Fa0/13, Fa0/14 and Fa0/15 on SW2 and interfaces Fa0/13, Fa0/14 and Fa0/15 on SW3 in an
EtherChannel and configure the channel to trunk.
Configure SW1 as a VTP server and SW2 and 3 as VTP clients using the VTP domain name CISCO and VTP Version 2.
Create VLAN 10, 20 and 30 on the VTP Server, ensure the VLANs have propagated to SW2 and SW3
Lab Objectives
Configure SW1 as the ROOT bridge for VLAN 1 and 10. Verify your configuration on SW2.
Configure SW2 as the ROOT bridge for VLAN 20. Verify your configuration on SW1.
Configure SW3 as the ROOT bridge for VLAN 30. Verify your configuration on SW1.
Due to the limited feature support of the NM-16ESW, this lab CANNOT be completed using the Free CCNA Workbook GNS3
topology. This lab however can be completed on the Stub Lab.
Lab Instruction
Step 1. Configure SW1 as the ROOT bridge for VLAN 1 and 10. Verify your configuration on SW2.
To configure SW1 as the ROOT Bridge for VLAN 1 and 10, you can use one of two command. spanning-tree vlan # root primary
which determines the best bridge priority and sets it to become the root bridge or you can use the spanning-tree vlan # priority #
which manually specifies the priority on a per vlan basis. Remember the lower the priority number the higher higher chance the
switch will be the root bridge during an election. If the switch has the lowest priority of all switches then it will automatically become
the root per that vlan. Bridge priorities can be a number 0-65535 and must use 4096 increments to abide by the IEEE standard using
the sum of the bridge priority and sys-id-ext (which is the VLAN Number). So if you set a priority on vlan 1 to 4096, the sum of the
bridge priority and the sys-id-ext will be 4097 and that will be the bridge priority on that switch for that vlan.
Shown below is an example root bridge configuration using the spanning-tree vlan # root primary command;
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#spanning-tree vlan 1 root primary
SW1(config)#spanning-tree vlan 10 root primary
SW1(config)#end
SW1#
To verify your configuration you can use the show spanning-tree vlan # command or the show spanning-tree vlan root command as
shown below;
SW2#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Priority
24577
Address
0014.f2d2.4180
Cost
9
Port
216 (Port-channel21)
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
------------------Po21
Po23
Role
---Root
Altn
Cost
--------9
9
Prio.Nbr
-------128.216
128.232
Type
--------------------------P2p
P2p
Priority
Address
Hello Time
Aging Time
Interface
------------------Po21
Po23
Role
---Root
Altn
Cost
--------9
9
Prio.Nbr
-------128.216
128.232
Type
--------------------------P2p
P2p
Root
Hello Max Fwd
Root ID
Cost
Time Age Dly
-------------------- --------- ----- --- --24577 0014.f2d2.4180
9
2
20 15
24586 0014.f2d2.4180
9
2
20 15
32788 0014.a964.2e00
9
2
20 15
32798 0014.a964.2e00
9
2
20 15
Root Port
-----------Po21
Po21
Po23
Po23
When using the show spanning-tree root command to verify rather or not the current switch youre on is the root switch youll look at
the root cost and root port. If you have a root cost of 0 and there is no specified root port then the switch youre currently on is the
root bridge for that vlan. If you have a root cost and root port then that displays the cost to get to the root and which port is the root
port per VLAN basis as shown above.
Step 2. Configure SW2 as the ROOT bridge for VLAN 20. Verify your configuration on SW1.
The configuration to complete this objective will be the same as step 1 as shown below;
SW2 con0 is now available
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#spanning-tree vlan 20 root primary
SW2(config)#end
SW2#
As shown in the verification below you can see that the root bridge has a priority of 24596 and the MAC address of 001c.57d8.9000.
The best path to the root bridge is out the root port which is Po12; interface Port-Channel12 is directly connected to SW2. To further
verify that SW2 is the root for VLAN 20 you can use the show spanning-tree vlan 20 command on SW2 and verify rather or not the
output will say This bridge is the root
SW1#show spanning-tree vlan 20
VLAN0020
Spanning tree enabled protocol ieee
Root ID
Priority
24596
Address
001c.57d8.9000
Cost
9
Port
144 (Port-channel12)
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
------------------Po12
Po13
Role
---Root
Altn
Cost
--------9
9
Prio.Nbr
-------128.144
128.152
Type
--------------------------P2p
P2p
SW1#
Step 3. Configure SW3 as the ROOT bridge for VLAN 30. Verify your configuration on SW1.
The configuration and verification to complete this objective will be the same as step 2 as shown below;
SW3 con0 is now available
SW3>enable
SW3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)#spanning-tree vlan 30 root primary
SW3(config)#end
SW3#
Verification shown below from SW1;
SW1#show spanning-tree vlan 30
VLAN0030
Spanning tree enabled protocol ieee
Root ID
Priority
24606
Address
0014.a964.2e00
Cost
9
Port
152 (Port-channel13)
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
------------------Po12
Po13
Role
---Desg
Root
Cost
--------9
9
Prio.Nbr
-------128.144
128.152
Type
--------------------------P2p
P2p
SW1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Configuring Rapid-PVST+
IEEE 802.1w known as Rapid Spanning Tree has several improvements over the legacy spanning tree protocol. This
lab will discuss and demonstrate the configuration and verification of RPVST+.
Command
Description
Is executed in global configuration mode to configure the switch to use the 802.1w compatible
Rapid Per VLAN Spanning Tree protocol.
This command is executed from global configuration mode and manually sets the bridge priority
per vlan on a switch.
This command can be executed only in privileged mode and displays spanning-tree information
relating to a specific VLAN number.
show spanning-tree
summary
This command can be executed only in privileged mode and displays a summary of all
spanning-tree instances and port counts.
This command can be executed only in privileged mode and displays detailed information on a
per port basis of each port participating in a spanning-tree process.
This command can be executed only in privileged mode and displays all spanning-tree
processes per VLAN on the switch and other information including the priority per vlan, the sum
of the bridge priority (vlan priority + sys-id-ext), Bridge MAC address, timers and effective
spanning tree protocol.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2 and SW3.
Establish a console session with devices SW1, SW2 and SW3 than configure the devices respected hostname(s).
Configure interfaces Fa0/10, Fa0/11 and Fa0/12 on both SW1 and SW2 in an EtherChannel and configure the channel to
trunk.
Configure interfaces Fa0/13, Fa0/14 and Fa0/15 on SW1 and interfaces Fa0/10, Fa0/11 and Fa0/12 on SW3 in an
EtherChannel and configure the channel to trunk.
Configure interfaces Fa0/13, Fa0/14 and Fa0/15 on SW2 and interfaces Fa0/13, Fa0/14 and Fa0/15 on SW3 in an
EtherChannel and configure the channel to trunk.
Configure SW1 as a VTP server and SW2 and 3 as VTP clients using the VTP domain name CISCO and VTP Version 2.
Create VLAN 10, 20 and 30 on the VTP Server, ensure the VLANs have propagated to SW2 and SW3.
Lab Objectives
Configure SW1, SW2 and SW3 to run Rapid Per-VLAN Spanning Tree Protocol.
Configure SW1 as the ROOT bridge for VLAN 1 and 10. Verify your configuration on SW2.
Configure SW2 as the ROOT bridge for VLAN 20. Verify your configuration on SW1.
Configure SW3 as the ROOT bridge for VLAN 30. Verify your configuration on SW1.
Due to the limited feature support of the NM-16ESW, this lab CANNOT be completed using the Free CCNA Workbook GNS3
topology. This lab however can be completed on the Stub Lab.
Lab Instruction
Step 1. Configure SW1, SW2 and SW3 to run Rapid Per-VLAN Spanning Tree Protocol.
To configure switches to run the rapid spanning-tree protocol by executing the spanning-tree mode rapid-pvst in global configuration
mode as shown below;
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#spanning-tree mode rapid-pvst
SW1(config)#end
%SYS-5-CONFIG_I: Configured from console by console
SW1#show spanning-tree bridge
Vlan
---------------VLAN0001
VLAN0010
VLAN0020
VLAN0030
SW1#
Hello
Bridge ID
Time
--------------------------------- ----32769 (32768,
1) 0014.f2d2.4180
2
32778 (32768, 10) 0014.f2d2.4180
2
32788 (32768, 20) 0014.f2d2.4180
2
32798 (32768, 30) 0014.f2d2.4180
2
Max
Age
--20
20
20
20
Fwd
Dly
--15
15
15
15
Protocol
-------rstp
rstp
rstp
rstp
Fwd
Dly
--15
15
15
15
Protocol
-------rstp
rstp
rstp
rstp
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#spanning-tree mode rapid-pvst
SW2(config)#end
%SYS-5-CONFIG_I: Configured from console by console
SW2#show spanning-tree bridge
Vlan
---------------VLAN0001
VLAN0010
VLAN0020
VLAN0030
SW2#
Hello
Bridge ID
Time
--------------------------------- ----32769 (32768,
1) 001c.57d8.9000
2
32778 (32768, 10) 001c.57d8.9000
2
32788 (32768, 20) 001c.57d8.9000
2
32798 (32768, 30) 001c.57d8.9000
2
Max
Age
--20
20
20
20
SW3>enable
SW3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)#spanning-tree mode rapid-pvst
SW3(config)#end
%SYS-5-CONFIG_I: Configured from console by console
SW3#show spanning-tree bridge
Vlan
---------------VLAN0001
VLAN0010
VLAN0020
VLAN0030
SW3#
Hello
Bridge ID
Time
--------------------------------- ----32769 (32768,
1) 0014.a964.2e00
2
32778 (32768, 10) 0014.a964.2e00
2
32788 (32768, 20) 0014.a964.2e00
2
32798 (32768, 30) 0014.a964.2e00
2
Max
Age
--20
20
20
20
Fwd
Dly
--15
15
15
15
Protocol
-------rstp
rstp
rstp
rstp
Step 2. Configure SW1 as the ROOT bridge for VLAN 1 and 10. Verify your configuration on SW2.
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#spanning-tree vlan 1 root primary
SW1(config)#spanning-tree vlan 10 root primary
SW1(config)#end
%SYS-5-CONFIG_I: Configured from console by console
SW1#
Priority
Address
Hello Time
Aging Time
Interface
------------------Po21
Po23
Role
---Root
Altn
Cost
--------9
9
Prio.Nbr
-------128.216
128.232
Type
--------------------------P2p
P2p
Priority
Address
Hello Time
Aging Time
Interface
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- -------- ---------------------------
Po21
Po23
Root FWD 9
Altn BLK 9
128.216
128.232
P2p
P2p
SW2#
Step 3. Configure SW2 as the ROOT bridge for VLAN 20. Verify your configuration on SW1.
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#spanning-tree vlan 20 root primary
SW2(config)#end
%SYS-5-CONFIG_I: Configured from console by console
SW2#
Priority
Address
Hello Time
Aging Time
Interface
------------------Po12
Po13
Role
---Root
Altn
Cost
--------9
9
Prio.Nbr
-------128.144
128.152
Type
--------------------------P2p
P2p
SW1#
Step 4. Configure SW3 as the ROOT bridge for VLAN 30. Verify your configuration on SW1.
SW3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)#spanning-tree vlan 30 root primary
SW3(config)#end
%SYS-5-CONFIG_I: Configured from console by console
SW3#
Priority
Address
Hello Time
Aging Time
Interface
------------------Po12
Po13
Role
---Desg
Root
Cost
--------9
9
Prio.Nbr
-------128.144
128.152
Type
--------------------------P2p
P2p
SW1#
Previous Lab
Like
Next Lab
97 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Multi-Spanning Tree Protocol allows for resource conservation by now requring an instance for every single VLAN in
the layer 2 network. This lab will discuss and demonstrate the configuration and verification of 802.1s MSTP.
MSTP and Rapid-PVST are inter-compatible however only instance 0 (the CIST) is shared from MST to Rapid-PVST.
MSTP configuration is quite different from PVST/Rapid-PVST in such that MSTP has its own configuration mode. In this mode you
assign VLANs to a spanning tree instance then you can assign the instance as the root bridge by using the spanning-tree vlan # root
primary command.
The port modes remain the same in MSTP as they were in RSTP which are shown below;
Command
Description
root
The port that receives the best BPDU that is closest to the root bridge in terms of path cost is
called the root port. The root bridge is the only bride in the network that does not have a root
port.
designated
A port is designated if it can send the best BPDU on the segment to which it is directly
connected. On a given LAN segment there can only be a single path towards the root bridge.
This port forwards traffic to the LAN segment. Access ports are considered designated ports.
alternate
An alternate port is the next best path available back to the root bridge shall the root port fail.
backup
A backup port is a port that is connected to a segment where another bridge port already
connects.
In this lab youll use SW1 and SW2 to simulate a core and SW3 will be a distribution switch. SW1 will be the root bridge for VLANs
1,3,5,7,9 and SW2 will be the root bridge for VLANs 2,4,6,8,10. SW3 will be running Rapid-PVST.
In this lab youll familiarize yourself with the following NEW commands;
Command
Description
This command is executed in global configuration and configures the switch to use the
IEEE 802.1s Multiple Spanning Tree Protocol (MSTP).
This command is executed in global configuration mode and places you into MST
(Multiple Spanning Tree) configuration mode.
instance # vlan #
This command is executed from within MST configuration mode and configures an MST
instance number and associated VLANs running on the MST instance.
name namegoeshere
This command is executed from within MST configuration mode and configures the
region name for the MSTP switch.
aThis command when executed from global configuration configures a specific instance
of MST as the root bridge for the VLANs included in that MST instance.
This command is executed in privileged mode to display the current MST configuration
on a switch.
This command is executed in privileged mode to display information such as the root
bridge, root bridge mac address, root bridge priority, root port and other information on a
per instance basis.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2 and SW3.
Establish a console session with devices SW1, SW2 and SW3 than configure the devices respected hostname(s).
Configure SW1 as a VTP Server, SW2 and SW3 as VTP Clients. Use the VTP Domain and Password of CISCO.
Configure interface Fa0/10 on both SW1 and SW2 to trunk using Dot1q.
Configure interface Fa0/15 on both SW2 and SW3 to trunk using Dot1q.
Configure VLANs 2,3,4,5,6,7,8,9 and 10 on SW1 and ensure they are propagated correctly to SW2 and SW3.
Lab Objectives
Configure SW1 to run MST using the revision number 1 and region name REGION1 then configure VLANs 1, 3, 5, 7 and 9 to
run on SW1 MST instance 1. Configure SW1 as the root bridge of VLANs 1, 3, 5, 7 and 9 using the static priority of 8192.
Configure SW1 to run VLANs 2, 4, 6, 8 and 10 on MST instance 2 then configure SW1 as the secondary root bridge for VLANs
2, 4, 6, 8 and 10 using the static priority of 16384.
Configure SW2 to run MST using the revision number 1 and region name REGION1 then configure VLANs 1, 3, 5, 7 and 9 to
run on SW2 MST instance 1. Configure SW2 the secondary root bridge of VLANs 1, 3, 5, 7 and 9 using the static priority of
16384.
Configure SW2 to run VLANs 2, 4, 6, 8 and 10 on MST instance 2 then configure SW2 as the root bridge for VLANs 2, 4, 6, 8
and 10 using the static priority of 8192.
Configure SW3 to run MST using the revision number 1 and region name REGION1 and assign VLANs 1,3,5,7,9 to instance
1, VLANs 2,4,6,8,10 to instance 2. Verify that the MST Root bridges for instance 1 and instance 2 are correct on SW3.
Due to the limited feature support of the NM-16ESW, this lab CANNOT be completed using the Free CCNA Workbook GNS3
topology. This lab can however be completed using the Stub Lab.
Lab Instruction
Step 1. Configure SW1 to run MST using the revision number 1 and region name REGION1 then configure VLANs 1, 3, 5, 7 and 9
to run on SW1 MST instance 1. Configure SW1 as the root bridge of VLANs 1, 3, 5, 7 and 9 using the static priority of 8192.
To configure SW1 to run MSTP youll use the spanning-tree mode mst in global configuration mode. To configure MST instances on
SW1 first you need to navigate to MST configuration mode by using the spanning-tree mst configuration command then the instance
# vlan # command to create a new instance and map VLANs to that instance. The root bridge is configured on a per instance basis
by using the command spanning-tree mst instance# priority # as shown below;
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#spanning-tree mode mst
SW1(config)#spanning-tree mst configuration
SW1(config-mst)#revision 1
SW1(config-mst)#name REGION1
SW1(config-mst)#instance 1 vlan 1,3,5,7,9
SW1(config-mst)#exit
SW1(config)#spanning-tree mst 1 priority 8192
SW1(config)#end
%SYS-5-CONFIG_I: Configured from console by console
SW1#
Step 2. Configure SW1 to run VLANs 2, 4, 6, 8 and 10 on MST instance 2 then configure SW1 as the secondary root bridge for
VLANs 2, 4, 6, 8 and 10 using the static priority of 16384.
To complete this step youll use the same commands as previously shown in the step 1 configuration example and as shown below;
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#spanning-tree mst configuration
SW1(config-mst)#instance 2 vlan 2,4,6,8,10
SW1(config-mst)#exit
SW1(config)#spanning-tree mst 2 priority 16384
SW1(config)#end
%SYS-5-CONFIG_I: Configured from console by console
SW1#
Step 3 Configure SW2 to run MST using the revision number 1 and region name REGION1 then configure VLANs 1, 3, 5, 7 and 9
to run on SW2 MST instance 1. Configure SW2 the secondary root bridge of VLANs 1, 3, 5, 7 and 9 using the static priority of 16384.
Now mirror the inverse configuration that youve done in steps 1 and 2 on SW2 in steps 3 and 4 as shown below;
SW2 con0 is now available
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#spanning-tree mode mst
SW2(config)#spanning-tree mst configuration
SW2(config-mst)#revision 1
SW2(config-mst)#name REGION1
SW2(config-mst)#instance 1 vlan 1,3,5,7,9
SW2(config-mst)#exit
SW2(config)#spanning-tree mst 1 priority 16384
SW2(config)#end
%SYS-5-CONFIG_I: Configured from console by console
SW2#
Step 4. Configure SW2 to run VLANs 2, 4, 6, 8 and 10 on MST instance 2 then configure SW2 as the root bridge for VLANs 2, 4, 6,
SW3>enable
SW3#configure terminal
Enter configuration commands, one per line.
SW3(config)#spanning-tree mode mst
SW3(config)#spanning-tree mst configuration
SW3(config-mst)#revision 1
SW3(config-mst)#name REGION1
SW3(config-mst)#instance 1 vlan 1,3,5,7,9
SW3(config-mst)#instance 2 vlan 2,4,6,8,10
SW3(config-mst)#end
SW3#
To verify that SW1 and SW2 are the root bridges for their respected VLANs by using the show spanning-tree mst # command for
instance 1 and 2 as shown below;
SW3#show spanning-tree mst 1,2
##### MST1
Bridge
Root
vlans mapped:
1,3,5,7,9
address 0014.a964.2e00 priority
address 0014.f2d2.4180 priority
port
Fa0/10
cost
Interface
---------------Fa0/10
Fa0/15
##### MST2
Bridge
Root
Role
---Root
Altn
Sts
--FWD
BLK
Cost
--------200000
200000
Prio.Nbr
-------128.10
128.15
Type
----------------------------P2p
P2p
vlans mapped:
2,4,6,8,10
address 0014.a964.2e00 priority
address 001c.57d8.9000 priority
port
Fa0/15
cost
Interface
---------------Fa0/10
Fa0/15
Role
---Altn
Root
Sts
--BLK
FWD
Cost
--------200000
200000
Prio.Nbr
-------128.10
128.15
Type
----------------------------P2p
P2p
SW3#
As shown above you can see that MST1 (instance 1) has VLANs 1,3,5,7,9 mapped to it and the root bridge has a priority of 8193 and
the MAC address of 0014.f2d2.4180. The root port is specified as Fa0/10 which is directly connected to SW1.
VLANs 2,4,6,8,10 are mapped to MST2 (Instance 2) and the root bridge has a priority of 8193 and the MAC address of
001c.57d8.9000. The root port specified for MST2 is Fa0/15 which is directly connected to SW2.
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Waiting on Spanning Tree to place a port into forwarding can cause problems with fast booting machines requesting
DHCP IP Addresses. This lab will discuss and demonstrate the configuration and verification of STP PortFast.
Note that Portfast is supported on the Cisco NM-16ESW however the spanning tree portfast default feature is not.
In this lab youll familiarize yourself with the following commands;
Command
Description
spanning-tree portfast
This command is executed in privileged mode and shows rather or not portfast is
enabled on the specific interface.
show spanning-tree
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1 and SW1.
Establish a console session with devices R1 and SW1 than configure the devices respected hostname(s).
Configure SW1 to run Rapid-PVST.
Lab Objectives
By default, interfaces on routers are administratively shut down. Enable FastEthernet0/0 which is connected to Fa0/1 then
observe the switches spanning-tree behavior via the show spanning-tree command.
Shutdown R1s FastEthernet0/0 interface then configure PortFast on SW1s FastEthernet0/1. Afterward; re-enable the Fa0/0
interface on R1 and ensure that Fa0/1 on SW1 is immediately transitioned to forwarding status by viewing the spanning-tree
output on SW1.
Enable PortFast on all interfaces of the switch by default and do not use the spanning-tree portfast command in interface
configuration mode. Verify your configuration.
This Lab instructional section is demonstrated using a Cisco Catalyst 3560 Series switch.
Lab Instruction
Step 1. By default, interfaces on routers are administratively shut down. Enable FastEthernet0/0 which is connected to Fa0/1 then
observe the switches spanning-tree behavior via the show spanning-tree command.
R1 con0 is now available
Priority
Address
Hello Time
Aging Time
Interface
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------Fa0/1
Desg BLK 19
128.3
P2p
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID
Priority
24577
Address
0014.f2d2.4180
This bridge is the root
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------Fa0/1
Desg LRN 19
128.3
P2p
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID
Priority
24577
Address
0014.f2d2.4180
This bridge is the root
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------Fa0/1
Desg FWD 19
128.3
P2p
SW1#
As youll notice in the observation of spanning-tree the port is first blocking all traffic, then learning which still blocks traffic but learns
MAC addresses from frames and processes BPDUs from connected devices to determine potential switching loops then finally the
port is placed into FWD (forwarding) if no layer two loop is detected by spanning tree.
Step 2. Shutdown R1s FastEthernet0/0 interface then configure PortFast on SW1s FastEthernet0/1. Afterward; ee-enable the
Fa0/0 interface on R1 and ensure that Fa0/1 on SW1 is immediately transitioned to forwarding status by viewing the spanning-tree
output on SW1.
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#interface fa0/0
R1(config-if)#shutdown
R1(config-if)#
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface fa0/1
SW1(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0/1 but will only
have effect when the interface is in a non-trunking mode.
SW1(config-if)#end
SW1#
And now to re-enable FastEthernet0/0 on R1;
R1(config-if)#no shut
R1(config-if)#
%LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
R1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed
state to up
R1(config-if)#
Now if you quickly view spanning-tree on SW1 you should notice that Fa0/1 is placed into FWD immediately;
SW1#show span
VLAN0001
Spanning tree enabled protocol rstp
Root ID
Priority
24577
Address
0014.f2d2.4180
This bridge is the root
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------Fa0/1
Desg FWD 19
128.3
P2p Edge
SW1#
Step 3. Enable PortFast on all interfaces of the switch by default and do not use the spanning-tree portfast command in interface
configuration mode. Verify your configuration.
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
SW1(config)#end
SW1#
And to verify that PortFast is enabled by default use the show spanning-tree summary command as shown below;
SW1#show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: VLAN0001
Extended system ID
is
Portfast Default
is
PortFast BPDU Guard Default is
Portfast BPDU Filter Default is
Loopguard Default
is
EtherChannel misconfig guard is
UplinkFast
is
BackboneFast
is
Configured Pathcost method used
enabled
enabled
disabled
disabled
disabled
enabled
disabled
disabled
is short
Name
Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ---------VLAN0001
0
0
0
1
1
---------------------- -------- --------- -------- ---------- ---------1 vlan
0
0
0
1
1
SW1#
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
There is always the need to prevent employees from plugging random switches into the network. This lab will discuss
and demonstrate the configuration and verification of Spanning Tree BPDU Guard.
Note that the NM-16ESW only supports platform wide bpduguard configuration via the spanning-tree portfast bpduguard command. It
does not support spanning-tree bpduguard default feature or interface based bpduguard configuration. With that being said you will
not be able to complete this lab using GNS3.
In this lab youll familiarize yourself with the following commands;
Command
Description
spanning-tree bpduguard
enable
This command is executed in interface configuration mode and enables BPDU Guard on that
specific interface.
spanning-tree bpduguard
disable
This command is executed in interface configuration mode and is used disable BPDU Guard
which can be enabled by default by using the command above.
show interface
interfacename#/#
This command is executed in user, privileged or configuration mode with the use of do to view
the current interface status.
This command is executed in user, privileged or configuration mode with the use of do to view
the current interface status of all ports on the switch.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1 and SW2.
Establish a console session with devices SW1 and SW2 than configure the devices respected hostname(s).
Configure interface Fa0/10 on SW1 and SW2 as an access port for VLAN 10.
Lab Objectives
On SW1 and SW2 verify that interface Fa0/10 is up/up.
Configure BPDU Guard on SW1 interface Fa0/10 then verify the port status again on SW1.
Remove the interface BPDU Guard configuration from SW1 interface Fa0/10 and configure system default portfast and
bpduguard, verify the configuration.
The instructional section of this lab is demonstrated using two Cisco Catalyst 3560 Series switches.
Lab Instruction
Step 1. On SW1 and SW2 verify that interface Fa0/10 is up/up.
You can use show ip interface brief FastEthernet 0/10 or show interface fa0/10 to verify the interface status as shown below;
Protocol
up
SW2 verification shown below using the show interface fa0/10 command;
SW2#show interface fa0/10
FastEthernet0/10 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 001c.57d8.900c (bia 001c.57d8.900c)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 4 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
49720 packets input, 3684013 bytes, 0 no buffer
Received 48602 broadcasts (48602 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 48602 multicast, 0 pause input
0 input packets with dribble condition detected
3118 packets output, 381783 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SW2#
Step 2. Shutdown interface Fa0/10 on SW2 then configure BPDU Guard on SW1 interface Fa0/10; afterward, enable interface
Fa0/10 on SW2 then verify the port status again on SW1.
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#interface fa0/10
SW2(config-if)#shutdown
%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to
administratively down
SW2(config-if)#
SW1 BPDU Guard interface configuration shown below;
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface fa0/10
SW1(config-if)#spanning-tree bpduguard enable
SW1(config-if)#end
SW1#
Now enable Interface Fa0/10 on SW2
SW2(config-if)#no shutdown
SW2(config-if)#
%LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to down
SW2(config-if)#
If you jump over to SW1 now youll see the following SYSLog message due to the fact SW2 is sending SW1 a BPDU on Fa0/10;
SW1#
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/10 with BPDU Guard
enabled. Disabling port.
SW1#
%PM-4-ERR_DISABLE: bpduguard error detected on Fa0/10, putting Fa0/10 in
err-disable state
SW1#
Now verify the interface status on SW1 as shown below;
SW1#show interfaces fa0/10
FastEthernet0/10 is down, line protocol is down (err-disabled)
Hardware is Fast Ethernet, address is 0014.f2d2.418c (bia 0014.f2d2.418c)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:02:43, output 00:08:44, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3303 packets input, 403853 bytes, 0 no buffer
Received 2097 broadcasts (2097 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 2097 multicast, 0 pause input
0 input packets with dribble condition detected
55416 packets output, 4095765 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SW1#
As you can see Fa0/10 is now in ERR-Disabled state due to BPDU Guard shutting down the port automatically once it received a
BPDU from SW2.
Step 3. Remove the interface BPDU Guard configuration from SW1 interface Fa0/10 and configure system default portfast and
bpduguard, verify the configuration.
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface fa0/10
SW1(config-if)#no spanning-tree bpduguard enable
SW1(config-if)#exit
SW1(config)#spanning-tree portfast bpduguard default
SW1(config)#end
SW1#
%SYS-5-CONFIG_I: Configured from console by console
SW1#
To verify this configuration you can use the show spanning-tree summary command in privileged mode or a configuration mode by
using the do command prefix as shown below;
SW1(config)#do show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: none
Extended system ID
is enabled
Portfast Default
is enabled
enabled
disabled
disabled
enabled
disabled
disabled
is short
Name
Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ---------Total
0
0
0
0
0
SW1(config)#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
There are multiple STP attributes that can be used to fine tune spanning tree such as link type, cost, priority and
bpdufilter. This lab will discuss and demonstrate the configuration and verification of STP Link type, cost, priority and
BPDU Filter.
considered a point to point link whereas half duplex is considered a shared medium. So why is Rapid, rapid on rapid-spanningtree? The old 802.1d standard took up to 45 seconds to set the port in forwarding mode, whereas 802.1s now transitions the port to
designated (forwarding) very quickly. If a link-type is set to p2p then the RSTP does its think and quickly transitions the port into
forwarding however if the link-type is half-duplex or configured as shared in interface configuration mode by using the spanningtree link-type shared then the switch does not transition the port quickly. It goes through the entire process of determining rather or
not a port poses a potential layer two network loop.
Configuring spanning-tree port-priority in interface configuration mode statically configures the port-priority used as a tie breaker for
switches with multiple redundant links to a particular network segment where the root bridge can be reached.. So the question is, is if
you have multiple links to a root bridge from a single switch and each link has the exact same cost, how does the switch know which
link to use as the root port? The tie breaker is done by port-priority. If you do a show spanning-tree vlan # youll notice that Prio.Nbr
is between cost and type. The priority is by default set to 128 on all Catalyst series switches and the Nbr is the port number. For
example SW1 and SW2 are connected via Fa0/10, Fa0/11 and Fa0/12. All ports have the same cost so the port-priority will
determine which port becomes the root, which in this case Port Fa0/10 will be the root port, Fa0/11 and Fa0/12 will be alternate ports
(blocking).
Now that you have a basic understanding of some of the STP interface specific configurations you need to familiarize yourself with
the following commands below;
Command
Description
spanning-tree bpdufilter
This command is executed in interface configuration mode and enables BPDUFilter which
disables sending and processing received BPDU frames on the interface.
spanning-tree cost #
This command is executed in interface configuration mode and statically sets the interface cost
used for manipulating the root path in a given spanning-tree topology.
This command is executed in interface configuration mode and statically sets the interface link
type. This command manipulates the the ports rapid transition processing.
spanning-tree port-priority
This command is executed in interface configuration mode and statically sets the interface portpriority in spanning-tree to manipulate the election of the root port when multiple equal cost links
in a given network segment exist.
This command is executed in privileged mode to view the current spanning-tree properties on a
per vlan basis. Used to view root port, alternate port(s), cost, port-priority and port-type.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2 and SW3.
Establish a console session with devices SW1, SW2 and SW3 than configure the devices respected hostname(s).
Configure all switches to run Rapid-PVST.
Configure interfaces Fa0/10 and Fa0/11 on both SW1 and SW2 to trunk.
Configure interfaces Fa0/13 and Fa0/14 on SW1 to trunk then configure interfaces Fa0/10 and Fa0/11 on SW3 to trunk.
Configure interfaces Fa0/13 and Fa0/14 on both SW2 and SW3 to trunk.
For this lab youll only need to use VLAN 1, so remove all other VLANs and configure SW1 as the root bridge for VLAN 1.
Lab Objectives
Configure BPDUFilter on SW2 interface Fa0/10 then verify it by using BPDU Guard on SW1 Fa0/10. Once completed remove
the BPDUFilter and BPDUGuard before proceeding.
Configure SW3 to use Fa0/14 as the root port in the spanning-tree by using manipulating the interface cost; use a cost lower
then the default FastEthernet interface cost. Afterward, configure SW2 to use interface Fa0/11 as the root port to SW1. Verify
your configuration; once verified remove the interface costs before proceeding.
SW3 Interface Fa0/10 is connected to a 10/100Mbps hub then the hub is connected to SW1. Configure the link type
accordingly and verify your configuration.
Assuming SW2s interface Fa0/10 and Fa0/11 are configured with their defaults for spanning tree, the root port will become
Fa0/10. Influence spanning-tree to use interface Fa0/11 and do not use the cost command.
Due to the limited feature support of the NM-16ESW, this lab CANNOT fully be completed using the Free CCNA Workbook
GNS3 topology. However, this lab can be fully completed using the Stub Lab.
Lab Instruction
Step 1. Configure BPDUFilter on SW2 interface Fa0/10 then verify it by using BPDU Guard on SW1 Fa0/10. Once completed
remove the BPDUFilter and BPDUGuard before proceeding.
To configure bpdufilter youll use the spanning-tree bpdufilter enable command in interface configuration mode as shown below;
SW2 con0 is now available
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#interface fa0/10
SW2(config-if)#spanning-tree bpdufilter enable
To verify that BPDUFilter is operating properly you can enable BPDUGuard on SW1 interface Fa0/10 then bounce the interface. As
previously stated in the lab BPDUFilter prevents transmitting and processing received BPDUs on a particular port. Since no BPDUs
will be sent out SW2 interface Fa0/10 then SW1 Fa0/10 will not shut down as BPDUs wont be detected as shown below;
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface fa0/10
SW1(config-if)#spanning-tree bpduguard enable
SW1(config-if)#shutdown
SW1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to
administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed
state to down
SW1(config-if)#no shut
SW1(config-if)#
%LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to up
SW1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed
state to up
SW1(config-if)#exit
SW1(config)#exit
As shown above you can see that the interface Fa0/10 did not go into err-disabled state as no BPDUs were received since Fa0/10
on SW2 is configured to filter BPDUs (Not send them).
But however if you check over on SW3, youll notice that all interfaces have been shutdown into Err-Disabled state as SW3 has
detected a loop in the network. Ethernet by default sends a loopback keepalive out each interface every ten seconds. If this
keepalive is received back on the same interface the the interface goes into Err-Disabled mode as a physical topology loop has been
detected.
This occurs due to spanning-tree not blocking that interface and forwarding all traffic out the interface. Since this happens frames
loop back around in the network and SW3 detects it.
Youll need to remove BPDUGuard off SW1 Fa0/10 and BPDUFilter off SW2 Fa0/10, then bounce interfaces fa0/10, fa0/11, fa0/13
and fa0/14 on SW3 as shown below before proceeding as they are in Err-Disabled state;
SW1(config)#interface fa0/10
SW1(config-if)#no span bpduguard enable
SW1(config-if)#end
SW1#
SW2(config)#interface fa0/10
SW2(config-if)#no span bpdufilter
SW2config-if)#end
SW2#
SW3>enable
SW3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)#interface range fa0/10 , fa0/11 , fa0/13, fa0/14
SW3(config-if-range)#shutdown
SW3(config-if-range)#
%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administratively down
Priority
Address
Hello Time
Aging Time
Interface
------------------Fa0/10
Fa0/11
Fa0/13
Fa0/14
Role
---Root
Altn
Desg
Desg
Cost
--------19
19
19
19
Prio.Nbr
-------128.10
128.11
128.13
128.14
Type
--------------------------Shr
P2p
P2p
P2p
SW3#
Step 4. Assuming SW2s interface Fa0/10 and Fa0/11 are configured with their defaults for spanning tree, the root port will become
Fa0/10. Influence spanning-tree to use interface Fa0/11 and do not use the cost command.
To complete this objective youll need to change the port priority number as cost cannot be changed. the lowest priority number port
wins the root port election if all costs on the redundant links to the root bridge are equal as shown below;
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface fa0/11
SW1(config-if)#spanning-tree port-priority 64
SW1(config-if)#end
SW1#
%SYS-5-CONFIG_I: Configured from console by console
SW1#
To verify that the priority does manipulate the root port selection on SW2 to Fa0/11 instead of Fa0/10 use the show spanning-tree
vlan # command as shown below;
SW2#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID
Priority
24577
Address
0014.f2d2.4180
Cost
19
Port
13 (FastEthernet0/11)
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
Address
Hello Time
Aging Time
Interface
------------------Fa0/10
Fa0/11
Role
---Altn
Root
Cost
--------19
19
Prio.Nbr
-------128.12
128.13
Type
--------------------------P2p
P2p
SW2#
Keep in mind that the port-priority is propagated from switch to switch via BPDUs. So when you want influence a traffic transit path
you must configure the port-priority on the advertising switch. In this case, SW1 is advertising two traffic paths to the root bridge, but
interface Fa0/11 is now advertising a better port priority and therefore will be selected as the root port on SW2.
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Securing the access edge is crucial to ensuring optimal network performance and reliability. This lab will discuss and
demonstrate the configuration and verification of Dynamic Switchport Port Security.
There are three different types of violation methods you can use with Port Security, the first being a protected port. A Protected port
security violation will still allow permissible traffic from authorized MAC addresses but all other traffic with unknown MAC addresses
will be dropped. A Restricted port security violation will restrict all traffic and generate an SNMP trap to the SNMP Server for
administrative reference. The last port mode is shutdown, which places the port into Err-Disabled Mode once a port security
violation has occurred.
In this lab you will familiarize yourself with the following commands;
Command
Description
switchport port-security
show port-security
This command is executed in privileged mode to view the details of portsecurity on a particular port including status, timeout, violation type, max
mac addresses and other configurable options.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1 and SW1.
Establish a console session with devices R1 than configure the devices respected hostname(s).
Assign the IP Address 10.1.1.1/24 to R1 Fa0/0 and the IP Address 10.1.1.10/24 to SW1s Vlan1 interface than verify IP
connectivity between R1 and SW1.
Lab Objectives
Enable port-security on SW1 interface Fa0/1 and allow a maximum of 3 MAC addresses.
Configure interface Fa0/1 on SW1 to shutdown the port if there is a port-security violation.
Verify your port-security configuration on SW1 by changing the MAC addresses on R1s FastEthernet0/0 interface to
aaaa.aaaa.aaaa then aaaa.aaaa.aaab and finally aaaa.aaaa.aaac to trigger a violation.
Due to the limited feature support of the NM-16ESW, this lab CANNOT be completed using the Free CCNA Workbook GNS3
topology. However, this lab can be completed using the Stub Lab.
Lab Instruction
Step 1. Enable port-security on SW1 interface Fa0/1 and allow a maximum of 3 MAC addresses
To enable port security on a specific port you use the switchport port-security command in interface configuration mode as shown
below;
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface fa0/1
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security maximum 3
SW1(config-if)#
Step 2. Configure interface Fa0/1 on SW1 to shutdown the port if there is a port-security violation.
To shut down a port once a violation is triggered youll use the switchport port-security violation shutdown command in interface
configuration mode as shown below;
SW1(config-if)#switchport port-security violation shutdown
Step 3. Verify your port-security configuration on SW1 by changing the MAC addresses on R1s FastEthernet0/0 interface to
aaaa.aaaa.aaaa then aaaa.aaaa.aaab and finally aaaa.aaaa.aaac to trigger a violation.
You can first verify your configuration by using the show port-security interface fa0/1 command in privileged mode to view current
port-security configuration on a per-port basis as shown below;
SW1(config-if)#end
SW1#
%SYS-5-CONFIG_I: Configured from console by console
SW1#show port-security interface fa0/1
Port Security
: Enabled
Port Status
: Secure-up
Violation Mode
: Shutdown
Aging Time
: 0 mins
Aging Type
: Absolute
:
:
:
:
:
:
:
Disabled
3
1
0
0
000f.242e.bf80:1
0
SW1#
As you can see from above the port status is currently Secure-Up meaning port security is enabled and the maximum address count
is 3. You can test this port-security configuration by changing the MAC address on R1 3 times, and after the 3rd change, a violation
will occur due to the MAC addresses associated with the switch port exceeding the limit of 3.
You can change the MAC address of a routers interface by using the mac-address xxxx.xxxx.xxxx command in interface
configuration mode as shown below;
R1 con0 is now available
R1#enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface fa0/0
R1(config-if)#mac-address aaaa.aaaa.aaaa
R1(config-if)#mac-address aaaa.aaaa.aaab
R1(config-if)#mac-address aaaa.aaaa.aaac
R1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed
state to down
R1(config-if)#
If you were keeping track on SW1 after changing the MAC address each time on R1 then youd see the following changes until the
port was automatically placed into Err-Disabled mode as shown below;
SW1#show port-security interface fa0/1 address
Secure Mac Address Table
-----------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age
(mins)
--------------------------------1
000f.242e.bf80
SecureDynamic
Fa0/1
-----------------------------------------------------------------------Total Addresses: 1
SW1#show port-security interface fa0/1 address
Secure Mac Address Table
-----------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age
(mins)
--------------------------------1
000f.242e.bf80
SecureDynamic
Fa0/1
1
aaaa.aaaa.aaaa
SecureDynamic
Fa0/1
-----------------------------------------------------------------------Total Addresses: 2
SW1#show port-security interface fa0/1 address
Secure Mac Address Table
-----------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age
(mins)
--------------------------------1
000f.242e.bf80
SecureDynamic
Fa0/1
-
1
aaaa.aaaa.aaaa
SecureDynamic
Fa0/1
1
aaaa.aaaa.aaab
SecureDynamic
Fa0/1
-----------------------------------------------------------------------Total Addresses: 3
SW1#
%PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/1, putting Fa0/1 in err-disable stat
e
SW1#
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address aaaa.aaa
a.aaac on port FastEthernet0/1.
SW1#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
SW1#
%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
SW1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Static port security is a common configuration for printers, copiers and other devices on the network that never
change. This lab will discuss and demonstrate the configuration and verification of Sticky switchport security.
Command
Description
This command is executed in interface configuration mode and configures the port
sticky
to dynamically learn the MAC address and automatically configure the MAC
address as a static MAC address associated with the port.
This command is executed in privileged mode to erase the current secure macaddress table for a specified switch port.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1 and SW1.
Establish a console session with devices R1 than configure the devices respected hostname(s).
Assign the IP Address 10.1.1.1/24 to R1 Fa0/0 and the IP Address 10.1.1.10/24 to SW1s Vlan1 interface than verify that you
have IP connectivity between R1 and SW1.
Lab Objectives
Enable port-security on SW1s Fa0/1 interface and configure the interface to sticky the MAC address learned. Upon a port
security violation, restrict the port. Verify your configuration.
Change the MAC address on R1s Fa0/0 to aaaa.aaaa.abcd then configure the same MAC address as a static MAC in portsecurity on SW1s Fa0/1 interface. Verify your configuration.
Due to the limited feature support of the NM-16ESW, this lab CANNOT be completed using the Free CCNA Workbook GNS3
topology. However, this lab can be completed using the Stub Lab.
Lab Instruction
Step 1. Enable port-security on SW1s Fa0/1 interface and configure the interface to sticky the MAC address learned. Upon a port
security violation, protect the port. Verify your configuration.
To enable port-security youll execute the switchport port-security command as previously learned in Lab 4-19. To configure the
interface to sticky the MAC address dynamically learn use the switchport port-security mac sticky command in interface configuration
mode as discussed at the beginning of this lab.
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line.
SW1(config)#interface fa0/1
SW1(config-if)#switchport port-security
Step 2. Change the MAC address on R1s Fa0/0 to aaaa.aaaa.abcd then configure the same MAC address as a static MAC in portsecurity on SW1s Fa0/1 interface. Verify your configuration.
Keep in mind as soon as you change the MAC address on R1s Fa0/0 interface, R1 will no longer be able to communicate to any
resources on the network as the MAC address is not in the secure mac-address table on SW1 Fa0/1, thus any received frames will
be dropped.
R1 con0 is now available
R1#enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#interface fa0/0
R1(config-if)#mac-address aaaa.aaaa.aaab
R1(config-if)#end
R1#
To resolve communication issue between R1 and SW1 due to the port-security violation after the MAC address on R1 has changed
youll need to shutdown Fa0/1 and clear the secure mac-address table on that interface using the clear port-security all interface
Fa0/1 command in privileged mode or configuration mode with the do command prefix. Afterward configure the new static MAC
address using the switchport port-security mac aaaa.aaaa.aaab command.
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface fa0/1
SW1(config-if)#shutdown
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state
to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed
state to down
SW1(config-if)#do clear port-security all interface fa0/1
SW1(config-if)#switchport port-security mac-address aaaa.aaaa.aaab
SW1(config-if)#no shut
SW1(config-if)#end
SW1#
%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed
state to up
SW1#
%SYS-5-CONFIG_I: Configured from console by console
SW1#
To verify that connectivity has been restored between R1 and SW1, ping SW1s Vlan1 interface from R1;
R1#ping 10.1.1.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
R1#
Previous Lab
Like
Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Mirroring a specific port to another port on a switch for the purposes of packet analysis is a fairly common
troubleshooting technique. This lab will discuss and demonstrate the configuration and verification of a SPAN
Session, also known as Port Mirroring.
Command
Description
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and SW1.
Establish a console session with devices R1, R2 and SW1 than configure the devices respected hostname(s).
Configure the IP Address 10.1.1.1/24 on R1s Fa0/0 interface than configure SW1s Vlan1 interface with the IP Address
10.1.1.10/24 than verify IP connectivity between R1 and SW1s VLAN 1 interface before continuing.
Lab Objectives
Configure a new SPAN session on SW1 using the first available SPAN session number. Configure the source interface of the
SPAN as SW1s Fa1/1 interface and the SPANs destination interface of Fa1/2.
OPTIONAL: Verify that the span is functioning properly by using WireShark to sniff traffic that on the spans destination
interface. If you choose to verify this configuration youll need real hardware and set the span destination to a port that youre
PC is plugged into.
Lab Instruction
Step 1. Configure a new SPAN session on SW1 using the first available SPAN session number. Configure the source interface of
the SPAN as SW1s Fa1/1 interface and the SPANs destination interface of Fa1/2.
To create a new span session youll use the monitor command in global configuration as shown below;
SW1 con0 is now available
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#monitor session 1 source interface fa1/1
SW1(config)#monitor session 1 destination interface fa1/2
SW1(config)#end
SW1#show monitor session 1
Session 1
--------Source Ports:
RX Only:
TX Only:
Both:
Source VLANs:
RX Only:
TX Only:
Both:
Destination Ports:
Filter VLANs:
None
None
Fa1/1
None
None
None
Fa1/2
None
SW1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Using T1 Point to Point links between a branch office and a headquarter site is a common architectural deployment.
This lab will discuss and demonstrate the configuration of this WAN links using the PPP and HDLC Layer 2 Protocols.
Command
Description
Shows controller information about the specified serial interface including the clock rate
This command is executed in serial interface configuration mode to set the clock rate of a
DCE termination point of a serial link.
This command when executed in Serial interface configuration mode configures the
interface encapsulation to Cisco HDLC (High-Level Data Link Control protocol) or the
Industry Standard PPP (Point to Point Protocol)
This command when executed in privileged mode will display Serial interface information
such as encapsulaton, MTU, up time, current utilization and more.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1 and R2.
Establish a console session with devices R1 and R2 than configure the devices respected hostname(s).
Configure R1s Serial0/1 interface with the IP address 172.18.21.1/30 and R2s Serial0/1 interface with the IP address
172.18.21.2/30
Lab Objectives
Configure both R1 and R2s Serial0/1 interface to encapsulate traffic using the HDLC encapsulation.Verify your configuration
by using a show command to display the interface encapsulation and by pinging R2 from R1.
Configure both R1 and R2s Serial0/1 interface to encapsulate traffic using the PPP encapsulation. Verify your configuration by
using a show command to display the interface encapsulation and by pinging R2 from R1.
Lab Instruction
Objective 1. Configure both R1 and R2s Serial0/1 interface to encapsulate traffic using the HDLC encapsulation. Verify your
configuration by using a show command to display the interface encapsulation and by pinging R2 from R1.
The configuration part of this objective is a trick question however the commands shown below will demonstrate how to configure
HDLC. Keep in mind that HDLC is the default serial interface encapsulation on Cisco routers. You can verify the serial interface
encapsulation by using the show interface serial #/# command in privileged mode.
R1 con0 is now available
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#interface Serial0/1
R1(config-if)#encapsulation hdlc
R1(config-if)#no shutdown
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
%LINK-3-UPDOWN: Interface Serial0/1, changed state to up
R1#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,
changed state to up
R1#
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Serial0/1
R2(config-if)#encapsulation hdlc
R2(config-if)#no shutdown
R2(config-if)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
%LINK-3-UPDOWN: Interface Serial0/1, changed state to up
R2#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,
changed state to up
R2#
Interface Encapsulation verification shown below;
R1#show interface Serial0/1
Serial0/1 is up, line protocol is down
Hardware is M4T
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input never, output 00:00:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
38 packets output, 2332 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
5 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
R1#
Ping verification from R1 to R2 shown below;
R1#ping 172.18.21.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.21.2, timeout is 2 seconds:
!!!!!
R2#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed
state to down
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Serial0/1
R2(config-if)#encapsulation ppp
R2(config-if)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed
state to up
R2#
Youll notice when changing the encapsulation from HDLC to PPP on R1 that the line protocol will go down, this is due to an
encapsulation mis-match. Once R2s Serial0/1 interface is configured with the matching encapsulation the line protocol will go back
up.
Encapsulation and ping verification shown below;
R1#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed
state to up
R1#
R1#show interface Serial0/1
Serial0/1 is up, line protocol is up
Hardware is M4T
Internet address is 172.18.21.1/30
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:40, output 00:00:07, output hang never
Last clearing of "show interface" counters 00:04:34
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
54 packets input, 2146 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
69 packets output, 2553 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
CTS=up
R1#ping 172.18.21.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.21.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/49/88 ms
R1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Frame Relay is a legacy technology however its still fairly common in developing nations due to its simplicity and
price. This lab will discuss and demonstrate how to configure a Point to Point Frame-Relay Circuit.
Command
Description
encapsulation frame-relay
This command is executed in serial interface configuration mode to set the encapsulation
to Frame Relay.
frame-relay interface-dlci #
This command is executed in Serial interface configuration mode to configure the pointto-point frame-relay interface DLCI assigned to the interface.
This command when executed in privileged mode will display all DLCIs learned by the
router from the frame relay switch as well as the PVC status and frame statistics.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1 and R2.
Establish a console session with devices R1 and R2 than configure the devices respected hostname(s).
Configure R1s Serial0/0 interface with the IP address 10.10.21.1/30 and R2s Serial0/0 interface with the IP address
10.10.21.2/30
Lab Objectives
Configure R1 Serial0/0 interface to encapsulate traffic using Frame Relay encapsulation and use the interface DLCI of 122;
verify your configuration using viewing the interface and pvc properties for DLCI 122.
Configure R2 Serial0/0 interface to encapsulate traffic using Frame Relay encapsulation and use the interface DLCI of 221;
verify your configuration using viewing the pvc properties for DLCI 122 and pinging R1s Serial0/0 interface from R2.
Lab Instruction
Objective 1. Configure R1 Serial0/0 interface to encapsulate traffic using Frame Relay encapsulation and use the interface DLCI of
122; verify your configuration using viewing the interface and pvc properties for DLCI 122.
R1 con0 is now available
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface Serial0/0
R1(config-if)#no shutdown
R1(config-if)#
%LINK-3-UPDOWN: Interface Serial0/0, changed state to up
R1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to up
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame-relay interface-dlci 122
R1(config-fr-dlci)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
Verification for show interface Serial0/0 and show frame-relay pvc shown below;
R1#show interface serial0/0
Serial0/0 is up, line protocol is up
Hardware is PowerQUICC Serial
Internet address is 10.10.12.1/30
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY, loopback not set
Keepalive set (10 sec)
CRC checking enabled
LMI enq sent 18, LMI stat recvd 18, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
FR SVC disabled, LAPF state down
Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0
Last input 00:00:00, output 00:00:06, output hang never
Last clearing of "show interface" counters 00:04:50
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
36 packets input, 1604 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort
23 packets output, 684 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
R1#show frame-relay pvc 122
PVC Statistics for interface Serial0/0 (Frame Relay DTE)
DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0
input pkts 26
output pkts 4
in bytes 1554
out bytes 416
dropped pkts 0
in pkts dropped 0
out pkts dropped 0
out bytes dropped 0
in FECN pkts 0
in BECN pkts 0
out FECN pkts 0
out BECN pkts 0
in DE pkts 0
out DE pkts 0
out bcast pkts 0
out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:03:46, last time pvc status changed 00:02:04
R1#
Youll notice that the PVC for DLCI 122 is inactive, this is due to the terminating end not being active, once R2s Serial0/0 interface is
configured properly the PVC will be active and pass traffic.
Objective 2. Configure R2 Serial0/0 interface to encapsulate traffic using Frame Relay encapsulation and use the interface DLCI of
221; verify your configuration using viewing the pvc properties for DLCI 122 and pinging R1s Serial0/0 interface from R2.
First off youll need to configure the interface for frame relay encapsulation and to use the interface dlci of 221 as shown below;
R2 con0 is now available
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Serial0/0
R2(config-if)#no shutdown
R2(config-if)#
%LINK-3-UPDOWN: Interface Serial0/0, changed state to up
R2(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to up
R2(config-if)#encapsulation frame-relay
R2(config-if)#frame-relay interface-dlci 221
R2(config-fr-dlci)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
Now that the interface has been configured its time to verify the configuration by viewing the DLCI information and pinging R1s
Serial0/0 interface from R2 as demonstrated below;
R2#show frame-relay pvc 221
PVC Statistics for interface Serial0/0 (Frame Relay DTE)
DLCI = 221, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0
input pkts 9
output pkts 40
in bytes 796
out bytes 2390
dropped pkts 0
in pkts dropped 0
out pkts dropped 0
out bytes dropped 0
in FECN pkts 0
in BECN pkts 0
out FECN pkts 0
out BECN pkts 0
in DE pkts 0
out DE pkts 0
out bcast pkts 33
out bcast bytes 1662
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:04:40, last time pvc status changed 00:00:04
R2#ping 10.10.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.12.1, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 28/29/32 ms
R2#
Previous Lab
Like
Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
You can configure multiple point to point sub-interfaces using a single physical Frame Frame circuit. This type of
configuration can be used between hub and spoke sites where you would want to keep the spokes in their own layer
3 subnets. This lab will discuss and demonstrate the frame relay point to point sub-interface configuration and
verification.
Command
Description
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than configure the devices respected hostname(s).
Configure R1, R2 and R3s Serial0/0 interface encapsulation to frame relay and enable the interfaces using the no shut
command.
Lab Objectives
On R1, create the sub-interface Serial0/0.122 and assign it the interface DLCI of 122 and the IP Address of 172.18.12.1/30
then create interface Serial0/0.123 and assign it the IP Address 172.18.13.1/30
On R2, create the sub-interface Serial0/0.221 and assign it the interface DLCI of 221 and the IP Address of 172.18.12.2/30
On R3, create the sub-interface Serial0/0.321 and assign it the interface DLCI of 321 and the IP Address of 172.18.13.2/30
Verify connectivity using the show frame-relay pvc and ping commands on R1.
Lab Instruction
Objective 1. On R1, create the sub-interface Serial0/0.122 and assign it the interface DLCI of 122 and the IP Address of
172.18.12.1/30 then create interface Serial0/0.123 and assign it the ip address 172.18.13.1/30
R1 con0 is now available
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface Serial0/0.122 point-to-point
R1(config-subif)#ip address 172.18.12.1 255.255.255.252
R1(config-subif)#frame-relay interface-dlci 122
R1(config-fr-dlci)#exit
R1(config-subif)#interface Serial0/0.123 point-to-point
R1(config-subif)#ip address 172.18.13.1 255.255.255.252
R1(config-subif)#frame-relay interface-dlci 123
R1(config-subif)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
Objective 2. On R2, create the sub-interface Serial0/0.221 and assign it the interface DLCI of 221 and the IP Address of
172.18.12.2/30
R2 con0 is now available
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Serial0/0.221 point-to-point
R2(config-subif)#ip add 172.18.12.2 255.255.255.252
R2(config-subif)#frame-relay interface-dlci 221
R2(config-fr-dlci)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
Objective 3. On R3, create the sub-interface Serial0/0.321 and assign it the interface DLCI of 321 and the IP Address of
172.18.13.2/30
R3 con0 is now available
R3>enable
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface Serial0/0.321 point-to-point
R3(config-subif)#ip add 172.18.13.2 255.255.255.252
R3(config-subif)#frame-relay interface-dlci 321
R3(config-fr-dlci)#end
R3#
%SYS-5-CONFIG_I: Configured from console by console
R3#
Objective 4. Verify connectivity using the show frame-relay pvc and ping commands on R1.
R1#show frame-relay pvc
PVC Statistics for interface Serial0/0 (Frame Relay DTE)
Local
Switched
Unused
Active
2
0
2
Inactive
0
0
0
Deleted
0
0
0
Static
0
0
0
DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.122
input pkts 20
output pkts 19
in bytes 5395
out bytes 5187
dropped pkts 0
in pkts dropped 0
out pkts dropped 0
out bytes dropped 0
in FECN pkts 0
in BECN pkts 0
out FECN pkts 0
out BECN pkts 0
in DE pkts 0
out DE pkts 0
out bcast pkts 14
out bcast bytes 4667
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:14:33, last time pvc status changed 00:14:33
DLCI = 123, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.123
input pkts 22
output pkts 20
in bytes 6045
out bytes 4380
dropped pkts 0
in pkts dropped 0
out pkts dropped 0
out bytes dropped 0
in FECN pkts 0
in BECN pkts 0
out FECN pkts 0
out BECN pkts 0
in DE pkts 0
out DE pkts 0
out bcast pkts 10
out bcast bytes 3340
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:17:27, last time pvc status changed 00:17:27
R1#ping 172.18.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/82/188 ms
R1#ping 172.18.13.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.13.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/96/168 ms
R1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
When it comes to the Hub and Spoke topology, the hub is most commonly deployed with a Point-to-MultiPoint
interface. This lab will discuss and demonstrate the configuration and verification of multi-point frame relay interfaces.
Command
Description
This command when executed in the physical serial interface or point-to-multipoint subinterface configuration mode maps a specific IP Address to a specific DLCI. When you
specify broadcast after the DLCI number this enables broadcast on that DLCI.
This command when executed in global config will create a new point-to-multipoint sub-
interface which can be used like a physical interface but allow for multiple multipoint
interfaces on a single interface to control multiple multipoint frame-relay WANs. (I may
need to read that part twice to understand it)
show frame-relay map
This command when executed in privileged mode will display all frame-relay ip to dlci
mappings, rather they are static (using the frame-relay map) command or dynamic;
which are learned by Inverse ARP which will be discussed in the next lab.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than configure the devices respected hostname(s).
Configure R1s Serial0/0 interface with the IP address of 10.54.123.1/29 and use Frame Relay encapsulation.
Configure R2s Serial0/0.221 as a point-to-point sub-interface with the IP Address of 10.54.123.2/29 and the Frame Relay
interface DLCI of 221
Configure R3s Serial0/0.321 as a point-to-point sub-interface with the IP Address of 10.54.123.3/29 and the Frame Relay
interface DLCI of 321
Lab Objectives
Configure R1s Serial0/0 interface with two frame relay maps. Map R2s Serial0/0 IP address to DLCI 122 and R3s Serial0/0
IP Address to DLCI 123.
From R2 and R3 verify IP connectivity to the hub as well between the spokes.
Remove the previous configuration from R1s Serial0/0 interface and create a point-to-multipoint sub-interface and configure it
with the correct frame-relay maps. Verify the Frame-Relay Map statements using the show frame-relay map command
From R2 and R3 verify IP connectivity to the hub as well between the spokes using the new point-to-multipoint configuration
on R1.
Lab Instruction
Objective 1. Configure R1s Serial0/0 interface with two frame relay maps. Map R2s Serial0/0 IP address to DLCI 122 and R3s
Serial0/0 IP Address to DLCI 123.
R1 con0 is now available
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#interface Serial0/0
Objective 3. Remove the previous configuration from R1s Serial0/0 interface and create a point-to-multipoint subinterface and
configure it with the correct frame-relay maps. Verify the Frame-Relay Map statements using the show frame-relay map command
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#default interface Serial0/0
Building configuration...
R3#ping 10.54.123.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.54.123.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/83/156 ms
R3#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Understanding and Configuring Frame Relay Inverse ARP | Free CCNA Workbook
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
The OSI Model dictates that in order for L3 addresses to communicated with other L3 addresses it must first go
through Layer 2. In the case of Frame Relay, you must have Layer 2 to Layer 3 Mappings known as the ARP table.
This lab will discuss and demonstrate the configuration of frame relay inverse ARP.
Command
Description
no frame-relay inverse-arp
This command under Serial interface configuration mode will disable frame-relay inverse
Understanding and Configuring Frame Relay Inverse ARP | Free CCNA Workbook
This command when executed from privileged mode will clear the dynamically learned
Inverse ARP mappings.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than configure the devices respected hostname(s).
Configure R1s Serial0/0 interface with the IP address of 10.55.123.1/29 and use Frame Relay encapsulation.
Configure R2s Serial0/0.221 as a point-to-point sub-interface with the IP Address of 10.55.123.2/29 and the Frame Relay
interface DLCI of 221
Configure R3s Serial0/0.321 as a point-to-point sub-interface with the IP Address of 10.55.123.3/29 and the Frame Relay
interface DLCI of 321
Lab Objectives
After youve completed the Lab Prerequisites, view the current frame-relay map table on R1 to verify is R2 and R3s IP to DLCI
Mappings have been dynamically learned.
Once R1 has learned R2 and R3s frame-relay maps dynamically via inverse arp. Ping both R2 and R3 from R1 then verify
that R2 can ping the other poke R3.
Disable Frame Relay Inverse ARP on R1s Serial0/0 interface and clear the frame relay inverse arp table using the clear
frame-relay inarp command then verify IP connectivity by pinging R2 and R3.
Create a static Frame Relay MAP on R1s Serial0/0 interface for IP to DLCI Mappings for traffic destined to R2 and R3. Verify
connectivity by pinging R2 and R3 from R1.
Lab Instruction
Objective 1. After youve completed the Lab Prerequisites, view the current frame-relay map table on R1 to verify is R2 and R3s IP
to DLCI Mappings have been dynamically learned.
R1#show frame-relay map
Serial0/0 (up): ip 10.55.123.2 dlci 122(0x7A,0x1CA0), dynamic,
broadcast,, status defined, active
Serial0/0 (up): ip 10.55.123.3 dlci 123(0x7B,0x1CB0), dynamic,
broadcast,, status defined, active
R1#
Objective 2. Once R1 has learned R2 and R3s frame-relay maps dynamically via Inverse ARP. Ping both R2 and R3 from R1 then
verify that R2 can ping the other poke R3.
R1#ping 10.55.123.2
Understanding and Configuring Frame Relay Inverse ARP | Free CCNA Workbook
R2#ping 10.55.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.55.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 156/215/340 ms
R2#
Objective 3. Disable Frame Relay Invese ARP on R1s Serial0/0 interface and clear the frame relay inverse arp table using the
clear frame-relay inarp command then verify IP connectivity by pinging R2 and R3.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface Serial0/0
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#clear frame-relay inarp
R1#ping 10.55.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.55.123.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#ping 10.55.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.55.123.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#
Objective 4. Create a static Frame Relay MAP on R1s Serial0/0 interface for IP to DLCI Mappings for traffic destined to R2 and R3.
Verify connectivity by pinging R2 and R3 from R1.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface Serial0/0
R1(config-if)#frame-relay map ip 10.55.123.2 122 broadcast
R1(config-if)#frame-relay map ip 10.55.123.3 123 broadcast
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#ping 10.55.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.55.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/106/200 ms
R1#ping 10.55.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.55.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/120/256 ms
Understanding and Configuring Frame Relay Inverse ARP | Free CCNA Workbook
R1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
This lab will teach you the basics of static routing and how to configure static routes on multiple routers to ensure IP
reachability over the network.
Welcome to the wonderful world of IP Routing!!! Now the Free CCNA Lab Workbook becomes more interesting and fun. ^_^
however, many engineers rely on static routes in their infrastructure due to a lack of understanding of dynamic routing protocols such
as RIP, EIGRP and OSPF. A well designed network should have very few static routes as the general rule of thumb; when you
configure a static route and the network changes, youll then potentially need to reassess and reconfigure the static route to ensure
network reachability.
In this lab you will configure static routing for three routers that simulate a small business with locations in NYC, Miami and San
Francisco each having separate IP subnets attached. You will use the skills youve previously learned in Section 5 to build a daisy
chained frame relay network between R1, R2 and R3. For those of you who are unfamiliar with the Daisy Chain configuration then
technically its the act of linking one device after another after another after another in a linear bus topological fashion which has little
or no redundancy.
One thing that has yet to be discussed on the Free CCNA Workbook is the comprehension of physical verses logical topologies. This
concept causes a lot of confusion at first for candidates preparing for the CCNA and this concept alone tends to catch new CCNAs
off guard when they get a job dealing with a simi-large network and they notice that the physical and logical network topologies do
not match at all. Often times in enterprise networks there are several technologies used that are not covered in the CCNA blueprint
but youll learn very quickly that such technologies can alter how the network functions logically. For example you have a single
switch that has a single link that does routing for multiple VLANs. Physically youll see one cable in the wiring closet but logically
youll see in the documentation that there could appear to be multiple routers or switches.
Shown below is a logical topology of the network you will be building in this lab. Check out the overall lab topology to view the
physical topology. However; looking down on this network youll see the topology is built upon the operational function of each
network device as shown below;
When doing Cisco Labs is common to use loopback interfaces as simulated connected networks. In this lab the Loopback0 interface
on R1, R2 and R3 will simulate their connected networks which you will be configuring static routing for.
In this lab you will familiarize yourself with following new command(s);
Command
Description
This command is executed in global configuration mode to create a static route locally.
The syntax of this command is ip route network subnet nexthop; so an example would be ip route 192.168.20.0 255.255.255.0
192.168.20.5 This effectively says to get to network 192.168.20.0/24 go to 192.168.20.5
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than configure the devices respected hostname(s).
load the initial configurations provided below by copying the config from the textbox and pasting it into the respected routers
console.
Initial Configurations
!##################################################
!#
!##################################################
!
enable
!
configure terminal
!
hostname R2
!
interface Loopback0
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
!##################################################
no frame-relay inverse-arp
!#
!
!##################################################
interface Serial0/0.221 point-to-point
!description ### FRAME RELAY LINK TO R1 ###
enable
ip address 10.61.12.2 255.255.255.252
!frame-relay interface-dlci 221
configure
terminal
!
!
interface Serial0/0.223 point-to-point
hostname
R3 ### FRAME RELAY LINK TO R3 ###
description
!ip address 10.61.23.1 255.255.255.252
interface
Loopback0
frame-relay
interface-dlci 223
!no shut
interface
Serial0/0
!
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
Lab Objectives
!
Create a Static Route on R1 that states to get to 10.61.20.0/24 go to the next hop of 10.61.12.2 then place the return route on
R2 stating to get to 10.61.10.0/24 go to the next hop of 10.61.12.1. Verify that the routes added operate correctly by pinging
R2s Lo0 interface sourced from R1s Lo0 interface.
Create a Static Route on R2 that states to get to 10.61.30.0/24 go to the next hop of 10.61.23.2 then place the return route on
R3 stating to get to 10.61.20.0/24 go to the next hop of 10.61.23.1. Verify that the routes added operate correctly by pinging
R3s Lo0 interface sourced from R2s Lo0 interface.
Configure R1 to route 10.61.30.0/24 to the next hop of 10.61.12.2 (R2) then configure R3 to route 10.61.10.0/24 to 10.61.23.1.
Afterward verify that you have IP communication between 10.61.10.0/24 and 10.61.30/24
Lab Instruction
Objective 1. Create a Static Route on R1 that states to get to 10.61.20.0/24 go to the next hop of 10.61.12.2 then place the return
route on R2 stating to get to 10.61.10.0/24 go to the next hop of 10.61.12.1. Verify that the routes added operate correctly by pinging
R2s Lo0 interface sourced from R1s Lo0 interface.
The steps of this objective are pretty straight forward and demonstrated below;
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip route 10.61.20.0 255.255.255.0 10.61.12.2
R1(config)#end
R1#
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip route 10.61.10.0 255.255.255.0 10.61.12.1
R2(config)#end
R2#
And now to verify communication by pinging R2s Lo0 from R1 sourced from R1s Lo0 interface. This basically simulates traffic
coming from 10.61.10.1 going to 10.61.20.1 to verify that communications between those two subnets are functioning properly.
R1#ping 10.61.20.1 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.61.20.1, timeout is 2 seconds:
Packet sent with a source address of 10.61.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/50/104 ms
R1#
Keep in mind if youre able to ping R2s Lo0 interface from R1s Lo0 then you have bidirectional ip communications, if not then you
would not get a echo reply (ping reply) from R2 after R1 sent the echo request (ping).
Objective 2. Create a Static Route on R2 that states to get to 10.61.30.0/24 go to the next hop of 10.61.23.2 then place the return
route on R3 stating to get to 10.61.20.0/24 go to the next hop of 10.61.23.1. Verify that the routes added operate correctly by pinging
R3s Lo0 interface sourced from R2s Lo0 interface.
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip route 10.61.30.0 255.255.255.0 10.61.23.2
R2(config)#end
R2#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#ip route 10.61.20.0 255.255.255.0 10.61.23.1
R3(config)#end
R3#
Once the static route statements are configured youre ready to Verify that the routes added operate correctly by pinging R3s Lo0
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#ip route 10.61.10.0 255.255.255.0 10.61.23.1
R3(config)#end
R3#
And now to verify IP communication between 10.61.10.0/24 and 10.61.30.0/24 you can ping R3s Loopback0 from R1 with the pings
sourced from R1s Loopback0 interface as shown below;
R1#ping 10.61.30.1 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.61.30.1, timeout is 2 seconds:
Packet sent with a source address of 10.61.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/64/124 ms
R1#
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Floating static routes are used for redundancy in-case an interface fails. This lab will discuss and demonstrate the
configuration of a floating static route.
in laymen terms, when a dynamic routing process neighbor relationship fails for whatever reason all the routes get removed which
includes the default route learned via the dynamic routing process. If and when this incident occurs in a network the device will
automatically inject the static route as it would be next in line with the highest administrative distance.
Configuring a floating static route is very easy and its done by a command you already know; ip route n.n.n.n s.s.s.s nh.nh.nh.nh but
you add a number to the end of the command ranging between 1-255 whereas 255 is unreachable. Any route given the
administrative distance of 255 WILL NOT be installed in the routing table under any circumstances. Keep in mind the default
administrative distance of a static route is 1.
In this lab youll use Lab 6-1s topology but add an additional link between R1 and R2 to create a backup traffic path for R1 to reach
R2 and R3. Topology shown below;
Command
Description
This command is executed from global configuration and is the same command used to
configure a static route but statically sets the administrative distance following the next
hop.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than configure the devices respected hostname(s).
Load the initial configurations provided below by copying the config from the textbox and pasting it into the respected routers
console.
!##################################################
!
enable
configure terminal
!
hostname R2
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.55.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!##################################################
!
!#
Free CCNA
Workbook Lab
6-2 R3 Initial Config
interface
Serial0/0.221
point-to-point
!##################################################
description ### FRAME RELAY LINK TO R1 ###
!ip address 10.62.12.2 255.255.255.252
enable
frame-relay interface-dlci 221
configure
terminal
!
!
interface Serial0/0.223 point-to-point
hostname
R3 ### FRAME RELAY LINK TO R3 ###
description
!ip address 10.62.23.1 255.255.255.252
interface
Loopback0
frame-relay
interface-dlci 223
!no shut
interface
Serial0/0
exit
no frame-relay inverse-arp
end
Lab Objectives
interface Serial0/0.322 point-to-point
interface Serial0/0
no shut
exit
!
Configure the new point-to-point link between R1 and R2 using the subnet 10.62.21.0/30 and ppp encapsulation. Verify that
the link is up using ping.
end
Create two floating static routes with the administrative distance of 200 for 10.55.20.0/24 and 10.55.30.0/24 pointing towards
R2s backup link IP address.
Create a floating route on R2 with the administrative distance of 200 for 10.55.10.0/24 pointing towards R1s backup link IP
address.
Shutdown Serial0/0 on R1 and Serial0/0.221 on R2 to simulate a link outage and verify IP connectivity by tracing to the
10.55.30.0/24 network from the 10.55.10.0/24 network.
Lab Instruction
Objective 1. Configure the new point-to-point link between R1 and R2 using the subnet 10.62.21.0/30 and ppp encapsulation. Verify
that the link is up using ping.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface Serial0/1
R1(config-if)#ip address 10.62.21.1 255.255.255.252
R1(config-if)#encapsulation ppp
R1(config-if)#no shut
R1(config-if)#end
R1#
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface serial0/1
R2(config-if)#ip add 10.62.21.2 255.255.255.252
R2(config-if)#encapsulation ppp
R2(config-if)#no shut
R2(config-if)#end
R2#ping 10.62.21.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.62.21.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/42/60 ms
R2#
Objective 2. Create two floating static routes with the administrative distance of 200 for 10.55.20.0/24 and 10.55.30.0/24 pointing
towards R2s backup link IP address.
Under the core knowledge section you learned the concepts of floating routes and how to configure them. The commands are the
same as a static route except specifying an administrative distance as shown below;
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip route 10.55.20.0 255.255.255.0 10.62.21.2 200
R1(config)#ip route 10.55.30.0 255.255.255.0 10.62.21.2 200
R1(config)#end
R1#
Objective 3. Create a floating route on R2 with the administrative distance of 200 for 10.55.10.0/24 pointing towards R1s backup
link IP address.
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip route 10.55.10.0 255.255.255.0 10.62.21.1 200
R2(config)#end
R2#
Objective 4. Shutdown Serial0/0.221 on R2 and Serial0/0 on R1 and to simulate a link outage and verify IP connectivity by tracing
to the 10.55.30.0/24 network from the 10.55.10.0/24 network.
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#interface Serial0/0.221
R2(config-subif)#shutdown
R2(config-subif)#end
R2#
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface serial0/0
R1(config-if)#shutdown
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
%LINK-5-CHANGED: Interface Serial0/0, changed state to
administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to down
R1#traceroute 10.55.30.1 source Lo0
Type escape sequence to abort.
Tracing the route to 10.55.30.1
1 10.62.21.2 152 msec 52 msec 44 msec
2 10.62.23.2 188 msec 240 msec 217 msec
R1#
As you can see from the traceroute shown above, traffic sourced from 10.55.10.0/24 destined towards 10.55.30.1 will take the point
to point link as you see that the first hop in the transit path is 10.62.21.2 which is R2s Serial0/1 interface.
Previous Lab
Like
Next Lab
180 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
The default route, also known as the gateway of last resort is used commonly to route traffic with no longer match
towards the internet. This lab will discuss and demonstrate the configuration of a default route.
Configuring a Default Route is as simple as configuring a static route. A default route is represented by 0.0.0.0/0. If you take a second
and analyze the network and subnet youll realize that any ip address can fall in this subnet from 0.0.0.0 to 255.255.255.255.
In this lab you will use the same topology that youre worked with in the previous Lab 6-2 however the IP Addressing has been
updated to reflect the lab number. You will be removing the static routes previously assigned to R3 and configuring a default route on
R3 to point towards R2.
Command
Description
When specifying a static route to 0.0.0.0/0 you are effectively configuring a default route,
a route that will catch all traffic if no other route exist for the traffic destination in the
routing table.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.63.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!##################################################
!
!#
Free CCNA
Workbook Lab
6-3 R3 Initial Config
interface
Serial0/0.221
point-to-point
!##################################################
description ### FRAME RELAY LINK TO R1 ###
!ip address 10.63.12.2 255.255.255.252
enable
frame-relay interface-dlci 221
configure
terminal
!
!
interface Serial0/0.223 point-to-point
hostname
R3 ### FRAME RELAY LINK TO R3 ###
description
!ip address 10.63.23.1 255.255.255.252
interface
Loopback0
frame-relay
interface-dlci 223
!no shut
interface
Serial0/0
exit
encapsulation
frame-relay
description ###
PPP LINK TO R1 ###
serial
restart-delay
ip address
10.63.21.20255.255.255.252
no
frame-relayppp
inverse-arp
encapsulation
!serial restart-delay 0
Lab Objectives
interface
no shut Serial0/0.322 point-to-point
iproute
address
10.63.23.2
255.255.255.252
ip
10.63.10.0
255.255.255.0
10.63.12.1
frame-relay
interface-dlci
322
ip
route 10.63.30.0
255.255.255.0
10.63.23.2
!
ip route 10.63.10.0 255.255.255.0 10.63.21.1 200
interface
Serial0/0
!
no shut
end
exit
!
Remove all currently configured static routes on R3 than configure a default route on R3 pointing towards R2s Serial0/0.223
interface IP.
end
Verify that you have IP reachability from R3s 10.63.30.0/24 network to R1s 10.63.10.0/24 network.
Verify rather or not you can ping R1s PPP backup interface IP address.
Lab Instruction
Objective 1. Remove all currently configured static routes on R3 than configure a default route on R3 pointing towards R2s
Serial0/0.223 interface IP
R3#show run | include ip route
ip route 10.63.10.0 255.255.255.0 10.63.23.1
ip route 10.63.20.0 255.255.255.0 10.63.23.1
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#no ip route 10.63.10.0 255.255.255.0 10.63.23.1
R3(config)#no ip route 10.63.20.0 255.255.255.0 10.63.23.1
R3(config)#ip route 0.0.0.0 0.0.0.0 10.63.23.1
R3(config)#end
R3#
Objective 2. Verify that you have IP reachability from R3s 10.63.30.0/24 network to R1s 10.63.10.0/24 network.
Previously the traffic would have taken the routes you just removed but now that the router has a default route it will take it as the
route of last resort as shown below;
R3#ping 10.63.10.1 source lo0
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Routing Information Protocol known as RIP is a fairly simplistic dynamic routing protocol which can be deployed in a
matter of minutes. This lab will discuss and demonstrate the configuration and verification of basic RIP
implementation.
By standard; RIP utilizes three different timers to function properly however if youre running RIP on a Cisco router a 4th timer will be
used called the Hold Down timer. Timer functions given below;
Timer
Description
Update Timer
This interval at which hello packets are sent to neighboring routers. The Cisco Default is every 30
seconds +/- 5 Seconds to prevent synchronization
Invalid Timer
The invalid timer is the interval at which the router will mark the route(s) invalid by using a metric of 16
and advertise them with an unreachable metric (16). When a route is marked invalid on a Cisco router
it is enters hold down. The Cisco default invalid timer is 180 Seconds.
The hold down timer is the interval at which a specific route that has been previously marked invalid
will be suppressed updates with an equal or greater metric. This timer is intended to prevent
inaccurate routing updates (routing by rumor) till the topology has had the time to converge or a route
with a better metric has been received.. The hold down timer is a Cisco extension of the RIP protocol
and is not included int he IETF standard.
Flushed Timer
The interval at which after the invalid timer the router waits after a route has been marked invalid
before it flushes it (removes it) from the routing table.
So lets have a run down of this shall we? R1 and R2 are connected via a Frame Relay T1 link and they both run RIP. R2 advertises
10.70.20.0/24 to R1 via RIP. However R2 randomly goes off line due to a power failure at the facility. R1 will wait 180 seconds (6
hello intervals) before all routes learned via R2 are declared invalid and marked unreachable by a metric of 16; The hold down timer
also expires at the same time as the invalid timer does thus meaning the router will now accept any new routes to the previously
marked unreachable learned via R2. If no new routes are learned during a period of 60 seconds after the invalid/hold time timers
expire (the time it takes to count to the flush timer from the invalid timer)) then the route will be flushed (removed) from the routing
table completely.
Now that you have a general understanding of how RIP operates lets further your knowledge and take a look at how RIP prevents
routing loops in the network.
The RIP standard implements two different technologies to prevent routing loops; split-horizon and poison reverse. However Cisco
has gone a step further and introduced the hold down timer which will prevent any route with a better metric from being injected into
the routing table after a router has received an advertisement from an neighboring router saying that the route has been marked
unreachable via a metric of 16. This helps prevent transient routing loops commonly caused by unstable (flapping) routes.
Split-horizon is a general loop avoidance mechanism commonly used by most distance vector protocols such as RIP, IGRP, EIGRP
as well as newer technologies such as VPNS (Virtual Private Network Services) and Babel; a new IP routing protocol which is
currently an experimental distance vector protocol. In general this mechanism prevents updates from being out the same interface in
which they were received. After all; if R2 sent R1 and update about 10.70.20.0/24, would R2 need to hear that update back from R1?
The answer is simply no.
However in some cases split-horizon must be disabled for proper network functionality; in one specific case is the Hub-and-Spoke
topology in a frame relay network. The spoke will advertise its routes to the hub through an interface but the hub must re-advertise
those updates back out the same physical interface to get to the other spokes. Split horizon is disabled on a per interface basis using
the no ip split-horizon command.
Poison Reverse is a type of route poisoning mechanism in which case a RIP router will advertise the routes learned from a
neighboring router with an unreachable hop count metric (16) back to its neighbor with the unreachable metric to ensure all routers
on the segment is aware that that particular route is unreachable.
RIP maintains a database of all routes learned via its neighbors. This is known as the RIP Database and can be viewed using the
show ip rip database command in user or privileged mode.
Now that you have a good understanding of RIPs fundamental operation lets dive into the configuration. RIP is a single routing
process on a particular router. With that being said you cannot have multiple RIP processes running like EIGRP which will be
discussed in the next section.
To start the rip process youll use the router rip command in global configuration; after which youll be placed into dynamic routing
configuration mode, denoted by the Router(config-router)# prompt. To assign networks to participate in the RIP routing process youll
use the network x.x.x.x command. Any interfaces that falls in the specified network range will participate in the RIP routing process.
By default RIP will operate at Version 1 which is a classful version (does not support VLSM) and auto summarize so when you
specify any network under the RIP routing process it will automatically be converted to its classful network address range such as
10.70.10.0 on R1 would be converted to 10.0.0.0
When working with RIP version 1 keep in mind that it is a classful routing protocol; meaning that the same subnet must be used for
the entire network. So if you use a /24 on a switch where all the PCs are aggregated at then you must use a /24 network on the
WAN link between branches otherwise the /24 networks will not get propagated over the WAN link. RIPv1 does not include the
subnet in the updates sent to neighboring routers; only the network address. So in laymen terms, a /24 can only be advertised to
another router through through a link that uses a /24 network due to the neighboring router assuming the subnet mask is tied to the
interface in which the update was received.
By default RIP will auto summarize at the network boundary. So with that being said you cannot have 10.0.0.0/8 network connected
to R1 and R1 is connected to R2 via a class B 172.16.0.0/16 subnet which in turn is connected to R3 which also has the 10.0.0.0/8
subnet directly connected. This design will not work as traffic from R1s 10.0.0.0/8 subnet will not traverse R2 to get to R3s
10.0.0.0/8 subnet because R1 believes 10.0.0.0/8 is already directly connected.
Now that youve got a solid foundation of the Routing Information Protocol (RIP); its time to start configuring some routers. This lab
will use the same topology as the previous section discussing static routing. Youre going to convert a static routed network into a
dynamic RIP routed network. The topology is shown below;
Command
Description
router rip
This command is executed in global configuration to start the RIP routing process on a router.
network x.x.x.x
This command is executed router configuration mode to specify the networks participating in the
dynamic routing process.
This command will display all the networks in the RIP database when executed in privileged or user
mode.
show ip protocols
This command when executed in privileged or user mode will show the RIP routing process global
configuration settings such as timers, networks, rip version (per interface) and other useful
information.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.20.1 255.255.255.0
interface Serial0/0
!##################################################
!
!#
Free CCNA
Workbook Lab
7-1 R3 Initial Config
interface
Serial0/0.221
point-to-point
!##################################################
description ### FRAME RELAY LINK TO R1 ###
!ip address 10.70.12.2 255.255.255.252
enable
frame-relay interface-dlci 221
configure
terminal
!
!
interface Serial0/0.223 point-to-point
hostname
R3 ### FRAME RELAY LINK TO R3 ###
description
!ip address 10.70.23.1 255.255.255.252
interface
Loopback0
frame-relay
interface-dlci 223
!no shut
interface
Serial0/0
exit
encapsulation
frame-relay
description ###
PPP LINK TO R1 ###
serial
restart-delay
ip address
10.70.21.20255.255.255.252
no
frame-relayppp
inverse-arp
encapsulation
!serial restart-delay 0
Lab Objectives
interface
Serial0/0.322
point-to-point
clock rate
128000
description
### FRAME RELAY LINK TO R2 ###
no shut
ip address 10.70.23.2 255.255.255.252
exit
!
ip route 10.70.10.0 255.255.255.0 10.70.12.1
interface
Serial0/0 255.255.255.0 10.70.23.2
ip route 10.70.30.0
noroute
shut 10.70.10.0 255.255.255.0 10.70.21.1 200
ip
exit
!
!
end
You are tasked with migrating the network from static routing to RIP. Remove all static routes currently configured on R1, R2
and R3.
Configure R1, R2 and R3 to run the Routing Information Protocol (RIP) and specify the classful network statement in which
interfaces will participate in RIP dynamic routing process. Verify that RIP is running on R1 via the show ip protocols
command.
Verify that routes are propagating properly from R1 to R2 and from R2 to R3; if not then why?
Lab Instruction
Objective 1. You are tasked with migrating the network from static routing to RIP. Remove all static routes currently configured on
R1, R2 and R3.
To view all current static routes you can use the show run with the inclusion of ip route
R1#show run | inc ip route
ip route 10.70.20.0 255.255.255.0
ip route 10.70.20.0 255.255.255.0
ip route 10.70.30.0 255.255.255.0
ip route 10.70.30.0 255.255.255.0
R1#configure terminal
Enter configuration commands, one
R1(config)#no ip route 10.70.20.0
R1(config)#no ip route 10.70.20.0
R1(config)#no ip route 10.70.30.0
R1(config)#no ip route 10.70.30.0
R1(config)#end
R1#
10.70.12.2
10.70.21.2 200
10.70.12.2
10.70.21.2 200
per line. End with CNTL/Z.
255.255.255.0 10.70.12.2
255.255.255.0 10.70.21.2 200
255.255.255.0 10.70.12.2
255.255.255.0 10.70.21.2 200
10.70.12.1
10.70.21.1 200
10.70.23.2
per line. End with CNTL/Z.
255.255.255.0 10.70.12.1
255.255.255.0 10.70.21.1 200
255.255.255.0 10.70.23.2
Objective 2. Configure R1, R2 and R3 to run the Routing Information Protocol (RIP) and specify the classful network statement in
which interfaces will participate in RIP dynamic routing process. Verify that RIP is running on R1 via the show ip protocols
command.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router rip
R1(config-router)#network 10.0.0.0
R1(config-router)#end
R1#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#router rip
R2(config-router)#network 10.0.0.0
R2(config-router)#end
R2#
R2#configure terminal
Enter configuration commands, one per line.
R3(config)#router rip
R3(config-router)#network 10.0.0.0
R3(config-router)#end
R3#
Objective 3. Verify that routes are propagating properly from R1 to R2 and from R2 to R3; if not then why?
To verify that routes are being learned via RIP you can view the routing table and the rip database as shown below;
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C
C
C
C
R
R2#
R2#show ip rip database
10.0.0.0/8
auto-summary
10.70.12.0/30
directly connected, Serial0/0.221
10.70.21.0/30
directly connected, Serial0/1
10.70.23.0/30
directly connected, Serial0/0.223
10.70.20.0/24
directly connected, Loopback0
10.70.10.0/30
[1] via 10.70.12.1, 00:00:05, Serial0/0.221
[1] via 10.70.21.1, 00:00:04, Serial0/1
R2#
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
There are two versions of RIP known as v1 and v2. The differences are major changes in how RIP advertises and
populates the routing table. This lab will discuss and demonstrate the configuration and verification of RIPv1 and
RIPv2.
Command
Description
version 2
This command is executed in rip router configuration mode to specify that the RIP
process should operate at version 2.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial0/0.221 point-to-point
description ### FRAME RELAY LINK TO R1 ###
ip address 10.70.12.2 255.255.255.252
frame-relay interface-dlci 221
!
interface Serial0/0.223 point-to-point
description ### FRAME RELAY LINK TO R3 ###
ip address 10.70.23.1 255.255.255.252
!
!##################################################
!
enable
configure terminal
!
hostname R3
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.30.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
Lab Objectives
interface Serial0/0.322 point-to-point
router rip
network 10.0.0.0
Verify that all routes are propagating properly in the network from R1 to R2 and from R3 to R2 using show ip route. Verify IP
!
end
connectivity using ping sourced from the 10.70.20.0/24 network to the 10.70.10.0/24 and 10.70.30.0/24 networks
Lab Instruction
Objective 1. Configure R1, R2 and R3 to run RIP Version 2.
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#end
R1#
R2>enable
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#end
R2#
R3>enable
R3#configure terminal
Enter configuration commands, one per line.
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#end
R3#
Objective 2. Verify that all routes are propagating properly in the network from R1 to R2 and from R3 to R2 using show ip route.
Verify IP connectivity using ping sourced from the 10.70.20.0/24 network to the 10.70.10.0/24 and 10.70.30.0/24 networks
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
The default timers on RIP can be tuned to meet the requirements of your network. This lab will discuss and
demonstrate the configuration and verification of RIP Timers.
In this lab you will configure the timers on all routers to 30 second updates, 40 second invalid, 10 second hold down and 60 second
flush and manually set R3 to send updates to R2 every 10 seconds over interface Serial0/0.322
Familiarize yourself with the following new command(s);
Command
Description
timers basic 30 40 10 60
This command is executed in rip router configuration mode to globally set the update,
invalid, hold down and flush timers of the RIP routing process.
ip rip advertise #
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial0/0.221 point-to-point
description ### FRAME RELAY LINK TO R1 ###
ip address 10.70.12.2 255.255.255.252
frame-relay interface-dlci 221
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-rip-timers/[4/12/2015
7:11:47 PM]
!
!##################################################
!
enable
configure terminal
!
hostname R3
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.30.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
Lab Objectives
interface Serial0/0.322 point-to-point
Configure the RIP timers on R1, R2 and R3 to 30 second updates, 40 second invalid, 10 second hold and 60 second flush.
router rip
version 2
network 10.0.0.0
exit
On R3 configure Serial0/0.322 to send updates every 10 seconds towards R2. Verify your configuration.
line con 0
logging sync
no exec-timeout
end
Lab Instruction
Objective 1. Configure the RIP timers on R1, R2 and R3 to 30 second updates, 40 second invalid, 10 second hold and 60 second
flush. Verify your configuring.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router rip
R1(config-router)#timers basic 30 40 10 60
R1(config-router)#end
R1#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 26 seconds
Invalid after 40 seconds, hold down 10, flushed after 60
Redistributing: rip
Default version control: send version 2, receive version 2
Interface
Send Recv Triggered RIP Key-chain
Serial0/0.122
2
2
Serial0/1
2
2
Loopback0
2
2
Loopback1
2
2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
Routing Information Sources:
Gateway
Distance
Last Update
10.70.12.2
120
00:00:05
10.70.21.2
120
00:00:05
Distance: (default is 120)
R1#
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#router rip
R2(config-router)#timers basic 30 40 10 60
R2(config-router)#end
R2#show ip protocols
Routing Protocol is "rip"
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router rip
R3(config-router)#timers basic 30 40 10 60
R3(config-router)#end
R3#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 22 seconds
Invalid after 40 seconds, hold down 10, flushed after 60
Redistributing: rip
Default version control: send version 2, receive version 2
Interface
Send Recv Triggered RIP Key-chain
Serial0/0.322
2
2
Loopback0
2
2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
Routing Information Sources:
Gateway
Distance
Last Update
10.70.23.1
120
00:00:21
Distance: (default is 120)
R3#
Objective 2. On R3 configure Serial0/0.322 to send updates every 10 seconds towards R2. Verify your configuration.
R3#configure terminal
Enter configuration commands, one per line.
R3(config)#interface Serial0/0.322
R3(config-subif)#ip rip advertise 10
R3(config-subif)#end
There are three ways to verify that the interface timer that youve configured is operating properly. The first method of verification is
that you can run debug ip rip events on R2 to view how often the updates are coming from R3, they should be approximately 10
seconds apart give or take a few seconds.
The second method you can use to verify that the interface specific advertisement timer is operating correctly is using the show ip
protocols command on R2 and you should see the last update received from 10.70.23.2 never go above 10 seconds.
And the last method of verification however is not documented in any Cisco documentation and the command is a hidden command
that will not show up when using the ?. The command is called show ip rip timers This command is very vague and does not display
any details at all however it does show the update intervals on a per interface basis. This command will show the time it the router
will wait before it sends another update through an interface.
When you do show ip protocols under rip youll see the interfaces listed in order as shown below;
R3#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 6 seconds
Invalid after 40 seconds, hold down 10, flushed after 60
Redistributing: rip
Default version control: send version 2, receive version 2
Interface
Send Recv Triggered RIP Key-chain
Serial0/0.322
2
2
Loopback0
2
2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
Routing Information Sources:
Gateway
Distance
Last Update
10.70.23.1
120
00:00:11
Distance: (default is 120)
R3#
You can see that Serial0/0.322 is listed first and Loopback0 is second. Now when you execute the show ip rip timers command in
privileged mode youll see the following output;
R3#show ip rip timers
RIP timers
Expiration
Type
|
3.680 (parent)
|
3.680 Ager interval
|
7.172 (parent)
|
7.172 Periodic update
|
25.722 Periodic update
R3#
When you look at the output youll see two Periodic update timers, the first one being Serial0/0.322 which will send its next update in
7.172 seconds and Loopback0 which will send its next update in 25.722 seconds.
Note that the Ager interval is the hold down timer.
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
By default RIP sends its updates on a fixed interval which can consume bandwidth. Triggered updates is a method
that RIP can use so only updates are sent when the routes change. This lab will discuss and demonstrate the
configuration and verification of RIP Triggered Updates.
The configuration of triggered updates is done on a per interface basis and must be configured on both sides of the link. The
command used to enable triggered updates is ip rip triggered You can verify the configuration via the show ip protocols command.
This lab will use the same logical topology as used previous Lab 7-3 as shown below;
In this lab you will configure triggered updates on the point to point Frame relay link between R2 and R3.
Familiarize yourself with the following new command(s);
Command
Description
ip rip triggered
This command is executed under interface configuration mode to enable the RIP
RFC2092 Triggered Updates extension.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial0/0.221 point-to-point
description ### FRAME RELAY LINK TO R1 ###
ip address 10.70.12.2 255.255.255.252
!
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-rip-triggered-updates/[4/12/2015
7:12:07 PM]
exit
!##################################################
!
enable
configure terminal
!
hostname R3
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.30.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
ip rip advertise 10
Lab Objectives
!
Configure the point-to-point Frame Relay link between R2 and R3 to use triggered rip updates to conserve bandwidth.
!
router rip
version 2
network 10.0.0.0
timers basic 30 40 10 60
!
end
Lab Instruction
Objective 1. Configure the point-to-point Frame Relay link between R2 and R3 to use triggered rip updates to conserve bandwidth.
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#interface Serial0/0.223
R2(config-subif)#ip rip triggered
R2(config-subif)#end
R2#
R3#configure terminal
Enter configuration commands, one per line.
R3(config)#interface Serial0/0.322
R3(config-subif)#ip rip triggered
R3(config-subif)#end
R3#
Serial0/1
2
2
Loopback0
2
2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
Routing Information Sources:
Gateway
Distance
Last Update
10.70.12.1
120
00:00:07
10.70.23.2
120
00:01:28
10.70.21.1
120
00:00:18
Distance: (default is 120)
R2#
R3#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 23 seconds
Invalid after 40 seconds, hold down 0, flushed after 60
Redistributing: rip
Default version control: send version 2, receive version 2
Interface
Send Recv Triggered RIP Key-chain
Serial0/0.322
2
2
Yes
Loopback0
2
2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
Routing Information Sources:
Gateway
Distance
Last Update
10.70.23.1
120
00:00:09
Distance: (default is 120)
R3#
Examine the show ip protocols information and youll see that Serial0/0.223 has yes under triggered on R2 and Serial0/0.322 has
yes under triggered on R3.
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
When it comes to configuring RIP, there are serveral interface parameters that can be configured to fine tune the
operation of RIP. This lab will discuss and demonstrate the configuration and verification of RIP interface parameters.
In this lab you will configure R2 and R3 to send RIPv1 and RIPv2 updates between each other on their Frame Relay point-to-point
interface. You will also configure R1 to send RIPv2 updates as broadcast to R2 via the point-to-point interface.
Familiarize yourself with the following new command(s);
Command
Description
ip rip v2-broadcast
This command is executed in interface configuration mode and specifies that RIPv2
should send updates out that specific interface using broadcast and not multicast.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!##################################################
!
!#
Free CCNA
Workbook Lab
7-5 R3 Initial Config
interface
Serial0/0.221
point-to-point
!##################################################
description ### FRAME RELAY LINK TO R1 ###
!ip address 10.70.12.2 255.255.255.252
enable
frame-relay interface-dlci 221
configure
terminal
ip rip triggered
!
hostname
interfaceR3
Serial0/0.223 point-to-point
!
interface Serial0/0
interface
no shut Serial0/0
encapsulation
frame-relay
interface
Serial0/1
serial
restart-delay
0
description
### PPP LINK
TO R1 ###
no
inverse-arp
ip frame-relay
address 10.70.21.2
255.255.255.252
!encapsulation ppp
Lab Objectives
interface
Serial0/0.322
serial restart-delay
0 point-to-point
description
### FRAME RELAY LINK TO R2 ###
clock rate 128000
ip shut
address 10.70.23.2 255.255.255.252
no
frame-relay
interface-dlci 322
exit
!version 2
Configure R2 to send and receive RIP Version 1 and 2 updates on the point-to-point link towards R3. Verify your configuration.
interface
Serial0/0
network 10.0.0.0
no
shutbasic 30 40 10 60
timers
exit
!
!
end
Configure R2 to send and receive RIP Version 1 and 2 updates on the point-to-point link towards R2. Verify your configuration.
router rip
version 2
network 10.0.0.0
Configure R1s point-to-point interface towards R2 to send RIPv2 updates as broadcast. Verify your configuration using the
timers basic 30 40 10 60
!
end
Lab Instruction
Objective 1. Configure R2 to send and receive RIP Version 1 and 2 updates on the point-to-point link towards R3. Verify your
configuration.
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Serial0/0.223
R2(config-subif)#ip rip send version 1 2
R2(config-subif)#ip rip receive version 1 2
R2(config-subif)#end
R2#
R2#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 24 seconds
Invalid after 40 seconds, hold down 0, flushed after 60
Redistributing: rip
Default version control: send version 2, receive version 2
Interface
Send Recv Triggered RIP Key-chain
Serial0/0.221
2
2
Serial0/0.223
1 2
1 2
Yes
Serial0/1
2
2
Loopback0
2
2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
Last Update
00:00:28
00:31:10
00:00:00
R2#
Objective 2. Configure R2 to send and receive RIP Version 1 and 2 updates on the point-to-point link towards R2. Verify your
configuration.
R3>enable
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface Serial0/0.322
R3(config-subif)#ip rip send version 1 2
R3(config-subif)#ip rip receive version 1 2
R3(config-subif)#end
R3#
R3#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 8 seconds
Invalid after 40 seconds, hold down 0, flushed after 60
Redistributing: rip
Default version control: send version 2, receive version 2
Interface
Send Recv Triggered RIP Key-chain
Serial0/0.322
1 2
1 2
Yes
Loopback0
2
2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
Routing Information Sources:
Gateway
Distance
Last Update
10.70.23.1
120
00:35:30
Distance: (default is 120)
R3#
Objective 3. Configure R1s point-to-point interface towards R2 to send RIPv2 updates as broadcast. Verify your configuration using
the debug ip rip events
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#interface Serial0/1
R1(config-subif)#ip rip v2-broadcast
R1(config-subif)#end
R1#
To verify that RIP is indeed sending RIPv2 updates via broadcast you can use the debug ip rip events command as shown below;
R1#debug ip rip events
R1#
RIP: sending v2 update to 255.255.255.255 via Serial0/1 (10.70.21.1)
RIP: Update contains 3 routes
RIP: Update queued
RIP: Update sent via Serial0/1
R1#
As you can see RIP reported that it was sending a v2 update to 255.255.255.255 (Broadcast) via Serial0/1. This confirms that RIPv2
is indeed sending broadcast updates to R2 via the point-to-point frame-relay link.
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
You have the ability to define static neighbor in RIP which can be used for configuring neighbors across NBMA links or
just hardening the communication where RIP communicates using unicast. This lab will discuss and demonstrate the
configuration and verification of static RIP Neighbors.
In this lab you will configure a static neighbor relationship between R1 and R2 via the Point-to-Point T1 link and verify that the
neighbor relationship is indeed operating in a unicast fashion using debug ip rip events
Familiarize yourself with the following new command(s);
Command
Description
neighbor x.x.x.x
This command is configured in the RIP routing process to specify a static neighbor relationship
and use unicast communication with that node.
passive-interface name#/#
This command is executed in RIP configuration mode to specify a specific interface as passive
which prevents the advertisement of multicast/broadcast updates.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial0/0.221 point-to-point
description ### FRAME RELAY LINK TO R1 ###
ip address 10.70.12.2 255.255.255.252
frame-relay interface-dlci 221
ip rip triggered
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-rip-static-neighbors/[4/12/2015
7:12:48 PM]
ip rip send version 1 2
!##################################################
!
enable
configure terminal
!
hostname R3
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.30.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
Lab Objectives
interface Serial0/0.322 point-to-point
Remove the previous RIP v2-broadcast configuration from R1s point-to-point towards R2 and configure R2s Point-to-Point T1
interface Serial0/0
no shut
exit
!
router rip
version 2
network 10.0.0.0
Configure both R1 and R2 to not send Multicast/Broadcast updates out the Point-to-Point T1 link.
timers basic 30 40 10 60
end
Verify that RIP updates are being sent between R1 and R2 via Unicast using the debug ip rip events command.
Lab Instruction
Objective 1. Remove the previous RIP v2-broadcast configuration from R1s point-to-point towards R2 and configure a R2s Pointto-Point T1 interface IP address as a static neighbor.
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#interface Serial0/1
R1(config-subif)#no ip rip v2-broadcast
R1(config-subif)#router rip
R1(config-router)#neighbor 10.70.21.2
R1(config-router)#end
R1#
Objective 3. Configure both R1 and R2 to not send Multicast/Broadcast updates out the Point-to-Point T1 link.
R1#configure terminal
R1(config)#router rip
R1(config-router)#passive-interface serial0/1
R1(config-router)#end
R1#
R2#configure terminal
R2(config)#router rip
R2(config-router)#passive-interface serial0/1
R2(config-router)#end
R2#
Objective 4. Verify that RIP updates are being sent between R1 and R2 via Unicast using the debug ip rip events command.
R1#debug ip rip events
RIP: sending v2 update to 10.70.21.2 via Serial0/1 (10.70.21.1)
RIP: Update contains 3 routes
RIP: Update queued
RIP: Update sent via Serial0/1
RIP: received v2 update from 10.70.21.2 on Serial0/1
RIP: Update contains 5 routes
R1#u all
All possible debugging has been turned off
R1#
As shown by the debug output above you can see that R1 sends a RIPv2 update to 10.70.21.2 via Serial0/1 and receives RIPv2
updates from 10.70.21.2. This shows that RIP unicast control traffic is operating as configured.
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
JNCIA Training
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Configuring static default routes on every single network device in the infrastructure is cumbersome. This function can
be done automagically with default route propogation in RIP known as default information originate. This lab will
discuss and demonstrate the configuration and verification of RIP Default Information Originate.
In this lab you will configure R3 to advertise a default route throughout the RIP routing domain.
Familiarize yourself with the following new command(s);
Command
Description
default-information originate
This command is executed in RIP router configuration mode to configure RIP to advertise a
default route throughout the RIP routing domain.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial0/0.221 point-to-point
description ### FRAME RELAY LINK TO R1 ###
ip address 10.70.12.2 255.255.255.252
frame-relay interface-dlci 221
!
interface Serial0/0.223 point-to-point
description ### FRAME RELAY LINK TO R3 ###
ip address 10.70.23.1 255.255.255.252
frame-relay interface-dlci 223
ip rip triggered
ip rip send version 1 2
ip rip receive version 1 2
!
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-rip-default-information-originate/[4/12/2015
7:13:07 PM]
!##################################################
!
enable
configure terminal
!
hostname R3
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.30.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
Lab Objectives
interface Serial0/0.322 point-to-point
Configure R3 to advertise a default route via the Routing Information Protocol (RIP).
interface Serial0/0
no shut
exit
Verify that the default route is properly propagated from R3 to R2 and R1 by viewing the RIP database and routing table on R1
router rip
and R2.
version 2
network 10.0.0.0
timers basic 30 40 10 60
Lab Instruction
end
Objective 1. Configure R3 to advertise a default route via the Routing Information Protocol (RIP).
R3>enable
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router rip
R3(config-router)#default-information originate
R3(config-router)#end
R3#
Objective 2. Verify that the default route is properly propagated from R3 to R2 and R1 by viewing the RIP database and routing
table on R1 and R2.
R2#show ip rip database
0.0.0.0/0
auto-summary
0.0.0.0/0
[1] via 10.70.23.2, 00:01:56 (permanent), Serial0/0.223
* Triggered Routes:
- [1] via 10.70.23.2, Serial0/0.223
10.0.0.0/8
auto-summary
10.30.0.0/22
[1] via 10.70.23.2, 00:08:47 (permanent), Serial0/0.223
* Triggered Routes:
- [1] via 10.70.23.2, Serial0/0.223
10.70.10.0/24
[1] via 10.70.12.1, 00:00:16, Serial0/0.221
10.70.12.0/30
directly connected, Serial0/0.221
10.70.20.0/24
directly connected, Loopback0
10.70.21.0/30
directly connected, Serial0/1
10.70.21.1/32
directly connected, Serial0/1
10.70.23.0/30
directly connected, Serial0/0.223
10.70.30.0/24
[1] via 10.70.23.2, 00:08:47 (permanent), Serial0/0.223
* Triggered Routes:
- [1] via 10.70.23.2, Serial0/0.223
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
As you can see from R2s RIP database that the route 0.0.0.0/0 is being learned via 10.70.23.2 on Serial0/0.223. According to the
routing table, the router will route 0.0.0.0/0 to 10.70.23.2 as the default route is learned via RIP as denoted by the R*
R1#show ip rip database
0.0.0.0/0
auto-summary
0.0.0.0/0
[2] via 10.70.21.2, 00:00:00, Serial0/1
[2] via 10.70.12.2, 00:00:15, Serial0/0.122
10.0.0.0/8
auto-summary
10.30.0.0/22
[2] via 10.70.21.2, 00:00:00, Serial0/1
[2] via 10.70.12.2, 00:00:15, Serial0/0.122
10.70.10.0/24
directly connected, Loopback0
10.70.12.0/30
directly connected, Serial0/0.122
10.70.20.0/24
[1] via 10.70.21.2, 00:00:00, Serial0/1
[1] via 10.70.12.2, 00:00:15, Serial0/0.122
10.70.21.0/30
directly connected, Serial0/1
10.70.21.2/32
directly connected, Serial0/1
10.70.23.0/30
[1] via 10.70.21.2, 00:00:00, Serial0/1
[1] via 10.70.12.2, 00:00:15, Serial0/0.122
10.70.30.0/24
[2] via 10.70.21.2, 00:00:00, Serial0/1
[2] via 10.70.12.2, 00:00:15, Serial0/0.122
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.70.21.2 to network 0.0.0.0
R
C
C
R
R
C
R
C
R*
R1#
As shown above, R1s route to 0.0.0.0/0 is being learned via 10.70.12.1 and 10.70.21.2 as there are redundant links between R1 and
R2.
To further verify that the default route is operating as planned you can do a traceroute on R1 to any ip address not in in the routing
table such as 4.2.2.2 and it should load balanced towards R2 and then hit R3 before it returns and ICMP host unreachable as shown
below;
R1#traceroute 4.2.2.2
Type escape sequence to abort.
Tracing the route to 4.2.2.2
1 10.70.21.2
10.70.12.2
10.70.21.2
2 10.70.23.2
3 10.70.23.2
R1#
13
16
12
28
!H
msec
msec
msec
msec 24 msec 32 msec
!H *
When doing a traceroute on a Cisco device, you may encounter several different types of responses represented by different letters.
These letters have been listed out below to better your understanding of the traceroute and ping command(s);
Response
Description
Timed out
Protocol Unreachable
Administratively Denied
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Route summarization is a common practice to reduce resource utilization on network devices. Instead of having
hundreds of /24s you can have a single /16. This lab will discuss and demonstrate the configuration and verification
of RIP Route summarization.
So lets say you have 4 directly connected interfaces on R3 as; 10.30.0.0/24, 10.30.1.0/24, 10.30.2.0/24 and 10.30.3.0/24 and you
want to advertise these 4 routes as a single route to R2 to save memory and CPU cycles. How would you accomplish this?
First off you would need to subnet the 4 address ranges, in this case 10.30.0.0/22 would cover all 4 networks that are directly
connected. So then you would need to send that summary address out the interface using the command ip summary-address rip
10.30.0.0 255.255.252.0
This lab will continue to build upon the same logical topology used previously in Lab 7-7 as shown below;
In this lab you will disable auto-summarization on all routers and configure R3 with 4 new loopback interfaces with the IP addresses
of 10.30.0.0/24, 10.30.1.0/24, 10.30.2.0/24 and 10.30.3.0/24 and create a summary route that is sent to R2 via the point-to-point
frame-relay link between R3 and R2.
Familiarize yourself with the following new command(s);
Command
Description
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!##################################################
!
!#
Free CCNA
Workbook Lab
7-8 R3 Initial Config
interface
Serial0/0.221
point-to-point
!##################################################
description ### FRAME RELAY LINK TO R1 ###
!ip address 10.70.12.2 255.255.255.252
enable
frame-relay interface-dlci 221
configure
terminal
ip rip triggered
hostname
R3
ip rip receive
version 1 2
!
interface Loopback0
Serial0/0.223 point-to-point
interface Serial0/0
!
description
### PHYSICAL FRAME RELAY INTERFACE ###
interface
Serial0/0
ip address
no shut
encapsulation frame-relay
exit
!serial restart-delay 0
no frame-relay
inverse-arp
interface
Serial0/1
Lab Objectives
interface
Serial0/0.322
point-to-point
ip address
10.70.21.2 255.255.255.252
description ###
FRAME RELAY LINK TO R2 ###
encapsulation
ppp
ip address
10.70.23.20255.255.255.252
serial
restart-delay
frame-relay
interface-dlci 322
clock
rate 128000
ip shut
rip advertise 10
no
ip rip triggered
exit
Disable auto-summarization on all routers in the network topology; R1, R2 and R3.
ip riprip
receive version 1 2
router
!version 2
interface
Serial0/0
network 10.0.0.0
no
shutbasic 30 40 10 60
timers
Configure R3 with 4 new loopback interfaces using the ip addresses; 10.30.0.1/24, 10.30.1.1/24, 10.30.2.1/24 and
exit
passive-interface Serial0/1
!neighbor 10.70.21.1
router
rip
!
10.30.3.1/24
version 2
end
network 10.0.0.0
Configure a RIP summary route to be advertised to R2 via Serial0/0.322 summarizing the 4 new networks into a single route.
timers basic 30 40 10 60
default-information originate
!
end
Verify your configuration by viewing the routing table on R2 and ensuring that R2 is learning the summary route and not four
/24 subnets.
Lab Instruction
Objective 1. Disable auto-summarization on all routers in the network topology; R1, R2 and R3.
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#router rip
R1(config-router)#no auto-summary
R1(config-router)#end
R1#
R2>enable
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#router rip
R2(config-router)#no auto-summary
R2(config-router)#end
R2#
R1>enable
R3#configure terminal
Objective 2. Configure R3 with 4 new loopback interfaces using the ip addresses; 10.30.0.1/24, 10.30.1.1/24, 10.30.2.1/24 and
10.30.3.1/24
R3>enable
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface Lo 103000
R3(config-if)#ip add 10.30.0.1 255.255.255.0
R3(config-if)#interface Lo 103010
R3(config-if)#ip add 10.30.1.1 255.255.255.0
R3(config-if)#interface Lo 103020
R3(config-if)#ip add 10.30.2.1 255.255.255.0
R3(config-if)#interface Lo 103030
R3(config-if)#ip add 10.30.3.1 255.255.255.0
R3(config-if)#end
R3#
Objective 3. Configure a RIP summary route to be advertised to R2 via Serial0/0.322 summarizing the 4 new networks into a single
route.
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface Serial0/0.322
R3(config-subif)#ip summary-address rip 10.30.0.0 255.255.252.0
R3(config-subif)#end
R3#
Objective 4. Verify your configuration by viewing the routing table on R2 and ensuring that R2 is learning the summary route and
not four /24 subnets.
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.70.23.2 to network 0.0.0.0
R
C
R
R
C
C
C
C
R*
R2#
To perform additional verification you can view R1s routing table to verify if the route is being correctly summarized as a a single /22
or multiple /24 subnets.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.70.21.2 to network 0.0.0.0
R
C
C
R
R
C
R
C
R*
R1#
As shown in R1s routing table; 10.30.0.0/22 is being load balanced over the frame relay link and the point-to-point T1 link.
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
There may be cases where you need to prefer one route over another route from a neighboring device with redundant
links. For example; latency, bandwidth, etc This lab will discuss and demonstrate the configuration and verification
of RIP route offset lists.
The syntax of the offset-list configuration is offset-list ACLNAME in|out metric# interface#/#; an example youd potentially see on a
Cisco router could be offset-list RIP_OFFSET in 5 Serial0/0 which states any routes learned via Serial0/0 that match the networks
permitted in the RIP_OFFSET ACL then add +5 to the metric.
This lab will continue to build upon the same logical topology used previously in Lab 7-8 as shown below;
In this lab you will configure a bi-directional offset list on R1 to prevent the point-to-point T1 link between R1 and R2 from load
balancing and only be used if the primary frame-relay link fails.
Familiarize yourself with the following new command(s);
Command
Description
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.70.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!##################################################
!
!#
Free CCNA
Workbook Lab
7-9 R3 Initial Config
interface
Serial0/0.221
point-to-point
!##################################################
description ### FRAME RELAY LINK TO R1 ###
!ip address 10.70.12.2 255.255.255.252
enable
frame-relay interface-dlci 221
configure
terminal
ip rip triggered
hostname
R3
ip rip receive
version 1 2
!
interface Loopback0
Serial0/0.223 point-to-point
interface Loopback103000
!
ip address
10.30.0.1 255.255.255.0
interface
Serial0/0
!no shut
interface Loopback103010
exit
interface
Loopback103020
description
### PPP LINK TO R1 ###
Lab Objectives
ip address 10.30.2.1
10.70.21.2255.255.255.0
255.255.255.252
!encapsulation ppp
interface
Loopback103030
serial restart-delay
0
ip
address
255.255.255.0
clock
rate 10.30.3.1
128000
!no shut
interface
Serial0/0
exit
Configure a standard named access list called RIP_BACKUP_OFFSET and permit any traffic.
no ip address
router
rip
encapsulation
frame-relay
no
auto-summary
serial restart-delay
0
version
2
no frame-relay
inverse-arp
network
10.0.0.0
Configure an offset-list on R1 to increase the metric by 2 hops from any routes advertised or learned on interface Serial0/1
no ip split-horizon
timers
basic 30 40 10 60
!passive-interface serial0/1
interface
point-to-point
neighbor Serial0/0.322
10.70.21.1
Verify your configuration by viewing the routing table on both R1 and R2.
ip rip advertise 10
ip rip triggered
Lab Instruction
ip rip send version 1 2
exit
!
Objective
1. Configure a standard named access list called RIP_BACKUP_OFFSET and permit any traffic.
router rip
no auto-summary
version 2
network 10.0.0.0
R1>enable
R1#configure terminal
! Enter configuration commands, one per line.
End with CNTL/Z.
end
R1(config)#ip access-list standard RIP_BACKUP_OFFSET
R1(config-std-nacl)#permit any
R1(config-std-nacl)#end
R1#
timers basic 30 40 10 60
default-information originate
Objective 2. Configure an offset-list on R1 to increase the metric by 2 hops from any routes advertised or learned on interface
Serial0/1.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router rip
R1(config-router)#offset-list RIP_BACKUP_OFFSET in 2 Serial0/1
R1(config-router)#offset-list RIP_BACKUP_OFFSET out 2 Serial0/1
R1(config-router)#end
R1#
Objective 3. Verify your configuration by viewing the routing table on both R1 and R2.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.70.12.2 to network 0.0.0.0
R
C
C
R
R
C
R
C
R*
R1#
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.70.23.2 to network 0.0.0.0
R
C
R
R
C
C
C
C
R*
R2#
As shown from above; the IP routing tables of R1 and R2 are no longer load balancing traffic using the frame-relay network and the
point-to-point backup T1.
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
EIGRP is an extremely common routing protocol due to its simplicity and ease of configuration. This lab will discuss
and demonstrate the configuration and verification of the Cisco EIGRP dynamic routing protocol.
[/notification]
EIGRP in and of its self is a Hybrid routing protocol which has characteristics of both a distance vector and link state protocol. Much
like RIP using the triggered feature, EIGRP updates are only sent when a change in the network is determined. At first EIGRP
routers will form a neighbor relationship and exchange the topological information. After which the routing protocol will send periodic
hellos to ensure that the neighbor is still there. However when a link goes down or a route changes, updates are then sent to
neighboring routers via multicast 224.0.0.10 using its own IP protocol number 88.
EIGRP uses the Diffusing Update ALgorithm (DUAL) which ensures a loop free routing domain by maintaining two separate routes in
the eigrp topology table called Successor and Feasible Successor routes. The Successor route is the route that is injected into the
routers routing table as the best route whereas the Feasible Successor route is effectively the backup route which is required to
adhere to the successor feasibility condition. The rule states that in order to be considered a Feasible Successor route, the
advertised distance (AD) of the Feasible Successor should be less than the feasible distance (FD) of the Successor
The Advertised Distance is the distance advertised by an upstream neighboring router to a particular route destination.
The Feasible Distance is the distance to a particular route destination from a specific router. The sum of the administrative distance
and the distance towards the advertising router towards that specific route. For example; From R1s perspective, R3 is advertising a
distance of 10000 to the destination 10.22.55.0/24 however your distance to R3 from R1 is 500, so your feasible distance would be
10500.
EIGRP maintains three separate tables, the neighbor table, topology table and the routing table;
The neighbor table establishes a list of all adjacent routers which a particular router has formed a neighbor relationship with.
Neighbors exchange routing information and hellos to ensure a neighbor is still up.
The topology table is basically the route database in which all destination routes learned via the neighbors are stored. Routes in the
topology table can be marked with a P for passive which means the routes are stable. Routes marked as A Active are routes that
no longer satisfy the feasibility condition and are actively searching for a replacement Successor route by querying neighboring
routers. If a successor route has a feasible successor, the route will never be marked active as the router will have a backup route to
fail back to in case the primary (Successor route) fails. The convergence time is very low.
If a route goes down and no Feasible Successor exist for the route, EIGRP will query neighboring routers to see if there is an
alternate route to the failed route. In a poorly designed network, EIGRP queries can be the downfall of the network as an EIGRP
route can become SIA (Stuck in Active). If a query response is not received back from a router within the allotted time (SIA Timer:
180 seconds by default) the neighbor relationship is dropped and any routes associated with that neighbor relationship are purged
resulting in dropped packets while the network is re-converging.
The EIGRP metric is calculated by a formula using five separate values known as K Values. By default only K Values 1 and 3 are
used (Bandwidth & Delay), K2, K4 and K5 are set to 0. The EIGRP metric formula and K Values are defined below;
EIGRP Metric = 256*((K1*Bw) + (K2*Bw)/(256-Load) + K3*Delay)*(K5/(Reliability + K4)))
K1 = Bandwidth
K2 = Load
K3 = Delay
K4 = Reliability
K5 = Maximum Transmission Unit (MTU)
So if you use the order of operations you can deduce the equation down to
EIGRP Metric = 256(Bandwidth + Delay)
Now keep in mind the Bandwidth and Delay have formulas in and of themselves to derive those variables. To determine the
bandwidth youll divide the interface bandwidth from the max bandwidth. To determine delay youll divide the interface delay by 10 as
the EIGRP metric uses tens of microseconds in its calculation. View the formulas below;
Bandwidth = (10^7/Bandwidth in Kbps)
Delay = 10/uSec
So if you want to determine the composite metric of a T1 link at 1.544Mbs (1544Kbps) youll need to get the bandwidth and delay
variables first then plug those into the EIGRP metric calculation formula as shown below; Keep in mind the delay on a T1 serial
interface is 20000uSec (20,000 Microseconds)
Bandwidth = (10^7/1544) = 6476.68 == 6476 (rounded down)
Delay = (10/20000) = 2000
EIGRP Metric = 256*(6476 + 2000) =
2169856
As shown below is the EIGRP topology table for an EIGRP T1 point-to-point link with the metric underlined;
R1#show ip eigrp topology
IP-EIGRP Topology Table for AS(10)/ID(10.80.12.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10.80.12.0/30, 1 successors, FD is 2169856
via Connected, Serial0/1
R1#
Now that you have a basic understanding of the operation of EIGRP, lets get into the configurational portion of the lab. Many of the
commands used to configure EIGRP are similar to configuring RIP. You enter the EIGRP router process using the router eigrp as#
The AS# (Autonomous System #) is however a new concept. An autonomous system is by definition a collection of multiple
networking devices under the control of a single or multiple entity which share a common routing policy for the network. However you
can have multiple autonomous systems under the control of the same organization for example; multiple facilities or sites nation or
world wide interconnected but segregated for management purposes.
Like RIPv2, auto-summary is also enabled by default on EIGRP. Unless you disable auto-summary within the eigrp routing process a
router will summarize at the boundary to the classful network.
When specifying networks which participate in the routing process you must use a wildcard mask. This is the inverse bit notation of a
subnet mask. So if a subnet mask is 255.255.255.0 (11111111.11111111.11111111.00000000), then you invert the bits, 1 to 0 and 0
to 1 and the wildcard mask becomes 0.0.0.255 (00000000.00000000.00000000.11111111)
Keep in mind when specifying the network statement under the EIGRP routing process, the network you specify does NOT specify
the network that will be advertised in the EIGRP autonomous system but specifies the network range in which interfaces with IP
address which fall into that specified network participates in EIGRP. With that being said, if you have 10.80.0.0 0.255.255.255 this
means that any interface that has an IP address in the 10.80.0.0/8 network will participate in the EIGRP routing process. The subnet
mask are derived from the interfaces for example if you have 10.20.30.1/24 on Serial0/0 and you specify the 10.80.0.0
0.255.255.255 network in the EIGRP routing process. EIGRP will advertise 10.20.30.0/24 and not 10.80.0.0/8 because the network
statement does not specify the advertised network, only which interfaces participate in the routing process.
It is best practice to specify interface IP address which participate in the routing process down to the host IP address to prevent future
unwanted interface participation when a new interface is added. In this case under router configuration mode youd specify the
network 10.20.30.1 0.0.0.0 statement. This would prevent an interface with the IP address of 10.30.22.1/24 from participating in the
routing process if you used the network 10.80.0.0 0.255.255.255 statement.
Like RIPv2, you can statically specify neighbors using the neighbor x.x.x.x command in router configuration mode to configure EIGRP
to operate over a NBMA network such as Frame Relay. By default EIGRP uses multicast to send hello packets to 224.0.0.10 using
IP protocol 88 and a TTL of 1
By using the show ip eigrp neighbors command you can view which neighbors a specific router has formed adjacencies with. Also
this command will display other important information such as the interface in which the neighbor was learned on, the SRTT is the
time it takes for an update to be sent to a neighbor and an acknowledgment to be received back. The Retransmission timeout is the
interval at which EIGRP will retransmit hello packets if an acknowledgment is not received back. The Q (Queue Count) is the
number of updates EIGRP has queued to send to that specific neighbor and neighbor uptime.
Another command similar to show ip eigrp neighbors is show ip eigrp interface which displays more information about EIGRP
pertaining to the interfaces such as how many neighbors were learned via a specific interface, the transmit queue, average SRTT
per interface and pending routes.
Labs in Section 8 will use the following diagram shown below;
Command
Description
This command is executed in global configuration mode to start an EIGRP routing process with
the specified autonomous system number.
no auto-summary
This command is executed in EIGRP router configuration mode to specify which interfaces
participate in the EIGRP routing process. This command uses the network id of the subnet and
a wildcard mask to identify the network range.
neighbor x.x.x.x
This command when executed from privileged mode will display all current neighbor
adjacencies on that specific router as well as information pertaining to that neighbor. You can
specify a specific neighbor by listing the IP address following this command. i.e; show ip eigrp
neighbor 10.80.1.2
This command when executed from privileged mode will display information relating to EIGRP
on a per-interface basis such as number of peers learnt via an interface, average SRTT and
pending routes.
This command is executed from privileged mode and forces the acquittal of a neighbor
relationship. You can force all neighbor relationships to drop by not specifying a neighbors IP
address. Keep in mind when you purge a neighbor all routes learned via that neighbor will be
purged from the routing table.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3 and R4.
Establish a console session with devices R1, R2, R3 and R4 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.80.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
no shut
!
!##################################################
!
enable
configure terminal
!
hostname R3
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.80.30.1 255.255.255.0
interface Serial0/0
!##################################################
no frame-relay inverse-arp
!#
no Free
shut CCNA Workbook Lab 8-1 R4 Initial Config
!##################################################
!
!
interface Serial0/0.321 point-to-point
enable
description ### FRAME RELAY LINK TO R1 ###
configure
terminal
ip address
10.80.234.3 255.255.255.248
!frame-relay interface-dlci 321
hostname
R4
!
no
ip domain-lookup
interface
Serial0/1
!exit
interface
Serial0/0
!
description
### PHYSICAL FRAME RELAY INTERFACE ###
line
con 0
ip address
10.80.234.4 255.255.255.248
logging
sync
encapsulation
frame-relay
no exec-timeout
!serial restart-delay 0
!##################################################
no frame-relay inverse-arp
end
!#
Free
CCNA
Lab421
8-1 R5 Initial Config
frame
map
ip Workbook
10.80.234.1
!##################################################
no shut
!
enable
interface Serial0/1
configure
terminal
description
### POINT-TO-POINT LINK TO R5 ###
!ip address 10.80.45.1 255.255.255.252
hostname
R5
encapsulation
ppp
no
domain-lookup
noip
shut
!exit
interface
Loopback0
!
description
### SIMULATED NETWORK ###
line
con 0
ip address
10.80.50.1 255.255.255.0
logging
sync
!no exec-timeout
interface
Serial0/1
!
encapsulation ppp
no shut
exit
Lab Objectives
!
line con 0
logging sync
no exec-timeout
end
Configure EIGRP Autonomous System 10 on all Routers and disable auto summary; then configure the network statements to
match only the host ip address of locally connected interfaces.
Verify neighbor relationships and the routes being learned via EIGRP using the show ip eigrp neighbor and show ip route
commands.
Lab Instruction
Objective 1. Configure EIGRP Autonomous System 10 on all Routers and disable auto summary; then configure the network
statements to match only the host ip address of locally connected interfaces.
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router eigrp 10
R1(config-router)#no auto-summary
R1(config-router)#network 10.80.10.1 0.0.0.0
R1(config-router)#network 10.80.234.1 0.0.0.0
R1(config-router)#end
R1#
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router eigrp 10
R2(config-router)#no auto-summary
R2(config-router)#network 10.80.20.1 0.0.0.0
R2(config-router)#network 10.80.234.2 0.0.0.0
R3(config-router)#network 10.80.23.1 0.0.0.0
R2(config-router)#end
R2#
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.1 (Serial0/0.221) is up: new adjacency
R2#
R3>enable
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router eigrp 10
R3(config-router)#no auto-summary
R3(config-router)#network 10.80.30.1 0.0.0.0
R3(config-router)#network 10.80.234.3 0.0.0.0
R3(config-router)#network 10.80.23.2 0.0.0.0
R3(config-router)#end
R3#
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.1 (Serial0/0.321) is up: new adjacency
R3#
R4>enable
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router eigrp 10
R4(config-router)#no auto-summary
R4(config-router)#network 10.80.40.1 0.0.0.0
R4(config-router)#network 10.80.234.4 0.0.0.0
R4(config-router)#network 10.80.45.1 0.0.0.0
R4(config-router)#end
R4#
R5>enable
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#router eigrp 10
R5(config-router)#no auto-summary
R5(config-router)#network 10.80.45.2 0.0.0.0
R5(config-router)#network 10.80.50.1 0.0.0.0
R5(config-router)#end
R5#
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.45.1 (Serial0/1) is up: new adjacency
R5#
As youll notice when youre configure the EIGRP routing process new neighbors will form between R1 and R2, R1 and R3, R4 and
R5 but not between R1 and R4; why is this?
Objective 2 Verify neighbor relationships and the routes being learned via EIGRP using the show ip eigrp neighbor and show ip
route commands.
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 10
H
Address
Interface
1
10.80.234.3
0
10.80.234.2
R1#
Se0/0
Se0/0
Hold Uptime
SRTT
(sec)
(ms)
13 00:14:13 444
10 00:17:09 205
RTO
Q Seq
Cnt Num
3996 0 3
1230 0 3
From R1 you can see from above that R1 has established neighbor relationships with R2 and R3 but not R4. This is due to broadcast
not being enabled on the frame map from R1 to R4 and vice versa. The ISP does not permit broadcast on the specific PVC however
you will learn how to fix this issue in the next Lab 8-2 by configuring Static Neighbors.
As shown below you can see that routes from R2 and R3 are properly being propagated to R1 via EIGRP as denoted by the D letter
next to the routes in the ip routing table.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
D
D
D
D
D
C
C
R1#
As an additional measure of verification you can also ping the EIGRP learned networks sourced from the local network to verify that
you have IP connectivity between subnets;
R1#ping 10.80.30.1 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.80.30.1, timeout is 2 seconds:
Packet sent with a source address of 10.80.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/100/152 ms
R1#
Previous Lab
Like
29 Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
There may be times where you need to configure static neighbors for EIGRP such as NBMA networks or for security
reasons. This lab will discuss and demonstrate the configuration and verification of static EIGRP Neighbors.
Command
Description
This command is executed in router configuration mode to specify a static neighbor in EIGRP,
commonly used in NBMA networks where multicast is not permitted. This command will disable
the transmission or processing of received eigrp multicast traffic.
This command is executed in privileged mode to show all current neighbor relationships on a
particular EIGRP enabled device.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3 R4 and R5.
Establish a console session with devices R1, R2, R3 R4 and R5 than load the initial configurations provided below by copying
the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.80.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
!##################################################
no frame-relay inverse-arp
!#
no Free
shut CCNA Workbook Lab 8-2 R3 Initial Config
!##################################################
!
!
interface Serial0/0.221 point-to-point
enable
description ### FRAME RELAY LINK TO R1 ###
configure
terminal
ip address
10.80.234.2 255.255.255.248
!frame-relay interface-dlci 221
hostname
R3
!
no
ip domain-lookup
interface
Serial0/2
interface
Loopback0255.255.255.252
ip add 10.80.23.1
description
###
SIMULATED NETWORK ###
encapsulation
ppp
ip shut
address 10.80.30.1 255.255.255.0
no
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
ip address
no auto-summary
encapsulation
frame-relay
network
10.80.234.2
0.0.0.0
serial
0
networkrestart-delay
10.80.20.1 0.0.0.0
!##################################################
no
frame-relay
inverse-arp
network
10.80.23.1
0.0.0.0
!#
Free
no
shut CCNA Workbook Lab 8-2 R4 Initial Config
exit
!##################################################
!
!
interface
line con 0Serial0/0.321 point-to-point
enable
description
logging sync### FRAME RELAY LINK TO R1 ###
configure
terminal
ip exec-timeout
address
10.80.234.3 255.255.255.248
no
!frame-relay interface-dlci 321
hostname
R4
!
end
no
ip domain-lookup
interface
Serial0/1
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
ip auto-summary
address 10.80.234.4 255.255.255.248
no
encapsulation
frame-relay
network 10.80.234.3
0.0.0.0
serial
0
networkrestart-delay
10.80.30.1 0.0.0.0
!##################################################
no
frame-relay inverse-arp
exit
!#
Free
CCNA
Lab421
8-2 R5 Initial Config
map
ip Workbook
10.80.234.1
!frame
!##################################################
no shut
line
con 0
!logging sync
enable
interface
Serial0/1
no exec-timeout
configure
terminal
### POINT-TO-POINT LINK TO R5 ###
!description
!
ip address 10.80.45.1 255.255.255.252
end
hostname
R5
encapsulation
ppp
no
domain-lookup
noip
shut
!exit
interface
Loopback0
!
description
router
eigrp ###
10 SIMULATED NETWORK ###
ip auto-summary
address 10.80.50.1 255.255.255.0
no
interface
Serial0/1 0.0.0.0
network 10.80.234.4
description
### POINT-TO-POINT
LINK TO R4 ###
network 10.80.40.1
0.0.0.0
ip
address 10.80.45.2 255.255.255.252
exit
!encapsulation ppp
no shut
line
con 0
exit
logging sync
Lab Objectives
!no exec-timeout
router
eigrp 10
!
no auto-summary
end
Configure static neighbor relationships on the frame-relay hub and spoke network between R1 and R4, R1 and R3, R1 and
line con 0
logging sync
no exec-timeout
!
end
R2.
Verify on R1 that the neighbor relationships have been established.
Verify that the routes are being propagated between the spokes to the hub and between spoke to spoke.
Lab Instruction
Objective 1. Configure static neighbor relationships on the frame-relay hub and spoke network between R1 and R4, R1 and R3, R1
and R2.
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router eigrp 10
R1(config-router)#neighbor 10.80.234.2 Serial0/0
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.2 (Serial0/0) is down: Static peer config
ured
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.3 (Serial0/0) is down: Static peer config
ured
R1(config-router)#neighbor 10.80.234.3 Serial0/0
R1(config-router)#neighbor 10.80.234.4 Serial0/0
R1(config-router)#end
R1#
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router eigrp 10
R2(config-router)#neighbor 10.80.234.1 Serial0/0.221
R2(config-router)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.1 (Serial0/0.221) is up: new adjacency
R2#
R3>enable
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router eigrp 10
R3(config-router)#neighbor 10.80.234.1 Serial0/0.321
R3(config-router)#end
R3#
%SYS-5-CONFIG_I: Configured from console by console
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.1 (Serial0/0.321) is up: new adjacency
R3#
R4>enable
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router eigrp 10
R4(config-router)#neighbor 10.80.234.1 Serial0/0
R4(config-router)#end
R4#
%SYS-5-CONFIG_I: Configured from console by console
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.1 (Serial0/0) is up: new adjacency
R4#
Objective 2. Verify on R1 that the neighbor relationships have been established.
To view the current neighbor relationships youll use the show ip eigrp neighbors command in privileged mode as shown below;
Se0/0
Se0/0
Se0/0
Hold Uptime
SRTT
(sec)
(ms)
154 00:02:16
83
13 00:12:12 788
14 00:14:13
88
RTO
Q Seq
Cnt Num
498 0 24
4728 0 33
528 0 29
Objective 3. Verify that the routes are being propagated between the spokes to the hub and between spoke to spoke.
As shown below all routes are being advertised to the hub router in the frame-relay network (R1);
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
D
D
D
D
D
D
D
D
D
C
C
R1#
Now verify that the routes from the spoke routers R2 and R3 are in the R4s routing table as shown below;
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
D
C
C
C
D
C
R4#
As you can see from above you can tell that routes on R2 and R3 are not getting to R4 thus not being advertised to R5 as well. What
causes this problem and how do you fix it?
This type of behavior is caused by EIGRP ip split-horizon which states that routes will not be advertised back out an interface which
they were received on. This is a loop-prevention method and in some cases must be disabled such as the hub-and-spoke topology.
You will learn more about split-horizon in Lab 8-3 Configuring EIGRP No Split-Horizon
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
placeholder
Command
Description
This command is executed in interface configuration mode to disable ip split-horizon for the
specified EIGRP autonomous system.
Lab Prerequisites
If you just completed Lab 8-2 you may start where you left off, if not you can load the Free CCNA Workbook GNS3 topology;
start and establish a console session with R1, R2, R3, R4 and R5 then load their initial configurations included below by
copying the config from the textbox and pasting it into the routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.80.20.1 255.255.255.0
interface Serial0/0
!##################################################
no frame-relay inverse-arp
!#
no Free
shut CCNA Workbook Lab 8-3 R3 Initial Config
!##################################################
!
!
interface Serial0/0.221 point-to-point
enable
description ### FRAME RELAY LINK TO R1 ###
configure
terminal
ip address
10.80.234.2 255.255.255.248
!frame-relay interface-dlci 221
hostname
R3
!
no
ip domain-lookup
interface
Serial0/2
interface
Loopback0255.255.255.252
ip add 10.80.23.1
description
###
SIMULATED NETWORK ###
encapsulation
ppp
ip shut
address 10.80.30.1 255.255.255.0
no
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
no ip address
network
10.80.23.1 0.0.0.0
encapsulation
frame-relay
network 10.80.234.2
0.0.0.0
serial
0
networkrestart-delay
10.80.20.1 0.0.0.0
!##################################################
no frame-relay
auto-summaryinverse-arp
!#
Free
WorkbookSerial0/0.221
Lab 8-3 R4 Initial Config
no
shut CCNA
neighbor
10.80.234.1
!##################################################
!exit
!
interface Serial0/0.321 point-to-point
enable
description
### FRAME RELAY LINK TO R1 ###
line
con 0
configure
terminal
ip
address
10.80.234.3 255.255.255.248
logging
sync
!frame-relay
interface-dlci 321
no exec-timeout
hostname
R4
!
no
interface
Serial0/1
endip domain-lookup
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
ip address
10.80.234.4
255.255.255.248
network
10.80.23.2
0.0.0.0
encapsulation
frame-relay
network 10.80.234.3
0.0.0.0
serial
0
networkrestart-delay
10.80.30.1 0.0.0.0
!##################################################
no frame-relay
auto-summaryinverse-arp
!#
Free
CCNA
Lab421
8-3 R5 Initial Config
frame
map
ip Workbook
10.80.234.1
neighbor
10.80.234.1
Serial0/0.321
!##################################################
no
shut
exit
!
enable
interface
line con 0Serial0/1
configure
terminal
description
### POINT-TO-POINT LINK TO R5 ###
logging sync
!ip
10.80.45.1 255.255.255.252
no address
exec-timeout
hostname
R5
ppp
!encapsulation
no
domain-lookup
noip
shut
end
!exit
interface
Loopback0
!
description
router
eigrp ###
10 SIMULATED NETWORK ###
ip address
10.80.50.1
255.255.255.0
network
10.80.45.1
0.0.0.0
description
### POINT-TO-POINT LINK TO R4 ###
no auto-summary
ip
address
10.80.45.2Serial0/0
255.255.255.252
neighbor
10.80.234.1
encapsulation
ppp
exit
!no shut
exitcon 0
line
!logging sync
router
eigrp 10
no exec-timeout
Lab Objectives
no auto-summary
exit
!
line con 0
logging sync
no exec-timeout
!
end
Disable IP Split-Horizon for EIGRP Autonomous System 10 on R1s Frame-Relay Hub interface.
Verify that routes from R2 and R3 are now being propagated through the hub to R4 and R5. Ping R2s Lo0 interface from R5s
Lo0 interface to ensure IP reachability.
Lab Instruction
Objective 1. Disable IP Split-Horizon for EIGRP Autonomous System 10 on R1s Frame-Relay Hub interface.
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#interface Serial0/0
R1(config-if)#no ip split-horizon eigrp 10
R1(config-if)#end
R1#
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor
is resync: split horizon changed
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor
is resync: split horizon changed
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor
is resync: split horizon changed
%SYS-5-CONFIG_I: Configured from console by
R1#
10.80.234.4 (Serial0/0)
10.80.234.3 (Serial0/0)
10.80.234.2 (Serial0/0)
console
Objective 2. Verify that routes from R2 and R3 are now being propagated through the hub to R4 and R5. Ping R2s Lo0 interface
from R5s Lo0 interface to ensure IP reachability.
R5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C
D
D
D
D
D
C
C
D
D
D
R5#
As shown above you can see that R5 now has routes to R2s Lo0 interface and the next hop to that destination is R4 so with that in
mind, R4 also knows how to get there otherwise it would not advertise that specific route.
To verify that R5 has ip reachability to R2s Lo0 interface you can pink R2s Lo0 interface from R5s Lo0 interface as shown below;
R5#ping 10.80.20.1 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.80.20.1, timeout is 2 seconds:
Packet sent with a source address of 10.80.50.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 164/274/380 ms
R5#
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
EIGRP Stubs can be extremely useful when building a scalable EIGRP Routed network. This lab will discuss and
demonstrate the configuration and verification of EIGRP Stubs.
Command
Description
EIGRP Stub
This is the default stub configuration if additional syntax is not specified such as the following
listed below; the default stub will send both connected and summary routes and receive all
routes from upstream neighbors.
Configures a router as a stub router that advertises only directly connected routes. This type of
stub can be used in conjecture with the other stub types excluding receive-only.
Configures a router as a stub router that advertises only route prefixes that match a specific ip
prefix-list.
Configures an EIGRP router as a stub router that will ONLY receive routes from upstream and
not advertise any routes to its neighboring routers. When using this stub type; static routes
must be configured upstream to reach networks within this stub area.
Configures an EIGRP router as a stub router that will only advertise redistributed routes. This
type of stub can be used in conjecture with the other stub types excluding receive-only.
Configures an EIGRP router as a stub router that will only advertise static routes. This type of
stub can be used in conjecture with the other stub types excluding receive-only.
Configures an EIGRP router as a stub router that will only advertise summary routes. This type
of stub can be used in conjecture with the other stub types excluding receive-only.
The CCNA exam objectives only requires you to be familiar with the basic EIGRP stub operation however if you wish to further your
knowledge you may experiment with the other EIGRP stub types.
To configure the EIGRP stub type navigate to the EIGRP router process configuration mode then use the eigrp stub command.
You can verify which neighbors are stub neighbors by using the show ip eigrp neighbors detail command in privileged mode.
In this lab R5 is a branch office and R4 is a regional office. R5 only has a single network it routes for which is 10.80.50.0/24. You will
configure R5 as an EIGRP stub router and verify your configuration.
Familiarize yourself with the following new command(s);
Command
Description
This command is executed in privileged mode to display which eigrp neighbors are
stub routers. EIGRP stub neighbors will not be queried during EIGRP reconvergence.
This lab will continue to build upon the topology previously used in Lab 8-3 as shown below and other labs found through out Section
8.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4 and R5.
Establish a console session with devices R1, R2, R3, R4 and R5 than load the initial configurations provided below by copying
the config from the textbox and pasting it into the respected routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.80.20.1 255.255.255.0
interface Serial0/0
!##################################################
no frame-relay inverse-arp
!#
no Free
shut CCNA Workbook Lab 8-4 R3 Initial Config
!##################################################
!
!
interface Serial0/0.221 point-to-point
enable
description ### FRAME RELAY LINK TO R1 ###
configure
terminal
ip address
10.80.234.2 255.255.255.248
!frame-relay interface-dlci 221
hostname
R3
!
no
ip domain-lookup
interface
Serial0/2
interface
Loopback0255.255.255.252
ip add 10.80.23.1
description
###
SIMULATED NETWORK ###
encapsulation
ppp
ip shut
address 10.80.30.1 255.255.255.0
no
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
no ip address
network
10.80.23.1 0.0.0.0
encapsulation
frame-relay
network 10.80.234.2
0.0.0.0
serial
0
networkrestart-delay
10.80.20.1 0.0.0.0
!##################################################
no frame-relay
auto-summaryinverse-arp
!#
Free
WorkbookSerial0/0.221
Lab 8-4 R4 Initial Config
no
shut CCNA
neighbor
10.80.234.1
!##################################################
!exit
!
interface Serial0/0.321 point-to-point
enable
description
### FRAME RELAY LINK TO R1 ###
line
con 0
configure
terminal
ip
address
10.80.234.3 255.255.255.248
logging
sync
!frame-relay
interface-dlci 321
no exec-timeout
hostname
R4
!
no
interface
Serial0/1
endip domain-lookup
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
ip address
10.80.234.4
255.255.255.248
network
10.80.23.2
0.0.0.0
encapsulation
frame-relay
network 10.80.234.3
0.0.0.0
serial
0
networkrestart-delay
10.80.30.1 0.0.0.0
!##################################################
no frame-relay
auto-summaryinverse-arp
!#
Free
CCNA
Lab421
8-4 R5 Initial Config
frame
map
ip Workbook
10.80.234.1
neighbor
10.80.234.1
Serial0/0.321
!##################################################
no
shut
exit
!
enable
interface
line con 0Serial0/1
configure
terminal
description
### POINT-TO-POINT LINK TO R5 ###
logging sync
!ip
10.80.45.1 255.255.255.252
no address
exec-timeout
hostname
R5
ppp
!encapsulation
no
domain-lookup
noip
shut
end
!exit
interface
Loopback0
!
description
router
eigrp ###
10 SIMULATED NETWORK ###
ip address
10.80.50.1
255.255.255.0
network
10.80.45.1
0.0.0.0
description
### POINT-TO-POINT LINK TO R4 ###
no auto-summary
ip
address
10.80.45.2Serial0/0
255.255.255.252
neighbor
10.80.234.1
encapsulation
ppp
exit
!no shut
exitcon 0
line
Lab Objectives
!logging sync
router
eigrp 10
no exec-timeout
Configure R5 as an EIGRP stub network to send connected and summary routes only to its neighboring router(s)
line con 0
logging sync
no exec-timeout
!
end
Lab Instruction
Objective 1. Configure R5 as an EIGRP stub network to send connected and summary routes only to its neighboring router(s).
There are two different commands you can use to accomplish this objective which do the exact same thing. The first one being eigrp
stub which is the default eigrp stub type and will send connected and summary routes or you can use eigrp stub connected summary
which will give you the same result. This lab will demonstrate the default eigrp stub type as shown below;
R5>enable
R5#configure terminal
Enter configuration commands, one per line.
R5(config)#router eigrp 10
R5(config-router)#eigrp stub
R5(config-router)#end
R5#
%SYS-5-CONFIG_I: Configured from console by
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor
is down: peer info changed
R5#
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor
is up: new adjacency
R5#
console
10.80.45.1 (Serial0/1)
10.80.45.1 (Serial0/1)
Objective 2. Verify R5s EIGRP stub router configuration using only R4.
To view rather or not a neighbor is an EIGRP stub router use the show ip eigrp neighbor detail command in privileged mode as
shown below.
R4>show ip eigrp neighbors detail
IP-EIGRP neighbors for process 10
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.80.45.2 Se0/1 13 00:05:04 1046 5000 0 55
Version 12.4/1.2, Retrans: 2, Retries: 0, Prefixes: 2
Stub Peer Advertising ( CONNECTED SUMMARY ) Routes
Suppressing queries
1 10.80.234.1 Se0/0 155 00:50:43 126 756 0 71
Static neighbor
Version 12.4/1.2, Retrans: 3, Retries: 0, Prefixes: 11
R4>
As you can see from the output of R4 (10.80.45.2) shown above it is Stub Peer Advertising (CONNECTED SUMMARY ) Routes and
below that shows Suppressing Queries This verifies that R5 is indeed an EIGRP stub router and that it is advertising only
connected and summary routes and will not be queried upon EIGRP network re-convergence.
Previous Lab
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
When working with EIGRP you may be required to tune the timers to meet network requirements for resiliency. This
lab will discuss and demonstrate the configuration and verification of EIGRP Timers.
routers must have matching hello/dead timers or the adjacencies will flap. This is a common problem with EIGRP in a frame-relay
hub and spoke topology where a single T1 NBMA PVC does not support broadcast. In this case the broadcast PVCs will use the
hello/dead timers of 5/15 whereas the non-broadcast PVC will use 60/180. This will cause the hub to have adjacencies with
neighbors with different timers on the same physical network thus causing flapping adjacencies.
If you completed the previous lab you should have noticed on all routers in the frame-relay hub-and-spoke topology that the
adjacencies were flapping with the hub router. This is due to a multiple timer mismatch on the hub with one or more spokes. This lab
teach you how to resolve that problem.
The next big reason as to why you may want to manually change the timers on an EIGRP routed network is to increase network
outage detection and re-convergence time. By default on high speed links the hello/dead timer is 5/15 so with that in mind if a router
goes down it will take up to 15 seconds before the neighboring routers know about this outage and then begin to reconverge on the
outage. In some networks its idea to have the ability to detect router outages as quick as possible and in this case you can configure
the hello timer to 1 second and dead timer to 3 seconds.
The EIGRP Hello and Hold-Down timers are configured on a per-interface basis using the ip hello-interval eigrp AS# timeinseconds#
and ip hold-time eigrp as# timeinseconds# commands in interface configuration mode.
Familiarize yourself with the following new command(s);
Command
Description
This lab will continue to build upon the topology previously used in Lab 8-4 and other labs found through out Section 8.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4 and R5.
Establish a console session with devices R1, R2, R3, R4 and R5 than load the initial configurations provided below by copying
the config from the textbox and pasting it into the respected routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.80.20.1 255.255.255.0
interface Serial0/0
!##################################################
no frame-relay inverse-arp
!#
no Free
shut CCNA Workbook Lab 8-5 R3 Initial Config
!##################################################
!
!
interface Serial0/0.221 point-to-point
enable
description ### FRAME RELAY LINK TO R1 ###
configure
terminal
ip address
10.80.234.2 255.255.255.248
!frame-relay interface-dlci 221
hostname
R3
!
no
ip domain-lookup
interface
Serial0/2
interface
Loopback0255.255.255.252
ip add 10.80.23.1
description
###
SIMULATED NETWORK ###
encapsulation
ppp
ip shut
address 10.80.30.1 255.255.255.0
no
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
no ip address
network
10.80.23.1 0.0.0.0
encapsulation
frame-relay
network 10.80.234.2
0.0.0.0
serial
0
networkrestart-delay
10.80.20.1 0.0.0.0
!##################################################
no frame-relay
auto-summaryinverse-arp
!#
Free
WorkbookSerial0/0.221
Lab 8-5 R4 Initial Config
no
shut CCNA
neighbor
10.80.234.1
!##################################################
!exit
!
interface Serial0/0.321 point-to-point
enable
description
### FRAME RELAY LINK TO R1 ###
line
con 0
configure
terminal
ip
address
10.80.234.3 255.255.255.248
logging
sync
!frame-relay
interface-dlci 321
no exec-timeout
hostname
R4
!
no
interface
Serial0/1
endip domain-lookup
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
ip address
10.80.234.4
255.255.255.248
network
10.80.23.2
0.0.0.0
encapsulation
frame-relay
network 10.80.234.3
0.0.0.0
serial
0
networkrestart-delay
10.80.30.1 0.0.0.0
!##################################################
no frame-relay
auto-summaryinverse-arp
!#
Free
CCNA
Lab421
8-5 R5 Initial Config
frame
map
ip Workbook
10.80.234.1
neighbor
10.80.234.1
Serial0/0.321
!##################################################
no
shut
exit
!
enable
interface
line con 0Serial0/1
configure
terminal
description
### POINT-TO-POINT LINK TO R5 ###
logging sync
!ip
10.80.45.1 255.255.255.252
no address
exec-timeout
hostname
R5
ppp
!encapsulation
no
domain-lookup
noip
shut
end
!exit
interface
Loopback0
!
description
router
eigrp ###
10 SIMULATED NETWORK ###
ip address
10.80.50.1
255.255.255.0
network
10.80.45.1
0.0.0.0
description
### POINT-TO-POINT LINK TO R4 ###
no auto-summary
ip
address
10.80.45.2Serial0/0
255.255.255.252
neighbor
10.80.234.1
encapsulation
ppp
exit
!no shut
exitcon 0
line
Lab Objectives
!logging sync
router
eigrp 10
no exec-timeout
!no auto-summary
eigrp stub
end
line con 0
logging sync
no exec-timeout
!
end
Lab Instruction
Objective 1. Configure EIGRP on R4 to send Hellos to R1 at 5 seconds and a dead timer of 15 seconds.
To complete this objective youll use the two commands discussed in the core knowledge section of this lab as shown below;
R4>enable
R4#configure terminal
Enter configuration commands, one per line.
R4(config)#interface Serial0/0
R4(config-if)#ip hello-interval eigrp 10 5
R4(config-if)#ip hold-time eigrp 10 15
R4(config-if)#end
R4#
Objective 2. Verify your configuration on R1 by using the show ip eigrp neighbor command.
You can easily determine the hello/dead timers of an EIGRP neighbor by viewing the neighbor adjacencies. If the hold timer is less
then 15 seconds then its safe to assume that the neighbor is using a 5 second hello interval and a 15 second dead timer. You can
view the neighbor table multiple times to see that the hold timer is reset back to 15 seconds upon each receipt of a hello packet as
shown below;
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 10
H
Address
Interface
2
10.80.234.4
Se0/0
1
10.80.234.3
Se0/0
0
10.80.234.2
Se0/0
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 10
H
Address
Interface
2
10.80.234.4
Se0/0
1
10.80.234.3
Se0/0
0
10.80.234.2
Se0/0
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 10
H
Address
Interface
2
10.80.234.4
Se0/0
1
10.80.234.3
Se0/0
0
10.80.234.2
Se0/0
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 10
H
Address
Interface
2
10.80.234.4
Se0/0
1
10.80.234.3
Se0/0
0
10.80.234.2
Se0/0
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 10
H
Address
Interface
2
10.80.234.4
Se0/0
1
10.80.234.3
Se0/0
0
10.80.234.2
Se0/0
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 10
H
Address
Interface
2
10.80.234.4
1
10.80.234.3
0
10.80.234.2
R1#
Se0/0
Se0/0
Se0/0
Hold Uptime
SRTT
(sec)
(ms)
11 00:18:25 510
11 00:18:53 509
12 00:20:02 529
RTO
Hold Uptime
SRTT
(sec)
(ms)
11 00:18:25 510
10 00:18:54 509
12 00:20:03 529
RTO
Hold Uptime
SRTT
(sec)
(ms)
10 00:18:26 510
10 00:18:54 509
12 00:20:03 529
RTO
Hold Uptime
SRTT
(sec)
(ms)
10 00:18:26 510
10 00:18:54 509
11 00:20:03 529
RTO
Hold Uptime
SRTT
(sec)
(ms)
10 00:18:26 510
14 00:18:54 509
11 00:20:03 529
RTO
Hold Uptime
SRTT
(sec)
(ms)
14 00:18:26 510
14 00:18:54 509
11 00:20:03 529
RTO
Previous Lab
Q Seq
Cnt Num
3060 0 12
3054 0 17
3174 0 17
Q Seq
Cnt Num
3060 0 12
3054 0 17
3174 0 17
Q Seq
Cnt Num
3060 0 12
3054 0 17
3174 0 17
Q Seq
Cnt Num
3060 0 12
3054 0 17
3174 0 17
Q Seq
Cnt Num
3060 0 12
3054 0 17
3174 0 17
Q Seq
Cnt Num
3060 0 12
3054 0 17
3174 0 17
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
EIGRP by default load balances using 4 routes with identical metrics however you may need to change this for
whatever reason. This lab will discuss and demonstrate the configuration and verification of EIGRP Maximum Paths
Command
Description
maximum-paths #
This command is executed in EIGRP router configuration mode to statically configure the
maximum paths value on a per router basis.
This lab will continue to build upon the topology previously used in Lab 8-5 and other labs found through out Section 8.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4 and R5.
Establish a console session with devices R1, R2, R3, R4 and R5 than load the initial configurations provided below by copying
the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.80.20.1 255.255.255.0
!
interface Serial00
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
!##################################################
no frame-relay inverse-arp
!#
no Free
shut CCNA Workbook Lab 8-6 R3 Initial Config
!##################################################
!
!
interface Serial00.221 point-to-point
enable
description ### FRAME RELAY LINK TO R1 ###
configure
terminal
ip address
10.80.234.2 255.255.255.248
!frame-relay interface-dlci 221
hostname
R3
!
no
ip domain-lookup
interface
Serial02
interface
Loopback0255.255.255.252
ip add 10.80.23.1
description
###
SIMULATED NETWORK ###
encapsulation
ppp
ip shut
address 10.80.30.1 255.255.255.0
no
!exit
interface
Serial00
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
no ip address
network
10.80.23.1 0.0.0.0
encapsulation
frame-relay
network 10.80.234.2
0.0.0.0
serial
0
networkrestart-delay
10.80.20.1 0.0.0.0
!##################################################
no frame-relay
auto-summaryinverse-arp
!#
Free
WorkbookSerial00.221
Lab 8-6 R4 Initial Config
no
shut CCNA
neighbor
10.80.234.1
!##################################################
!exit
!
interface Serial00.321 point-to-point
enable
description
### FRAME RELAY LINK TO R1 ###
line
con 0
configure
terminal
ip
address
10.80.234.3 255.255.255.248
logging
sync
!frame-relay
interface-dlci 321
no exec-timeout
hostname
R4
!
no
interface
Serial01
endip domain-lookup
!exit
interface
Serial00
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
ip address
10.80.234.4
255.255.255.248
network
10.80.23.2
0.0.0.0
ip
hello-interval
eigrp
10 5
network
10.80.234.3
0.0.0.0
ip
hold-time
eigrp 10
15
network
10.80.30.1
0.0.0.0
!##################################################
encapsulation
frame-relay
no auto-summary
!#
Freerestart-delay
CCNA
Workbook0
Lab 8-6 R5 Initial Config
serial
neighbor
10.80.234.1
Serial00.321
!##################################################
no
frame-relay inverse-arp
exit
!frame map ip 10.80.234.1 421
enable
no shut
line
con 0
configure
terminal
!logging sync
!
interface
Serial01
no exec-timeout
hostname
R5 ### POINT-TO-POINT LINK TO R5 ###
!description
no
domain-lookup
ipip
address
10.80.45.1 255.255.255.252
end
!encapsulation ppp
interface
no shut Loopback0
description
### SIMULATED NETWORK ###
exit
interface
Serial01 0.0.0.0
network 10.80.45.1
description
### POINT-TO-POINT
LINK TO R4 ###
network 10.80.234.4
0.0.0.0
ip
address
10.80.45.2
255.255.255.252
network
10.80.40.1
0.0.0.0
encapsulation
ppp
no auto-summary
no
shut 10.80.234.1 Serial00
neighbor
exit
Lab Objectives
!
router
eigrp
10
line con
0
no
auto-summary
logging
sync
eigrp
stub
no exec-timeout
On R1, view the routing table and verify that R1 is load-balancing to 10.80.23.0/30; afterward, specify the maximum paths for
line con 0
logging sync
no exec-timeout
!
end
Lab Instruction
Objective 1. On R1, view the routing table and verify that R1 is load-balancing to 10.80.23.0/30; afterward, specify the maximum
paths for EIGRP Autonomous System 10 to use only 1 path.
R1>show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.80.0.0/8 is variably subnetted, 11 subnets, 4 masks
10.80.50.0/24 [90/2809856] via 10.80.234.4, 01:13:17, Serial00
10.80.40.0/24 [90/640256] via 10.80.234.4, 01:13:17, Serial00
10.80.23.1/32 [90/2681856] via 10.80.234.3, 01:13:17, Serial00
10.80.23.0/30 [90/2681856] via 10.80.234.3, 01:13:17, Serial00
[90/2681856] via 10.80.234.2, 01:13:17, Serial00
D
10.80.23.2/32 [90/2681856] via 10.80.234.2, 01:13:17, Serial00
D
10.80.30.0/24 [90/640256] via 10.80.234.3, 01:13:17, Serial00
D
10.80.45.2/32 [90/2681856] via 10.80.234.4, 01:13:17, Serial00
D
10.80.45.0/30 [90/2681856] via 10.80.234.4, 01:13:17, Serial00
D
10.80.20.0/24 [90/512512] via 10.80.234.2, 01:13:17, Serial00
C
10.80.10.0/24 is directly connected, Loopback0
C
10.80.234.0/29 is directly connected, Serial00
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router eigrp 10
R1(config-router)#maximum-paths 1
R1(config-router)#end
R1#
D
D
D
D
As you can see from the routing table on R1 shown above that R1 is no longer load balancing traffic to 10.80.23.0/30 via R2 and R3
but using only R3 as the next hop.
You can view the EIGRP topology and the route to 10.80.23.0/30 via R2 will become the feasible successor (backup route) as shown
below;
R1#show ip eigrp topology
IP-EIGRP Topology Table for AS(10)/ID(10.80.10.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10.80.50.0/24, 1 successors, FD is 2298112
via 10.80.234.4 (2809856/2297856), Serial00
P 10.80.40.0/24, 1 successors, FD is 128512
via 10.80.234.4 (640256/128256), Serial00
P 10.80.23.1/32, 1 successors, FD is 2170112
via 10.80.234.3 (2681856/2169856), Serial00
P 10.80.23.0/30, 1 successors, FD is 2170112
via 10.80.234.2 (2681856/2169856), Serial00
via 10.80.234.3 (2681856/2169856), Serial00
P 10.80.23.2/32, 1 successors, FD is 2170112
via 10.80.234.2 (2681856/2169856), Serial00
P 10.80.30.0/24, 1 successors, FD is 128512
via 10.80.234.3 (640256/128256), Serial00
P 10.80.45.2/32, 1 successors, FD is 2170112
via 10.80.234.4 (2681856/2169856), Serial00
P 10.80.45.0/30, 1 successors, FD is 2170112
via 10.80.234.4 (2681856/2169856), Serial00
P 10.80.20.0/24, 1 successors, FD is 768
via 10.80.234.2 (512512/512), Serial00
P 10.80.10.0/24, 1 successors, FD is 128256
via Connected, Loopback0
P 10.80.234.0/29, 1 successors, FD is 512256
via Connected, Serial00
R1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
There will be times where you want an interface to participate in EIGRP but not establish neighbors on it. This lab will
discuss and demonstrate the configuration and verification of EIGRP Passive Interfaces.
Command
Description
passive-interface
interface#/#
This lab will continue to build upon the topology previously used in Lab 8-6 and other labs found through out Section 8.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4 and R5.
Establish a console session with devices R1, R2, R3, R4 and R5 than load the initial configurations provided below by copying
the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.80.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
!##################################################
no frame-relay inverse-arp
!#
no Free
shut CCNA Workbook Lab 8-7 R3 Initial Config
!##################################################
!
!
interface Serial0/0.221 point-to-point
enable
description ### FRAME RELAY LINK TO R1 ###
configure
terminal
ip address
10.80.234.2 255.255.255.248
!frame-relay interface-dlci 221
hostname
R3
!
no
ip domain-lookup
interface
Serial0/2
interface
Loopback0255.255.255.252
ip add 10.80.23.1
description
###
SIMULATED NETWORK ###
encapsulation
ppp
ip shut
address 10.80.30.1 255.255.255.0
no
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
no ip address
network
10.80.23.1 0.0.0.0
encapsulation
frame-relay
network 10.80.234.2
0.0.0.0
serial
0
networkrestart-delay
10.80.20.1 0.0.0.0
!##################################################
no frame-relay
auto-summaryinverse-arp
!#
Free
WorkbookSerial0/0.221
Lab 8-7 R4 Initial Config
no
shut CCNA
neighbor
10.80.234.1
!##################################################
!exit
!
interface Serial0/0.321 point-to-point
enable
description
### FRAME RELAY LINK TO R1 ###
line
con 0
configure
terminal
ip
address
10.80.234.3 255.255.255.248
logging
sync
!frame-relay
interface-dlci 321
no exec-timeout
hostname
R4
!
no
interface
Serial0/1
endip domain-lookup
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
ip address
10.80.234.4
255.255.255.248
network
10.80.23.2
0.0.0.0
ip
hello-interval
eigrp
10 5
network
10.80.234.3
0.0.0.0
ip
hold-time
eigrp 10
15
network
10.80.30.1
0.0.0.0
!##################################################
encapsulation
frame-relay
no auto-summary
!#
Freerestart-delay
CCNA
Workbook0
Lab 8-7 R5 Initial Config
serial
neighbor
10.80.234.1
Serial0/0.321
!##################################################
no
frame-relay inverse-arp
exit
!frame map ip 10.80.234.1 421
enable
no shut
line
con 0
configure
terminal
!logging sync
!
interface
Serial0/1
no exec-timeout
hostname
R5 ### POINT-TO-POINT LINK TO R5 ###
!description
no
domain-lookup
ipip
address
10.80.45.1 255.255.255.252
end
!encapsulation ppp
interface
no shut Loopback0
description
### SIMULATED NETWORK ###
exit
interface
Serial0/1 0.0.0.0
network 10.80.45.1
description
### POINT-TO-POINT
LINK TO R4 ###
network 10.80.234.4
0.0.0.0
ip
address
10.80.45.2
255.255.255.252
network
10.80.40.1
0.0.0.0
encapsulation
ppp
no auto-summary
no
shut 10.80.234.1 Serial0/0
neighbor
exit
Lab Objectives
!
router
eigrp
10
line con
0
no
auto-summary
logging
sync
eigrp
stub
no exec-timeout
On R5 create the new loopback interface using the IP address of 10.50.0.1/24 then add the respective network statement into
line con 0
logging sync
no exec-timeout
!
end
EIGRP AS 10.
Configure R5s newly created loopback interface as a passive-interface.
Verify your configuration by using the show ip protocols command.
Lab Instruction
Objective 1. On R5 create the new loopback interface using the IP address of 10.50.0.1/24 then add the respective network
statement into EIGRP AS 10.
R5>enable
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#interface loopback5
*Jul 3 19:00:19.631: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback5, changed state
to up
R5(config-if)#ip add 10.50.0.1 255.255.255.0
R5(config-if)#exit
R5(config)#router eigrp 10
R5(config-router)#network 10.50.0.1 0.0.0.0
R5(config-router)#
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
EIGRP Route summarization is used to conserve resources and clean up the routing table. It can also advanced route
engineering based on route summaries and longest match. This lab will discuss and demonstrate the configuration
and verification of EIGRP Route summarization.
Command
Description
This lab will continue to build upon the topology previously used in Lab 8-7 and other labs found through out Section 8.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4 and R5.
Establish a console session with devices R1, R2, R3, R4 and R5 than load the initial configurations provided below by copying
the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.80.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
!##################################################
no frame-relay inverse-arp
!#
no Free
shut CCNA Workbook Lab 8-8 R3 Initial Config
!##################################################
!
!
interface Serial0/0.221 point-to-point
enable
description ### FRAME RELAY LINK TO R1 ###
configure
terminal
ip address
10.80.234.2 255.255.255.248
!frame-relay interface-dlci 221
hostname
R3
!
no
ip domain-lookup
interface
Serial0/2
interface
Loopback0255.255.255.252
ip add 10.80.23.1
description
###
SIMULATED NETWORK ###
encapsulation
ppp
ip shut
address 10.80.30.1 255.255.255.0
no
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
no ip address
network
10.80.23.1 0.0.0.0
encapsulation
frame-relay
network 10.80.234.2
0.0.0.0
serial
0
networkrestart-delay
10.80.20.1 0.0.0.0
!##################################################
no frame-relay
auto-summaryinverse-arp
!#
Free
WorkbookSerial0/0.221
Lab 8-8 R4 Initial Config
no
shut CCNA
neighbor
10.80.234.1
!##################################################
!exit
!
interface Serial0/0.321 point-to-point
enable
description
### FRAME RELAY LINK TO R1 ###
line
con 0
configure
terminal
ip
address
10.80.234.3 255.255.255.248
logging
sync
!frame-relay
interface-dlci 321
no exec-timeout
hostname
R4
!
no
interface
Serial0/1
endip domain-lookup
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
ip address
10.80.234.4
255.255.255.248
network
10.80.23.2
0.0.0.0
ip
hello-interval
eigrp
10 5
network
10.80.234.3
0.0.0.0
ip
hold-time
eigrp 10
15
network
10.80.30.1
0.0.0.0
!##################################################
encapsulation
frame-relay
no auto-summary
!#
Freerestart-delay
CCNA
Workbook0
Lab 8-8 R5 Initial Config
serial
neighbor
10.80.234.1
Serial0/0.321
!##################################################
no
frame-relay inverse-arp
exit
!frame map ip 10.80.234.1 421
enable
no shut
line
con 0
configure
terminal
!logging sync
!
interface
Serial0/1
no exec-timeout
hostname
R5 ### POINT-TO-POINT LINK TO R5 ###
!description
no
domain-lookup
ipip
address
10.80.45.1 255.255.255.252
end
!encapsulation ppp
interface
no shut Loopback0
description
### SIMULATED NETWORK ###
exit
interface
Loopback5 0.0.0.0
network 10.80.45.1
description
### SIMULATED
NETWORK ###
network 10.80.234.4
0.0.0.0
ip
address
10.50.0.1
255.255.255.0
network
10.80.40.1
0.0.0.0
!no auto-summary
interface
neighbor Serial0/1
10.80.234.1 Serial0/0
description
### POINT-TO-POINT LINK TO R4 ###
exit
Lab Objectives
!ip address 10.80.45.2 255.255.255.252
encapsulation
ppp
line
con 0
no
shut sync
logging
exit
no exec-timeout
router
eigrp 10
end
no auto-summary
Configure four new loopback interfaces on R1 using the numbers 4-7, configure these interfaces with the ip address range
eigrp stub
passive-interface Loopback5
exit
!
line con 0
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-eigrp-route-summarization/[4/12/2015
7:16:37 PM]
Lab Instruction
Objective 1. Configure four new loopback interfaces on R1 using the numbers 4-7, configure these interfaces with the ip address
range 10.122.4.0/22. Tip: The 3rd octet as the interface number.
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface loopback4
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback4, changed
to up
R1(config-if)#ip add 10.122.4.1 255.255.255.0
R1(config-if)#interface loopback5
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback5, changed
R1(config-if)#ip address 10.122.5.1 255.255.255.0
R1(config-if)#interface loopback6
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback6, changed
R1(config-if)#ip add 10.122.6.1 255.255.255.0
R1(config-if)#interface loopback 7
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback7, changed
R1(config-if)#ip add 10.122.7.1 255.255.255.0
R1(config-if)#exit
R1(config)#
state
state to up
state to up
state to up
Objective 2. Configure a single network statement to encompass the four newly created loopback interfaces.
R1(config)#router eigrp 10
R1(config-router)#network 10.122.4.0 0.0.3.255
R1(config-router)#exit
R1(config)#
Objective 3. On R1 configure a summary address of 10.122.4.0/22 to be advertised out both the frame-relay hub-and-spoke
interface.
R1(config)#interface Serial0/0
R1(config-if)#ip summary-address eigrp 10 10.122.4.0 255.255.252.0
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.4 (Serial0/0) is resync: summary configur
ed
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.3 (Serial0/0) is resync: summary configur
ed
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.2 (Serial0/0) is resync: summary configur
ed
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
Objective 4. Verify the summary address is being propagated correctly by viewing he routing table on R5.
R5>show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
Previous Lab
Like
Next Lab
17 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Configuring static default routes on every device in the routed network can be cumbersome. with EIGRP you have the
ability to advertise a default route. This lab will discuss and demonstrate the configuration and verification of EIGRP
default route propagation.
then the default router will not be in the transit path of internal traffic thus all internal routers will have the full internal routing table.
You will use the same command as discussed in the previous lab; ip summary-address eigrp as# n.n.n.n s.s.s.s to advertise a default
route from R1 to the spoke routers in the hub-and-spoke topology which include R1, R2, R3 and R4.
This lab will continue to build upon the topology previously used in Lab 8-8 and other labs found through out Section 8.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4 and R5.
Establish a console session with devices R1, R2, R3, R4 and R5 than load the initial configurations provided below by copying
the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.80.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
no ip address
encapsulation frame-relay
serial restart-delay 0
!##################################################
no frame-relay inverse-arp
!#
no Free
shut CCNA Workbook Lab 8-9 R3 Initial Config
!##################################################
!
!
interface Serial0/0.221 point-to-point
enable
description ### FRAME RELAY LINK TO R1 ###
configure
terminal
ip address
10.80.234.2 255.255.255.248
!frame-relay interface-dlci 221
hostname
R3
!
no
ip domain-lookup
interface
Serial0/2
interface
Loopback0255.255.255.252
ip add 10.80.23.1
description
###
SIMULATED NETWORK ###
encapsulation
ppp
ip shut
address 10.80.30.1 255.255.255.0
no
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
no ip address
network
10.80.23.1 0.0.0.0
encapsulation
frame-relay
network 10.80.234.2
0.0.0.0
serial
0
networkrestart-delay
10.80.20.1 0.0.0.0
!##################################################
no frame-relay
auto-summaryinverse-arp
!#
Free
WorkbookSerial0/0.221
Lab 8-9 R4 Initial Config
no
shut CCNA
neighbor
10.80.234.1
!##################################################
!exit
!
interface Serial0/0.321 point-to-point
enable
description
### FRAME RELAY LINK TO R1 ###
line
con 0
configure
terminal
ip
address
10.80.234.3 255.255.255.248
logging
sync
!frame-relay
interface-dlci 321
no exec-timeout
hostname
R4
!
no
interface
Serial0/1
endip domain-lookup
!exit
interface
Serial0/0
!
description
router
eigrp ###
10 PHYSICAL FRAME RELAY INTERFACE ###
ip address
10.80.234.4
255.255.255.248
network
10.80.23.2
0.0.0.0
ip
hello-interval
eigrp
10 5
network
10.80.234.3
0.0.0.0
ip
hold-time
eigrp 10
15
network
10.80.30.1
0.0.0.0
!##################################################
encapsulation
frame-relay
no auto-summary
!#
Freerestart-delay
CCNA
Workbook0
Lab 8-9 R5 Initial Config
serial
neighbor
10.80.234.1
Serial0/0.321
!##################################################
no
frame-relay inverse-arp
exit
!frame map ip 10.80.234.1 421
enable
no shut
line
con 0
configure
terminal
!logging sync
!
interface
Serial0/1
no exec-timeout
hostname
R5 ### POINT-TO-POINT LINK TO R5 ###
!description
no
domain-lookup
ipip
address
10.80.45.1 255.255.255.252
end
!encapsulation ppp
interface
no shut Loopback0
description
### SIMULATED NETWORK ###
exit
interface
Loopback5 0.0.0.0
network 10.80.45.1
description
### SIMULATED
NETWORK ###
network 10.80.234.4
0.0.0.0
ip
address
10.50.0.1
255.255.255.0
network
10.80.40.1
0.0.0.0
!no auto-summary
interface
neighbor Serial0/1
10.80.234.1 Serial0/0
description
### POINT-TO-POINT LINK TO R4 ###
exit
Lab Objectives
!ip address 10.80.45.2 255.255.255.252
encapsulation
ppp
line
con 0
no
shut sync
logging
exit
no exec-timeout
router
eigrp 10
end
no auto-summary
Create a summary route to advertise the address of the 0.0.0.0/0 network on R1s hub-and-spoke serial interface.
eigrp stub
passive-interface Loopback5
exit
!
line con 0
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-eigrp-default-route-propagation/[4/12/2015
7:16:59 PM]
Examine the routing tables on R3 and R4 to ensure the default route is being learned from R1 as well as other routes.
Lab Instruction
Objective 1. Create a summary route to advertise the address of the 0.0.0.0/0 network on R1s hub-and-spoke serial interface.
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface Serial0/0
R1(config-if)#ip summary-address eigrp 10 0.0.0.0 0.0.0.0
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.4 (Serial0/0) is resync: summary configur
ed
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.3 (Serial0/0) is resync: summary configur
ed
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.80.234.2 (Serial0/0) is resync: summary configur
ed
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
Objective 2. Examine the routing tables on R3 and R4 to ensure the default route is being learned from R1 as well as other routes.
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.80.234.1 to network 0.0.0.0
C
C
C
D
D
C
D*
R3#
If you examine the routing table of R3 as shown above youll notice that the default route 0.0.0.0/0 is being learned via 10.80.234.1
on interface Serial0/0.321 however youll also notice that routes that are advertised by R4 and R5 are no longer in the routing table
as but you can still ping those destinations. This is due to R1 only advertising the default route to neighboring routers.
In this case, R4 advertises all its connected networks such as 10.80.40.0/24 to R1 then R1 places this route in its routing table but
only advertises a default route to R2 and R3 however R2 and R3 are still able to get to R4s networks using only the default route.
You can see from examining the routing table of R4 shown below that the same thing is occurring to R4 as it only has a default route
which points to R1 and the previous more specific routes pointing towards R1 originally advertised by R2 and R3 have disappeared.
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
If you view the EIGRP topology table on R4 youll notice that routes from R3 are not being advertised to R4 via R1 but instead only a
default route is advertised as shown below;
R4#show ip eigrp topology
IP-EIGRP Topology Table for AS(10)/ID(10.80.40.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 0.0.0.0/0, 1 successors, FD is 2297856
via 10.80.234.1 (2297856/128256), Serial0/0
P 10.80.50.0/24, 1 successors, FD is 2297856
via 10.80.45.2 (2297856/128256), Serial0/1
P 10.80.40.0/24, 1 successors, FD is 128256
via Connected, Loopback0
P 10.80.45.2/32, 1 successors, FD is 2169856
via Rconnected (2169856/0)
P 10.80.45.1/32, 0 successors, FD is Inaccessible
via 10.80.45.2 (2681856/2169856), Serial0/1
P 10.80.45.0/30, 1 successors, FD is 2169856
via Connected, Serial0/1
P 10.50.0.0/24, 1 successors, FD is 2297856
via 10.80.45.2 (2297856/128256), Serial0/1
P 10.122.4.0/22, 1 successors, FD is 2297856
via 10.80.234.1 (2297856/128256), Serial0/0
P 10.80.234.0/29, 1 successors, FD is 2169856
via Connected, Serial0/0
R4#
As shown above in R4s EIGRP topology routes to 10.80.20.0/24, 10.80.30.0/24 and 10.80.23.0/30 do not exist however a route to
0.0.0.0/0 does which points to R1 which in turn has the missing routes from R4s routing table thus the giving full ip reachability as
shown below with the ping command;
R4#ping 10.80.30.1 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.80.30.1, timeout is 2 seconds:
Packet sent with a source address of 10.80.40.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 160/200/236 ms
R4#
The more preferred way of injecting a default route into the EIGRP topology is by redistributing a static route into EIGRP which will
show up as an External EIGRP Route in the routing table as denoted by D*EX next to the route and having an administrative
distance of 170. This method will be discussed in Section 10 Redistribution.
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
This lab will discuss and demonstrate the configuration and verification of
Router(s), (ASBRs). These routers connect OSPF to an external network such as the internet or a redistributed autonomous system.
OSPF does not use TCP/UDP to encapsulate its traffic but instead encapsulates the traffic into its own protocol; protocol number 89.
OSPF sends multicast traffic packets have a TTL of 1 so they never travel further then 1 hop. OSPF uses the destination addresses
225.0.0.5 for all OSPF routers and 224.0.0.6 for communication between the DR/BDR (Designated Router and Backup Designated
Router).
In OSPF, you can only summarize routes at an ABR/ASBR on the link facing the inbound towards the network.
OSPF uses a centralized management method of distributing route updates on networks. On multi-access networks such as Ethernet
or frame relay point-to-multipoint, a Designated router and potentially backup designated router is elected. The function of the DR is
to distribute updates to the other routers connected on the multi-access network. The Backup Designated Router will take over the
Designated roll if the DR fails. So with that said, If R1 is the DR then R2 could be the BDR and when a link on R3 goes down it
informs R1 which in turn informs all other routers on the multi-access network segment.
The DR/BDR election winner is determined by one of several factors, whichever breaks the tie. OSPF Interface Priority takes
precedence. By default all interfaces send hello packets with an OSPF priority of 1. If an interface has the OSPF interface priority of
0 then that router will never become the DR/BDR for that particular network segment. If all OSPF interface priorities match then the
highest router ID wins. The Router-ID can be statically configured under the OSPF routing process configuration mode or it is
dynamically determined by the highest IP address of a loopback interface. If no loopback interfaces exist on the router then the
highest IP address of an active interface becomes the router-id for OSPF. For example; 192.168.0.1/24 is higher then 10.0.0.1/24
If a router comes online with a higher priority/router-id then that router will not preempt the DR/BDR role but will have to wait until a
role change. DR or BDR failure. The Router Priority ranges between 0-255.
The DRs purpose is to provide a central source for routing updates and to reduce traffic. All routers form a neighbor relationship with
the DR/BDR but not between DROTHERs (Non DR or BDR Routers)
DR/BDR routers are not elected on point-to-point networks as there are only two routers on the link. A DR/BDR is also not elected on
a point-to-multipoint network type due to OSPF treating the network type as a collection of point-to-point interfaces.
Take note of the following OSPF Interface Types;
Non-Broadcast
The Non-Broadcast network type is the default for OSPF enabled frame relay physical interfaces.
Non-Broadcast networks requires the configuration of static neighbors; hellos are sent via unicast.
The Non-Broadcast network type has a 30 second hello and 120 second dead timer.
An OSPF Non-Broadcast network type requires the use of a DR/BDR
Broadcast
The Broadcast network type is the default for an OSPF enabled ethernet interface.
The Broadcast network type requires that a link support Layer 2 Broadcast capabilities.
The Broadcast network type has a 10 second hello and 40 second dead timer.
Point-to-Point
A Point-to-Point OSPF network type does not maintain a DR/BDR relationship.
The Point-to-Point network type has a 10 second hello and 40 second dead timer.
Point-to-Point network types are intended to be used between 2 directly connected routers.
Point-to-Multipoint
OSPF treats Point-to-Multipoint networks as a collective of point-to-point links.
Point-to-Multipoint networks do not maintain a DR/BDR relationship.
Point-to-Multipoint networks advertise a hot route for all the frame-relay endpoints.
The Point-to-Multipoint network type has a 30 second hello and 120 second dead timer.
Point-to-Multipoint Non-Broadcast
Same as Point-to-Multipoint but requires static neighbors. Used on Non-broadcast layer 2 topologies.
Gives you the ability to define link cost on a per neighbor basis.
Loopback
The default OSPF network type; only available to loopback interfaces.
Advertises the interface as a host route; changeable by configuring the interface as point-to-point.
For the CCNA exam you are required to know the six Link State Advertisement types listed below;
LSA Number
LSA Name
Description
Type 1
Router LSA
Generated by all routers in an area and list the directly connected networks; this
specific LSA do not transit the ABR/ASBR into other areas.
Type 2
Network LSA
Type 3
Summary LSA
Type 4
Summary LSA
Type 5
External LSA
Type 7
After having an understanding of the LSA types you must memorize the operations of different OSPF Area types as listed below;
Area Type
Backbone Area
Permits all LSA types except Type 7. This same rule applies to non-backbone, non stub area
routers.
Stub Area
An area that has a single exit point and blocks type 5 LSA types and receives type 3/4 LSAs
with a default route (0.0.0.0/0)
Not-So-Stubby-Area (NSSA)
This area allows for a stub area to have characteristics of a stub and non stub. External routes
redistributed into the OSPF autonomous system by am NSSA advertising an LSA type 7 which
is translated at the ABR to type 5 and forwarded into the OSPF backbone.
Permits type 1 and 2 LSAs while blocking types 3*/4/5/7 LSAs. *TSAs receive a single type 3
LSA containing a default route to the ABR.
Totally NSSA
Is an area that permits LSAs 1, 2 and 7 while blocking 3 4 and 5. This stub area receives a
default route from the ABR using a type 3 LSA.
Okay so enough with all the technology stuff, its time to get to the configuration!!!
Just like the previous dynamic routing protocols youll need to enable OSPF by executing the router ospf process-id# command in
global configuration. The process id number is a locally significant process identification number and this does not need to match
neighboring routers.
As previously stated; OSPF was designed to used VLSM so there is no auto-summarization to disable.
To specify which interfaces participate in the OSPF routing process youll use the network ip.ip.ip.ip wc.wc.wc.wc area # in OSPF
router configuration mode where ip is the network ip and wc is the wildcard mask followed by the area in which that network belongs
in. For example; network 10.90.23.1 0.0.0.0 area 23
Keep in mind the default OSPF network type on a frame-relay interface is non-broadcast, in which case static neighbors have to be
defined. For this lab youll need to change this to broadcast using the ip ospf network-type broadcast command the frame relay
interfaces. The ip ospf network-type network-type is issued on a per interface basis.
To view OSPF neighbors use the show ip ospf neighbors command. You can view information relating to interfaces participating in
ospf by using the show ip ospf interface command.
In this lab you will configure the frame-relay interfaces on R1, R2, R4 and R5 to participate in OSPF area 0.
Command
Function
This command clears the OSPF process completely and rebuilds all neighbor
relationships and re-learns all routes when executed in privileged mode.
This command is executed in privileged mode and displays all entries in the routers
OSPF database by LSA type.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.20.1 255.255.255.0
!
interface Serial0/0
!##################################################
no frame-relay inverse-arp
!#
Free
CCNA
Lab221
9-1broadcast
R3 Initial Config
frame
map
ip Workbook
10.90.245.1
!##################################################
frame map ip 10.90.245.4 221
!frame map ip 10.90.245.5 221
enable
no shut
configure
terminal
!
!
interface Serial0/2
hostname
R3
### POINT-TO-POINT
LINK TO R3 ###
no
domain-lookup
ipip
address
10.90.23.1 255.255.255.252
!encapsulation ppp
interface
Loopback0
serial restart-delay
0
description
### SIMULATED NETWORK ###
no shut
ip
address 10.90.30.1 255.255.255.0
exit
interface
line con 0Serial0/1
description
logging sync### POINT-TO-POINT LINK TO R2 ###
ip
10.90.23.2 255.255.255.252
no address
exec-timeout
!encapsulation ppp
no shut
end
!##################################################
exit
!#
!
!##################################################
line con 0
!logging sync
enable
no exec-timeout
configure
terminal
!
!
end
hostname R4
no ip domain-lookup
!
interface Loopback0
interface FastEthernet0/0
description ### REAL NETWORK ###
!##################################################
interface
Serial0/0
!#
Free CCNA###
Workbook
LabFRAME
9-1 R5
Initial
Config###
#
description
PHYSICAL
RELAY
INTERFACE
!##################################################
ip address 10.90.245.4 255.255.255.248
!encapsulation frame-relay
enable
serial restart-delay 0
configure
terminal
no frame-relay
inverse-arp
!no shut
interface
Loopback0
!
description
### SIMULATED NETWORK ###
interface
Serial0/1
ip address 10.90.50.1
255.255.255.0
description
### POINT-TO-POINT
LINK TO R5 ###
description
### REAL NETWORK
###
serial restart-delay
0
ip
10.90.145.2 255.255.255.0
no address
shut
no
shut
exit
!##################################################
interface
line
con 0Serial0/0
!#
Free sync
CCNA###
Workbook
LabFRAME
9-1 SW1
Initial
Config
#
description
PHYSICAL
RELAY
INTERFACE
###
logging
!##################################################
ip
10.90.245.5 255.255.255.248
no address
exec-timeout
!encapsulation frame-relay
enable
serial restart-delay 0
end
configure
terminal
no frame-relay
inverse-arp
!no shut
line con 0
!
logging sync
interface
Serial0/1
no exec-timeout
description
### POINT-TO-POINT LINK TO R4 ###
serial restart-delay 0
no shut
exit
!
line con 0
Lab Objectives
logging sync
no exec-timeout
!
end
Configure OSPF Area 0 on R1, R2, R4 and R5s frame-relay hub-and-spoke interfaces.
Configure the OSPF broadcast network type on R1, R2, R4 and R5s frame relay hub and spoke interfaces.
Verify that the spoke routers (R2, R4 and R5) have formed an adjacency with the hub router; R1.
Lab Instruction
Objective 1. Configure OSPF Area 0 on R1, R2, R4 and R5s frame-relay hub-and-spoke interfaces.
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#network 10.90.245.1 0.0.0.0 area 0
R1(config-router)#end
R1#
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router ospf 1
R2(config-router)#network 10.90.245.2 0.0.0.0 area 0
R2(config-router)#end
R2#
R4>enable
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#network 10.90.245.4 0.0.0.0 area 0
R4(config-router)#end
R4#
R5>enable
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#router ospf 1
R5(config-router)#network 10.90.245.5 0.0.0.0 area 0
R5(config-router)#end
R5#
Objective 2. Configure the OSPF broadcast network type on R1, R2, R4 and R5s frame relay hub and spoke interfaces.
Due to the nature of OSPF, the default interface type for a frame relay interface is non-broadcast, in which case static neighbors must
de defined. However configuring static neighbors will be discussed in the next lab. To fix this problem change the network type of the
frame-relay interfaces to broadcast to allow for dynamic neighbor discovery as shown below;
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#interface Serial0/0
R1(config-if)#ip ospf network broadcast
R1(config-if)#end
R1#
R2>enable
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#interface Serial0/0
R2(config-if)#ip ospf network broadcast
R2(config-if)#end
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.10.1 on Serial0/0 from LOADING to FULL, Loading Done
R2#
R4>enable
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#interface Serial0/0
R4(config-if)#ip ospf network broadcast
R4(config-if)#end
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.10.1 on Serial0/0 from LOADING to FULL, Loading Done
R4#
R5>enable
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#interface Serial0/0
R5(config-if)#ip ospf network broadcast
R5(config-if)#end
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.10.1 on Serial0/0 from LOADING to FULL, Loading Done
R5#
Objective 3. Verify that the spoke routers (R2, R4 and R5) have formed an adjacency with the hub router; R1.
R1#show ip ospf neighbor
Neighbor ID
10.90.20.1
10.90.40.1
10.90.50.1
R1#
Pri
1
1
1
State
FULL/DROTHER
FULL/DROTHER
FULL/BDR
Dead Time
00:00:33
00:00:31
00:00:35
Address
10.90.245.2
10.90.245.4
10.90.245.5
Interface
Serial0/0
Serial0/0
Serial0/0
As you can see from the neighbor table, R2 and R4 have become DROTHERS (non DR/BDR routers) and R5 has become the
Backup Designated Router (BDR). As discussed in the core knowledge section the Neighbor ID (Router-ID) is derived from the
statically configured ospf router-id or the highest ip address of a loopback interface or the highest ip address of a directly connected
interface. Whichever comes first.
In a frame relay hub and spoke environment you ALWAYS need to have the hub router become the Designated Router (DR) due to
the way OSPF operates. Think back to the core knowledge where you read that OSPF sends hellos and updates using multicast
with a TTL of only 1. This means that the traffic will not go further then one hop. So with this in mind lets say R2 became the DR and
R5 wanted to send an update, it would have to send it to R5 but to get to R5 it would traverse R1 in which case the TTL would
decrement to 0 and the packet would be dropped.
In the next lab youll learn how to configure the OSPF interface priority to ensure that R1 always becomes the DR and R2, R4 and R5
do not become the DR or BDR.
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
When architecting a correct OSPF network, you may need to have specific routers or layer 3 switches be the DR
and/or BDR. The OSPF election process is influenced by the OSPF Priority. This lab will discuss and demonstrate the
configuration and verification of OSPF Priority.
prevent R2, R4 and R5 from becoming a BDR, in which case would become the DR in the event of a DR failure thus putting you
back at square one.
You can verify which neighbors are the DR/BDR/DROTHER by using the show ip ospf neighbor command in privileged mode.
Familiarize yourself with the following new command(s);
Command
Description
ip ospf priority #
Configures an OSPF priority on a per interface basis used to manipulate the DR/BDR election
process.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
ip address 10.90.2452 255.255.255.248
encapsulation frame-relay
!##################################################
serial restart-delay 0
!#
CCNA Workbook
Lab 9-2 R3 Initial Config
no Free
frame-relay
inverse-arp
!##################################################
frame map ip 10.90.2451 221 broadcast
!frame map ip 10.90.2454 221
enable
frame map ip 10.90.2455 221
configure
no shut terminal
!
hostname
interfaceR3
Serial0/2
no
ipPOINT-TO-POINT
domain-lookup LINK TO R3 ###
###
description
### SIMULATED
NETWORK ###
serial restart-delay
0
ip
10.90.30.1 255.255.255.0
no address
shut
!exit
interface
Serial0/1
!
description
router
ospf 1### POINT-TO-POINT LINK TO R2 ###
ip address 10.90.23.2 255.255.255.252
log-adjacency-changes
encapsulation
ppp 0.0.0.0 area 0
network 10.90.2452
!no shut
!##################################################
exitcon 0
line
!#
Free CCNA
!logging
sync Workbook Lab 9-2 R4 Initial Config
!##################################################
line
con 0
no exec-timeout
!logging sync
enable
no exec-timeout
end
configure
terminal
!
!
end
hostname R4
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.40.1 255.255.255.0
!
interface FastEthernet0/0
description ### REAL NETWORK ###
ip address 10.90.145.1 255.255.255.0
no shut
!
!##################################################
interface
Serial0/0
!#
Free CCNA###
Workbook
LabFRAME
9-2 R5
Initial
Config###
#
description
PHYSICAL
RELAY
INTERFACE
!##################################################
ip address 10.90.2454 255.255.255.248
!encapsulation frame-relay
enable
ip ospf network broadcast
configure
terminal
serial restart-delay
0
hostname
R5ip 10.90.2451 421 broadcast
frame map
no
ip domain-lookup
frame
map ip 10.90.2452 421
ip
address
10.90.145.2
serial
restart-delay
0 255.255.255.0
no shut
!exit
interface
Serial0/0
!
description
router
ospf 1### PHYSICAL FRAME RELAY INTERFACE ###
ip
address 10.90.2455 255.255.255.248
log-adjacency-changes
encapsulation
frame-relay
network 10.90.2454
0.0.0.0 area 0
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-ospf-priority/[4/12/2015
7:17:46 PM]
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Configure the Serial interfaces on the Frame relay spoke routers with an OSPF priority to ensure they NEVER become the
DR/BDR.
Clear the OSPF routing process on R1 so that all neighbor relationships are rebuilt then using R2, verify that R1 has became
the DR.
Lab Instruction
Objective 1. Configure the Serial interfaces on the Frame relay spoke routers with an OSPF priority to ensure they NEVER become
the DR/BDR.
R2>enable
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#interface Serial0/0
R2(config-if)#ip ospf priority 0
R2(config-if)#end
R2#
R4>enable
R4#configure terminal
Enter configuration commands, one per line.
R4(config)#interface Serial0/0
R4(config-if)#ip ospf priority 0
R4(config-if)#end
R4#
R5>enable
R5#configure terminal
Enter configuration commands, one per line.
R5(config)#interface Serial0/0
R5(config-if)#ip ospf priority 0
R5(config-if)#end
R5#
Objective 2. Clear the OSPF routing process on R1 so that all neighbor relationships are rebuilt then using R2, verify that R1 has
became the DR.
R1#clear ip ospf 1 proc
Reset OSPF process? [no]: y
R1#
%OSPF-5-ADJCHG: Process
ace down or detached
%OSPF-5-ADJCHG: Process
ace down or detached
%OSPF-5-ADJCHG: Process
ace down or detached
R1#
%OSPF-5-ADJCHG: Process
%OSPF-5-ADJCHG: Process
%OSPF-5-ADJCHG: Process
R1#
Pri
1
State
FULL/DR
Dead Time
00:00:31
Address
10.90.2451
Interface
Serial0/0
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
There are multiple OSPF Network Types that can be configured to directly affect the operation of OSPF on a specific
interface. This lab will discuss and demonstrate the configuration and verification of the different OSPF Network
Types.
If youve read through Lab 9-1 youll see a nice little bullet list of the different types of OSPF network types and their features, Ive
added that list to this lab to refresh your memory. As a CCNA you must know these network types inside and out;
Non-Broadcast
The Non-Broadcast network type is the default for OSPF enabled frame relay physical interfaces.
Non-Broadcast networks requires the configuration of static neighbors; hellos are sent via unicast.
The Non-Broadcast network type has a 30 second hello and 120 second dead timer.
An OSPF Non-Broadcast network type requires the use of a DR/BDR
Broadcast
The Broadcast network type is the default for an OSPF enabled ethernet interface.
The Broadcast network type requires that a link support Layer 2 Broadcast capabilities.
The Broadcast network type has a 10 second hello and 40 second dead timer.
An OSPF Broadcast network type requires the use of a DR/BDR.
Point-to-Point
A Point-to-Point OSPF network type does not maintain a DR/BDR relationship.
The Point-to-Point network type has a 10 second hello and 40 second dead timer.
Point-to-Point network types are intended to be used between 2 directly connected routers.
Point-to-Multipoint
OSPF treats Point-to-Multipoint networks as a collective of point-to-point links.
Point-to-Multipoint networks do not maintain a DR/BDR relationship.
Point-to-Multipoint networks advertise a hot route for all the frame-relay endpoints.
The Point-to-Multipoint network type has a 30 second hello and 120 second dead timer.
Point-to-Multipoint Non-Broadcast
Same as Point-to-Multipoint but requires static neighbors. Used on Non-broadcast layer 2 topologies.
Gives you the ability to define link cost on a per neighbor basis.
Loopback
The default OSPF network type; only available to loopback interfaces.
Advertises the interface as a host route; changeable by configuring the interface as point-to-point.
While mixing and matching the different OSPF network types may be required some some scenarios; it is however outside of the
scope of the CCNA objectives. This lab is just to demonstrate how to configure the different OSPF network types.
In this lab you will configure the interfaces of R1, R2, R4 and R5 as an OSPF point-to-multipoint network type and verify the
configuration.
Familiarize yourself with the following new command(s);
Command
Description
This command is executed in interface configuration mode and configures the OSPF network
type on a per interface basis.
This command is executed in privileged mode and displays interface parameters relating to
OSPF configuration such as network type and hello/dead timers.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.20.1 255.255.255.0
!
interface Serial0/0
!##################################################
ip ospf priority 0
!#
Freerestart-delay
CCNA Workbook0Lab 9-3 R3 Initial Config
serial
!##################################################
no frame-relay inverse-arp
!frame map ip 10.90.245.1 221 broadcast
enable
frame map ip 10.90.245.4 221
configure
frame mapterminal
ip 10.90.245.5 221
!no shut
hostname
R3
!
no
ip domain-lookup
interface
Serial0/2
interface
Loopback0
ip address
10.90.23.1 255.255.255.252
description
###
SIMULATED NETWORK ###
encapsulation
ppp
ip
address
10.90.30.10255.255.255.0
serial
restart-delay
!no shut
interface
Serial0/1
exit
no
shut 10.90.245.2 0.0.0.0 area 0
network
!##################################################
!exit
!#
Workbook Lab 9-3 R4 Initial Config
!
lineFree
con CCNA
0
!##################################################
line
con 0
logging
sync
!logging
sync
no exec-timeout
enable
!no exec-timeout
configure
terminal
!
end
!
end
hostname R4
no ip domain-lookup
!
interface Loopback0
interface FastEthernet0/0
description ### REAL NETWORK ###
!##################################################
interface
Serial0/0
!#
Free CCNA###
Workbook
LabFRAME
9-3 R5
Initial
Config###
#
description
PHYSICAL
RELAY
INTERFACE
!##################################################
ip address 10.90.245.4 255.255.255.248
!encapsulation frame-relay
enable
ip ospf network broadcast
configure
terminal0
ip ospf priority
!serial restart-delay 0
hostname
R5
no frame-relay
inverse-arp
no
ip domain-lookup
frame
map ip 10.90.245.1 421 broadcast
description
### SIMULATED NETWORK ###
no shut
interface
FastEthernet0/0
description
### POINT-TO-POINT LINK TO R5 ###
description
### REAL NETWORK
###
ip address 10.90.45.1
255.255.255.252
ip
address 10.90.145.2
255.255.255.0
encapsulation
ppp
no
shutrestart-delay 0
serial
!no shut
!##################################################
interface
Serial0/0
exit
!#
Free CCNA###
Workbook
LabFRAME
9-3 SW1
Initial
Config
#
description
PHYSICAL
RELAY
INTERFACE
###
!
!##################################################
ip address
255.255.255.248
router
ospf 10.90.245.5
1
!encapsulation
frame-relay
log-adjacency-changes
enable
ip
ospf network
broadcast
network
10.90.245.4
0.0.0.0 area 0
configure
terminal0
ip ospf priority
!
!serial
0
line
conrestart-delay
0
hostname
SW1
no
frame-relay
inverse-arp
logging
sync
no
domain-lookup
frame
map ip 10.90.245.1 521 broadcast
noip
exec-timeout
!no exec-timeout
!
interface
Serial0/1
end
description ### POINT-TO-POINT LINK TO R4 ###
ip address 10.90.45.2 255.255.255.252
encapsulation ppp
serial restart-delay 0
no shut
exit
Lab Objectives
!
router ospf 1
log-adjacency-changes
network 10.90.245.5 0.0.0.0 area 0
!
line con 0
logging sync
Configure the Serial interfaces connecting R1, R2, R4 and R5 to the hub-and-spoke frame relay topology as an OSPF point-
no exec-timeout
!
end
Lab Instruction
Objective 1. Configure the Serial interfaces connecting R1, R2, R4 and R5 to the hub-and-spoke frame relay topology as an OSPF
point-to-multipoint network type.
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface Serial0/0
R1(config-if)#ip ospf network point-to-multipoint
R1(config-if)#end
R1#
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.20.1 on Serial0/0 from FULL to DOWN, Neighbor Down: Interf
ace down or detached
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.40.1 on Serial0/0 from FULL to DOWN, Neighbor Down: Interf
ace down or detached
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.50.1 on Serial0/0 from FULL to DOWN, Neighbor Down: Interf
ace down or detached
%SYS-5-CONFIG_I: Configured from console by console
R1#
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.10.1 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead t
imer expired
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Serial0/0
R2(config-if)#ip ospf network point-to-multipoint
R2(config-if)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.10.1 on Serial0/0 from LOADING to FULL, Loading Done
R2#
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.10.1 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead t
imer expired
R4>enable
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#interface Serial0/0
R4(config-if)#ip ospf network point-to-multipoint
R4(config-if)#end
R4#
%SYS-5-CONFIG_I: Configured from console by console
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.10.1 on Serial0/0 from LOADING to FULL, Loading Done
R4#
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.10.1 on Serial0/0 from FULL to DOWN, Neighbor Down: Dead t
imer expired
R5>enable
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#interface Serial0/0
R5(config-if)#ip ospf network point-to-multipoint
R5(config-if)#end
R5#
%SYS-5-CONFIG_I: Configured from console by console
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.10.1 on Serial0/0 from LOADING to FULL, Loading Done
R5#
Objective 2. Verify the network type configuration change by viewing the OSPF parameters of the serial interface.
R1#show ip ospf interface Serial0/0
Serial0/0 is up, line protocol is up
Internet Address 10.90.245.1/29, Area 0
Process ID 1, Router ID 10.90.10.1, Network Type POINT_TO_MULTIPOINT,
Cost: 64
Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:02
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 3
Last flood scan time is 4 msec, maximum is 4 msec
Neighbor Count is 3, Adjacent neighbor count is 3
Adjacent with neighbor 10.90.50.1
Adjacent with neighbor 10.90.40.1
Adjacent with neighbor 10.90.20.1
Suppress hello for 0 neighbor(s)
R1#
Pri
0
0
0
State
FULL/
FULL/
FULL/
Dead Time
00:01:53
00:01:58
00:01:50
Address
10.90.245.5
10.90.245.4
10.90.245.2
Interface
Serial0/0
Serial0/0
Serial0/0
As you can see from the neighbor table on R1 that no DR/BDR is elected when using the OSPF point-to-multipoint network type
because each neighbor relationship is treated as a point-to-point link.
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
There will be some scenarios where you will need to build static OSPF Neighbors such as for NBMA relationships or
for network security hardening. This lab will discuss and demonstrate the configuration and verification o.
Command
Description
no ip ospf network
Executed in interface configuration mode to revert the OSPF network type back to its default for
that specified interface.
Executed in interface configuration mode to configure the specified interface OSPF network
type to non-broadcast; this mode requires static neighbor statements and will form a DR/BDR
relationship.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
ip address 10.90.245.2 255.255.255.248
encapsulation frame-relay
!##################################################
ip ospf priority 0
!#
Freerestart-delay
CCNA Workbook0Lab 9-3 R3 Initial Config
serial
!##################################################
no frame-relay inverse-arp
!frame map ip 10.90.245.1 221 broadcast
enable
frame map ip 10.90.245.4 221
configure
frame mapterminal
ip 10.90.245.5 221
!no shut
hostname
R3
!
no
ip domain-lookup
interface
Serial0/2
interface
Loopback0
ip address
10.90.23.1 255.255.255.252
description
###
SIMULATED NETWORK ###
encapsulation
ppp
ip
address
10.90.30.10255.255.255.0
serial
restart-delay
!no shut
interface
Serial0/1
exit
no
shut 10.90.245.2 0.0.0.0 area 0
network
!##################################################
!exit
!#
Workbook Lab 9-4 R4 Initial Config
!
lineFree
con CCNA
0
!##################################################
line
con 0
logging
sync
!logging
sync
no exec-timeout
enable
!no exec-timeout
configure
terminal
!
end
!
end
hostname R4
no ip domain-lookup
!
interface Loopback0
interface FastEthernet0/0
description ### REAL NETWORK ###
ip address 10.90.145.1 255.255.255.0
no shut
!
!##################################################
interface
Serial0/0
!#
Free CCNA###
Workbook
LabFRAME
9-4 R5
Initial
Config###
#
description
PHYSICAL
RELAY
INTERFACE
!##################################################
ip address 10.90.245.4 255.255.255.248
!encapsulation frame-relay
enable
ip ospf network point-to-multipoint
configure
terminal0
ip ospf priority
!serial restart-delay 0
hostname
R5
no frame-relay
inverse-arp
no
ip domain-lookup
frame
map ip 10.90.245.1 421 broadcast
description
### SIMULATED NETWORK ###
no shut
interface
FastEthernet0/0
description
### POINT-TO-POINT LINK TO R5 ###
description
### REAL NETWORK
###
ip address 10.90.45.1
255.255.255.252
ip
address 10.90.145.2
255.255.255.0
encapsulation
ppp
no
shutrestart-delay 0
serial
!no shut
interface
Serial0/0
exit
ip
ospf network
point-to-multipoint
network
10.90.245.4
0.0.0.0 area 0
serial
0
line
conrestart-delay
0
no
frame-relay
inverse-arp
logging
sync
frame
map ip 10.90.245.1 521 broadcast
no exec-timeout
!
interface Serial0/1
description ### POINT-TO-POINT LINK TO R4 ###
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Revert the OSPF interface type back its default on R1, R2, R4 and R5s frame relay hub and spoke interfaces.
Configure static neighbor statements on R1 pointing to R2, R4 and R5.
Verify that the neighbor relationships form using the show ip ospf neighbor command.
Lab Instruction
Objective 1. Revert the OSPF interface type back its default on R1, R2, R4 and R5s frame relay hub and spoke interfaces.
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface Serial0/0
R1(config-if)#no ip ospf network
R1(config-if)#end
R1#
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.20.1 on Serial0/0 from FULL to DOWN, Neighbor Down: Interf
ace down or detached
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.40.1 on Serial0/0 from FULL to DOWN, Neighbor Down: Interf
ace down or detached
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.50.1 on Serial0/0 from FULL to DOWN, Neighbor Down: Interf
ace down or detached
R1#
*Jul 8 20:19:16.767: %SYS-5-CONFIG_I: Configured from console by console
R1#
R2>enable
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#interface Serial0/0
R2(config-if)#no ip ospf network
R2(config-if)#end
R2#
R4>enable
R4#configure terminal
Enter configuration commands, one per line.
R4(config)#interface Serial0/0
R4(config-if)#no ip ospf network
R4(config-if)#end
R4#
R5>enable
R5#configure terminal
Enter configuration commands, one per line.
R5(config)#interface Serial0/0
R5(config-if)#no ip ospf network
R5(config-if)#end
R5#
Objective 3. Verify that the neighbor relationships form using the show ip ospf neighbor command.
R1#show ip ospf neighbor
Neighbor ID
10.90.20.1
10.90.40.1
10.90.50.1
R1#
Pri
0
0
0
State
FULL/DROTHER
FULL/DROTHER
FULL/DROTHER
Dead Time
00:01:51
00:01:35
00:01:45
Address
10.90.245.2
10.90.245.4
10.90.245.5
Interface
Serial0/0
Serial0/0
Serial0/0
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
1 month ago
The Core Knowledge
Useful Links
:( http://t.co/wjL6GYuo2O
Download
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
When it comes to building scalable OSPF networks, you will commonly use multiple OSPF Areas. This lab will discuss
and demonstrate the configuration and verification of multi-area OSPF.
for the FastEthernet network connected to SW1. This configuration will be used for a later lab in the OSPF section.
Review the following command(s);
Command
Description
network ip.ip.ip.ip
wc.wc.wc.wc area #
This command is executed in OSPF router configuration mode to specify which interfaces
participate in the OSPF process and which OSPF area they belong to.
This command is executed in privileged mode to display interface parameters including which
Area particular interfaces belong to.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
ip address 10.90.245.2 255.255.255.248
encapsulation frame-relay
ip ospf priority 0
!##################################################
serial restart-delay 0
!#
CCNA Workbook
Lab 9-5 R3 Initial Config
no Free
frame-relay
inverse-arp
!##################################################
frame map ip 10.90.245.1 221 broadcast
!frame map ip 10.90.245.4 221
enable
frame map ip 10.90.245.5 221
configure
no shut terminal
!
hostname
interfaceR3
Serial0/2
no
ipPOINT-TO-POINT
domain-lookup LINK TO R3 ###
###
description
### SIMULATED
NETWORK ###
serial restart-delay
0
ip
10.90.30.1 255.255.255.0
no address
shut
!exit
interface
Serial0/1
!
description
router
ospf 1### POINT-TO-POINT LINK TO R2 ###
ip
address 10.90.23.2 255.255.255.252
log-adjacency-changes
encapsulation
ppp
network 10.90.245.2
0.0.0.0 area 0
!no shut
!##################################################
exitcon 0
line
!#
Free CCNA
!logging
sync Workbook Lab 9-5 R4 Initial Config
!##################################################
line
con 0
no exec-timeout
!logging sync
enable
no exec-timeout
end
configure
terminal
!
!
end
hostname R4
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.40.1 255.255.255.0
!
interface FastEthernet0/0
description ### REAL NETWORK ###
ip address 10.90.145.1 255.255.255.0
no shut
!
!##################################################
interface
Serial0/0
!#
Free CCNA###
Workbook
LabFRAME
9-5 R5
Initial
Config###
#
description
PHYSICAL
RELAY
INTERFACE
!##################################################
ip address 10.90.245.4 255.255.255.248
!encapsulation frame-relay
enable
ip ospf priority 0
configure
terminal
serial restart-delay
0
hostname
R5ip 10.90.245.1 421 broadcast
frame map
no
ip domain-lookup
frame
map ip 10.90.245.2 421
ip
address
10.90.145.2
serial
restart-delay
0 255.255.255.0
no shut
!exit
interface
Serial0/0
!
description
router
ospf 1### PHYSICAL FRAME RELAY INTERFACE ###
ip
address 10.90.245.5 255.255.255.248
log-adjacency-changes
encapsulation
frame-relay
network 10.90.245.4
0.0.0.0 area 0
serial
0
line
conrestart-delay
0
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-multi-area-ospf/[4/12/2015
7:18:50 PM]
no
frame-relay
inverse-arp
logging
sync
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Configure R2s point-to-point link between R2 and R3 in Area 3.
Configure each routers Loopback0 interface in its own OSPF area, use the router number as the new OSPF area.
Configure the point-to-point link between R4 and R5 as well as R4 and R5s physical LAN interfaces (FastEthernet0/0) in
OSPF Area 45.
Verify that all the new OSPF Inter-Area routes are in R1s routing table; these are denoted as O*IA routes.
Lab Instruction
Objective 1. Configure R2s point-to-point link between R2 and R3 in Area 3.
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router ospf 1
R2(config-router)#network 10.90.23.1 0.0.0.0 area 3
R2(config-router)#end
R2#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router ospf 1
R3(config-router)#network 10.90.23.2 0.0.0.0 area 3
R3(config-router)#end
R3#
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.20.1 on Serial0/1 from LOADING to FULL, Loading Done
R3#
Objective 2. Configure each routers Loopback0 interface in its own OSPF area, use the router number as the new OSPF area.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#network 10.90.10.1 0.0.0.0 area 1
R1(config-router)#end
R1#
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router ospf 1
R2(config-router)#network 10.90.20.1 0.0.0.0 area 2
R2(config-router)#end
R2#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router ospf 1
R3(config-router)#network 10.90.30.1 0.0.0.0 area 3
R3(config-router)#end
R3#
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#network 10.90.40.1 0.0.0.0 area 4
R4(config-router)#end
R4#
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#router ospf 1
R5(config-router)#network 10.90.50.1 0.0.0.0 area 5
R5(config-router)#end
R5#
Objective 3. Configure the point-to-point link between R4 and R5 as well as R4 and R5s physical LAN interfaces (FastEthernet0/0)
in OSPF Area 45.
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#network 10.90.45.1 0.0.0.0 area 45
R4(config-router)#network 10.90.145.1 0.0.0.0 area 45
R4(config-router)#end
R4#
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#router ospf 1
R5(config-router)#network 10.90.45.2 0.0.0.0 area 45
%OSPF-5-ADJCHG: Process 1, Nbr 10.90.40.1 on Serial0/1 from LOADING to FULL, Loading Done
R5(config-router)#network 10.90.145.2 0.0.0.0 area 45
R5(config-router)#end
R5#
Objective 4. Verify that all the new OSPF Inter-Area routes are in R1s routing table; these are denoted as O*IA routes.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 4 masks
10.90.50.1/32 [110/65] via 10.90.245.5, 00:15:38, Serial0/0
10.90.40.1/32 [110/65] via 10.90.245.4, 00:15:58, Serial0/0
10.90.23.0/30 [110/128] via 10.90.245.2, 00:18:13, Serial0/0
10.90.30.1/32 [110/129] via 10.90.245.2, 00:16:13, Serial0/0
10.90.145.0/24 [110/65] via 10.90.245.5, 00:07:14, Serial0/0
[110/65] via 10.90.245.4, 00:08:31, Serial0/0
O IA
10.90.45.0/30 [110/128] via 10.90.245.5, 00:07:24, Serial0/0
[110/128] via 10.90.245.4, 00:08:41, Serial0/0
O IA
10.90.20.1/32 [110/65] via 10.90.245.2, 00:17:02, Serial0/0
O
O
O
O
O
IA
IA
IA
IA
IA
C
C
R1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
The OSPF Router-ID is used to identify a specific device within an OSPF database. Router IDs must be unique to
prevent unintended OSPF database problems. This lab will discuss and demonstrate the configuration and verification
of the OSPF Router-ID
Command
Description
router-id x.x.x.x
This command is executed in OSPF router configuration mode to statically configure a router id
on a specific neighbor.
This command is executed in privileged mode to view OSPF process parameters such s the
local router-id and OSPF area information related to that router.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
ip address 10.90.245.2 255.255.255.248
encapsulation frame-relay
ip ospf priority 0
!##################################################
serial restart-delay 0
!#
CCNA Workbook
Lab 9-6 R3 Initial Config
no Free
frame-relay
inverse-arp
!##################################################
frame map ip 10.90.245.1 221 broadcast
!frame map ip 10.90.245.4 221
enable
frame map ip 10.90.245.5 221
configure
no shut terminal
!
hostname
interfaceR3
Serial0/2
no
ipPOINT-TO-POINT
domain-lookup LINK TO R3 ###
###
description
### SIMULATED
NETWORK ###
serial restart-delay
0
ip
10.90.30.1 255.255.255.0
no address
shut
!exit
interface
Serial0/1
!
description
router
ospf 1### POINT-TO-POINT LINK TO R2 ###
ip
address 10.90.23.2 255.255.255.252
log-adjacency-changes
encapsulation
ppp 0.0.0.0 area 3
network 10.90.23.1
no
shut 10.90.245.2 0.0.0.0 area 0
network
!##################################################
exit
network 10.90.20.1 0.0.0.0 area 2
!#
!
!##################################################
router
ospf
line con
0 1
!log-adjacency-changes
logging sync
enable
network
10.90.23.2 0.0.0.0 area 3
no exec-timeout
configure
terminal 0.0.0.0 area 3
!network 10.90.30.1
!
end
hostname
line con R4
0
no
ip domain-lookup
logging
sync
!no exec-timeout
interface
Loopback0
!
!
interface FastEthernet0/0
description ### REAL NETWORK ###
ip address 10.90.145.1 255.255.255.0
no shut
!
!##################################################
interface
Serial0/0
!#
Free CCNA###
Workbook
LabFRAME
9-6 R5
Initial
Config###
#
description
PHYSICAL
RELAY
INTERFACE
!##################################################
ip address 10.90.245.4 255.255.255.248
!encapsulation frame-relay
enable
ip ospf priority 0
configure
terminal
serial restart-delay
0
hostname
R5ip 10.90.245.1 421 broadcast
frame map
no
ip domain-lookup
frame
map ip 10.90.245.2 421
ip
address
10.90.145.2
serial
restart-delay
0 255.255.255.0
no shut
!exit
interface
Serial0/0
!
description
router
ospf 1### PHYSICAL FRAME RELAY INTERFACE ###
ip
address 10.90.245.5 255.255.255.248
log-adjacency-changes
encapsulation
frame-relay
network 10.90.45.1
0.0.0.0 area 45
ip
ospf priority
0 0.0.0.0 area 0
network
10.90.245.4
serial
0
networkrestart-delay
10.90.145.1 0.0.0.0
area 45
no
frame-relay
inverse-arp
network
10.90.40.1
0.0.0.0 area 4
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-the-ospf-router-id/[4/12/2015
7:19:12 PM]
interface
Serial0/1
end
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Configure each router with a router-id that reflects the router number. i.e; R1s Router-id would be 1.1.1.1
Clear the OSPF process on each router and verify on R1 that the new router IDs are be used by viewing R1s OSPF
neighbors.
Lab Instruction
Objective 1. Configure each router with a router-id that reflects the router number. i.e; R1s Router-id would be 1.1.1.1
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
Reload or use "clear ip ospf process" command, for this to take effect
R1(config-router)#end
R1#
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
Reload or use "clear ip ospf process" command, for this to take effect
R2(config-router)#end
R2#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
Reload or use "clear ip ospf process" command, for this to take effect
R3(config-router)#end
R3#
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#router-id 4.4.4.4
Reload or use "clear ip ospf process" command, for this to take effect
R4(config-router)#end
R4#
R5#configure terminal
Pri
0
0
0
State
FULL/DROTHER
FULL/DROTHER
FULL/DROTHER
Dead Time
00:01:39
00:01:35
00:01:59
Address
10.90.245.2
10.90.245.4
10.90.245.5
Interface
Serial0/0
Serial0/0
Serial0/0
To verify that R3s router ID has been changed you can view the neighbor relationships on R2 as shown below;
R2#show ip ospf neighbors
Neighbor ID
1.1.1.1
3.3.3.3
R2#
Pri
1
0
State
FULL/DR
FULL/ -
Dead Time
00:01:50
00:00:36
Address
10.90.245.1
10.90.23.2
Previous Lab
Interface
Serial0/0
Serial0/2
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Like RIP and EIGRP, the OSPF routing protocol is an extremely tunable. There may be scenarios where you need to
tune the default timers to speed up network convergence during a hardware failure. This lab will discuss and
demonstrate the configuration and verification of OSPF Timers.
dead. The commands to configure the timers statically are executed under interface configuration mode and is done on a perinterface basis.
To configure the hello timer, youd use the ip ospf hello-interval # whereas # is a number between 1 and 65535 seconds.
To configure the dead timer youll use the ip ospf dead-interval # whereas # is a number between 1 and 65535 seconds.
To verify the OSPF timers on a particular interface youll use the show ip ospf interface interfacename#/#.
Familiarize yourself with the following new command(s);
Command
Description
ip ospf hello-interval #
This command is executed in interface configuration mode to statically set the hello-interval
timer for OSPF hello packets exiting the specified interface.
ip ospf dead-interval #
This command is executed in interface configuration mode to statically set the dead-interval
timer for OSPF which is the amount of time a router will go waiting for a hello packet before
declaring a particular neighbor down and executing the SPF algorithm to re-converge.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.20.1 255.255.255.0
!
interface Serial0/0
!##################################################
serial restart-delay 0
!#
CCNA Workbook
Lab 9-7 R3 Initial Config
no Free
frame-relay
inverse-arp
!##################################################
frame map ip 10.90.245.1 221 broadcast
!frame map ip 10.90.245.4 221
enable
frame map ip 10.90.245.5 221
configure
no shut terminal
!
hostname
interfaceR3
Serial0/2
no
ipPOINT-TO-POINT
domain-lookup LINK TO R3 ###
###
description
### SIMULATED
NETWORK ###
serial restart-delay
0
ip
10.90.30.1 255.255.255.0
no address
shut
!exit
interface
Serial0/1
!
description
router
ospf 1### POINT-TO-POINT LINK TO R2 ###
ip
address2.2.2.2
10.90.23.2 255.255.255.252
router-id
encapsulation
ppp
log-adjacency-changes
no
shut 10.90.23.1 0.0.0.0 area 3
network
!##################################################
exit
network 10.90.245.2 0.0.0.0 area 0
!#
Free CCNA
Workbook
Lab 9-7
R42Initial Config
!network
10.90.20.1
0.0.0.0
area
!##################################################
router
ospf 1
!
!
router-id
line
con 0 3.3.3.3
enable
log-adjacency-changes
logging sync
configure
terminal 0.0.0.0 area 3
network
10.90.23.2
no exec-timeout
!network 10.90.30.1 0.0.0.0 area 3
hostname
R4
!
end
no
ipcon
domain-lookup
line
0
!logging sync
interface
Loopback0
no exec-timeout
interface FastEthernet0/0
description ### REAL NETWORK ###
!##################################################
interface
Serial0/0
!#
Free CCNA###
Workbook
LabFRAME
9-7 R5
Initial
Config###
#
description
PHYSICAL
RELAY
INTERFACE
!##################################################
ip address 10.90.245.4 255.255.255.248
!encapsulation frame-relay
enable
ip ospf priority 0
configure
terminal
serial restart-delay
0
hostname
R5ip 10.90.245.1 421 broadcast
frame map
no
ip domain-lookup
frame
map ip 10.90.245.2 421
ip
address
10.90.145.2
serial
restart-delay
0 255.255.255.0
no shut
!exit
!##################################################
interface
Serial0/0
!
!#
Free
CCNA
Workbook
LabFRAME
9-7 SW1
Initial
Config
#
description
PHYSICAL
RELAY
INTERFACE
###
router
ospf
1###
!##################################################
ip
address4.4.4.4
10.90.245.5 255.255.255.248
router-id
!encapsulation
frame-relay
log-adjacency-changes
enable
ip
ospf priority
0 0.0.0.0 area 45
network
10.90.45.1
configure
terminal
serial
0
networkrestart-delay
10.90.245.4
0.0.0.0
area 0
!no
frame-relay
inverse-arp
network
10.90.145.1
0.0.0.0 area 45
hostname
SW1
frame
map
ip 10.90.245.1
521
broadcast
network
10.90.40.1
0.0.0.0
area
4
no
ip domain-lookup
frame
map ip 10.90.245.2 521
!
!frame
map
line
con
0 ip 10.90.245.4 521
line
con sync
0
no
shut
logging
logging
sync
!no
exec-timeout
interface
Serial0/1
!no exec-timeout
Lab Objectives
router ospf 1
router-id 5.5.5.5
log-adjacency-changes
network 10.90.45.2 0.0.0.0 area 45
network 10.90.245.5 0.0.0.0 area 0
network 10.90.145.2 0.0.0.0 area 45
network 10.90.50.1 0.0.0.0 area 5
Configure the interfaces on the point-to-point link between R2 and R3 to send OSPF hellos every 1 second and declare the
line con 0
logging sync
no exec-timeout
!
end
Lab Instruction
Objective 1. Configure the interfaces on the point-to-point link between R2 and R3 to send OSPF hellos every 1 second and
declare the neighboring router down if a hello is not received within 4 seconds.
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Serial0/2
R2(config-if)#ip ospf hello-interval 1
R2(config-if)#ip ospf dead-interval 4
R2(config-if)#end
%OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/2 from FULL
to DOWN, Neighbor Down: Dead timer expired
R2#
R3>enable
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface Serial0/1
R3(config-if)#ip ospf hello-interval 1
R3(config-if)#ip ospf dead-in
%OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/1 from LOADING to FULL, Loading Done
R3(config-if)#ip ospf dead-interval 4
R3(config-if)#end
R3#
Objective 2. Verify the OSPF hello and dead timers on both R2 and R3.
R2#show ip ospf interface Serial0/2
Serial0/2 is up, line protocol is up
Internet Address 10.90.23.1/30, Area 3
Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 1, Dead 4, Wait 4, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:00
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 6
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 3.3.3.3
Suppress hello for 0 neighbor(s)
R2#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
There are two ways to configure OSPF on a single interface, the network command in the routing process config mode
or through the ip ospf command in interface configuration. This lab will discuss and demonstrate the configuration and
verification of per-interface OSPF configuration.
Command
Description
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.20.1 255.255.255.0
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
ip address 10.90.245.2 255.255.255.248
encapsulation frame-relay
ip ospf priority 0
!##################################################
serial restart-delay 0
!#
CCNA Workbook
Lab 9-8 R3 Initial Config
no Free
frame-relay
inverse-arp
!##################################################
frame map ip 10.90.245.1 221 broadcast
!frame map ip 10.90.245.4 221
enable
frame map ip 10.90.245.5 221
configure
no shut terminal
!
hostname
interfaceR3
Serial0/2
no
ipPOINT-TO-POINT
domain-lookup LINK TO R3 ###
###
description
###
SIMULATED NETWORK ###
encapsulation
ppp
ip
address
10.90.30.10255.255.255.0
serial
restart-delay
!no shut
interface
Serial0/1
exit
ip
address2.2.2.2
10.90.23.2 255.255.255.252
router-id
encapsulation
ppp
log-adjacency-changes
!##################################################
no
shut 10.90.23.1 0.0.0.0 area 3
network
!#
Free CCNA
Workbook
Lab 9-8
R4 Initial
Config
exit
network
10.90.245.2
0.0.0.0
area
0
!##################################################
!network 10.90.20.1 0.0.0.0 area 2
!
router ospf 1
enable
router-id
line
con 0 3.3.3.3
configure
terminal
log-adjacency-changes
logging sync
!network
10.90.23.2 0.0.0.0 area 3
no exec-timeout
hostname
10.90.30.1 0.0.0.0 area 3
!network R4
no
!
endip domain-lookup
!
line con 0
interface
Loopback0
logging sync
description
### SIMULATED NETWORK ###
no exec-timeout
!
end
interface FastEthernet0/0
description ### REAL NETWORK ###
ip address 10.90.145.1 255.255.255.0
no shut
!
!##################################################
interface
Serial0/0
!#
Free CCNA###
Workbook
LabFRAME
9-8 R5
Initial
Config###
#
description
PHYSICAL
RELAY
INTERFACE
!##################################################
ip address 10.90.245.4 255.255.255.248
!encapsulation frame-relay
enable
ip ospf priority 0
configure
terminal
serial restart-delay
0
hostname
R5ip 10.90.245.1 421 broadcast
frame map
no
ip domain-lookup
frame
map ip 10.90.245.2 421
ip
address
10.90.145.2
serial
restart-delay
0 255.255.255.0
no shut
!exit
interface
Serial0/0
!
description
router
ospf 1### PHYSICAL FRAME RELAY INTERFACE ###
ip
address4.4.4.4
10.90.245.5 255.255.255.248
router-id
encapsulation
frame-relay
log-adjacency-changes
ip
ospf priority
0 0.0.0.0 area 45
network
10.90.45.1
serial
0
networkrestart-delay
10.90.245.4 0.0.0.0
area 0
no
frame-relay
inverse-arp
network
10.90.145.1
0.0.0.0 area 45
frame
map
ip 10.90.245.1
521
broadcast
network
10.90.40.1
0.0.0.0
area
4
!no exec-timeout
interface
Serial0/1
!
encapsulation ppp
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-per-interface-ospf/[4/12/2015
7:19:52 PM]
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Configure each interface on all routers in the OSPF topology to use per-interface OSPF statements and not network
statements in the OSPF configuration mode. Complete this in a way that the OSPF neighbor relationships are not dropped.
Verify that all interfaces on R1 are participating in the OSPF routing process.
Lab Instruction
Objective 1. Configure each interface on all routers in the OSPF topology to use per-interface OSPF statements and not network
statements in the OSPF configuration mode. Complete this in a way that the OSPF neighbor relationships are not dropped.
To complete this objective in a way that the neighbor relationships are NOT dropped when removing the network statements in OSPF
router configuration mode you must first configure each interface to participate in the correct OSPF routing process and area then
remove the network statements from the OSPF configuration as shown below;
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface Serial0/0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#interface lo0
R1(config-if)#ip ospf 1 area 1
R1(config-if)#exit
R1(config)#router ospf 1
R1(config-router)#no network 10.90.245.1 0.0.0.0 area 0
R1(config-router)#no network 10.90.10.1 0.0.0.0 area 1
R1(config-router)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Serial0/0
R2(config-if)#ip ospf 1 area 0
R2(config-if)#interface lo0
R2(config-if)#ip ospf 1 area 2
R2(config-if)#interface Serial0/2
R2(config-if)#ip ospf 1 area 3
R2(config-if)#exit
R2(config)#router ospf 1
R2(config-router)#no network 10.90.245.2 0.0.0.0 area 0
R2(config-router)#no network 10.90.20.1 0.0.0.0 area 2
R2(config-router)#no network 10.90.23.1 0.0.0.0 area 3
R2(config-router)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface Serial0/1
R3(config-if)#ip ospf 1 area 3
R3(config-if)#interface lo0
R3(config-if)#ip ospf 1 area 3
R3(config-if)#exit
R3(config)#router ospf 1
R3(config-router)#no network 10.90.23.2 0.0.0.0 area 3
R3(config-router)#no network 10.90.30.1 0.0.0.0 area 3
R3(config-router)#end
R3#
%SYS-5-CONFIG_I: Configured from console by console
R3#
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#interface Serial0/0
R4(config-if)#ip ospf 1 area 0
R4(config-if)#interface lo0
R4(config-if)#ip ospf 1 area 4
R4(config-if)#interface Serial0/1
R4(config-if)#ip ospf 1 area 45
R4(config-if)#interface FastEthernet0/0
R4(config-if)#ip ospf 1 area 45
R4(config-if)#exit
R4(config)#router ospf 1
R4(config-router)#no network 10.90.245.4 0.0.0.0 area 0
R4(config-router)#no network 10.90.40.1 0.0.0.0 area 4
R4(config-router)#no network 10.90.145.1 0.0.0.0 area 45
R4(config-router)#no network 10.90.45.1 0.0.0.0 area 45
R4(config-router)#end
R4#
*Jul 9 22:03:43.149: %SYS-5-CONFIG_I: Configured from console by console
R4#
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#interface Serial0/0
R5(config-if)#ip ospf 1 area 0
R5(config-if)#interface Lo0
R5(config-if)#ip ospf 1 area 5
R5(config-if)#interface Serial0/1
R5(config-if)#ip ospf 1 area 45
R5(config-if)#interface FastEthernet0/0
R5(config-if)#ip ospf 1 area 45
R5(config-if)#exit
R5(config)#router ospf 1
R5(config-router)#no network 10.90.245.5 0.0.0.0 area 0
R5(config-router)#no network 10.90.50.1 0.0.0.0 area 5
R5(config-router)#no network 10.90.45.2 0.0.0.0 area 45
R5(config-router)#no network 10.90.145.2 0.0.0.0 area 45
R5(config-router)#end
R5#
%SYS-5-CONFIG_I: Configured from console by console
R5#
Objective 2. Verify that all interfaces on R1 are participating in the OSPF routing process.
R1#show ip ospf interface brief
Interface
PID
Area
Se0/0
1
0
Lo0
1
1
R1#
IP Address/Mask
10.90.245.1/29
10.90.10.1/24
Cost
64
1
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Stub Areas are another way of building a scalable OSPF network. Stub Areas support multiple features that can
reduce router resources and simplify configurations. This lab will discuss and demonstrate the configuration and
verification of OSPF stub areas.
ABR using a type 3 LSA. This type of stub area is an extension to OSPF created by Cisco. To configure an area as a not so totally
stubby area area youd execute the area # nssa no-summary in OSPF router configuration mode on the ABR.
When configuring an area stub type the command is executed on the ABR, however when you specify an area as a stub on the ABR,
all routers in that area must have be configured as a stub by using the area # stub
In this lab you will configure and verify area 3 as a stub area and totally stubby area.
Familiarize yourself with the following new command(s);
Command
Description
area # stub
This command is executed in OSPF configuration mode to configure a specific area in OSPF as
a stub. All routers in a stub area must have the stub area flag set. This means that all routers in
the area must be configure with this command if the ABR has the area configured as a stub.
area # nssa
This command is executed in OSPF configuration mode on the ABR to specify an area as a not
so stubby area. This type of area allows for redistributed routes as a type 7 lsa which is
translated to a type 5 at the ABR before being propagated through out the autonomous system.
This command is executed in OSPF configuration mode on the ABR to specify an area as a
totally stubby area which only allows type 1 and 2 LSAs and a single type 3 LSA (default route)
from the ABR. all other LSAs are blocked.
This command is executed in OSPF configuration mode on the ABR in OSPF configuration
mode to specify a specific area as a not so totally stubby area which blocks types 3 4 and 5
LSAs but allows a single type 3 LSA as the default route and type 7 LSAs internal to the area.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.20.1 255.255.255.0
ip ospf 1 area 2
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
ip address 10.90.245.2 255.255.255.248
encapsulation frame-relay
!##################################################
ip ospf priority 0
!#
Free1CCNA
Lab 9-9 R3 Initial Config
ip ospf
areaWorkbook
0
!##################################################
serial restart-delay 0
!no frame-relay inverse-arp
enable
frame map ip 10.90.245.1 221 broadcast
configure
frame mapterminal
ip 10.90.245.4 221
!frame map ip 10.90.245.5 221
hostname
no shut R3
no
! ip domain-lookup
!
interface Serial0/2
interface
Loopback0 LINK TO R3 ###
### POINT-TO-POINT
description
### SIMULATED
NETWORK ###
ip address 10.90.23.1
255.255.255.252
ip address
10.90.30.1
255.255.255.0
ospf 1 area
3
ip ospf 1
area 3
hello-interval
1
!encapsulation ppp
interface
Serial0/1
serial restart-delay
0
description
### POINT-TO-POINT LINK TO R2 ###
no shut
ip
address 10.90.23.2 255.255.255.252
exit
!##################################################
ip ospf
hello-interval
1
router
ospf
1
!#
Free CCNA
Workbook
Lab 9-9 R4 Initial Config
encapsulation
ppp
router-id
2.2.2.2
!##################################################
no
shut
log-adjacency-changes
!exit
enable
!
line con 0
configure
terminal
router
ospf
1
logging
sync
!router-id
3.3.3.3
no exec-timeout
hostname
R4
!log-adjacency-changes
no
!
endip domain-lookup
!
line con 0
interface
Loopback0
logging sync
description
### SIMULATED NETWORK ###
no exec-timeout
interface FastEthernet0/0
ip ospf 1 area 45
!##################################################
no shut
!#
!
!##################################################
interface
Serial0/0
!description ### PHYSICAL FRAME RELAY INTERFACE ###
enable
ip address 10.90.245.4 255.255.255.248
configure
terminal
encapsulation
frame-relay
!ip ospf priority 0
hostname
R5area 0
ip ospf 1
no
ip domain-lookup
serial
restart-delay 0
interface
frame mapLoopback0
ip 10.90.245.1 421 broadcast
description
SIMULATED421
NETWORK ###
frame map ip###
10.90.245.2
ip address
10.90.50.1
255.255.255.0
frame
map ip
10.90.245.5
421
ip
no ospf
shut 1 area 5
interface FastEthernet0/0
Serial0/1
ip address 10.90.145.2
255.255.255.0
10.90.45.1 255.255.255.252
ip ospf 1 area 45
!##################################################
no
shut
encapsulation
ppp
!#
Freerestart-delay
CCNA Workbook0Lab 9-8 SW1 Initial Config #
!
serial
!##################################################
interface
no shut Serial0/0
!description
### PHYSICAL FRAME RELAY INTERFACE ###
exit
enable
ip address 10.90.245.5 255.255.255.248
!
configure
terminal
encapsulation
router
ospf
1 frame-relay
!ip
ospf priority
router-id
4.4.4.40
hostname
SW1
ip
ospf 1
area 0
log-adjacency-changes
no
ip domain-lookup
serial
restart-delay 0
!
!no frame-relay
inverse-arp
line
con 0
line
con
0 ip 10.90.245.1 521 broadcast
frame
map
logging
sync
logging
sync
frame
map
ip 10.90.245.2 521
no
exec-timeout
no exec-timeout
map ip 10.90.245.4 521
!frame
!no shut
end
end
!
interface Serial0/1
description ### POINT-TO-POINT LINK TO R4 ###
ip address 10.90.45.2 255.255.255.252
ip ospf 1 area 45
encapsulation ppp
Lab Objectives
serial restart-delay 0
no shut
exit
!
router ospf 1
router-id 5.5.5.5
log-adjacency-changes
Configure Area 3 as a stub area. Afterward; verify the routing table on R3.
line con 0
logging sync
no exec-timeout
!
end
Configure Area 3 as a totally stubby area. Afterward; verify the routing table on R3.
Lab Instruction
Objective 1. Configure Area 3 as a stub area. Afterward; verify the routing table on R3.
To complete this objective you must specify Area 3 as a stub area on the ABR and all routers that participate in area 3 as shown
below;
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router ospf 1
R2(config-router)#area 3 stub
R2(config-router)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
%OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial0/2 from FULL to DOWN, Neighbor Down: Adjacency
forced to reset
R2#
When configuring the are Area Border Router youll notice the neighbor relationship will drop as shown above due to the stub flag not
matching in the hello packets. However when you configure the neighboring router in area 3 (R3) as a stub area the neighbor
relationship will rebuild as shown below;
R3#
%OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/1 from FULL to DOWN, Neighbor Down: Dead time
r expired
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router ospf 1
R3(config-router)#area 3 stub
R3(config-router)#end
R3#
%SYS-5-CONFIG_I: Configured from console by console
%OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/1 from LOADING
to FULL, Loading Done
R3#
Shown below is the routing table of R3 to verify that R3 is indeed receiving the correct default route from the ABR.
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.90.23.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 10 subnets, 4 masks
O IA
10.90.50.1/32 [110/129] via 10.90.23.1, 00:02:40, Serial0/1
O IA
10.90.40.1/32 [110/129] via 10.90.23.1, 00:02:40, Serial0/1
C
10.90.23.0/30 is directly connected, Serial0/1
C
10.90.23.1/32 is directly connected, Serial0/1
C
10.90.30.0/24 is directly connected, Loopback0
O IA
10.90.145.0/24 [110/129] via 10.90.23.1, 00:02:40, Serial0/1
O IA
10.90.45.0/30 [110/192] via 10.90.23.1, 00:02:40, Serial0/1
O IA
10.90.20.1/32 [110/65] via 10.90.23.1, 00:02:40, Serial0/1
O IA
10.90.10.1/32 [110/129] via 10.90.23.1, 00:02:40, Serial0/1
O IA
10.90.245.0/29 [110/128] via 10.90.23.1, 00:02:40, Serial0/1
O*IA 0.0.0.0/0 [110/65] via 10.90.23.1, 00:02:40, Serial0/1
R3#
You can also verify that Area 3 is a stub area by using the show ip ospf command on R2 or R3 as this will explicitly tell you rather or
not a specific area is a stub area as shown below;
R3#show ip ospf
Routing Process "ospf 1" with ID 3.3.3.3
Start time: 00:03:08.388, Time elapsed: 01:33:52.844
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 0 normal 1 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Area 3
Number of interfaces in this area is 2 (1 loopback)
It is a stub area
Area has no authentication
SPF algorithm last executed 00:08:19.176 ago
SPF algorithm executed 6 times
Area ranges are
Number of LSA 10. Checksum Sum 0x04EE8E
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
R3#
Objective 2. Configure Area 3 as a totally stubby area. Afterward; verify the routing table on R3.
To configure Area 3 as a totally stubby area you only need to change the stub type on the ABR now as R3 already has area 3
specified as a stub due to the previous objective.
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#router ospf 1
R2(config-router)#area 3 stub no-summary
R2(config-router)#end
R2#
Shown below is the routing table of R3, youll notice that R3 is now only receiving a default route from R2 (The ABR) as the ABR is
treating area 3 as a totally stubby area, it is only advertising a single type 3 LSA which is the default route shown in the routing table
as O*IA 0.0.0.0/0 and blocking type 3 and 4 LSAs which are the other area routes which would typically be O*IA routes as shown in
verification of Objective 1.
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Changing OSPF interface cost is a simple and easy way to manipulate the OSPF routes in the routing table. This lab
will discuss and demonstrate the configuration and verification of OSPF Interface Cost.
Command
Description
ip ospf cost #
This command is executed in interface configuration mode to statically configure the OSPF
interface cost of the specified interface.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.20.1 255.255.255.0
ip ospf 1 area 2
interface Serial0/0
encapsulation frame-relay
!##################################################
ip ospf priority 0
!#
Free1CCNA
Lab 9-10 R3 Initial Config #
ip ospf
areaWorkbook
0
!##################################################
serial restart-delay 0
!no frame-relay inverse-arp
enable
frame map ip 10.90.245.1 221 broadcast
configure
frame mapterminal
ip 10.90.245.4 221
!frame map ip 10.90.245.5 221
hostname
no shut R3
no
! ip domain-lookup
!
interface Serial0/2
interface
Loopback0 LINK TO R3 ###
### POINT-TO-POINT
description
### SIMULATED
NETWORK ###
ip address 10.90.23.1
255.255.255.252
ip address
10.90.30.1
255.255.255.0
ospf 1 area
3
ip ospf 1
area 3
hello-interval
1
!encapsulation ppp
interface
Serial0/1
serial restart-delay
0
description
### POINT-TO-POINT LINK TO R2 ###
no shut
ip
address 10.90.23.2 255.255.255.252
exit
!##################################################
ip ospf
hello-interval
1
router
ospf
1
!#
Free CCNA
Workbook
Lab 9-10 R4 Initial Config #
encapsulation
ppp
router-id
2.2.2.2
!##################################################
no
shut
log-adjacency-changes
!exit
area 3 stub no-summary
enable
!
configure
router
ospf
1
line con
0terminal
!router-id
3.3.3.3
logging sync
hostname
R4
log-adjacency-changes
no exec-timeout
no
ip domain-lookup
3 stub
!area
!
end
interface
line con 0Loopback0
description
logging sync### SIMULATED NETWORK ###
ip
10.90.40.1 255.255.255.0
no address
exec-timeout
!
end
interface FastEthernet0/0
description ### REAL NETWORK ###
ip address 10.90.145.1 255.255.255.0
ip ospf 1 area 45
!##################################################
no shut
!#
!
!##################################################
interface
Serial0/0
!description ### PHYSICAL FRAME RELAY INTERFACE ###
enable
ip address 10.90.245.4 255.255.255.248
configure
terminal
encapsulation
frame-relay
!ip ospf priority 0
hostname
R5area 0
ip ospf 1
no
ip domain-lookup
serial
restart-delay 0
interface
frame mapLoopback0
ip 10.90.245.1 421 broadcast
description
SIMULATED421
NETWORK ###
frame map ip###
10.90.245.2
ip address
10.90.50.1
255.255.255.0
frame
map ip
10.90.245.5
421
ip
no ospf
shut 1 area 5
interface FastEthernet0/0
Serial0/1
ip address 10.90.145.2
255.255.255.0
10.90.45.1 255.255.255.252
ip ospf 1 area 45
no
shut
encapsulation
ppp
!serial restart-delay 0
interface
no shut Serial0/0
description
### PHYSICAL FRAME RELAY INTERFACE ###
exit
ip
ospf 1 area 0
log-adjacency-changes
!serial restart-delay 0
no frame-relay
inverse-arp
line
con 0
frame
map
ip 10.90.245.1 521 broadcast
logging
sync
frame
map ip 10.90.245.2 521
no exec-timeout
interface Serial0/1
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-ospf-interface-cost/[4/12/2015
7:20:33 PM]
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Observe the routing table on R1, The route to 10.90.145.0/24 should be load balanced via R4 and R5.
Configure R5s 10.90.145.0/24 interface with the OSPF cost 100; afterwards verify R1s routing table to see if R1 is using the
R4 to get to the 10.90.145.0/24 route.
Lab Instruction
Objective 1. Observe the routing table on R1, The route to 10.90.145.0/24 should be load balanced via R4 and R5.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 4 masks
10.90.50.1/32 [110/65] via 10.90.245.5, 02:09:40, Serial0/0
10.90.40.1/32 [110/65] via 10.90.245.4, 02:09:40, Serial0/0
10.90.23.0/30 [110/128] via 10.90.245.2, 02:01:57, Serial0/0
10.90.30.1/32 [110/129] via 10.90.245.2, 00:47:17, Serial0/0
10.90.145.0/24 [110/65] via 10.90.245.5, 02:09:40, Serial0/0
[110/65] via 10.90.245.4, 00:11:37, Serial0/0
O IA
10.90.45.0/30 [110/128] via 10.90.245.5, 02:09:40, Serial0/0
[110/128] via 10.90.245.4, 02:09:40, Serial0/0
O IA
10.90.20.1/32 [110/65] via 10.90.245.2, 02:01:57, Serial0/0
C
10.90.10.0/24 is directly connected, Loopback0
C
10.90.245.0/29 is directly connected, Serial0/0
R1#
O
O
O
O
O
IA
IA
IA
IA
IA
Objective 2. Configure R5s 10.90.145.0/24 interface with the OSPF cost 100; afterwards verify R1s routing table to see if R1 is
using the R4 to get to the 10.90.145.0/24 route.
In order to make R4 the preferred route on R1, you must increase R5s cost to the 10.90.145.0/24 network as both routers cost to the
10.90.145.0/24 network is 1 since 100Mbps is the default reference bandwidth of OSPF.
R5#configure terminal
Enter configuration commands, one per line.
R5(config)#interface FastEthernet0/0
R5(config-if)#ip ospf cost 100
R5(config-if)#end
R5#
%SYS-5-CONFIG_I: Configured from console by console
R5#
After the cost has been changed on R5 verify that R1 is now using R4 as the next hop to get to the 10.90.145.0/24 network as shown
below;
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 4 masks
10.90.50.1/32 [110/65] via 10.90.245.5, 02:14:01, Serial0/0
10.90.40.1/32 [110/65] via 10.90.245.4, 02:14:01, Serial0/0
10.90.23.0/30 [110/128] via 10.90.245.2, 02:06:18, Serial0/0
10.90.30.1/32 [110/129] via 10.90.245.2, 00:51:38, Serial0/0
10.90.145.0/24 [110/65] via 10.90.245.4, 00:15:59, Serial0/0
10.90.45.0/30 [110/128] via 10.90.245.5, 02:14:01, Serial0/0
[110/128] via 10.90.245.4, 02:14:01, Serial0/0
O IA
10.90.20.1/32 [110/65] via 10.90.245.2, 02:06:18, Serial0/0
C
10.90.10.0/24 is directly connected, Loopback0
C
10.90.245.0/29 is directly connected, Serial0/0
R1#
O
O
O
O
O
O
IA
IA
IA
IA
IA
IA
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
You can modify the default interface cost in OSPF by changing the OSPF Reference Bandwidth metric. This lab will
discuss and demonstrate the configuration and verification of OSPF reference bandwidth.
Command
Description
auto-cost referencebandwidth #
This command is executed in OSPF router configuration mode to specify a default auto-cost
reference bandwidth used to dynamically calculate OSPF interface cost.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Stub Area Networking GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.20.1 255.255.255.0
ip ospf 1 area 2
interface Serial0/0
encapsulation frame-relay
!##################################################
ip ospf priority 0
!#
Free1CCNA
Lab 9-11 R3 Initial Config #
ip ospf
areaWorkbook
0
!##################################################
serial restart-delay 0
!no frame-relay inverse-arp
enable
frame map ip 10.90.245.1 221 broadcast
configure
frame mapterminal
ip 10.90.245.4 221
!frame map ip 10.90.245.5 221
hostname
no shut R3
no
! ip domain-lookup
!
interface Serial0/2
interface
Loopback0 LINK TO R3 ###
### POINT-TO-POINT
description
### SIMULATED
NETWORK ###
ip address 10.90.23.1
255.255.255.252
ip address
10.90.30.1
255.255.255.0
ospf 1 area
3
ip ospf 1
area 3
hello-interval
1
!encapsulation ppp
interface
Serial0/1
serial restart-delay
0
description
### POINT-TO-POINT LINK TO R2 ###
no shut
ip
address 10.90.23.2 255.255.255.252
exit
!##################################################
ip ospf
hello-interval
1
router
ospf
1
!#
Free CCNA
Workbook
Lab 9-11 R4 Initial Config #
encapsulation
ppp
router-id
2.2.2.2
!##################################################
no
shut
log-adjacency-changes
!exit
area 3 stub no-summary
enable
!
configure
router
ospf
1
line con
0terminal
!router-id
3.3.3.3
logging sync
hostname
R4
log-adjacency-changes
no exec-timeout
no
ip domain-lookup
3 stub
!area
!
end
interface
line con 0Loopback0
description
logging sync### SIMULATED NETWORK ###
ip
10.90.40.1 255.255.255.0
no address
exec-timeout
!
end
interface FastEthernet0/0
description ### REAL NETWORK ###
ip address 10.90.145.1 255.255.255.0
ip ospf 1 area 45
!##################################################
no shut
!#
!
!##################################################
interface
Serial0/0
!description ### PHYSICAL FRAME RELAY INTERFACE ###
enable
ip address 10.90.245.4 255.255.255.248
configure
terminal
encapsulation
frame-relay
!ip ospf priority 0
hostname
R5area 0
ip ospf 1
no
ip domain-lookup
serial
restart-delay 0
interface
frame mapLoopback0
ip 10.90.245.1 421 broadcast
description
SIMULATED421
NETWORK ###
frame map ip###
10.90.245.2
ip address
10.90.50.1
255.255.255.0
frame
map ip
10.90.245.5
421
ip
no ospf
shut 1 area 5
interface FastEthernet0/0
Serial0/1
ip address 10.90.145.2
255.255.255.0
10.90.45.1 255.255.255.252
ip ospf cost
100
1 area
45
ip
ospf 1 areappp
45
encapsulation
no
shutrestart-delay 0
serial
!no shut
interface
Serial0/0
exit
serial
0
line
conrestart-delay
0
no
frame-relay
inverse-arp
logging
sync
frame
map ip 10.90.245.1 521 broadcast
no exec-timeout
!
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-ospf-auto-cost-reference-bandwidth/[4/12/2015
7:20:51 PM]
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Configure the OSPF Auto Cost Reference Bandwidth on all OSPF routers in the topology to 1Tbps.
Verify your configuration by viewing the routing table and manually calculating the metric for a T1
Lab Instruction
Objective 1. Configure the OSPF Auto Cost Reference Bandwidth on all OSPF routers in the topology to 1Tbps.
1Tbps = 1000000Mbps as shown below;
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#auto-cost reference-bandwidth 1000000
% OSPF: Reference bandwidth is changed.
Please ensure reference bandwidth is consistent across all routers.
R1(config-router)#end
R1#
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router ospf 1
R2(config-router)#auto-cost reference-bandwidth 1000000
% OSPF: Reference bandwidth is changed.
Please ensure reference bandwidth is consistent across all routers.
R2(config-router)#end
R2#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router ospf 1
R3(config-router)#auto-cost reference-bandwidth 1000000
% OSPF: Reference bandwidth is changed.
Please ensure reference bandwidth is consistent across all routers.
R3(config-router)#end
R3#
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#auto-cost reference-bandwidth 1000000
% OSPF: Reference bandwidth is changed.
Please ensure reference bandwidth is consistent across all routers.
R4(config-router)#
end
R4#
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#router ospf 1
R5(config-router)#auto-cost reference-bandwidth 1000000
% OSPF: Reference bandwidth is changed.
Please ensure reference bandwidth is consistent across all routers.
R5(config-router)#end
R5#
Objective 2. Verify your configuration by viewing the routing table and manually calculating the metric for a T1
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 4 masks
10.90.50.1/32 [110/65536] via 10.90.245.5, 00:06:04, Serial0/0
10.90.40.1/32 [110/65536] via 10.90.245.4, 00:06:04, Serial0/0
10.90.23.0/30 [110/131070] via 10.90.245.2, 00:05:53, Serial0/0
10.90.30.1/32 [110/131071] via 10.90.245.2, 00:05:53, Serial0/0
10.90.145..0/24 [110/65635] via 10.90.245.5, 00:05:24, Serial0/0
10.90.45.0/30 [110/131070] via 10.90.245.5, 00:05:14, Serial0/0
[110/131070] via 10.90.245.4, 00:05:14, Serial0/0
O IA
10.90.20.1/32 [110/65536] via 10.90.245.2, 00:06:04, Serial0/0
C
10.90.10.0/24 is directly connected, Loopback0
C
10.90.245.0/29 is directly connected, Serial0/0
R1#
O
O
O
O
O
O
IA
IA
IA
IA
IA
IA
To calculate the auto-cost metric for a T1 well use the following route shown below;
O IA
First off we know the formula is Metric = (10^12/bw) in which case we also know the bandwidth of the interface which is 1544; so to
calculate the T1 auto-cost metric the math would be; metric = (10^12/1,544,000) in which case equals 647668.
Okay so something does not add up; the metric on the router shows 65536 but the metric calculated shown above does not match
the route metric in the actual routing table? To answer this question you must think back to the operation of OSPF; this is due to the
maximum metric per interface being 65536. This is the worst possible metric given to a single hop.
Keep in mind setting the OSPF auto-cost reference-bandwidth to 1Tbps can hurt your network more then it can help it. This is due to
the fact that any link slower then ~15Mbps will get the max metric of 65536 per hop, in which case OSPF cannot tell the difference
between a T1 and 10Mbps WAN link and thus will install both routes as equal cost routes to the destination in the routing table
resulting in sub-optimal routing. CEF will load-share based on per destination hashing which can result in unintended network
operation such as all traffic going to one server takes the slow path over the faster path.
In todays network it is best to set the OSPF auto-cost reference-bandwidth too 100Gbps using the auto-cost reference-bandwidth
100000 command in router configuration mode. In which case a full T1 would get a metric of 64766.
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
As like EIGRP, the OSPF routing protocol also supports the passive interface where you have the ability to enable
OSPF on the interface but not form relationships with neighbors on it. This lab will discuss and demonstrate the
configuration and verification of passive OSPF interfaces.
Command
Description
passive-interface interfacename#/#
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.20.1 255.255.255.0
ip ospf 1 area 2
interface Serial0/0
encapsulation frame-relay
!##################################################
ip ospf priority 0
!#
Free1CCNA
Lab 9-12 R3 Initial Config #
ip ospf
areaWorkbook
0
!##################################################
serial restart-delay 0
!no frame-relay inverse-arp
enable
frame map ip 10.90.245.1 221 broadcast
configure
frame mapterminal
ip 10.90.245.4 221
!frame map ip 10.90.245.5 221
hostname
no shut R3
no
! ip domain-lookup
!
interface Serial0/2
interface
Loopback0 LINK TO R3 ###
### POINT-TO-POINT
description
### SIMULATED
NETWORK ###
ip address 10.90.23.1
255.255.255.252
ip address
10.90.30.1
255.255.255.0
ospf 1 area
3
ip ospf 1
area 3
hello-interval
1
!encapsulation ppp
interface
Serial0/1
serial restart-delay
0
description
### POINT-TO-POINT LINK TO R2 ###
no shut
ip
address 10.90.23.2 255.255.255.252
exit
!##################################################
ip ospf
hello-interval
1
router
ospf
1
!#
Free CCNA
Workbook
Lab 9-12 R4 Initial Config #
encapsulation
ppp
router-id
2.2.2.2
!##################################################
no
shut
auto-cost
reference-bandwidth 100000
!exit
log-adjacency-changes
enable
!area 3 stub no-summary
configure
terminal
router
ospf
1
!
!
router-id
line
con 0 3.3.3.3
hostname
log-adjacency-changes
logging R4
sync
no
domain-lookup
auto-cost
reference-bandwidth 100000
noip
exec-timeout
!area 3 stub
interface
Loopback0
!
end
description
### SIMULATED NETWORK ###
line
con 0
ip address
10.90.40.1 255.255.255.0
logging
sync
ip exec-timeout
ospf 1 area 4
no
interface FastEthernet0/0
end
!##################################################
no shut
!#
!
!##################################################
interface
Serial0/0
!description ### PHYSICAL FRAME RELAY INTERFACE ###
enable
ip address 10.90.245.4 255.255.255.248
configure
terminal
encapsulation
frame-relay
!ip ospf priority 0
hostname
R5area 0
ip ospf 1
no
ip domain-lookup
serial
restart-delay 0
interface
frame mapLoopback0
ip 10.90.245.1 421 broadcast
description
SIMULATED421
NETWORK ###
frame map ip###
10.90.245.2
ip address
10.90.50.1
255.255.255.0
frame
map ip
10.90.245.5
421
ip
no ospf
shut 1 area 5
interface FastEthernet0/0
Serial0/1
ip address 10.90.145.2
255.255.255.0
10.90.45.1 255.255.255.252
ip ospf cost
100
1 area
45
ip
ospf 1 areappp
45
encapsulation
no
shutrestart-delay 0
serial
!no shut
interface
Serial0/0
exit
ip
ospf priority
0
auto-cost
reference-bandwidth
100000
ip
ospf 1 area 0
log-adjacency-changes
!serial restart-delay 0
no frame-relay
inverse-arp
line
con 0
frame
map
ip 10.90.245.1 521 broadcast
logging
sync
frame
map ip 10.90.245.2 521
no exec-timeout
!
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-ospf-passive-interface/[4/12/2015
7:21:11 PM]
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Configure R4 and R5s LAN interfaces (FastEthernet0/0) as passive interfaces to ensure R4 and R5 never become neighbors
over through the LAN.
Verify on R1 that the routes to R4 and R5s connected LAN is still in the routing table.
Lab Instruction
Objective 1. Configure R4 and R5s LAN interfaces (FastEthernet0/0) as passive interfaces to ensure R4 and R5 never become
neighbors over through the LAN.
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#passive-interface FastEthernet0/0
%OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Int
erface down or detached
R4(config-router)#end
R4#
%SYS-5-CONFIG_I: Configured from console by console
R4#
R5#
%OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet0/0 from FULL
to DOWN, Neighbor Down: Interface down or detached
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#router ospf 1
R5(config-router)#passive-interface FastEthernet0/0
R5(config-router)#end
R5#
*Jul 12 20:06:16.183: %SYS-5-CONFIG_I: Configured from console by console
R5#
Objective 2. Verify on R1 that the routes to R4 and R5s connected LAN is still in the routing table.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
IA
IA
IA
IA
IA
IA
As you can see from the routing table of R1 shown above that to get to the 10.90.145.0/24 network from R1 the next hop is R5. If you
view the interface configuration on R5 youll see it has an ospf cost of 100 as previously configured in Lab 9-10 Configuring OSPF
Interface Cost before the auto-cost reference-bandwidth was changed in Lab 9-11 Configuring OSPF Auto Cost Reference
Bandwidth to ensure traffic coming from R1 would take R4 to get to 10.90.145.0/24 as R4 used the default cost reference which
gave its FastEthernet0/0 interface a cost of 1 thus the ip ospf cost 100 on R5s FastEthernet0/0 interface would be a higher. But after
the auto cost reference bandwidth change R5 became the preferred route as OSPF dynamically calculated a higher cost then 100
for R4 to its FastEthernet0/0.
To resolve this you can change the cost on R5s FastEthernet0/0 interface to 65535 as shown below;
R5#configure terminal
Enter configuration commands, one per line.
R5(config)#interface FastEthernet0/0
R5(config-if)#ip ospf cost 65535
R5(config-if)#end
R5#
View R1s routing table as shown below; youll notice that the R1 now has the correct route to 10.90.145.0/24 through R4.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 4 masks
10.90.50.1/32 [110/64767] via 10.90.245.5, 00:55:05, Serial0/0
10.90.40.1/32 [110/64767] via 10.90.245.4, 00:55:05, Serial0/0
10.90.23.0/30 [110/129532] via 10.90.245.2, 00:54:55, Serial0/0
10.90.30.1/32 [110/129533] via 10.90.245.2, 00:45:11, Serial0/0
10.90.145.0/24 [110/65766] via 10.90.245.4, 00:01:05, Serial0/0
10.90.45.0/30 [110/129532] via 10.90.245.5, 00:54:55, Serial0/0
[110/129532] via 10.90.245.4, 00:54:55, Serial0/0
O IA
10.90.20.1/32 [110/64767] via 10.90.245.2, 00:55:05, Serial0/0
C
10.90.10.0/24 is directly connected, Loopback0
C
10.90.245.0/29 is directly connected, Serial0/0
R1#
O
O
O
O
O
O
IA
IA
IA
IA
IA
IA
Previous Lab
Next Lab
Like
13 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
By default OSPF supports a maximum of 4 paths to be installed to a single network with an identical metric. This
however can be changed to a maximum of 16. This lab will discuss and demonstrate the configuration and verification
of OSPF maximum paths.
Command
Description
maximum-paths #
This command is executed in router configuration mode to set how many equal metric paths
that the routing can install into the routing table for load balancing.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Stub Area Networking GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.20.1 255.255.255.0
ip ospf 1 area 2
interface Serial0/0
encapsulation frame-relay
!##################################################
ip ospf priority 0
!#
Free1CCNA
Lab 9-13 R3 Initial Config #
ip ospf
areaWorkbook
0
!##################################################
serial restart-delay 0
!no frame-relay inverse-arp
enable
frame map ip 10.90.245.1 221 broadcast
configure
frame mapterminal
ip 10.90.245.4 221
!frame map ip 10.90.245.5 221
hostname
no shut R3
no
! ip domain-lookup
!
interface Serial0/2
interface
Loopback0 LINK TO R3 ###
### POINT-TO-POINT
description
### SIMULATED
NETWORK ###
ip address 10.90.23.1
255.255.255.252
ip address
10.90.30.1
255.255.255.0
ospf 1 area
3
ip ospf 1
area 3
hello-interval
1
!encapsulation ppp
interface
Serial0/1
serial restart-delay
0
description
### POINT-TO-POINT LINK TO R2 ###
no shut
ip
address 10.90.23.2 255.255.255.252
exit
!##################################################
ip ospf
hello-interval
1
router
ospf
1
!#
Free CCNA
Workbook
Lab 9-13 R4 Initial Config #
encapsulation
ppp
router-id
2.2.2.2
!##################################################
no
shut
auto-cost
reference-bandwidth 100000
!exit
log-adjacency-changes
enable
!area 3 stub no-summary
configure
terminal
router
ospf
1
!
!
router-id
line
con 0 3.3.3.3
hostname
log-adjacency-changes
logging R4
sync
no
domain-lookup
auto-cost
reference-bandwidth 100000
noip
exec-timeout
!area 3 stub
interface
Loopback0
!
end
description
### SIMULATED NETWORK ###
line
con 0
ip address
10.90.40.1 255.255.255.0
logging
sync
ip exec-timeout
ospf 1 area 4
no
interface FastEthernet0/0
end
!##################################################
no shut
!#
!
!##################################################
interface
Serial0/0
!description ### PHYSICAL FRAME RELAY INTERFACE ###
enable
ip address 10.90.245.4 255.255.255.248
configure
terminal
encapsulation
frame-relay
!ip ospf priority 0
hostname
R5area 0
ip ospf 1
no
ip domain-lookup
serial
restart-delay 0
interface
frame mapLoopback0
ip 10.90.245.1 421 broadcast
description
SIMULATED421
NETWORK ###
frame map ip###
10.90.245.2
ip address
10.90.50.1
255.255.255.0
frame
map ip
10.90.245.5
421
ip
no ospf
shut 1 area 5
interface FastEthernet0/0
Serial0/1
ip address 10.90.145.2
255.255.255.0
10.90.45.1 255.255.255.252
ip ospf cost
65535
1 area
45
ip
ospf 1 areappp
45
encapsulation
no
shutrestart-delay 0
serial
!no shut
interface
Serial0/0
exit
ip
ospf priority
0
auto-cost
reference-bandwidth
100000
ip
ospf 1 area 0
log-adjacency-changes
serial
restart-delay
0
passive-interface
fastethernet0/0
frame
map
line
con
0 ip 10.90.245.1 521 broadcast
frame
map
ip 10.90.245.2 521
logging
sync
frame
map ip 10.90.245.4 521
no
exec-timeout
!no shut
!
end
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-ospf-maximum-paths/[4/12/2015
7:21:31 PM]
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
View the routing table on R1 and check if any routes are being load balanced.
Configure R1 to use no more then 1 path to get to any given destination.
View R1s routing table again and verify that network 10.90.45.0/30 is no longer load balanced between R4 and R5.
Lab Instruction
Objective 1. View the routing table on R1 and check if any routes are being load balanced.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 4 masks
10.90.50.1/32 [110/64767] via 10.90.245.5, 01:12:43, Serial0/0
10.90.40.1/32 [110/64767] via 10.90.245.4, 01:12:43, Serial0/0
10.90.23.0/30 [110/129532] via 10.90.245.2, 01:12:33, Serial0/0
10.90.30.1/32 [110/129533] via 10.90.245.2, 01:02:49, Serial0/0
10.90.145.0/24 [110/65766] via 10.90.245.4, 00:18:43, Serial0/0
10.90.45.0/30 [110/129532] via 10.90.245.5, 01:12:32, Serial0/0
[110/129532] via 10.90.245.4, 01:12:33, Serial0/0
O IA
10.90.20.1/32 [110/64767] via 10.90.245.2, 01:12:43, Serial0/0
C
10.90.10.0/24 is directly connected, Loopback0
C
10.90.245.0/29 is directly connected, Serial0/0
R1#
O
O
O
O
O
O
IA
IA
IA
IA
IA
IA
As you can see from R1s routing table shown above that R1 is load balancing traffic to the 10.90.45.0/30 destination.
Objective 2. Configure R1 to use no more then 1 path to get to any given destination.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#maximum-paths 1
R1(config-router)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
Objective 3. View R1s routing table again and verify that network 10.90.45.0/30 is no longer load balanced between R4 and R5.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O IA
O IA
O IA
O IA
O IA
O IA
O IA
C
C
R1#
After configuring the maximum paths in OSPF to 1 youll see that R1 no longer load balances to 10.90.45.0/30 as shown above in
R1s routing table.
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Route summarization in OSPF can only be done in two places in OSPF due to the operational nature of protocol.
Because the link state database must be the identical everywhere you cant just do it in random places. This lab will
discuss and demonstrate the configuration and verification of OSPF route summarization.
Command
Description
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Stub Area Networking GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
ip ospf 1 area 2
interface Serial0/0
encapsulation frame-relay
!##################################################
ip ospf priority 0
!#
Free1CCNA
Lab 9-14 R3 Initial Config #
ip ospf
areaWorkbook
0
!##################################################
serial restart-delay 0
!no frame-relay inverse-arp
enable
frame map ip 10.90.245.1 221 broadcast
configure
frame mapterminal
ip 10.90.245.4 221
!frame map ip 10.90.245.5 221
hostname
no shut R3
no
! ip domain-lookup
!
interface Serial0/2
interface
Loopback0 LINK TO R3 ###
### POINT-TO-POINT
description
### SIMULATED
NETWORK ###
ip address 10.90.23.1
255.255.255.252
ip address
10.90.30.1
255.255.255.0
ospf 1 area
3
ip ospf 1
area 3
hello-interval
1
!encapsulation ppp
interface
Serial0/1
serial restart-delay
0
description
### POINT-TO-POINT LINK TO R2 ###
no shut
ip
address 10.90.23.2 255.255.255.252
exit
!##################################################
ip ospf
hello-interval
1
router
ospf
1
!#
Free CCNA
Workbook
Lab 9-14 R4 Initial Config #
encapsulation
ppp
router-id
2.2.2.2
!##################################################
no
shut
auto-cost
reference-bandwidth 100000
!exit
log-adjacency-changes
enable
!area 3 stub no-summary
configure
terminal
router
ospf
1
!
!
router-id
line
con 0 3.3.3.3
hostname
log-adjacency-changes
logging R4
sync
no
domain-lookup
auto-cost
reference-bandwidth 100000
noip
exec-timeout
!area 3 stub
interface
Loopback0
!
end
description
### SIMULATED NETWORK ###
line
con 0
ip address
10.90.40.1 255.255.255.0
logging
sync
ip exec-timeout
ospf 1 area 4
no
interface FastEthernet0/0
end
!##################################################
no shut
!#
!
!##################################################
interface
Serial0/0
!description ### PHYSICAL FRAME RELAY INTERFACE ###
enable
ip address 10.90.245.4 255.255.255.248
configure
terminal
encapsulation
frame-relay
!ip ospf priority 0
hostname
R5area 0
ip ospf 1
no
ip domain-lookup
serial
restart-delay 0
interface
frame mapLoopback0
ip 10.90.245.1 421 broadcast
description
SIMULATED421
NETWORK ###
frame map ip###
10.90.245.2
ip address
10.90.50.1
255.255.255.0
frame
map ip
10.90.245.5
421
ip
no ospf
shut 1 area 5
interface FastEthernet0/0
Serial0/1
ip address 10.90.145..2
255.255.255.0
10.90.45.1 255.255.255.252
ip ospf cost
65535
1 area
45
ip
ospf 1 areappp
45
encapsulation
no
shutrestart-delay 0
serial
!no shut
interface
Serial0/0
exit
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-ospf-route-summarization/[4/12/2015
7:21:48 PM]
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Create 4 new loopback interfaces on R4 located in Area 44 using the ip addresses 10.44.4.0/24, 10.44.5.0/24, 10.44.6.0/24
and 10.44.7.0/24
Configure R4 to advertise a single Inter-Area summary route into the OSPF backbone that encompasses all 4 routes.
Verify that the summary route is being propagated correctly by viewing the routing table on R1.
Lab Instruction
Objective 1. Create 4 new loopback interfaces on R4 located in Area 44 using the ip addresses 10.44.4.0/24, 10.44.5.0/24,
10.44.6.0/24 and 10.44.7.0/24
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#interface loopback4
R4(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback4, changed
R4(config-if)#ip add 10.44.4.1 255.255.255.0
R4(config-if)#ip ospf 1 area 44
R4(config-if)#interface loopback5
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback5, changed
R4(config-if)#ip add 10.44.5.1 255.255.255.0
R4(config-if)#ip ospf 1 area 44
R4(config-if)#interface loopback6
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback6, changed
R4(config-if)#ip add 10.44.6.1 255.255.255.0
R4(config-if)#ip ospf 1 area 44
R4(config-if)#interface loopback7
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback7, changed
R4(config-if)#ip add 10.44.7.1 255.255.255.0
R4(config-if)#ip ospf 1 area 44
R4(config-if)#end
R4#
state to up
state to up
state to up
state to up
Objective 2. Configure R4 to advertise a single Inter-Area summary route into the OSPF backbone that encompasses all 4 routes.
R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#area 44 range 10.44.4.0 255.255.252.0
R4(config-router)#end
R4#
%SYS-5-CONFIG_I: Configured from console by console
R4#
Objective 3. Verify that the summary route is being propagated correctly by viewing the routing table on R1.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O IA
O IA
O IA
O IA
O IA
O IA
O IA
O IA
C
C
R1#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
JNCIA Training
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Advertising a default route into OSPF can be done multiple ways, through the use of redistribution or default
information originate. This lab will discuss and demonstrate the configuration and verification of OSPF default route
propagation.
Command
Description
default-information originate
This command is executed in OSPF router configuration mode to advertise the default route as
a type 3 Summary LSA to 0.0.0.0/0 only if a default route already exist in the routing table.
default-information originate
always
This command is executed in OSPF router configuration mode to always advertise the default
route as a type 3 Summary LSA to 0.0.0.0/0.
The following logical topology shown below is used in labs found through out Section 9 Configuring OSPF;
Lab Prerequisites
If you are using GNS3 than load the Stub Area Networking GNS3 topology than start devices; R1, R2, R3, R4, R5 and SW1.
Establish a console session with devices R1, R2, R3, R4, R5 and SW1 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!##################################################
!#
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### SIMULATED NETWORK ###
ip address 10.90.20.1 255.255.255.0
ip ospf 1 area 2
interface Serial0/0
encapsulation frame-relay
!##################################################
ip ospf priority 0
!#
Free1CCNA
Lab 9-15 R3 Initial Config #
ip ospf
areaWorkbook
0
!##################################################
serial restart-delay 0
!no frame-relay inverse-arp
enable
frame map ip 10.90.245.1 221 broadcast
configure
frame mapterminal
ip 10.90.245.4 221
!frame map ip 10.90.245.5 221
hostname
no shut R3
no
! ip domain-lookup
!
interface Serial0/2
interface
Loopback0 LINK TO R3 ###
### POINT-TO-POINT
description
### SIMULATED
NETWORK ###
ip address 10.90.23.1
255.255.255.252
ip address
10.90.30.1
255.255.255.0
ospf 1 area
3
ip ospf 1
area 3
hello-interval
1
!encapsulation ppp
interface
Serial0/1
serial restart-delay
0
description
### POINT-TO-POINT LINK TO R2 ###
no shut
ip
address 10.90.23.2 255.255.255.252
exit
!##################################################
ip ospf
hello-interval
1
router
ospf
1
!#
Free CCNA
Workbook
Lab 9-15 R4 Initial Config #
encapsulation
ppp
router-id
2.2.2.2
!##################################################
no
shut
auto-cost
reference-bandwidth 100000
!exit
log-adjacency-changes
enable
!area 3 stub no-summary
configure
terminal
router
ospf
1
!
!
router-id
line
con 0 3.3.3.3
hostname
log-adjacency-changes
logging R4
sync
no
domain-lookup
auto-cost
reference-bandwidth 100000
noip
exec-timeout
!area 3 stub
interface
Loopback0
!
end
description
### SIMULATED NETWORK ###
line
con 0
ip address
10.90.40.1 255.255.255.0
logging
sync
ip exec-timeout
ospf 1 area 4
no
interface Loopback4
end
!##################################################
!
!#
Free CCNA
Workbook Lab 9-15 R5 Initial Config #
interface
Loopback5
!##################################################
description ### SIMULATED NETWORK ###
!ip address 10.44.5.1 255.255.255.0
enable
ip ospf 1 area 44
configure
terminal
!
!
interface Loopback6
hostname
R5 ### SIMULATED NETWORK ###
description
no
domain-lookup
ipip
address
10.44.6.1 255.255.255.0
interface
Loopback0
!
description
### SIMULATED NETWORK ###
interface
Loopback7
ip
address 10.90.50.1
255.255.255.0
description
### SIMULATED
NETWORK ###
ip ospf
1 area
5
address
10.44.7.1
255.255.255.0
interface
FastEthernet0/0
!
description
### REAL NETWORK ###
interface
FastEthernet0/0
ip
address 10.90.145.2
255.255.255.0
description
### REAL NETWORK
###
ip ospf
cost
65535
address
10.90.145.1
255.255.255.0
ip ospf 1 area 45
no shut
interface Serial0/0
encapsulation frame-relay
ip ospf priority 0
ip ospf 1 area 0
serial restart-delay 0
no frame-relay inverse-arp
!
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-ospf-default-route-propagation/[4/12/2015
7:22:08 PM]
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Configure R1 to always originate a default route through out the entire OSPF autonomous system.
Verify that the default route is being propagated correctly by viewing the routing table on R4.
Lab Instruction
Objective 1. Configure R1 to always originate a default route through out the entire OSPF autonomous system.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#default-information originate always
R1(config-router)#end
R1#
Objective 2. Verify that the default route is being propagated correctly by viewing the routing table on R4.
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.90.245.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 15 subnets, 5 masks
O IA
10.90.50.1/32 [110/64767] via 10.90.245.5, 00:54:52, Serial0/0
C
10.90.40.0/24 is directly connected, Loopback0
O IA
10.90.23.0/30 [110/129532] via 10.90.245.2, 00:54:52, Serial0/0
C
10.44.6.0/24 is directly connected, Loopback6
C
10.44.7.0/24 is directly connected, Loopback7
O IA
10.90.30.1/32 [110/129533] via 10.90.245.2, 00:26:12, Serial0/0
C
10.44.4.0/24 is directly connected, Loopback4
O
10.44.4.0/22 is a summary, 00:54:52, Null0
C
10.44.5.0/24 is directly connected, Loopback5
C
10.90.45.2/32 is directly connected, Serial0/1
C
10.90.145.0/24 is directly connected, FastEthernet0/0
C
10.90.45.0/30 is directly connected, Serial0/1
O IA
10.90.20.1/32 [110/64767] via 10.90.245.2, 00:54:53, Serial0/0
O IA
10.90.10.1/32 [110/64767] via 10.90.245.1, 00:54:53, Serial0/0
C
10.90.245.0/29 is directly connected, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 10.90.245.1, 00:00:17, Serial0/0
R4#
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
A Common way to get routes into routing protocols is through static route redistribution. This lab will discuss and
demonstrate the configuration and verification of static route redistribution.
Command
Description
This command is executed in router configuration mode rather it be RIP, EIGRP or OSPF to
redistribute local static routes into the dynamic routing process to be dynamically advertised.
The metric is configured differently on a per routing protocol basis.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, and R5
Establish a console session with devices R1, R2, R3, R4, and R5 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
encapsulation frame-relay
no frame-relay inverse-arp
no shut
!
!###################################################
frame-relay interface-dlci 221
!#
no Free
shut CCNA Workbook Lab 10-1 R3 Initial Config
!###################################################
!
!
interface Serial0/0.223 point-to-point
enable
description ### FRAME RELAY LINK TO R3 ###
configure
terminal
ip address
10.101.23.1 255.255.255.0
!frame-relay interface-dlci 223
hostname
no shut R3
no
! ip domain-lookup
!
router rip
interface
Serial0/0
no auto-summary
description
### PHYSICAL FRAME RELAY INTERFACE ###
version 2
encapsulation
frame-relay
network 10.0.0.0
no
frame-relay inverse-arp
exit
!no shut
exitcon 0
line
!logging sync
interface
Serial0/0.322 point-to-point
no exec-timeout
!###################################################
ip address 10.101.23.2 255.255.255.0
end
!#
Free CCNAinterface-dlci
Workbook Lab 10-1
frame-relay
322 R4 Initial Config
!###################################################
no shut
!
enable
interface Serial0/0.324 point-to-point
configure
terminal
description
### PHYSICAL FRAME RELAY INTERFACE ###
!ip address 10.101.34.1 255.255.255.0
hostname
R4 interface-dlci 324
frame-relay
no
domain-lookup
noip
shut
interface
router ripSerial0/0
description
### PHYSICAL FRAME RELAY INTERFACE ###
no auto-summary
encapsulation
frame-relay
version 2
no
frame-relay
inverse-arp
network
10.0.0.0
no
shut
exit
interface
line con 0Serial0/0.423 point-to-point
description
logging sync### FRAME RELAY LINK TO R3 ###
ip exec-timeout
address 10.101.34.2 255.255.255.0
no
!###################################################
!frame-relay interface-dlci 423
!#
no Free
shut CCNA Workbook Lab 10-1 R5 Initial Config
end
!###################################################
!
!
interface Serial0/0.425 point-to-point
enable
description ### FRAME RELAY LINK TO R5 ###
configure
terminal
ip address
10.101.45.1 255.255.255.0
!frame-relay interface-dlci 425
hostname
no shut R5
no
! ip domain-lookup
!
router rip
interface
Serial0/0
no auto-summary
description
### PHYSICAL FRAME RELAY INTERFACE ###
version 2
encapsulation
frame-relay
network 10.0.0.0
no
frame-relay inverse-arp
exit
!no shut
!
line con 0
interface
Serial0/0.524 point-to-point
logging sync
description
### FRAME RELAY LINK TO R5 ###
no exec-timeout
Lab Objectives
no shut
router rip
no auto-summary
version 2
network 10.0.0.0
exit
!
line con 0
logging sync
no exec-timeout
!
end
Lab Instruction
Objective 1. Create a loopback interface on R1 using the IP address of 172.29.41.1/24
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface loopback0
R1(config-if)#
*Jul 15 18:56:30.351: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Loopback0, changed state to up
R1(config-if)#ip add 172.29.41.1 255.255.255.0
R1(config-if)#exit
R1(config)#
Objective 3. Redistribute all static routes into the RIP routing process using a metric of 5
R1(config)#router rip
R1(config-router)#redistribute static metric 5
Objective 4. Verify that the static default route being redistributed is properly propagated to R5.
R5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.101.45.1 to network 0.0.0.0
R
R
C
R
R*
R5#
As shown above you can see that a default route is now present in the routing table on R5 learned via RIP.
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
This lab will discuss and demonstrate the configuration and verification of
configuring. For example in RIP router configuration mode youd redistribute ospf and specify a hop count metric.
In OSPF router configuration mode, when redistributing RIP routes into OSPF youd specify a COST associated with the routes
redistributed by RIP into OSPF. You can however leave a metric out following the redistribute command specifying a metric is best
practice.
Also a quick note to remember, when configuring route redistribution into EIGRP or OSPF you must use the subnets keyboard
following the specified metric or the routing process will only redistribute a classful network into the routing process.
So now that you have an understanding of mutual route redistribution lets jump into the configuration.
Please review the following command(s) listed below;
Command
Description
This command is executed in router configuration mode of RIP, EIGRP or OSPF to configure
the routing process to redistribute routes from a different source into the configured routing
process such as static into RIP or RIP into OSPF. Its best practice to specify a metric.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, and R5
Establish a console session with devices R1, R2, R3, R4, and R5 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Serial0/0
no frame-relay inverse-arp
no shut
!
!###################################################
ip ospf 1 area 0
!#
Free CCNAinterface-dlci
Workbook Lab 10-2
frame-relay
221 R3 Initial Config
!###################################################
exit
!
enable
interface Serial0/0.223 point-to-point
configure
terminal
description
### FRAME RELAY LINK TO R3 ###
!ip address 10.102.23.2 255.255.255.0
hostname
ip ospf R3
1 area 0
no
ip domain-lookup
frame-relay
interface-dlci 223
!exit
interface
Serial0/0
!
description
router
ospf 1### PHYSICAL FRAME RELAY INTERFACE ###
encapsulation frame-relay
exit
exit
logging
sync
!no exec-timeout
!###################################################
ip address 10.102.23.3 255.255.255.0
!#
Workbook
Lab 10-2 R4 Initial Config
ip Free
ospf CCNA
1 area
0
!###################################################
frame-relay interface-dlci 322
!exit
enable
!
configure
interface terminal
Serial0/0.324 point-to-point
!no shut
interface
Serial0/0
!
description
router
ospf 1### PHYSICAL FRAME RELAY INTERFACE ###
encapsulation frame-relay
exit
interface
no auto Serial0/0.423 point-to-point
description
### FRAME RELAY LINK TO R3 ###
network
172.29.34.3
ip address 172.29.34.4 255.255.255.0
exit
!###################################################
!frame-relay interface-dlci 423
!#
Free
Workbook Lab 10-2 R5 Initial Config
exit
line
con CCNA
0
!###################################################
!logging sync
!
interface
Serial0/0.425 point-to-point
no exec-timeout
enable
!description ### FRAME RELAY LINK TO R5 ###
configure
terminal
ip address
172.29.45.4 255.255.255.0
end
!frame-relay interface-dlci 425
hostname
R5
exit
no
! ip domain-lookup
!
router rip
interface
version 2Serial0/0
description
### PHYSICAL FRAME RELAY INTERFACE ###
no auto
encapsulation
frame-relay
network 172.29.0.0
no
frame-relay inverse-arp
exit
!no shut
!
line con 0
interface
Serial0/0.524 point-to-point
logging sync
description
### FRAME RELAY LINK TO R5 ###
no exec-timeout
router rip
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-mutual-ospf-and-rip-redistribution/[4/12/2015
7:22:45 PM]
Lab Objectives
Create four new loopback interfaces on R1 using the 10.1.0.0/22 address allocation and configure those interfaces to
participate in OSPF area 0. Ensure that these loopback interfaces participate in OSPF with their configured subnet mask and
not a host mask.
Create four new loopback interfaces on R5 using the 172.5.0.0/22 address allocation and configure those interfaces to
participate in RIP.
By viewing R3s routing table, verify that the newly created loopback interfaces are being learned by R3.
Configure R3 to redistribute RIP routes into OSPF using the cost of 50000 then redistribute OSPF routes into RIP using the
hop count of 3.
Verify on R1 and R5 that routes from the opposite autonomous system exist in their routing table.
Lab Instruction
Objective 1. Create four new loopback interfaces on R1 using the 10.1.0.0/22 address allocation and configure those interfaces to
participate in OSPF area 0. Ensure that these loopback interfaces participate in OSPF with their configured subnet mask and not a
host mask.
By default loopback interfaces participate in ospf as a /32 host route unless you change the default network type from LOOPBACK to
Point-to-Point as shown below;
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface loopback0
R1(config-if)#ip address 10.1.0.1 255.255.255.0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#ip ospf network point-to-point
R1(config-if)#
R1(config-if)#interface loopback1
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#ip ospf network point-to-point
R1(config-if)#
R1(config-if)#interface loopback2
R1(config-if)#ip address 10.1.2.1 255.255.255.0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#ip ospf network point-to-point
R1(config-if)#
R1(config-if)#interface loopback3
R1(config-if)#ip address 10.1.3.1 255.255.255.0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#ip ospf network point-to-point
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
Objective 2. Create four new loopback interfaces on R5 using the 172.5.0.0/22 address allocation and configure those interfaces to
participate in RIP.
R5#configure terminal
Objective 4. On R3 redistribute RIP routes into OSPF using the cost of 50000 then redistribute OSPF routes into RIP using the hop
count of 3.
Before redistributing RIP into OSPF keep in mind you must use the subnets keyword after the redistribution metric as shown below
other wise youll redistribute only a classful network;
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router ospf 1
R3(config-router)#redistribute rip metric 50000 subnets
R3(config-router)#exit
R3(config)#router rip
R3(config-router)#redistribute ospf 1 metric 3
R3(config-router)#end
R3#
Objective 5. Verify on R1 and R5 that routes from the opposite autonomous system exist in their routing table.
R1#show ip route
E2
E2
E2
E2
As shown above you can see that the RIP routes being redistributed into the OSPF autonomous system are denoted as E2 routes in
the routing table on R1.
R5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C
C
C
C
R
C
R
R
R
R
R
R
R5#
As shown above you can see that the OSPF networks in the 10.0.0.0/8 range are now in R5s routing table with a hop count of 4. To
get to R3 its 1 hop to R4, on R3 the redistributed metric adds +3 giving you a total metric of 4 on R5 for routes learned from the
OSPF network.
Previous Lab
Next Lab
Like
11 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Mututal redistribution between OSPF and EIGRP is uncommon however it is used mostly in company acquisitions or
band aiding poorly architected networks. This lab will discuss and demonstrate the configuration and verification of
mutual OSPF and EIGRP redistribution.
When you redistribute into OSPF; following the metric you must specify rather or not you wish to redistribute the subnets of the
source routing protocol by specifying subnets after the metric. If you do not specify this then the protocol that youre redistributing
routes into will only receive a classful route. In some cases this may work fine, however in other cases it may cause total mayhem in
your network.
Please review the following command(s) listed below;
Command
Description
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, and R5
Establish a console session with devices R1, R2, R3, R4, and R5 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Serial0/0
no frame-relay inverse-arp
no shut
!
!###################################################
ip ospf 1 area 0
!#
Free CCNAinterface-dlci
Workbook Lab 10-3
frame-relay
221 R3 Initial Config
!###################################################
exit
!
enable
interface Serial0/0.223 point-to-point
configure
terminal
description
### FRAME RELAY LINK TO R3 ###
!ip address 10.103.23.2 255.255.255.0
hostname
ip ospf R3
1 area 0
no
ip domain-lookup
frame-relay
interface-dlci 223
!exit
interface
Serial0/0
!
description
router
ospf 1### PHYSICAL FRAME RELAY INTERFACE ###
encapsulation frame-relay
exit
exit
logging
sync
!no exec-timeout
!###################################################
ip address 10.103.23.3 255.255.255.0
!#
Workbook
Lab 10-3 R4 Initial Config
ip Free
ospf CCNA
1 area
0
!###################################################
frame-relay interface-dlci 322
!exit
enable
!
configure
interface terminal
Serial0/0.324 point-to-point
!no shut
interface
Serial0/0
!
description
router
ospf 1### PHYSICAL FRAME RELAY INTERFACE ###
encapsulation frame-relay
exit
interface
Serial0/0.423
point-to-point
network 172.29.0.0
0.0.255.255
description
### FRAME RELAY LINK TO R3 ###
exit
!###################################################
frame-relay
interface-dlci 423
line
con 0
!#
Free CCNA
exit
logging
sync Workbook Lab 10-3 R5 Initial Config
!###################################################
!no exec-timeout
!
interface Serial0/0.425 point-to-point
enable
description ### FRAME RELAY LINK TO R5 ###
end
configure
terminal
ip address
172.29.45.4 255.255.255.0
!frame-relay interface-dlci 425
hostname
R5
exit
no
! ip domain-lookup
!
router eigrp 10
interface
no auto Serial0/0
description
### PHYSICAL
FRAME RELAY INTERFACE ###
network 172.29.0.0
0.0.255.255
encapsulation
frame-relay
exit
!logging sync
interface
Serial0/0.524 point-to-point
no exec-timeout
Lab Objectives
exit
exit
!
router eigrp 10
no auto
network 172.29.0.0 0.0.255.255
!
line con 0
logging sync
no exec-timeout
!
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-mutual-ospf-and-eigrp-redistribution/[4/12/2015
7:23:30 PM]
end
Create four new loopback interfaces on R1 using the 10.1.0.0/22 address allocation and configure those interfaces to
participate in OSPF area 0. Ensure that these loopback interfaces participate in OSPF with their configured subnet mask and
not a host mask.
Create four new loopback interfaces on R5 using the 172.5.0.0/22 address allocation and configure those interfaces to
participate in EIGRP Autonomous System 10.
Analyze R3s routing table and verify that the newly created loopback interfaces are being learned by R3.
Configure R3 to redistribute EIGRP routes into OSPF using the cost of 50000 then redistribute OSPF routes into EIGRP using
a T1 bandwidth and 20,000 microsecond delay.
Verify on R1 and R5 that routes from the opposite autonomous system exist in their routing table.
Lab Instruction
Objective 1. Create four new loopback interfaces on R1 using the 10.1.0.0/22 address allocation and configure those interfaces to
participate in OSPF area 0. Ensure that these loopback interfaces participate in OSPF with their configured subnet mask and not a
host mask.
By default loopback interfaces participate in ospf as a /32 host route unless you change the default network type from LOOPBACK to
Point-to-Point as shown below;
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface loopback0
R1(config-if)#ip address 10.1.0.1 255.255.255.0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#ip ospf network point-to-point
R1(config-if)#
R1(config-if)#interface loopback1
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#ip ospf network point-to-point
R1(config-if)#
R1(config-if)#interface loopback2
R1(config-if)#ip address 10.1.2.1 255.255.255.0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#ip ospf network point-to-point
R1(config-if)#
R1(config-if)#interface loopback3
R1(config-if)#ip address 10.1.3.1 255.255.255.0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#ip ospf network point-to-point
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
Objective 2. Create four new loopback interfaces on R5 using the 172.5.0.0/22 address allocation and configure those interfaces to
participate in EIGRP Autonomous System 10.
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#interface loopback0
R5(config-if)#ip address 172.5.0.1 255.255.255.0
R5(config-if)#
R5(config-if)#interface loopback1
R5(config-if)#ip address 172.5.1.1 255.255.255.0
R5(config-if)#
R5(config-if)#interface loopback2
R5(config-if)#ip address 172.5.2.1 255.255.255.0
R5(config-if)#
R5(config-if)#interface loopback3
R5(config-if)#ip address 172.5.3.1 255.255.255.0
R5(config-if)#exit
R5(config)#router eigrp 10
R5(config-router)#network 172.5.0.0 0.0.255.255
R5(config-router)#end
R5#
%SYS-5-CONFIG_I: Configured from console by console
R5#
Objective 3. Analyze R3s routing table and verify that the newly created loopback interfaces are being learned by R3.
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
D
D
D
D
C
D
O
O
O
O
O
C
R3#
Objective 4. Configure R3 to redistribute EIGRP routes into OSPF using the cost of 50000 then redistribute OSPF routes into
EIGRP using a T1 bandwidth and 20,000 microsecond delay.
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router ospf 1
R3(config-router)#redistribute eigrp 10 metric 50000 subnets
R3(config-router)#exit
R3(config)#router eigrp 10
R3(config-router)#redistribute ospf 1 metric ?
<1-4294967295> Bandwidth metric in Kbits per second
R3(config-router)#redistribute ospf 1 metric 1544 ?
<0-4294967295> EIGRP delay metric, in 10 microsecond units
R3(config-router)#redistribute ospf 1 metric 1544 2000 ?
<0-255> EIGRP reliability metric where 255 is 100% reliable
R3(config-router)#redistribute ospf 1 metric 1544 2000 255 ?
<1-255> EIGRP Effective bandwidth metric (Loading) where 255
is 100% loaded
R3(config-router)#redistribute ospf 1 metric 1544 2000 255 1 ?
<1-65535> EIGRP MTU of the path
R3(config-router)#redistribute ospf 1 metric 1544 2000 255 1 1500
R3(config-router)#end
R3#
%SYS-5-CONFIG_I: Configured from console by console
R3#
Objective 5. Verify on R1 and R5 that routes from the opposite autonomous system exist in their routing table.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.5.0.0/24 is subnetted, 4 subnets
172.5.1.0 [110/50000] via 10.103.12.2, 00:00:07, Serial0/0.122
172.5.0.0 [110/50000] via 10.103.12.2, 00:00:07, Serial0/0.122
172.5.3.0 [110/50000] via 10.103.12.2, 00:00:07, Serial0/0.122
172.5.2.0 [110/50000] via 10.103.12.2, 00:00:07, Serial0/0.122
172.29.0.0/24 is subnetted, 2 subnets
O E2
172.29.34.0 [110/50000] via 10.103.12.2, 00:00:07, Serial0/0.122
O E2
172.29.45.0 [110/50000] via 10.103.12.2, 00:00:07, Serial0/0.122
10.0.0.0/24 is subnetted, 6 subnets
C
10.1.3.0 is directly connected, Loopback3
C
10.1.2.0 is directly connected, Loopback2
C
10.1.1.0 is directly connected, Loopback1
C
10.1.0.0 is directly connected, Loopback0
C
10.103.12.0 is directly connected, Serial0/0.122
O
10.103.23.0 [110/128] via 10.103.12.2, 00:11:04, Serial0/0.122
R1#
O
O
O
O
E2
E2
E2
E2
As you can see from R1s routing table shown above that the routes redistributed into OSPF from EIGRP are now OSPF E2 routes.
R5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C
C
C
C
D
C
D EX
D EX
D EX
D EX
D EX
D EX
R5#
As you can see from R5s routing table shown above that the routes redistributed into EIGRP from OSPF on R3 show up in R5s
routing table as EIGRP EX (External) routes with the administrative distance of 170.
Previous Lab
Next Lab
Like
17 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Mututal redistribution is commonly done to fix architectural problems or during company acquisitions. This lab will
discuss and demonstrate the configuration and verification of mutual EIGRP and RIP redistribution.
To configure route redistribution youll use the redistribute command in router configuration mode.
Please review the following command(s) listed below;
Command
Description
This command is executed in router configuration mode of RIP, EIGRP or OSPF to configure
the routing process to redistribute routes from a different source into the configured routing
process such as static into RIP or RIP into OSPF. Its best practice to specify a metric; when
specifying a metric you specify a metric to be used by the routes when they appear in the
routing process. For example, RIP uses hop counts, OSPF uses cost and EIGRP uses K
Values (bandwidth, load, delay, reliability, mtu)
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3, R4, and R5
Establish a console session with devices R1, R2, R3, R4, and R5 than load the initial configurations provided below by
copying the config from the textbox and pasting it into the respected routers console.
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
encapsulation frame-relay
no frame-relay inverse-arp
no shut
!
!###################################################
frame-relay interface-dlci 221
!#
Free CCNA Workbook Lab 10-4 R3 Initial Config
exit
!###################################################
!
!
interface Serial0/0.223 point-to-point
enable
description ### FRAME RELAY LINK TO R3 ###
configure
terminal
ip address
10.104.23.2 255.255.255.0
!frame-relay interface-dlci 223
hostname
R3
exit
no
! ip domain-lookup
!
router eigrp 10
interface
Serial0/0
no auto-summary
description
### PHYSICAL
FRAME RELAY INTERFACE ###
network 10.104.12.2
0.0.0.0
encapsulation
frame-relay
network 10.104.23.2
0.0.0.0
no
frame-relay inverse-arp
exit
!no shut
exitcon 0
line
!logging sync
interface
Serial0/0.322 point-to-point
no exec-timeout
!###################################################
ip address 10.104.23.3 255.255.255.0
end
!#
Free CCNAinterface-dlci
Workbook Lab 10-4
frame-relay
322 R4 Initial Config
!###################################################
exit
!
enable
interface Serial0/0.324 point-to-point
configure
terminal
description
### FRAME RELAY LINK TO R4 ###
!ip address 172.29.34.3 255.255.255.0
hostname
R4 interface-dlci 324
frame-relay
no
domain-lookup
noip
shut
interface
Serial0/0
router eigrp
10
description
### PHYSICAL FRAME RELAY INTERFACE ###
no auto-summary
encapsulation
frame-relay
network 10.104.23.3
no
frame-relay inverse-arp
exit
!no shut
!
router rip
interface
Serial0/0.423 point-to-point
no auto-summary
description
### FRAME RELAY LINK TO R3 ###
version 2
ip address
172.29.34.4 255.255.255.0
network
172.29.0.0
!###################################################
!frame-relay interface-dlci 423
!#
Free
Workbook Lab 10-4 R5 Initial Config
exit
line
con CCNA
0
!###################################################
!logging sync
!
interface
Serial0/0.425 point-to-point
no exec-timeout
enable
!description ### FRAME RELAY LINK TO R5 ###
configure
terminal
ip address
172.29.45.4 255.255.255.0
end
!frame-relay interface-dlci 425
hostname
R5
exit
no
! ip domain-lookup
!
router rip
interface
version 2Serial0/0
description
### PHYSICAL FRAME RELAY INTERFACE ###
no auto-summary
encapsulation
frame-relay
network 172.29.0.0
no
frame-relay inverse-arp
exit
!no shut
!
line con 0
interface
Serial0/0.524 point-to-point
logging sync
description
### FRAME RELAY LINK TO R5 ###
no exec-timeout
Lab Objectives
exit
router rip
version 2
no auto-summary
network 172.29.0.0
exit
!
Create four new loopback interfaces on R1 using the 10.1.0.0/22 address allocation and configure those interfaces to
line con 0
logging sync
no exec-timeout
!
end
Lab Instruction
Objective 1. Create four new loopback interfaces on R1 using the 10.1.0.0/22 address allocation and configure those interfaces to
participate in EIGRP Autonomous System 10.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface loopback0
R1(config-if)#ip address 10.1.0.1 255.255.255.0
R1(config-if)#
R1(config-if)#interface loopback1
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#
R1(config-if)#interface loopback2
R1(config-if)#ip address 10.1.2.1 255.255.255.0
R1(config-if)#
R1(config-if)#interface loopback3
R1(config-if)#ip address 10.1.3.1 255.255.255.0
R1(config-if)#exit
R1(config)#
R1(config)#router eigrp 10
R1(config-router)#network 10.1.0.0 0.0.3.255
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
Objective 2. Create four new loopback interfaces on R5 using the 172.5.0.0/22 address allocation and configure those interfaces to
participate in RIP.
R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#interface loopback0
R5(config-if)#ip address 172.5.0.1 255.255.255.0
R5(config-if)#
R5(config-if)#interface loopback1
R5(config-if)#ip address 172.5.1.1 255.255.255.0
R5(config-if)#
R5(config-if)#interface loopback2
R5(config-if)#ip address 172.5.2.1 255.255.255.0
R5(config-if)#
R5(config-if)#interface loopback3
R5(config-if)#ip address 172.5.3.1 255.255.255.0
R5(config-if)#exit
R5(config)#router rip
R5(config-router)#network 172.5.0.0
R5(config-router)#end
R5#
%SYS-5-CONFIG_I: Configured from console by console
R5#
Objective 3. Analyze R3s routing table and verify that the newly created loopback interfaces are being learned by R3.
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R
R
R
R
C
R
D
D
D
D
D
C
R3#
Objective 4. Configure R3 to redistribute EIGRP routes into RIP using a hop count of 3 then redistribute RIP routes into EIGRP
using a T1 bandwidth and 20,000 microsecond delay.
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router rip
R3(config-router)#redistribute eigrp 10 metric 3
R3(config-router)#exit
R3(config)#router eigrp 10
R3(config-router)#redistribute rip metric ?
<1-4294967295> Bandwidth metric in Kbits per second
R3(config-router)#redistribute rip metric 1544 ?
<0-4294967295> EIGRP delay metric, in 10 microsecond units
R3(config-router)#redistribute rip metric 1544 2000 ?
<0-255> EIGRP reliability metric where 255 is 100% reliable
R3(config-router)#redistribute rip metric 1544 2000 255 ?
<1-255> EIGRP Effective bandwidth metric (Loading) where 255
is 100% loaded
R3(config-router)#redistribute rip metric 1544 2000 255 1 ?
<1-65535> EIGRP MTU of the path
R3(config-router)#redistribute rip metric 1544 2000 255 1 1500
R3(config-router)#end
R3#
%SYS-5-CONFIG_I: Configured from console by console
R3#
Objective 5. Verify on R1 and R5 that routes from the opposite autonomous system exist in their routing table.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
EX
EX
EX
EX
You can see from R1s routing table shown above that the RIP routes redistributed into EIGRP at R3 are being propagated
throughout the EIGRP Autonomous System as EIGRP External routes.
R5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C
C
C
C
R
C
R
R
R
R
R
R
R5#
You can see from R5s routing table shown above that the EIGRP routes redistributed into RIP at R3 are now RIP routes on R5 with
a metric of 4 (1 hop to R4 + 3 from R3s added metric)
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Static NAT, also more commonly known as one to one NAT is primary used to translate a public IP Address to an
internal DMZ private address. There are of course other uses for static nat which will be explains however this lab will
discuss and demonstrate the configuration and verification of basic Static NAT.
When configuring Network Address Translation, youll need to specify the INSIDE and OUTSIDE interfaces. This specifies the NAT
boundary at a given router. To specify these types of interfaces youll use the ip nat inside | outside command in interface
configuration mode.
To configure a static one to one NAT translation youll need two key components; the inside host address (inside local) and the ip
address of which the inside local address is to be translated to, (the inside global). Once you have this information youll use the ip
nat inside source static inside_local_ip outside_global_ip command in global configuration mode.
When configuring a NAT statement rather it be a static one to one translation or port address translation (PAT Many to One), you
have the ability to specify rather or not the entry is extendable by adding the extendable following the NAT statement.
The Extendable option allows you to configure multiple NAT statements that use the same inside local or inside global address
whereas when attempting to create a static translation map where the inside local or outside global matches an IP address thats
already used in a different translation map would give you an ambiguous command error.
In general there are two types of static NAT translations. The first one being a standard translation where the translation entry maps a
single inside local address to a single outside global address then there is the extended NAT translation where you can create static
translation map(s) that include multiple identical inside local OR outside global maps based on an inside/outside port number.
For example;
ip nat source static tcp 10.11.1.1 8080 172.29.18.5 80 extendable
ip nat source static tcp 10.11.1.14 80 172.29.18.5
443 extendable
In the example given, any traffic destined to 172.29.18.5 on port 80 would be translated to 10.1.11.1 port 8080 internally whereas any
traffic destined towards 172.29.18.5 on port 445 SSL would be translated to 10.11.1.14 port 80.
You have the ability to view the routers IP NAT translation table by using the show ip nat translations command in user or privileged
mode. This gives you the ability to determine what translation flows are currently installed in the NAT table. You can purge the NAT
tables dynamic translations by using the clear ip nat translation * command in privileged mode.
Now that you have an understanding of NAT one-to-one, this lab will build the same scenario given as an example previously to
familiarize you with NAT one-to-one configuration.
Please review the following command(s) listed below;
Command
Description
This command is executed in global configuration mode to configure a static NAT one to one
translation where as il.il.il.il is the inside local address and ig.ig.ig.ig is the outside global
address which the inside local address will be translated to.
This command is executed in global configuration mode to configure an extended static NAT
translation where you translate a single inside local or outside global address based on port
number(s).
This command is executed in user or privileged mode to view all the current NAT translations in
the routers NAT table.
This command is executed in privileged mode to purge all the dynamic NAT translations that
exist in the routing table. If this command is executed in a live network take caution as it will
drop current dynamic NAT translated TCP sessions.
In this lab you will be configuring static NAT (One-to-One) between two companies; ABC Inc. and XYZ Inc. both of which have a
server with the IP address of 10.111.14.14. Since both companies believe it would be too difficult to RE-IP the network, youll need to
setup a static NAT translation on R2 and R3 to ensure IP communication between the two servers that have the same IP address
among both organizations.
The following logical topology shown below is used in this lab;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2, R3 and R4
Establish a console session with devices R1, R2, R3 and R4 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
<
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
encapsulation frame-relay
no frame-relay inverse-arp
exit
!
interface Serial0/0.221 point-to-point
description ### FRAME RELAY LINK TO R1 ###
ip address 10.111.12.2 255.255.255.0
frame-relay interface-dlci 221
exit
!
interface Serial0/0.223 point-to-point
description ### FRAME RELAY LINK TO R3 ###
ip address 172.20.23.2 255.255.255.0
frame-relay interface-dlci 223
exit
!
interface Serial0/0
no shut
exit
!
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-network-address-translation-nat-one-to-one/[4/12/2015
7:24:12 PM]
!###################################################
!
enable
configure terminal
!
hostname R3
no ip domain-lookup
!
interface Serial0/0
description ### PHYSICAL FRAME RELAY INTERFACE ###
encapsulation frame-relay
no frame-relay inverse-arp
exit
!###################################################
frame-relay interface-dlci 322
!#
Free CCNA Workbook Lab 11-1 R4 Initial Config
exit
!###################################################
!
!
interface Serial0/0.324 point-to-point
enable
description ### PHYSICAL FRAME RELAY INTERFACE ###
configure
terminal
ip address
10.111.34.3 255.255.255.0
!frame-relay interface-dlci 324
hostname
no shut R4
no
! ip domain-lookup
!
interface Serial0/0
interface
no shut loopback0
description
### SIMULATED SERVER ###
exit
interface
Serial0/0
no auto-summary
description
### PHYSICAL
FRAME RELAY INTERFACE ###
network 172.20.23.3
0.0.0.0
encapsulation
frame-relay
network
10.111.34.3
0.0.0.0
no frame-relay inverse-arp
passive-interface
Serial0/0.322
exit
Lab Objectives
interface
line
con 0Serial0/0.423 point-to-point
description
logging
sync### FRAME RELAY LINK TO R3 ###
ip exec-timeout
address 10.111.34.4 255.255.255.0
no
interface Serial0/0
no shut
exit
Configure R2 and R3s respected interfaces as NAT Inside and NAT Outside.
router eigrp 10
Create a static NAT translation on R2 to translate the inside local address 10.111.14.14 to the outside global address of
no auto-summary
172.20.23.41
!
line con 0
Create a static NAT translation on R3 to translate the inside local address 10.111.14.14 to the outside global address of
logging sync
no exec-timeout
!
end
172.20.23.14
Verify that you have IP communication between the two simulated servers by pinging 172.20.23.14 from R1s Lo0 interface.
Lab Instruction
Objective 1. Configure R2 and R3s respected interfaces as NAT Inside and NAT Outside.
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Serial0/0.221
R2(config-subif)#ip nat inside
%LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
R2(config-subif)#interface Serial0/0.223
R2(config-subif)#ip nat outside
R2(config-subif)#end
R2#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface Serial0/0.322
R3(config-subif)#ip nat outside
%LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
R3(config-subif)#interface Serial0/0.324
R3(config-subif)#ip nat inside
R3(config-subif)#end
R3#
Objective 2. Create a static NAT translation on R2 to translate the inside local address 10.111.14.14 to the outside global address
of 172.20.23.41
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip nat inside source static 10.111.14.14 172.20.23.41
R2(config)#end
R2#
Objective 3. Create a static NAT translation on R3 to translate the inside local address 10.111.14.14 to the outside global address
of 172.20.23.14
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#ip nat inside source static 10.111.14.14 172.20.23.14
R3(config)#end
R3#
Objective 4. On R1 verify that you have IP communication towards the R4s Lo0 via the translated address 172.20.23.14 by pinging
172.20.23.14 sourced from R1s Lo0 interface.
R1#ping 172.20.23.14 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.20.23.14, timeout is 2 seconds:
Packet sent with a source address of 10.111.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/90/93 ms
R1#
As you can see from above you now have full IP connectivity between the two completely seperate networks that have a server using
the same IP address via Network Address Translation.
So when ABC Inc.s Server 10.111.14.14 attempts to communicate to 172.20.23.14 it is actually communicating to the 10.111.14.14
server located in XYZ Inc.s network.
So for a complete run down of this scenario, when the simulated server 10.111.14.14 sends traffic to 172.20.23.14 it goes towards R2
and from R2 the traffic gets NATed to 172.20.23.41. At which point 172.20.23.41 is on a common subnet to 172.20.23.14 so the
traffic gets forwarded out Se0/0.223. When it reaches Serial0/0.322 on R3, R3 looks at its static translation table and immediately
forwards traffic destined to 172.20.23.14 towards 10.111.14.14. When the simulated server at 10.111.14.14 receives the traffic it
responds in the opposite direction in the same manner.
You can check the ip nat translation table on R2 to verify that the NAT translation was installed into the NAT table as shown below;
R2#show ip nat trans
Pro Inside global
--- 172.20.23.41
R2#
Inside local
10.111.14.14
Outside local
---
Outside global
---
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
NAT Pooling is the ability to randomly assign public IP addresses to private internal IPs on a first come first serve
basis from a pool of IPs. This lab will discuss and demonstrate the configuration and verification of dynamic NAT
pooling.
referenced by the NAT translation statement followed by the starting ip and ending ip of the pool range and the prefix of the
allocation that the IP address range is carved out of; I.e; 24 = /24 or 255.255.255.0
When specifying a NAT translation statement using a pool youll need specify an access control list which is used to match inside
host addresses or networks that will be translated to the IP addresses found in the pool on a first come first serve basis.
To configure a NAT Pool Translation youll use the ip nat inside source list ACL#_OR_NAME pool POOLNAME command in global
configuration whereas the ACL#_OR_NAME is the access control list name or number used to match inside host which will be
permitted to use the NAT pool translation and the POOLNAME is the IP address range pool you carved out of an address block
allocation.
In this lab you will be using R1, R2 and R3 to simulate a network connected to an ISP at R2 and using R2 to translate simulated
inside host machines from R1 to a public IP address pool to the internet (R3).
Please review the following command(s) listed below;
Command
Description
This command is executed in global configuration mode to configure a NAT pool whereas the
sip is the starting ip address in the range of the pool and the eip is the ending ip address range
of the pool. The prefix # is the actual prefix used by the router which the ips in the pool use.
This command is executed in global configuration mode to setup an inside to outside NAT pool
configuration whereas the access-list # matches in ACL in which inside hosts must be
permitted to be able to obtain a pool IP address. The pool name references the pool of IP
addresses created when using the previous command.
This command is executed in user or privileged mode to view all the current NAT translations in
the routers NAT table.
This command is executed in privileged mode to purge all the dynamic NAT translations that
exist in the routing table. If this command is executed in a live network take caution as it will
drop current dynamic NAT translated TCP sessions.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Serial0/0
no frame-relay inverse-arp
exit
!
!###################################################
frame-relay interface-dlci 221
!#
Free CCNA Workbook Lab 11-2 R3 Initial Config
exit
!###################################################
!
!
interface Serial0/0.223 point-to-point
enable
description ### FRAME RELAY LINK TO R3 ###
configure
terminal
ip address
171.18.24.1 255.255.255.224
!frame-relay interface-dlci 223
hostname
R3
exit
no
! ip domain-lookup
!
interface Serial0/0
interface
no shut Loopback0
description
### SIMULATED INTERNET HOST ###
exit
!
router eigrp 10
interface
Serial0/0
no auto-summary
description
### PHYSICAL
FRAME RELAY INTERFACE ###
network 10.112.12.2
0.0.0.0
encapsulation
frame-relay
network 171.18.24.1
0.0.0.0
no
frame-relay
inverse-arp
redistribute
static
exit
passive-interface Serial0/0.223
!exit
Lab Objectives
interface
Serial0/0.322 point-to-point
!
description
### FRAME
RELAY
LINK TO R2 ###
ip
route 0.0.0.0
0.0.0.0
171.18.24.2
!ip address 171.18.24.2 255.255.255.224
frame-relay
interface-dlci 322
line
con 0
exit
logging sync
!no exec-timeout
interface
Serial0/0
!
no shut
end
exit
Create 4 new loopback interfaces on R1 using the 10.55.0.0/22 allocation and advertise them into EIGRP AS 10.
!
line con 0
Configure the respected NAT interface types then create a NAT pool on R2 starting with the IP address 171.18.24.5 and
logging sync
no exec-timeout
!
ending with the IP address 171.18.24.25 using the prefix mask of /27.
end
Create a named extended access-list on R2 matching the simulated host on R1 using only a single line in the ACL.
Configure a NAT Pool translation on R2 using the newly created named ACL and NAT Pool.
Verify that R1s simulated has IP connectivity to the simulated internet host (4.2.2.2) on R3 via NAT.
Verify on R2 that the inside host(s) are being assigned pool addresses.
Lab Instruction
Objective 1. Create 4 new loopback interfaces on R1 using the 10.55.0.0/22 allocation and advertise them into EIGRP AS 10.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface loopback0
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed
R1(config-if)#ip add 10.55.0.1 255.255.255.0
R1(config-if)#interface loopback1
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed
R1(config-if)#ip add 10.55.1.1 255.255.255.0
R1(config-if)#interface loopback2
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback2, changed
R1(config-if)#ip add 10.55.2.1 255.255.255.0
R1(config-if)#interface loopback3
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback3, changed
R1(config-if)#ip add 10.55.3.1 255.255.255.0
R1(config-if)#exit
R1(config)#router eigrp 10
R1(config-router)#network 10.55.0.0 0.0.3.255
R1(config-router)#end
R1#
state to up
state to up
state to up
state to up
Objective 2. Configure the respected NAT interface types then create a NAT pool on R2 starting with the IP address 171.18.24.5
and ending with the IP address 171.18.24.25 using the prefix mask of /27.
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Serial0/0.221
R2(config-subif)#ip nat inside
%LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed
state to up
R2(config-subif)#interface Serial0/0.223
R2(config-subif)#ip nat outside
R2(config-subif)#exit
R2(config)#ip nat pool natpool1 171.18.24.5 171.18.24.25 prefix-length 27
R2(config)#
Objective 3. Create a named extended access-list on R2 matching the simulated host on R1 using only a single line in the ACL.
R2(config)#ip access-list extended NATPOOL_ACL
R2(config-ext-nacl)#10 permit ip 10.55.0.0 0.0.3.255 any
R2(config-ext-nacl)#exit
R2(config)#
Objective 4. Configure a NAT Pool translation on R2 using the newly created named ACL and NAT Pool.
R2(config)#ip nat inside source list NATPOOL_ACL pool natpool1
R2(config)#end
R2#
Objective 5. Verify that R1s simulated has IP connectivity to the simulated internet host (4.2.2.2) on R3 via NAT.
R1#ping 4.2.2.2 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.55.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/104/196 ms
R1#ping 4.2.2.2 source lo1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.55.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/108/184 ms
R1#ping 4.2.2.2 source lo2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.55.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/136/252 ms
R1#ping 4.2.2.2 source lo3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.55.3.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/83/224 ms
R1#
Objective 6. Verify on R2 that the inside host(s) are being assigned pool addresses.
R2#show ip nat translations
Pro Inside global
Inside local
icmp 171.18.24.5:2
10.55.0.1:2
--- 171.18.24.5
10.55.0.1
icmp 171.18.24.6:3
10.55.1.1:3
--- 171.18.24.6
10.55.1.1
icmp 171.18.24.7:4
10.55.2.1:4
--- 171.18.24.7
10.55.2.1
icmp 171.18.24.8:5
10.55.3.1:5
--- 171.18.24.8
10.55.3.1
R2#
Outside local
4.2.2.2:2
--4.2.2.2:3
--4.2.2.2:4
--4.2.2.2:5
---
Outside global
4.2.2.2:2
--4.2.2.2:3
--4.2.2.2:4
--4.2.2.2:5
---
As you can see shown in Objective 5 and 6 that the simulated host IP addresses on R1 have ip connectivity to the simulated server
on R3 via NAT pool translation.
Objective 6 shows that 10.55.0.1 has been assigned the IP 171.18.24.5 from the NAT pool, 10.55.1.1 has been assigned 171.18.24.6
and so on.
Previous Lab
Like
Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
PAT, known as Port Address Translation has a much more popular name called port forwarding. This lab will discuss
and demonstrate the configuration and verification of port address translation.
could theoretically use a maximum of 6 random ports simultaneously. This is a very high number for most companies and very hard
to break. However if youre hitting the max session range on a router/firewall for PAT you can just add another public IP address to
be port address translated.
To configure Port Address Translation, you must specify the inside and outside NAT interfaces as with any NAT configuration.
Afterward youll need to create an access control list to will be referenced by the NAT translation statement to match inside networks
and/or host machines to be translated. If you have multiple public IP addresses and you wish to port address translate to an IP
address other then the IP address thats assigned to the routers WAN interface youll need to create a NAT pool with the specified IP
address(es). In most scenarios youll just port address translate to the single IP address that is assigned to the routers public
interface. When using the IP address of the routers interface you do not need to specify a pool. You just specify the interface name
followed by overload. Example; ip nat inside source list PAT_TRAFFIC interface Serial0/0.223 overload
In this lab you will be using R1, R2 and R3 to simulate a small company network connected to an ISP at R2 and using R2 to port
address translate simulated inside host machines with private IP addresses from R1 to a single public IP address so inside machines
can reach the simulated internet host 4.2.2.2 on R3.
Please review the following command(s) listed below;
Command
Description
This command is executed in global configuration mode to configure a NAT translation that
matches inside host to be permitted to be port address translated to a specific IP Address.
This command is executed in global configuration mode to configure a NAT translation that
matches inside host that will permitted to be port address translated to a specific IP Address
assigned to a specific interface.
This command is executed in user or privileged mode to view all the current NAT translations in
the routers NAT table.
This command is executed in privileged mode to purge all the dynamic NAT translations that
exist in the routing table. If this command is executed in a live network take caution as it will
drop current dynamic NAT translated TCP sessions.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and R3.
Establish a console session with devices R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Serial0/0
no frame-relay inverse-arp
exit
!
!###################################################
frame-relay interface-dlci 221
!#
Free CCNA Workbook Lab 11-3 R3 Initial Config
exit
!###################################################
!
!
interface Serial0/0.223 point-to-point
enable
description ### FRAME RELAY LINK TO R3 ###
configure
terminal
ip address
172.29.81.1 255.255.255.252
!frame-relay interface-dlci 223
hostname
R3
exit
no
! ip domain-lookup
!
interface Serial0/0
interface
no shut Loopback0
description
### SIMULATED INTERNET HOST ###
exit
!
router eigrp 10
interface
Serial0/0
no auto-summary
description
### PHYSICAL
FRAME RELAY INTERFACE ###
network 10.113.12.2
0.0.0.0
encapsulation
frame-relay
network 172.29.81.1
0.0.0.0
no
frame-relay
inverse-arp
redistribute
static
exit
passive-interface Serial0/0.223
!exit
Lab Objectives
interface
Serial0/0.322 point-to-point
!
description
### FRAME
RELAY
LINK TO R2 ###
ip
route 0.0.0.0
0.0.0.0
172.29.81.2
!ip address 172.29.81.2 255.255.255.224
frame-relay
interface-dlci 322
line
con 0
exit
logging sync
!no exec-timeout
interface
Serial0/0
!
no shut
end
exit
Create 4 new loopback interfaces on R1 using the 10.55.0.0/22 allocation and advertise them into EIGRP AS 10.
!
line con 0
logging sync
no exec-timeout
!
end
Create a named extended named access-list on R2 matching the simulated host on R1 using only a single line in the ACL.
Configure a NAT translation statement to Port Address Translate any host machines matching the access-list previously
created to the IP address of Serial0/0.223
Verify that you can ping the simulated host 4.2.2.2 located on R3 from R1s simulated host loopback interfaces you created
earlier.
After verifying IP connectivity between the inside simulated host machines on R1 to the simulated internet host on R3
(4.2.2.2), view the NAT translation table on R2 and verify that the router is translating the inside local addresses to a single
inside global address.
Lab Instruction
Objective 1. Create 4 new loopback interfaces on R1 using the 10.55.0.0/22 allocation and advertise them into EIGRP AS 10.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface loopback0
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed
R1(config-if)#ip add 10.55.0.1 255.255.255.0
R1(config-if)#interface loopback1
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed
R1(config-if)#ip add 10.55.1.1 255.255.255.0
R1(config-if)#interface loopback2
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback2, changed
R1(config-if)#ip add 10.55.2.1 255.255.255.0
R1(config-if)#interface loopback3
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback3, changed
R1(config-if)#ip add 10.55.3.1 255.255.255.0
R1(config-if)#exit
R1(config)#router eigrp 10
R1(config-router)#network 10.55.0.0 0.0.3.255
R1(config-router)#end
R1#
state to up
state to up
state to up
state to up
Outside local
4.2.2.2:2
4.2.2.2:3
4.2.2.2:4
4.2.2.2:5
Outside global
4.2.2.2:2
4.2.2.2:3
4.2.2.2:4
4.2.2.2:5
As shown above in R2s NAT translation table you will see the inside global IP address and source port number(s) assigned to the
inside local source IP addresses per NAT translation flow. (A NAT Translation flow is a single line entry in the NAT Translation table).
Previous Lab
Like
311 Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Small offices dont necessarily have dedicated DHCP Servers so its quite common to embedded this service into
routers and/or switches. This lab will discuss and demonstrate the configuration and verification of the Cisco IOS
DHCP Server.
When first learning about DHCP the first question that is often the most puzzling question is how does a DHCP server know to
provide a host an IP address in 10.114.12.0/24 network when the DHCP server is in the 10.114.94.0/24 network?
This is done through the use IP helper addresses which will be discussed in Lab 11-6.
There are several configuration requirements to a Cisco IOS DHCP Server. The first step is to create a DHCP pool on a Cisco router
or switch. To create the pool you must name the pool. This is done by using the ip dhcp pool POOL_NAME
Once youve created the DHCP Pool youll be placed into DHCP configuration mode denoted by the hostname(dhcp-config)# prompt.
There are several variables you must assign to the pool, the first being optional which is the domain name which will be assigned to
host learning the DHCP addresses. This is configured using the domain-name NAME
Next up would be the pools network in which the pool provides DHCP address to host from. This is configured using the network
A.B.C.D /x whereas A.B.C.D is the network address and the /x is the CIDR netmask. Example; 225.255.255.0 = /24
You have the ability to specify how long the DHCP can lease out its IP addresses to host machines by using the lease days hours
minutes seconds command. The default is 24 hours.
The DNS Server(s) can be automatically learned via DHCP replies from a host. To configure the DHCP server to provide DNS Server
information in Cisco IOS, youll use the dns-server A.B.C.D. If you wish to add multiple DNS servers then add the second DNS
servers ip address after the first one. Example; dns-server 10.114.12.16 10.114.54.16.
If you still use the Microsoft WINS service in your network infrastructure you have the ability to specify the WINS servers to be
included in the DHCP response. To specify WINS servers on the Cisco IOS DHCP Server use the netbios-name-server A.B.C.D.
The same command syntax that is used by DNS is also used to configure multiple WINS servers.
The last and most important option that will be discussed in this lab is the default gateway option. When a host PC on the network
request a DHCP address it does not know the default gateway automatically but will be learned via the DHCP reply. To configure the
Cisco IOS DHCP server to include the default gateway information in the DHCP responses then youll need to use the default-router
A.B.C.D command.
In this lab you will configure R1 as a DHCP server and R2 as a DHCP client to simulate a PC on the network.
Familiarize yourself with the following new command(s) listed below;
Command
Description
This command is executed in global configuration mode to create a new Cisco IOS
DHCP Server pool.
domain-name NAME
network A.B.C.D /x
This command is executed in DHCP configuration mode to specify the DHCP address
lease time of IP addresses allocated by that DHCP Server. The default is 24 hours.
dns-server 10.114.12.16
10.114.54.16
netbios-name-server A.B.C.D
default-router A.B.C.D
This command is executed in DHCP configuration mode to specify the default gateway
that will be included in DHCP replies.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and SW1.
Establish a console session with devices R1, R2 and SW1 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface FastEthernet0/0
description ### LAN INTERFACE ###
no shut
!
line con 0
logging sync
no exec-timeout
!
end
!###################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Create a DHCP pool on R1 using the name LAB_POOL1
Assign the domain name TESTLAB.LOCAL to the DHCP pool LAB_POOL1
Assign the network 10.114.12.0/24 to the DHCP pool LAB_POOL1
Assign the DHCP Address lease time of 7 days to the DHCP pool LAB_POOL1
Assign the DNS Servers 10.114.18.6 and 10.114.18.7 to the DHCP pool LAB_POOL1
Assign the WINS Servers 10.114.18.4 and 10.114.18.5 to the DHCP pool LAB_POOL1
Assign the default gateway of 10.114.12.1 to the DHCP pool LAB_POOL1
Configure R2s FastEthernet0/0 interface to obtain an IP Address via DHCP. Verify that R1 has provided R2 a DHCP IP
address and that you can ping R1s FastEthernet0/0 interface using the newly acquired DHCP address.
Lab Instruction
Objective 1. Create a DHCP pool on R1 using the name LAB_POOL1
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#ip dhcp pool LAB_POOL1
Objective 2. Assign the domain name TESTLAB.LOCAL to the DHCP pool LAB_POOL1
R1(dhcp-config)#domain-name TESTLAB.LOACL
Objective 4. Assign the DHCP Address lease time of 7 days to the DHCP pool LAB_POOL1
R1(dhcp-config)#lease 7
Objective 5. Assign the DNS Servers 10.114.18.6 and 10.114.18.7 to the DHCP pool LAB_POOL1
R1(dhcp-config)#dns-server 10.114.18.6 10.114.18.7
Objective 6. Assign the WINS Servers 10.114.18.4 and 10.114.18.5 to the DHCP pool LAB_POOL1
R1(dhcp-config)#netbios-name-server 10.114.18.4 10.114.18.5
Objective 7. Assign the default gateway of 10.114.12.1 to the DHCP pool LAB_POOL1
R1(dhcp-config)#default-router 10.114.12.1
R1(dhcp-config)#end
R1#
Objective 8. Configure R2s FastEthernet0/0 interface to obtain an IP Address via DHCP. Verify that R1 has provided R2 a DHCP
IP address and that you can ping R1s FastEthernet0/0 interface using the newly acquired DHCP address.
To verify that FastEthernet0/0 has learned its IP address via DHCP use the show ip interface brief command.
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Fastethernet0/0
R2(config-if)#ip address dhcp
R2(config-if)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
%DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address 10.114.12.2, mask 255.2
55.255.0, hostname R2
R2#show ip interface brief FastEthernet0/0
Interface
IP-Address
OK? Method Status
FastEthernet0/0
10.114.12.2
YES DHCP
up
R2#ping 10.114.12.1
Protocol
up
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
When configuring a DHCP pool you must specify the network and subnet for the IP address pool. But what if you need
to exclude some IP addresses from being allocated? This lab will discuss and demonstrate the configuration and
verification of ios dhcp server exclusion ranges
Command
Description
This command is executed in global configuration mode to specify an IP DHCP exclusion range
whereas s.s.s.s is the starting IP Address and e.e.e.e is the ending IP address of the range.
This lab will use the same logical topology as Lab 11-5 however the IP Addressing has changed as shown below;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and SW1
Establish a console session with devices R1, R2 and SW1 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface FastEthernet0/0
description ### LAN INTERFACE ###
ip address dhcp
no shut
!
line con 0
logging sync
no exec-timeout
!
end
!###################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
line con 0
logging sync
no exec-timeout
end
Lab Objectives
Create a IP DHCP Exclusion range to exclude the first and last 25 IP addresses of the 10.115.10.0/24 network on R1.
Verify your configuration by renewing the IP address on R2s FastEthernet0/0 interface.
Lab Instruction
Objective 1. Create a IP DHCP Exclusion range to exclude the first and last 25 IP addresses of the 10.115.10.0/24 network on R1.
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip dhcp excluded-address 10.115.10.1 10.115.10.25
R1(config)#ip dhcp excluded-address 10.115.10.229 10.115.10.254
R1(config)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
Objective 2. Verify your configuration by renewing the IP address on R2s FastEthernet0/0 interface.
To clear the DHCP IP address from an Ethernet interface you can bounce the interface by shutting it down and waiting 10 seconds
and bringing it back up or you can configure the interface to have no ip address then wait 10 seconds and configure the interface to
have a DHCP IP Address again thus forcing the router to send a dhcp request.
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface FastEthernet0/0
R2(config-if)#no ip address
R2(config-if)#ip address dhcp
R2(config-if)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
%DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP
address 10.115.10.26, mask 255.255.255.0, hostname R2
R2#
As shown above in the syslog messages, you see that the FastEthernet0/0 interface on R2 has now obtained the 10.115.10.26
DHCP IP address which is the first address available outside of the excluded ranges configured in objective 1.
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Have you ever wondered how DHCP clients get IP addresses from servers not on their own subnet? This lab will
discuss and demonstrate the configuration and verification of an IP DHCP helper addresses.
Command
Description
ip helper-address a.b.c.d
receive BOOTP DHCP Request and forward them to a specified DHCP server.
The following logical topology shown below is used in this lab;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and SW1
Establish a console session with devices R1, R2 and SW1 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface FastEthernet0/0
description ### LAN INTERFACE ###
ip address dhcp
no shut
!
exit
line con 0
logging sync
no exec-timeout
!###################################################
!
!# Free CCNA Workbook Lab 11-6 SW1 Initial Config #
end
!###################################################
!
enable
!
vlan database
vlan 10
vlan 20
exit
!
configure terminal
!
vlan 10
name 10.116.10.0/24
!
vlan 20
name 10.116.20.0/24
!
hostname SW1
no ip domain-lookup
!
ip routing
!
interface FastEthernet0/1
Lab Objectives
On R1 create a new DHCP pool called LAB_POOL2 and assign it the following attributes; network 10.116.20.0/24, defaultrouter of 10.116.20.2, domain name TESTLAB.LOCAL, DNS servers 10.116.18.6 & 10.116.18.7
On SW1 configure the VLAN20 interface with an IP Helper address that points to 10.116.10.1
Verify that R2 can receive a DHCP address from R1 in the 10.116.20.0/24 network.
Lab Instruction
Objective 1. On R1 create a new DHCP pool called LAB_POOL2 and assign it the following attributes; network 10.116.20.0/24,
default-router of 10.116.20.2, domain name TESTLAB.LOCAL, DNS servers 10.116.18.6 & 10.116.18.7
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip dhcp pool LAB_POOL2
R1(dhcp-config)#network 10.116.20.0 255.255.255.0
R1(dhcp-config)#default-router 10.116.20.2
R1(dhcp-config)#domain-name TESTLAB.LOCAL
R1(dhcp-config)#dns-server 10.116.18.6 10.116.18.7
R1(dhcp-config)#end
R1#
Objective 2. On SW1 configure the VLAN20 interface with an IP Helper address that points to 10.116.10.1
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface vlan 20
SW1(config-if)#ip helper-address 10.116.10.1
SW1(config-if)#end
SW1#
%SYS-5-CONFIG_I: Configured from console by console
SW1#
Objective 3. Verify that R2 can receive a DHCP address from R1 in the 10.116.20.0/24 network.
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface FastEthernet0/0
R2(config-if)#shut
R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R2(config-if)#no shut
R2(config-if)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
%LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2#
%DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address 10.116.20.3, mask 255.2
55.255.0, hostname R2
R2#ping 10.116.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.116.10.1, timeout is 2 seconds:
!!!!!
Previous Lab
Like
Next Lab
14 Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Keeping the date and time correct on a Cisco Router and/or Switch is crucial to security and logging. Setting the date
in time manually on 5000 devices in a network is not an option but there is an easy way out called NTP. This lab will
discuss and demonstrate the configuration and verification of the Network Time Protocol.
Datagram Protocol (UDP) on port 123 and is actually one of the oldest protocols on the internet in use today. NTP was designed by
David Mills at the University of Delaware and is still maintained by David and a team of selected volunteers.
The Network Time Protocol is based on a tiered model known as the Clock Strata which is short for Stratum meaning one of a series
of layers in Latin.
When working with a Cisco device there are 15 Stratum layers youre able to configure, 1 through 15 with 1 being the most trusted
time source and 15 being the least. In common deployments most Cisco devices are a stratum layer 4 or higher as an atomic
(caesium, rubidium) clock is a stratum 0 which is commonly directly connected via serial interface to a stratum 1 device. Stratum 2
devices are refereed to as Time Servers query their time to from stratum 1 devices and provide the time to stratum 3 devices which
commonly reside in a local area network as the local time server. NTP Servers can query other NTP Servers as long as they are in
the same stratum layer and this can occur to ensure the most accurate synchronization of time. A Stratum 4 device retrieves their
time from the LAN time server(s) which in properly designed network would be a stratum 3.
One bit of information to really keep in mind when dealing with NTP to save a lot of frustration and headaches is that an NTP client
will not sync with a server that has an earlier date/time.
Okay so enough with the jibber jabber and lets get down to business. To configure the NTP client on a Cisco device youll use the ntp
server x.x.x.x command in global configuration. You can specify multiple NTP servers if you have multiple servers in your network;
this ensures that a cisco device has NTP redundancy and can still obtain the time from a server if one were to fail. However the
catch to this configuration is that the servers are processed top down in the configuration but you have the ability to specify a
preferred server using the command ntp server x.x.x.x prefer.
Another way of configuring NTP servers on a Cisco device is to use the ntp peer x.x.x.x command in global configuration. This
command will allow you to use multiple NTP servers in a peer group and the server that is the most accurate with the lowest stratum
number will become the NTP server of the peer group.
To verify that your Cisco device is learning the time via NTP youll need to use the show ntp associations which will show you the
current NTP peers on the device and additional information including the NTP Peers reference clock, their stratum #, poling interval,
reach, delay and offset.
In this lab you will configure R2 as an NTP client which queries its time from the preferred NTP server; R1. In this labs lab R1 is preconfigured as an stratum 3 NTP Server.
Familiarize yourself with the following new command(s) listed below;
Command
Description
This command is executed in global configuration and configures an NTP server as to which the
device will query for the time.
This command is executed in global configuration and configures an NTP server as a preferred
server when multiple servers are configured.
This command is executed in global configuration mode and configures a peer group of multiple
specified NTP servers whereas the most accurate lowest stratum server becomes the NTP
Server of the peer group.
This command is executed in user or privileged mode to view the current NTP peers and their
NTP related information.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1 and R2
Establish a console session with devices R1 and R2 than load the initial configurations provided below by copying the config
from the textbox and pasting it into the respected routers console.
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Serial0/1
description ### PPP LINK TO R1 ###
encapsulation ppp
ip address 10.117.12.2 255.255.255.252
no shut
exit
!
line con 0
logging sync
no exec-timeout
Lab Objectives
!
end
Configure the time and date on R1 as 00:00:00 Jan 1, 2010 to ensure the configured time is different then the actual time to
demonstrate NTP.
Configure R2 to use the NTP server located at 10.117.12.1.
Verity that R2 has obtained the correct date and time from R1 via NTP by viewing the NTP associations and the local clock.
Lab Instruction
Objective 1. Configure the time and date on R1 as 17:00:00 Jan 1, 2005 to ensure the configured time is different then the actual
time to demonstrate NTP.
R1#clock set 00:00:00 1 jan 2010
R1#
Objective 3. Verity that R2 has obtained the correct time and date from R1 via NTP by viewing the NTP associations and the local
clock.
R2#show ntp associations
address
ref clock
st when poll reach delay offset
disp
*~10.117.12.1
127.127.7.1
3
58
64
7
5.1
-0.93 3875.2
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
R2#show clock
00:05:18.467 UTC Fri Jan 1 2010
R2#
As shown above by the show ntp associations command youll see that the server 10.117.12.1 is the master (synced) server as
denoted by the *. Once viewing the clock you can confirm that the time has indeed been synchronized via NTP.
Previous Lab
Like
Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
So configuring an external NTP Server is great to keep the date and time syncd on evey device but what if you want
to host your own NTP Server? This lab will discuss and demonstrate the configuration and verification of Cisco IOS
NTP server.
Command
Description
ntp master #
This command is executed in global configuration and configures the Cisco device as an NTP
Master server followed by the stratum number provided. Cisco devices will only allow the
stratum # to be a configured as a value between 1 and 15.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1 and R2
Establish a console session with devices R1 and R2 than load the initial configurations provided below by copying the config
from the textbox and pasting it into the respected routers console.
!###################################################
!#
!###################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Serial1/1
description ### PPP LINK TO R1 ###
encapsulation ppp
ip address 10.118.12.2 255.255.255.252
no shut
exit
!
line con 0
logging sync
no exec-timeout
Lab Objectives
!
end
Manually configure the time and date on R1 to the current time and date.
Configure R1 as an NTP Master server in the stratum 3 layer.
Configure R2 as an NTP client using R1 as its NTP Server.
Verify that R2 is correctly syncing its time and date with R1.
Lab Instruction
Objective 1. Manually configure the time and date on R1 to the current time and date.
R1#clock set 20:00:00 aug 26 2010
Objective 4. Verify that R2 is correctly syncing its time and date with R1.
Read Me
You may need to wait a few minutes before R2 will synchronize its time with R1, so do not get discouraged if it does not sync
immediately.
R2#show ntp associations
address
ref clock
st when poll reach delay offset
disp
*~10.118.12.1
127.127.7.1
3
52
64 377
3.2
-1.38
0.9
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
R2#
R2#
R2#show clock
20:05:05.581 UTC Thu Aug 26 2010
R2#
As you can see from the NTP associations above that 10.118.12.1 is now the configured master and it is synchronized as its a
denoted by the ~ and not the #.
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
So if you want a Cisco device to resolve names to IPs you must setup DNS Servers. This lab will discuss and
demonstrate the configuration and verification of Cisco IOS DNS Servers.
test the DNS name resolution by pinging Google.com from R1s command line interface.
Familiarize yourself with the following new command(s) listed below;
Command
Description
ip name-server a.b.c.d
This command is executed in global configuration to specify DNS servers to be used by the
Cisco device during name to ip resolution. You may have multiple servers by adding the next
server IP Address following the first in this command.
Lab Prerequisites
If you are using GNS3 than delete the link between R1s FastEthernet0/0 and SW1s FastEthernet0/1, than configure a NIO
Cloud in GNS3 and bind it to your physical NIC than connect it to R1s FastEthernet0/0 interface. Ensure that you have
internet connectivity.
If youre using real hardware than ensure that R1s FastEthernet0/0 interface is plugged into a network with DHCP and internet
access.
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start device(s); R1.
Establish a console session with device(s) R1 than load the initial configurations provided below by copying the config from the
textbox and pasting it into the respected routers console.
Lab Objectives
Ensure that R1 has obtained a DHCP address from your internet gateway and verify that R1 internet connectivity via the NIO
Lab Instruction
Objective 1. Ensure that R1 has obtained a DHCP address from your internet gateway and verify that R1 internet connectivity via
the NIO cloud by pinging 4.2.2.2
R1#show ip interface brief FastEthernet0/0
Interface
IP-Address
OK? Method Status
FastEthernet0/0
192.168.2.8
YES DHCP
up
R1#ping 4.2.2.2
Protocol
up
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Its a brave new world out there and sadly were running out of IPv4 address space. This information lab will discuss
thew basics of the next generation IP addressing scheme known as Internet Protocol version 6 (IPv6).
standard in todays modern networks. In todays world you will have a hard time finding a network that does not utilize Network
Address Translation in one way or another. As the internet continues to grow day after day with the addition of new cellular devices,
tablets, wireless devices and IP enabled smart home which allows you to control several aspects of your home appliances such
lights, refrigerators, heating and air conditioning equipment and more the requirement for IP addressing will continue to grow.
There are several parts of the world that use layers and layers upon Network Address Translation because there simply is not
enough IPv4 address space for everyone. China alone can easily consume over a quarter of the IPv4 address space and still not
have enough addressing to cover all devices in the country. The same applies to India.
The standards of IPv6 were completed several years ago and it is only recently that companies and organizations have taken interest
into migrating from IPv4 to IPv6. One of the two driving factors of a global IPv6 migration is that Network Address Translation stifles
innovation in areas such as peer-to-peer networking, grid computing, end-to-end security, global quality of service guarantees and
internet access through mobile devices such as cell phones and tablets.
IPv4 us made up of a 32-bit number represented by 4 decimal octets and has a maximum address space of roughly 4.3 billion
addresses. IPv6 on the other hand uses a 128-bit address making 340 trillion trillion trillion IP addresses available. to be exact the
number is;
340,282,366,920,938,463,463,374,607,431,768,211,456
In a nut shell that is enough IP address space to assign an entire IPv4 address space (4.3 billion IP addresses) to every man woman
and child and barely put a dent in the IPv6 address space.
There are approximately 79,135,434,167,660,000,000,000,000,000 IPv4 address spaces (4.3 billion) in the entire IPv6 address
space.
IPv6 addresses are different then IPv4 address in many ways and not just in length. You should already know the representation of
the IPv4 address which is a 32-bit number represented by a 4 decimal octet number such as 192.168.21.82. IPv6 however is
represented by a HEX address such as; 2002:1834:0110:0394:AF3E:2501:36FF:0A0B
That is going to be quite a hard number to memorize, IPv6 will rely heavily on DNS (Domain Name System) in the future which
translates names to IP addresses. such as ipv6.google.com to 2001:4860:b002:0000:0000:0000:0000:0068
There are a two representation rules that will help make engineers lives so much easier when dealing with IPv6 addressing. The first
one being concatenation of the IPv6 address. This gives an engineer the ability to collapse an IPv6 address to a shorter, easier to
write IPv6 address. The basic rule states that the multiple zeros in any 16-bit segment do not have to be written and if any 16-bit
segment has fewer then four hexadecimal digits it is then assumed that the missing digits are leading zeros and can collapsed to
using the double semicolon :: However this method can only be used ONCE.
For an example; 2001:1934:0101:0000:0000:0000:0000:0035 can be shorted to 2001:1934:0101::35
The placement of the double semicolon does not matter as long as it is used only once. Take for example the following IPv6 address;
2001:A0D3:0000:0000:0343:0000:0000:0323 can be represented as either;
2001:A0D3::0343:0000:0000:0323 or 2001:A0D3:0000:0000:0343::0323
If you use the double Semicolon more then once it can invalidate the IP address in a way that multiple IP Addresses can be derived
from it. For example;
2001:A0D3::0343::0323 can be any translated to any of the following addresses;
2001:A0D3:0000:0343:0000:0000:0000:0323
2001:A0D3:0000:0000:0343:0000:0000:0323
2001:A0D3:0000:0000:0000:0343:0000:0323
Some IPv6 addresses can be shorted to as little as 5 hexadecimal characters. For example;
ff01:0000:0000:0000:0000:0000:0000:0005 can be written as ff01::5
The second rule that allows an engineer to shorten the written notation of an IPv6 address is the ability to not write leading 0s in an
IP address. For example; 2001:A0D3:0032:0000:0000:0000:0000:0023 can become 2001:A0D3:32:0000:0000:0000:0000:23 and
can be further shortened with the double semicolon to 2001:A0D3:32::23
Keep in mind when using this method that trialing zeros CANNOT be omitted in written notation as this would change the absolute
number of the IP Address. For a basic example; HEX: A0 is 160 in decimal format. If you omit off the trailing zero to A it then
becomes 10 and not 160 thus changing the number.
IPv6 has three different types of addressing as listed below;
Unicast
Multicast
Anycast
Unlike IPv4, IPv6 does not utilize broadcast. There is however an all nodes multicast address which serves the same purpose as
the broadcast address.
As you should know, a Unicast address is an address that identifies a single device. The general format of an IPv6 address goes;
Loopback
Multicast
Link-Local Unicast
Site Local Unicast
(Depreciated)
Global Unicast
(Currently Allocated)
Reserved (Future Use)
00...1
11111111
1111111010
1111111011
::1/128
FF00::/8
FE80::/10
FEC0::/10
001
2xxx::/ or 3xxx::/4
Everything Else
IPv6 AnyCast Addresses is an address that represents a service rather then a device. For example a service can reside on multiple
servers which but is represented by a single AnyCast address. In which case the closest Server logically to the traffic source would
be used. For example A Single PC on a network segment is trying to reach a particular DNS Server. When the PC attempts to
communicate to the AnyCast address the router will route the source traffic to the destination that is closest to the source. Server 1
has a metric of 20, Server 2 has a metric of 30 and Server 3 would have a metric of 40 then the source PC would be routed to Server
1.
This provides an advantage that PCs will always use the closest services oriented devices such as DNS, NTP, WINS, Proxy server,
etc.. anything that can be stored in a data center technically. This also gives the ability to ensure facility redundancy. For example
you have 2 DNS servers in a single data center and that data center catches fire, you do not lose youre entire DNS infrastructure
which applications can rely heavily upon.
IPv6 multicast addresses are similar to their predecessor IPv4 Multicast addresses. A Multicast address does not identify a single
device but a group of devices. For example when a single PC attempts to join a multicast group to receive streaming video traffic.
The server sends to the same IP address however the network devices throughout the network route that traffic to PCs that have
joined that group. This solves the requirement of one-to-one communications when dealing with single source to multiple destination
scenario. (A Server sending to multiple clients) Traditionally the Server would have to send a single unicast stream to every single
client and if this stream perhaps is a compressed 1080P HD video stream then the bandwidth required would be around 9Mbps per
every unicast device. If the server only had a 1Gbps connection to the network then it would max out at around 100 clients.
However, when using multicast the server only needs to send a single 9Mbps compressed HD video stream to a multicast group
address as the destination and any PC that has joined the multicast group can receive the stream.
Examples of well known multicast group destinations are given below;
Address
Multicast Group
-----------------------------------FF02::1
All Nodes
FF02::2
All Routers
FF02::5
OSPFv3 Routers
FF02::6
OSPFv3 DR's
FF02::9
RIPng Routers
FF02::A
EIGRP Routers
FF02::B
Mobile Agents
FF02::C
DHCP Servers
FF02::D
All PIM Routers
When an IPv6 host first becomes active on a link that is a broadcast link such as Ethernet, it has the ability to auto-configure an IPv6
address. The first step in the process to determine the 64bit interface ID portion of the IPv6 address is a mechanism called MAC-toEUI64. In a nut shell, this takes the 48-bit Media Access Control (MAC) address of an interface which is assumed to be globally
unique and converts it into a 64-bit interface id by inserting a reserved 16-bit value of 0xFFFe into the middle of the MAC address
and flipping the Universal/Local bit of the MAC address to 1, which represents universal.
First off lets look at the MAC address in detail, Well use the following example; 0019.B941.E3E3 which is represented in Binary as;
00000000.00011001.10111001.01000001.11100011.11100011
The UL Bit (Universal/Local) bit is the 7 most significant bit starting at the beginning of the MAC address. So when you flip the 7th bit
of the MAC address it becomes;
00000010.00011001.10111001.01000001.11100011.11100011 = 0219.B941.E3E3
Now to finish the MAC-to-EUI64 conversion youll place 0xFFFE in the middle of the address as shown below;
0219.B9FF.FE41.E3E3
Now you have an MAC-to-EUI64 auto-configured Host ID Portion of the IPv6 address but of course this is only half of the IPv6
address. If you look back to the IPv6 address types youll see Link-Local addressing which is 0xFF80::/64. This is the address that
will be used in the auto-configuration.
So effectively the MAC-to-EUI64 portion 0219.B9FF.FE41.E3E3 becomes the IPv6 auto-configured address of;
FE80::219.B9FF.FE41.E3E3/64
The MAC address is considered to be globally unique but as with any IPv6 address assignment(s) the IPv6 address much undergo a
duplicate address detection mechanism. When a device is assigned an IPv6 address it will send a Neighbor Solicitation (NS) to the
solicited-node multicast address (FF02:0:0:0:0:1:FF00::/104) with the last 24bits of the configured IPv6 address prepended onto the
address. For example; in the previous MAC-to-EUI auto-configured device example, the device would send a NS to
FF02::1:FF01:E3E3. If a device receives a Neighbor Solicitation that is destined to an IP Address assigned to a local interface it will
respond with a Neighbor Advertisement (NA) with the target address and the destination address set to the tentative address. When
the originating node receives the NA, it knows that the tentative address is a duplicate and cannot be used.
The MAC-to-EUI64 auto-configuration mechanism raises many privacy concerns such due to the fact that the MAC address is
assumed to be globally unique it can be used to track an individual as the device moves from subnet to subnet or even ISP to ISP.
This gives someone the ability to determine rather or not youre at work or if youre at a coffee shop or a wireless hot spot. Further
investigations into traffic can be used to log your locations at specific times such as when youre at home, when youre traveling,
when youre working etc
RFC3041 addresses this security concern by defining the IPv6 privacy addresses An IPv6 privacy address is an address in which
the Interface ID is generated by an algorithm using a pseudo-random number. What makes this so practical is that interface ID (last
64bits of the IPv6 address) changes approximately once a day or on a configured timer period and also whenever the device
acquires a new IPv6 prefix.
Subnetting in IPv6 is much like subnetting IPv4 and the number of host per subnet is insanely larger but when you think of it on terms
of multiples of /64 then it should all click. A Host is represented as a /128 and a subnet is represented as /64. For example you have
a single /63 subnet assigned to you by your ISP which is 2001:1::/63. This subnet has two /64 subnets which are 2001:1:0:0::/64 and
2001:1:0:1::/64. If youve been assigned the 2001:1::/62 subnet then you have four /64 subnets which include; 2001:1:0:0::/64,
2001:1:0:1::/64, 2001:1:0:2::/64 and 2001:1:0:3::/64.
When thinking in terms of routing protocols, general the next hop is the interface assigned unicast IP address of the router in which
the traffic is passed to in the transit path however IPv6 changes that. When subnets are advertised from router to router, the next
hop address is not the configured unicast address but rather the Link Local address of the router as the next hop.
For example, R1 has Fa0/0 configured using the IPv6 address 2001:1::1/64 and R2 has the Fa0/0 interface configured with IP
address 2001:2::2/64 and both routers have RIPng (RIP Next Generation for IPv6) configured on their FastEthernet0/0 interfaces.
When viewing the routing table on R1 to see the next hop to 2001:2::2, the next hop is R2s Fa0/0 link-local IP address;
FE80::20D:29FF:FED1:D460
You will go further into depth with the IPv6 dynamic routing protocols throughout the next few labs.
Previous Lab
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
So you know how IPv6 works but how do you assign IPv6 addresses to Cisco Router and Switch interfaces? This lab
will discuss and demonstrate the configuration and verification of IPv6 interface addressing.
Router Discovery The ability for a node to discover local routers on a network segment without the aid of a DHCP server.
Parameter Discovery The ability for a node to discover link parameters such as MTU and hop limits for its links.
Prefix Discovery The ability for a node to discover the prefix or prefixes assigned to a specific IPv6 link.
Address Autoconfiguration The ability for a node to determine its full unique i address without the aid of a DHCP server.
Duplicated Address Detection (DAD) The ability for a node to determine rather or not an IPv6 address it attempts to use
already exist.
Address Resolution The ability for a node to discover the link-layer addresses of other node(s) on a link without the use of
Address Resolution Protocol (ARP).
Next-Hop Determination The ability for a node to determine the next link-layer hop on a network link; a local node or router
destination.
Neighbor Unreachability Detection The ability for a node to determine when a neighboring device on the network link is no
longer reachable.
Redirect The ability for a router to notify a host that a better path exist to reach a given destination.
Network Discovery Protocol messages should always be link-local originating. To add further security to NDP messages, the hop limit
(IPv6 TTL) of the IPv6 packet carrying all NTP traffic is set to 255. (TTL) to ensure it does not traverse routers.
The Network Discovery Protocol is defined in RFC2461 which uses ICMPv6 to exchange messages required for its functions.
Specifically, five new ICMPv6 messages are defined in RFc2461 which you be aware. These messages which are listed below are
responsible for the operation of NDP;
Router Advertisement (RA) An RA is a message that originates from a Router, (Cisco or non-Cisco) to advertise their
existence on a network link. These RAs also include link parameters and are sent automatically periodically and in response
of a Router Solicitation (RS) message.
Router Solicitation (RS) These messages originate from host nodes to request that any router on the link respond with a RA.
Neighbor Solicitation (NS) These messages are sent from a node requesting the link layer address of another node and also
used by the duplicate address detection and neighbor unreachability detection mechanisms.
Neighbor Advertisement (NA) These messages are sent in response to a NS message. If a node changes its link-layer
address then a NA can be used to send an unsolicited advertisement to advertise its new address.
Redirect These messages are used in the same fashion as IPv4 ICMP redirects however they have been migrated from
ICMP in IPv4 to native operation NDP which uses ICMPv6 to function.
To configure IPv6 stateless auto configuration on an interface you first much configure the router to advertise its connected prefix on
the link using the NDP Router Advertisement (RA) message(s). Without this advertisement the host on the network link will not know
what address to autoconfig to.
To configure a Cisco router to advertise an IPv6 prefix out an Ethernet interface for neighbor IPv6 auto configuration you must first to
enable IPv6 unicast routing on that router by executing the ipv6 unicast-routing command in global configuration. After IPv6 unicast
routing is enabled you can then continue to configure the advertised prefixed by using the ipv6 nd prefix x:x:x:x::/x command in
interface configuration mode. Once the prefix is configured the router will advertised the interface prefix specified in the Network
Discovery Protocol (NDP) Router Advertisements (RA)s periodically and upon receipt of a Router Solicitation (RS).
In this lab you will configure the FastEthernet0/0 interfaces of R1 and R2 whereas R1 will have a statically configured global unique
IPv6 unicast address and R2 will auto configure its global unique IPv6 address on the link.
Familiarize yourself with the following new command(s);
Command
Description
ipv6 unicast-routing
This command when executed in global configuration mode to enable IPv6 Unicast routing on a
Cisco router and/or Switch.
This command when executed in interface configuration mode sets an IPv6 address on the
specified interface.
This command when executed in interface configuration mode configures that specific interface
to autoconfig its IPv6 address based on prefix advertisements from routers on that network
segment.
This command when executed in interface configuration mode configures which prefix or
prefixes to advertise in its IPv6 NDP router advertisements (RAs) which is used by neighboring
nodes to auto configure an IPv6 address.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and SW1.
Establish a console session with devices R1, R2 and SW1 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!# Free CCNA Workbook Lab 12-2 R2 Initial Config
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface FastEthernet0/0
description ### LINK TO LAN ###
no ip address
no shut
exit
!
line con 0
logging sync
no exec-timeout
!##################################################
!
!#
endFree CCNA Workbook Lab 12-2 SW1 Initial Config #
!##################################################
!
enable
configure terminal
!
hostname SW1
no ip domain-lookup
!
interface FastEthernet1/1
spanning-tree portfast
no shut
exit
!
interface FastEthernet1/2
description ### LINK TO R2 FA0/0 ###
Lab Objectives
switchport mode access
spanning-tree portfast
no shut
exit
line con 0
logging sync
no exec-timeout
end
Configure R1s FastEthernet0/0 interface to advertise the 2001:abad:beef::/64 prefix in the NDP Router advertisements onto
the Ethernet segment.
Configure R2s FastEthernet0/0 interface to autoconfig its IPv6 global unique unicast address, wait a few minutes and verify
that this interfaces auto configures a global unique IPv6 address.
Verify IPv6 communication between R2 and R1 using ping.
Lab Instruction
Objective 1. Configure R1s FastEthernet0/0 interface with the IPv6 address; 2001:abad:beef::1/64.
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ipv6 unicast-routing
R1(config)#interface FastEthernet0/0
R1(config-if)#ipv6 address 2001:abad:beef::1/64
R1(config-if)#no shut
R1(config-if)#
Objective 2. Configure R1s FastEthernet0/0 interface to advertise the 2001:abad:beef::/64 prefix in the NDP Router advertisements
onto the Ethernet segment.
R1(config-if)#ipv6 nd prefix 2001:abad:beef::/64
R1(config-if)#end
R1#
Objective 3. Configure R2s FastEthernet0/0 interface to autoconfig its IPv6 global unique unicast address, wait a few minutes and
verify that this interfaces auto configures a global unique IPv6 address.
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface FastEthernet0/0
R2(config-if)#ipv6 address autoconfig
R2(config-if)#no shut
R2(config-if)#end
R2#
R2#show ipv6 interface FastEthernet0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C800:7FF:FE14:8
No Virtual link-local address(es):
Description: ### LINK TO LAN ###
Stateless address autoconfig enabled
Global unicast address(es):
2001:ABAD:BEEF:0:C800:7FF:FE14:8, subnet is 2001:ABAD:BEEF::/64
[EUI/CAL/PRE]
valid lifetime 2591992 preferred lifetime 604792
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF14:8
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 37387)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
Objective 4. Verify IPv6 communication between R2 and R1 using ping.
R2#ping ipv6 2001:abad:beef::1 source FastEthernet0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:ABAD:BEEF::1, timeout is 2 seconds:
Packet sent with a source address of 2001:ABAD:BEEF:0:C800:7FF:FE14:8
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/77/268 ms
R2#
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Once you have a basic understanding of IPv6 and configuring IPv6 interfaces you can then build networks using static
routes! This lab will discuss and demonstrate the configuration and verification of IPv6 static routing.
When configuring an IPv6 static route youll use the ipv6 route X:X:X:X::/X X:X:X:X::X whereas the first IPv6 address in the static
route statement is the network and the 2nd IPv6 address is the next hop in the transit path to reach that network. You also have the
ability to assign the IPv6 static route an administrative distance the same way you would assign administrative distance to an IPv4
static route by following the route statement with an administrative distance (1-254). Keep in mind the administrative distance of 255
is considered unreachable. An example of an IPv6 static route using an administrative distance of 224 is; ipv6 route
2001:ABC:123:FADE::0/64 2001:ABAD:BEEF:1234::1 224. Keep in mind when using an IPv6 link-local address as the next hop you
must specify the egress (exiting) interface. I.e; ipv6 route 2001:ABC:123:FADE::0/64 Serial0/1 FE80::C800:10FF:FE1C:8 224.
Looking back at 12-1, youll see in the chart provided that the unspecified network is represented as ::/0. This is the same concept
as the IPv4 0.0.0.0/0 address. You can configure an IPv6 static default route by using ::/128 as the destination network followed by
the next-hop. I.e; ipv6 route ::/128 2001:ABAD:BEEF:1234::1 200
In this lab you will configure a static route on R1 to reach R2s Loopback0 network using R2s Serial0/1 IPv6 link-local address as the
next-hop then configure a default IPv6 route on R2 using R1s Serial0/1 IPv6 link-local address as the next-hop.
Familiarize yourself with the following new command(s);
Command
Description
This command when executed in interface configuration mode sets an IPv6 address on the
specified interface. The syantax is ipv6 route network egress interface next-hop ipv6 address.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start device(s); R1 and R2
Establish a console session with device(s) R1 and R2 than load the initial configurations provided below by copying the config
from the textbox and pasting it into the respected routers console.
!##################################################
!# Free CCNA Workbook Lab 12-3 R2 Initial Config
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
!
interface Loopback0
description ### IPv6 SIMULATED NETWORK ###
ipv6 address 2001:ABAD:BEEF:2002::1/64
!
interface Serial0/1
description ### LINK TO FRAME RELAY SWITCH ###
encapsulation ppp
no shut
exit
Lab Objectives
!
line con 0
logging sync
no exec-timeout
end
Configure a static route with the administrative distance of 200 on R1 pointing towards R2s Serial0/1 link-local IPv6 address to
reach the network assigned to R2s loopback0 interface.
Configure a default static route on R2 pointing towards R1s Serial0/1 globally unique IPv6 unicast address to reach all
unknown networks including the network assigned to R1s loopback0 interface.
Verify IPv6 communication between R1s Loopback0 interface and R2s Loopback0 interface using PINGv6.
Lab Instruction
Objective 1. Configure a static route with the administrative distance of 200 on R1 pointing towards R2s Serial0/1 link-local IPv6
address to reach the network assigned to R2s loopback0 interface.
To configure this static route statement you must first obtain the IPv6 link-local address of R2s Serial0/1 interface as shown below;
R2>enable
R2#show ipv6 interface Serial0/1
Serial0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C800:10FF:FE1C:8
No Virtual link-local address(es):
Description: ### LINK TO FRAME RELAY SWITCH ###
Global unicast address(es):
2001:ABAD:BEEF:1221::2, subnet is 2001:ABAD:BEEF:1221::/64
Joined group address(es):
FF02::1
FF02::1:FF00:2
FF02::1:FF1C:8
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 17988)
R2#
Once youve obtained R2s IPv6 link-local address you can now configure the static route statement on R1 as shown below;
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 route 2001:ABAD:BEEF:2002::0/64 Serial0/1 FE80::C800:10FF:FE1C:8
R1(config)#end
R1#
Objective 2. Configure a default static route on R2 pointing towards R1s Serial0/1 globally unique IPv6 unicast address to reach all
unknown networks including the network assigned to R1s loopback0 interface.
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ipv6 route unicast-routing
R2(config)#ipv6 route ::/0 2001:ABAD:BEEF:1221::1
R2(config)#end
R2#
Objective 3. Verify that R2s Loopback0 has IPv6 communication to R1s Loopback0 network using ping.
R2#ping 2001:ABAD:BEEF:1001::1 source Loopback0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:ABAD:BEEF:1001::1, timeout
is 2 seconds:
Packet sent with a source address of 2001:ABAD:BEEF:2002::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/37/68 ms
R2#
Previous Lab
Like
Tweet
Next Lab
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
Just like RIP for IPv4 there is also RIP Next Generation which is used to build dynamic routed IPv6 networks. This lab
will discuss and demonstrate the configuration and verification of RIP Next Generation
Command
Description
This command when executed in interface configuration mode will configure that paticular
interface to participate in the specified RIPng process name.
This command when executed in user or privileged mode will display current RIPng timers and
statistics of the specified RIPng process name.
This command when executed in user or privileged mode will display the RIPng data base of
the specified RIPng process name.
This command when executed in user or privileged mode will display a summary of RIPng
routes per RIPng process name based on their next-hop.
This command when executed in user or privileged mode will display the routing table on that
particular device.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start device(s); R1, R2 and R3
Establish a console session with device(s) R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!# Free CCNA Workbook Lab 12-4 R2 Initial Config
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
ipv6 unicast-routing
!
interface Loopback0
description ### IPv6 SIMULATED NETWORK ###
ipv6 address 2001:ABAD:BEEF:2002::1/64
interface Serial0/0
encapsulation frame-relay
!##################################################
no frame-relay inverse-arp
!#
Free CCNA Workbook Lab 12-4 R3 Initial Config
exit
!##################################################
!
!
interface Serial0/0.221 point-to-point
enable
description ### LINK TO R1 ###
configure
terminal
ipv6 address
2001:ABAD:BEEF:1221::2/64
!frame-relay interface-dlci 221
hostname
R3
exit
no ip domain-lookup
!
ipv6 unicast-routing
interface
Serial0/0.223 point-to-point
!description ### LINK TO R3 ###
interface
Loopback0
ipv6 address
2001:ABAD:BEEF:2332::2/64
description interface-dlci
### IPv6 SIMULATED
frame-relay
223 NETWORK ###
interface Serial0/0
description
no
shutdown ### LINK TO FRAME RELAY SWITCH ###
encapsulation frame-relay
exit
Lab Objectives
!logging sync
interface
Serial0/0.322 point-to-point
no exec-timeout
exit
!
Enable RIPng on R1s Loopback0 and Serial0/0.122 interfaces using the RIPng process name FREE.
interface Serial0/0
no shutdown
exit
!
Enable RIPng on R2s Loopback0, Serial0/0.221 and Serial0/0.223 interfaces using the RIPng process name CCNA.
line con 0
logging sync
no exec-timeout
Enable RIPng on R3s Loopback0 and Serial0/0.322 interfaces using the RIPng process name WORKBOOK.
!
end
Verify that IPv6 the route to R1s Loopback0 network exists in the R3s IPv6 routing table with a next-hop of R2s Serial0/0.223
link-local IPv6 address.
Verify IPv6 communication by pinging R1s Loopback0 interface from R3s Loopback0 interface.
Lab Instruction
Objective 1. Enable RIPng on R1s Loopback0 and Serial0/0.122 interfaces using the RIPng process name CCNA.
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#interface loopback0
R1(config-if)#ipv6 rip FREE enable
R1(config-if)#interface Serial0/0.122
Objective 2. Enable RIPng on R2s Loopback0, Serial0/0.221 and Serial0/0.223 interfaces using the RIPng process name CCNA.
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface loopback0
R2(config-if)#ipv6 rip CCNA enable
R2(config-if)#interface Serial0/0.221
R2(config-subif)#ipv6 rip CCNA enable
R2(config-if)#interface Serial0/0.223
R2(config-subif)#ipv6 rip CCNA enable
R2(config-subif)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
Objective 3. Enable RIPng on R3s Loopback0 and Serial0/0.322 interfaces using the RIPng process name WORKBOOK.
R3>enable
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface loopback0
R3(config-if)#ipv6 rip WORKBOOK enable
R3(config-if)#interface Serial0/0.322
R3(config-subif)#ipv6 rip WORKBOOK enable
R3(config-subif)#end
R3#
%SYS-5-CONFIG_I: Configured from console by console
R3#
Objective 4. Verify that IPv6 the route to R1s Loopback0 network exists in the R3s IPv6 routing table with a next-hop of R2s
Serial0/0.223 link-local IPv6 address.
R3#show ipv6 route 2001:ABAD:BEEF:1001::/64
Routing entry for 2001:ABAD:BEEF:1001::/64
Known via "rip WORKBOOK", distance 120, metric 3
Route count is 1/1, share count 0
Routing paths:
FE80::C800:11FF:FE84:8, Serial0/0.322
Last updated 00:01:22 ago
R3#
As shown above in R3s routing table; the route to the 2001:ABAD:BEEF:1001::/64 network shows a next hop of
FE80::C800:11FF:FE84:8 via Serial0/0.322. Immediately you should recognize that this address is a link-local address as it begins
with FF80. You can further verify that this is R2s Serial0/0.223 link-local address by using the show ipv6 interface Serial0/0.223
command on R2 as shown below. Notice that the underlined link-local addresses from R3s routing table and R2s Serial0/0.223
interface match.
R2#show ipv6 interface Serial0/0.223
Serial0/0.223 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C800:11FF:FE84:8
No Virtual link-local address(es):
Description: ### LINK TO R3 ###
Global unicast address(es):
2001:ABAD:BEEF:2332::2, subnet is 2001:ABAD:BEEF:2332::/64
Previous Lab
Like
Next Lab
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
OSPF is very common among IPv4 networks and also has a newer version known as OSPFv3 to work with IPv6. This
lab will discuss and demonstrate the configuration and verification of OSPF version 3.
Many of the verification commands for OSPF have also been ported to IPv6 such as the show ipv6 ospf neighbor, show ipv6 ospf
interface and show ipv6 ospf database commands.
To view important OSPFv3 information such as the current timers, router-id, reference bandwidth youll need to use the show ipv6
ospf procid# command in user or privileged mode.
In this lab you will configure OSPFv3 Area 0 on the frame relay sub-interfaces between R1 & R2 and R2 to R3 and Areas 1, 2 and 3
on the loopback interfaces of each router. Upon completion you should be able to route IPv6 traffic between the simulated IPv6
networks located on the loopback0 interface of each router.
Familiarize yourself with the following new command(s);
Command
Description
This command when executed in interface configuration mode enables OSPFv3 per specified
process id and area id.
This command when executed in global configuration mode places you into IPv6 OSPF
(OSPFv3) router configuration mode where you can configure the router-id, distribute list,
default information options and more.
router-id x.x.x.x
This command is executed in OSPFv3 router configuration mode to statically set a router-id. If
youre in a complete IPv6 network with no IPv4 addresses assigned to any interface on a router
you must have a Router-ID assigned due to OSPF not being able to use the highest IPv4
address assigned to a logical or connected physical interface.
This command when executed in user or privileged mode will display current timers, router-id
and reference bandwidth.
This command when executed in user or privileged mode displays established neighbor
relationships and their router type (DR,BDR, DROTHER)
This command when executed in user or privileged mode displays the current OSPFv3
database contents including the sequence number.
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start device(s); R1, R2 and R3
Establish a console session with device(s) R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
ipv6 unicast-routing
!
interface Loopback0
description ### IPv6 SIMULATED NETWORK ###
ipv6 address 2001:ABAD:BEEF:2002::1/64
!
interface Serial0/0
description ### LINK TO FRAME RELAY SWITCH ###
no ip address
encapsulation frame-relay
!##################################################
no frame-relay inverse-arp
!#
Free CCNA Workbook Lab 12-5 R3 Initial Config
exit
!##################################################
!
!
interface Serial0/0.221 point-to-point
enable
description ### LINK TO R1 ###
configure
terminal
ipv6 address
2001:ABAD:BEEF:1221::2/64
!frame-relay interface-dlci 221
hostname
R3
exit
no ip domain-lookup
!
ipv6 unicast-routing
interface
Serial0/0.223 point-to-point
!description ### LINK TO R3 ###
interface
Loopback0
ipv6 address
2001:ABAD:BEEF:2332::2/64
description interface-dlci
### IPv6 SIMULATED
frame-relay
223 NETWORK ###
interface Serial0/0
description
no
shutdown ### LINK TO FRAME RELAY SWITCH ###
encapsulation frame-relay
exit
Lab Objectives
!logging sync
interface
Serial0/0.322 point-to-point
no exec-timeout
exit
!
Configure R1, R2 and R3s OSPFv3 Router-ID according to their router number. I.e; 1.1.1.1
interface Serial0/0
no shutdown
exit
!
Configure R1s Serial0/0.122 & R2s Serial0/0.221 interfaces to participate in OSPF Area 0.
line con 0
logging sync
no exec-timeout
Configure R2s Serial0/0.223 & R3s Serial0/0.322 interfaces to participate in OSPF Area 0.
!
end
Configure R1s Loopback0 interface to participate in OSPF Area 1 and ensure that R1 advertises Lo0 as a /64 subnet and not
a host route (/128).
Configure R2s Loopback0 interface to participate in OSPF Area 2 and ensure that R1 advertises Lo0 as a /64 subnet and not
a host route (/128).
Configure R2s Loopback0 interface to participate in OSPF Area 3 and ensure that R1 advertises Lo0 as a /64 subnet and not
a host route (/128).
Verify that R1s Loopback0 network is in the IPv6 routing table of R3.
Verify that R3s Loopback0 network has IPv6 connectivity to R1s Loopback0 network using PING.
Lab Instruction
Objective 1. Configure R1, R2 and R3s OSPFv3 Router-ID according to their router number. I.e; 1.1.1.1
R1>enable
R1#configure terminal
Enter configuration commands, one per line.
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 router ospf 1
R1(config-rtr)#router-id 1.1.1.1
R1(config-rtr)#exit
R1(config)#
R2>enable
R2#configure terminal
Enter configuration commands, one per line.
R2(config)#ipv6 unicast-routing
R2(config)#ipv6 router ospf 1
R2(config-rtr)#router-id 2.2.2.2
R2(config-rtr)#exit
R2(config)#
R3>enable
R3#configure terminal
Enter configuration commands, one per line.
R3(config)#ipv6 unicast-routing
R3(config)#ipv6 router ospf 1
R3(config-rtr)#router-id 3.3.3.3
R3(config-rtr)#exit
R3(config)#
Objective 2. Configure R1s Serial0/0.122 & R2s Serial0/0.221 interfaces to participate in OSPF Area 0.
R1(config)#interface Serial0/0.122
R1(config-subif)#ipv6 ospf 1 area 0
R1(config-subif)#exit
R1(config)#
R2(config)#interface s1/0.221
R2(config-subif)#ipv6 ospf 1 area 0
R2(config-subif)#
%OSPFv3-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial0/0.221 from LOADING
to FULL, Loading Done
R2(config-subif)#exit
R2(config)#
Objective 3. Configure R2s Serial0/0.223 & R3s Serial0/0.322 interfaces to participate in OSPF Area 0.
R2(config)#interface Serial0/0.223
R2(config-subif)#ipv6 ospf 1 area 0
R2(config-subif)#exit
R2(config)#
R3(config)#interface Serial0/0.322
R3(config-subif)#ipv6 ospf 1 area 0
R3(config-subif)#exit
R3(config)#
%OSPFv3-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/0.322 from LOADING
to FULL, Loading Done
R3(config)#
Objective 4. Configure R1s Loopback0 interface to participate in OSPF Area 1 and ensure that R1 advertises Lo0 as a /64 subnet
and not a host route (/128).
Note: Loopback interfaces have their own OSPF network type in which case OSPF advertises a host route to the loopback interface
and not the configure subnet mask. To change OSPF to advertise the subnet assigned to the loopback interface youll need to
change the network type to point-to-point as shown below;
R1(config)#interface loopback0
R1(config-if)#ipv6 ospf 1 area 1
R1(config-if)#ipv6 ospf network point-to-point
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#
Objective 5. Configure R2s Loopback0 interface to participate in OSPF Area 2 and ensure that R1 advertises Lo0 as a /64 subnet
and not a host route (/128).
R2(config)#interface loopback0
R2(config-if)#ipv6 ospf 1 area 2
R2(config-if)#ipv6 ospf network point-to-point
R2(config-if)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
Objective 6. Configure R3s Loopback0 interface to participate in OSPF Area 3 and ensure that R1 advertises Lo0 as a /64 subnet
and not a host route (/128).
R3(config)#interface loopback0
R3(config-if)#ipv6 ospf 1 area 3
R3(config-if)#ipv6 ospf network point-to-point
R3(config-if)#end
R3#
%SYS-5-CONFIG_I: Configured from console by console
R3#
Objective 7. Verify that R1s Loopback0 network is in the IPv6 routing table of R3.
R3#show ipv6 route ospf
IPv6 Routing Table - Default - 8 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
OI 2001:ABAD:BEEF:1001::/64 [110/129]
via FE80::C800:DFF:FE0C:8, Serial0/0.322
O
2001:ABAD:BEEF:1221::/64 [110/128]
via FE80::C800:DFF:FE0C:8, Serial0/0.322
OI 2001:ABAD:BEEF:2002::1/128 [110/64]
via FE80::C800:DFF:FE0C:8, Serial0/0.322
R3#
Objective 8. Verify that R3s Loopback0 network has IPv6 connectivity to R1s Loopback0 network using PING.
R3#ping 2001:ABAD:BEEF:1001::1 source loopback0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:ABAD:BEEF:1001::1, timeout
is 2 seconds:
Packet sent with a source address of 2001:ABAD:BEEF:3003::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/41/104 ms
R3#
Previous Lab
Next Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam
Home
About
Blog
Bootcamp
Workbooks
Stub Lab
IPv6 is extremely cool in all but it is not the holy grail of security and you must still use access-list to ensure
infrastructure security. This lab will discuss and demonstrate the configuration and verification of IPv6 access control
lists.
server farm network and deny student PCs on the same source network from accessing servers located in the server farm because
the teacher PC was processed first and permitted.
Configuring an IPv6 ACL is much like configuring an IPv4 ACL however you do not have numbered, standard or extended access-list.
You have single type of IPv6 access list that can function like a standard or extended access-list. For example with a standard IPv4
ACL you can specified permit 10.0.0.0 any and an extended ACL can permit traffic from10.0.0.25 255.255.255.255 to access
10.20.5.81 255.255.255.25 equal to port 80.
With IPv6 ACLs you have the same ability. You can use a standard broad statement that encompass all source traffic to any
destination or you can get granular with the ACL statements and permit specific host to specific destinations based on source and
destination port numbers.
To configure an IPv6 access list youll use the ipv6 access-list NAME command in global configuration. From there youll be placed
into IPv6 access-list configuration mode where you have the ability to specify the ACL statements. an example is given below;
R1(config)#ipv6 access-list EXAMPLE_IPv6_ACL
R1(config-ipv6-acl)#sequence 10 permit 2001:ABAD:BEEF:1221::/64 any
R1(config-ipv6-acl)#sequence 20 deny tcp host 2001:ABAD:BEEF:2345::1 host
2001:ABAD:BEEF:1212::1 eq www
R1(config-ipv6-acl)#
As with any ACL you have the ability to assign the ACL to a particular interface in a particular direction, ingress or egress. (incoming
or outgoing). Assigning an IPv6 access list to an interface is different then its processor. When assigning an IPv4 access list to an
interface you used the ip access-list ACL_NAME in|out command in interface configuration mode. To assign an IPv6 ACL to an
interface youll use the ipv6 traffic-filter ACL_NAME in|out command in interface configuration mode.
You can view current ACL statistics by using the show ipv6 access-list command in user or privileged mode.
Familiarize yourself with the following new command(s);
Command
Description
This command when executed in interface configuration mode enables OSPFv3 per specified
process id and area id.
sequence seq#
This command is executed in IPv6 access-list configuration mode to insert a new sequence
number in the list. You can delete or add ACL lines in specific spots of the ACL using sequence
numbers.
This command when executed in interface configuration mode will apply an Access Control List
on an interface in an ingress or egress direction of the interface.
This command can be executed in user or privileged mode to view current Access Control List
entries and statistics.
In this lab you will configure an Access-list on R2 to prevent traffic sourced from R1s loopback interface destined to R3s loopback0
interface be denied on port 80 and permit all other traffic.
The following logical topology will be used for this lab;
Lab Prerequisites
If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start device(s); R1, R2 and R3
Establish a console session with device(s) R1, R2 and R3 than load the initial configurations provided below by copying the
config from the textbox and pasting it into the respected routers console.
!##################################################
!# Free CCNA Workbook Lab 12-5 R2 Initial Config
!##################################################
!
enable
configure terminal
!
hostname R2
no ip domain-lookup
ipv6 unicast-routing
!
interface Loopback0
description ### IPv6 SIMULATED NETWORK ###
ipv6 address 2001:ABAD:BEEF:2002::1/64
ipv6 ospf network point-to-point
!
!##################################################
no ip address
!#
Free CCNA Workbook
Lab 12-5 R3 Initial Config
encapsulation
frame-relay
!##################################################
no frame-relay inverse-arp
!exit
enable
!
configure
interface terminal
Serial0/0.221 point-to-point
!description ### LINK TO R1 ###
hostname
R3
ipv6 address
2001:ABAD:BEEF:1221::2/64
no
ip domain-lookup
frame-relay
interface-dlci 221
ipv6
ipv6unicast-routing
ospf 1 area 0
!exit
interface Loopback0
!
description
### IPv6 SIMULATED
NETWORK ###
interface
Serial0/0.223
point-to-point
ipv6 address###
2001:ABAD:BEEF:3003::1/64
description
LINK TO R3 ###
ospf network
point-to-point
ipv6 address
2001:ABAD:BEEF:2332::2/64
interface
Serial0/0
exit
no frame-relay
inverse-arp
router-id
2.2.2.2
exit
log-adjacency-changes
!
http://www.freeccnaworkbook.com/workbooks/ccna/configuring-ipv6-access-list/[4/12/2015
7:29:38 PM]
Lab Objectives
Verify that youre able to ping R3s loopback0 interface from R1s Loopback0 interface.
Verify that youre able to telnet from R1s Loopback0 interface to R3s Loopback0 interface via port 80 (WWW).
Configure an IPv6 ACL on R2 named TEST and deny R1s Loopback0 interface access to R3s Loopback interface Via port 80
then permit all other traffic.
Configure the newly created IPv6 ACL on R2 as an ingress traffic-filter on R2s Serial0/0.221 sub-interface.
Verify that R1s Loopback0 interface can still ping R3s Loopback0 interface.
Verify that traffic sourced from R1s Loopback0 is being denied access to R3s Loopback0 interface via port 80 using the
telnet.
Lab Instruction
Objective 1. Verify that youre able to ping R3s loopback0 interface from R1s Loopback0 interface.
R1#ping 2001:ABAD:BEEF:3003::1 source Loopback0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:ABAD:BEEF:3003::1, timeout
is 2 seconds:
Packet sent with a source address of 2001:ABAD:BEEF:1001::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/44/64 ms
R1#
Objective 2. Verify that youre able to telnet from R1s Loopback0 interface to R3s Loopback0 interface via port 80 (WWW).
Read Me
After establishing a connection, to exit press CTRL + C and enter then it should terminate the connection giving you an HTTP 400
error as shown below;
R1#telnet 2001:ABAD:BEEF:3003::1 www /source-interface loopback 0
Trying 2001:ABAD:BEEF:3003::1, 80 ... Open
^C
HTTP/1.1 400 Bad Request
Date: Sun, 19 Sep 2010 23:51:32 GMT
Server: cisco-IOS
Accept-Ranges: none
400 Bad Request
[Connection to 2001:ABAD:BEEF:3003::1 closed by foreign host]
R1#
Objective 3. Configure an IPv6 ACL on R2 named TEST and deny R1s Loopback0 interface access to R3s Loopback interface Via
port 80 then permit all other traffic.
R2#configure terminal
Enter configuration commands, one per line.
Previous Lab
Like
Tweet
Latest Tweets
Useful Links
1 month ago
The Core Knowledge
Download
:( http://t.co/wjL6GYuo2O
Download
Reddit.com CCNA Community
1 month ago
Who in their right
mind would build a perimeter using
firewalls be firewalls?
Download)
Quiz Me! - CCNA R&S Practice
Exam