Ccent Study

CCENT / ICND1 ICND = Interconnecting Cisco Networking Devices Exam: 640-822 What is a Network?
A collection of devices that can communicate together. The fabric that that ties business applications together. Applications that use the Network WEB Browser and FTP Database Applications Instant Messanger Email Online Games Considirations for Network Applications Speed Delay Availability Network Topology How devices are connected together Bus Ring Star Hybrid OSI Model Helps down network functions Creares standards for eqipment manufacturers Allows vendors to concentrate on specific areas of the network A Interfaces with the apllication, provides network access to apps P Generifies the data, encryption services S Starts and ends sessions, logically keeps sessions separate T Dictates how the data is sent, defines well-known services (ports) N Provides logical addressing, finds best path to a destination D Provides physical addressing, ensures data is error-free P Provides access to the cable, electrival signals-ones and zeros PORT IP MAC Source Destination Source Destination Source Destination Port address End-to-End will not change IP address End-to-End will not change MAC address End-to-End will change at each hop
eg:http eg:http eg:port number eg:TCP/UDP-port number eg:IP,IPX-SPX eg:MAC, eg: UTP Cable
Packet formation S. Port FTP
D. Port
S. IP
D. IP
S. MAC
D. MAC
Note:- MAC addresses will be on PC, NIC, SWITCH Note:- Router serial ports will not have MAC addresses, they will have some other address.
Tools used to understand OSI Model c>ping www.cisco.com arp c>tracert www.cisco.com c>ftp ftp.cisco.com (two times) c>netstat c>netstat -f c>netstat -n OSI and TCP/IP Models Actually OSI and TCP/IP models were two competing protocol standards; OSI Model is used to describe but TCP/IP is actually used. OSI A P S T N D P TCP/IP A T N
ARP CGMP LLC Ethernet CAT5 MAC WIRELESS FIBER TOTEN Ring Frame Relay ATM TELNET FTP TCP IGMP IP
TCP/IP Protocol suite

SMTP DNS RIP UDP ICMP SNMP
Network Access Layer
IP Address format (IP and MAC)

IP= SNM= GW= MAC= IP Address Subnet Mask Gateway eg:10.1.1.10 eg:255.255.255.0 eg:10.1.1.1
Medium Access eg:FFFF:FFFF:FFFF (or) FF-FF-FF-FF-FF-FF (or) FF:FF:FF:FF:FF:FF Control
TWO Address Concept A Router is a deviding line between networks. A Router is and Represents Multiple Networks Every interface on a Router represents a single Network. We can't have two interfaces of a Router plugging into same Network. A Router always blocks broadcast. A Laptop compares Source and Destination IP Addresses with its SNM using "AND" operation, If the result is same it results in a Local communication. If the result is different it knows it is a Remote communication, or to a differnet Network and forwards the packet to the Gateway. Result Source Local Comm. Source Local Comm. Remote Comm. 0 IP 192.168.1.20 192.168.1.100 172.30.2.20 172.30.2.220 192.168.3.20 0 SNM 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 0 Result 192.168.1.0 192.168.1.0 172.30.2.0 172.30.2.0 192.168.3.0 1
AND 0&0 0&1 1&0 1&1
eMail Server 0002.176A.6E37 fa 0/5 192.168.1.100 255.255.255.0 192.168.1.1 int vlan 1

0060.47E2.0B96
68.110.171.98 ChakriR1 192.168.1.1 192.168.1.1
68.110.171.96/27
ISP 68.110.171.97
fa 0/1
Cisco.com
ChakriSwitch fa 0/2 192.168.1.2 ChakriR2 192.168.2.1 192.168.2.0/24 192.168.2.2 192.168.1.0/24
Loopback0
NA 172.30.2.100 255.255.255.0
NA 192.168.3.20
Laptop0
0000.0CB9.D07B
255.255.255.0
fa 0/3 192.168.1.10 255.255.255.0 192.168.1.1
192.168.3.1 ChakriR3
192.168.3.0/24
Laptop1
000A.4137.9CE6
fa 0/3 172.30.2.10 255.255.255.0 172.30.2.1
Rouge7
0005.5E73.E0DC
Rouge4
0060.70C9.DE22
Rouge1 00D0.FF11.910E fa 0/4 192.168.1.30 255.255.255.0 192.168.1.1 Rouge2 00E0.8F82.5297 fa 0/4 172.30.2.20 255.255.255.0 0.0.0.0 Rouge3 000A.F3A8.1711 fa 0/4 172.30.2.30 255.255.255.0 0.0.0.0
fa 0/4 192.168.1.50
fa 0/4 192.168.1.40
255.255.255.0 255.255.255.0 0.0.0.0 Rouge8

00E0.8F32.30EC
0.0.0.0 Rouge5
0090.0CAB.157D
fa 0/4 172.30.2.220
fa 0/4 172.30.2.120
255.255.255.0 255.255.255.0 0.0.0.0 Rouge9

0060.7040.B9C5
0.0.0.0 Rouge6
00E0.A396.6750
fa 0/4 172.30.2.230
fa 0/4 172.30.2.130
255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0
If Local communication, the Laptop broadcasts ARP message with the destination IP address, the one having the Destination IP address responds with its MAC address. The actual communication happens on MAC address. If Remote communication, the Laptop broadcasts ARP message with the GW IP address, the one having the GW IP address, which is a Router in our case, responds with its MAC address. the laptop forwards the packet with Destination IP address to the Router using the MAC address it obtained from it, the Router forwards the packet to the next hop by checking the Destination IP address in its Routing Table. The actual communication happens on L2 address.
First Octet Range of Class-Full Networks Starting [0]000 0000 [10]00 0000 [110]0 0000 [1110] 0000 [1111] 0000 Ending [0]111 1111 [10]11 1111 [110]1 1111 [1110] 1111 [1111] 1111 Range 0-127 128-191 191-223 224-239 240-255 SNM /8 /16 /24 Class A B C D E Usage Assignment Assignment Assignment Multicast Experimental Hosts/Network 16777214 65536 256
Note: Cisco recommends 500 hosts per Network to manage Broadcast traffic.
IP ranges alloted for Private and Other usage from Class-full Subnets
Starting 10.0.0.0 127.0.0.0 169.254.0.0 172.16.0.0 192.168.0.0 Ending 10.255.255.255 127.255.255.255 169.254.255.255 172.31.255.255 192.168.255.255 Class A A B B C Usage Private loopback/testing Auto config Private Private
TCP and UDP TCP is Connection Oriented TCP Uses Sequence numbers TCP Acknowledges Reliable UDP is Connectionless UDP uses no Sequence numbers "Best effort delivery" UDP does not Acknowledge therefore Un-Reliable Speed
SYN SYN-ACK ACK Connection Oriented - Three-way hand shake
timer
S4 S3 S2 S1 ACK3 S1 S2 S3 S4 S5 S4 S3 ACK6 ACK5 S6 S7 S8 S9 S10
Sequence numbers, Acknowledgements, Windowing / Flow-Control
if ACK5 is not received before the timer expires, it resends the same data with same ACK6.
Port Numbers The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports. The Well Known Ports are assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users. Well-known port numbers (0 - 1023) Port numbers are assigned by IANA 80 for http (web) 25 for email (pop3e) 21 for ftp The Registered Ports are listed by the IANA and on most systems can be used by ordinary user processes or programs executed by ordinary users. Registered port numbers (1024 - 49151) Port numbers are assigned by IANA 80 for http (web) 25 for email (pop3e) 21 for ftp DYNAMIC AND/OR PRIVATE PORTS (49152 - 65535) Port numbers are assigned by IANA 80 for http (web) 25 for email (pop3e) 21 for ftp Remember TCP UDP Ports 0-65535 0-65535 FTP 21 53 DNS Client Client DNS lookup SSH 22 69 TFTP TELNET 23 SMTP 25 DNS Server 53 Server to server updates HTTP 80 POP3 110 HTTPS 413 The usage of port numbers on TCP and UDP could be different, each has their own set of port numbers. http://www.iana.org/assignments/port-numbers TCP UDP Ports Check: SOCKET The combination of an IP Address and a Port number is called SOCKET or a SESSION. eg:10.1.1.100:80 So a Local Applications Session communicates with Remote Applications Session using a SOCKET. So the SOCKET exists till the Session is closed. Tools used to understand Port numbers and SOCKET. Open www.google.com with plugins for weather Open www.msn.com Open www.ebay.com Open www.yahoo.com c>netstat -f Note: These command can be used to check, c>netstat -n if viruses opening sessions to communicate with outside world.

0060.47E2.0B96
68.110.171.98 ChakriR1 192.168.1.1 192.168.1.1
68.110.171.96/27
ISP 68.110.171.97
fa 0/1
Cisco.com
Loopback0
NA 172.30.2.100 255.255.255.0
NA 192.168.3.20
Laptop0
0000.0CB9.D07B
255.255.255.0
fa 0/3 192.168.1.10 255.255.255.0 192.168.1.1
192.168.3.1 ChakriR3
192.168.3.0/24
Laptop1
000A.4137.9CE6
fa 0/3 172.30.2.10 255.255.255.0 172.30.2.1
Rouge7
0005.5E73.E0DC
Rouge4
0060.70C9.DE22
fa 0/4 192.168.1.50
fa 0/4 192.168.1.40
255.255.255.0 255.255.255.0 0.0.0.0 Rouge8

00E0.8F32.30EC
0.0.0.0 Rouge5
0090.0CAB.157D
fa 0/4 172.30.2.220
fa 0/4 172.30.2.120
255.255.255.0 255.255.255.0 0.0.0.0 Rouge9

0060.7040.B9C5
0.0.0.0 Rouge6
00E0.A396.6750
fa 0/4 172.30.2.230
fa 0/4 172.30.2.130
255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0
Tools used to understand L2 & L3 End to End packet travel c>ping cicso.com c>tracert cisco.com c>arp /?
Ethernet 1973: Xerox invents Ethernet (3 Mbp3) 1982: Ethernet standarized between vendors (10 Mbps) 1995: Fast Ethernet emerges (100 Mbps) 2000: Gigabit Thernet emerges (1 Gbps) 2002: 10 Gigabit Ethernet emerges (10 Gbps) 2007: 100 Gigabit Ethernet emerges (10 Gbps) D P Network Access Layer
LLC = LOGICAL LINK CONTROL Ethernet CAT 5 MAC = MEDIUM ACCESS CONTROL WIRELESS FIBER ETC
The competing standard to Ethernet was Token Ring. The problem with Token Ring is, the token cannot optain speeds greater than 33Mbps. Ethernet Standard uses CSMA/CD Token Ring Standard uses CSMA/CA Methods of Communication 1. Unicast 2. Broadcast 3. Multicast MAC Address OUI FF:FF:FF MAC Vendor Assign. FF:FF:FF
OUI = Organisational Unique Identifier Tools: To check who is the vendor of your NIC MAC address. c>ipconfig /all use www.coffer.com to find who is the OUI of your MAC address. Network Cards Thin net & Thick net are old technology Understanding Ethernet Cable UTP = Unshielded Twisted Pair Cable Type = CAT5 UTP MAX Diatance = 100 Meters Connection = RJ-45 Other types CAT1 = Least twists CAT2 = Lesser twists CAT3 = Less twists CAT4 = More twists CAT5 = More twists CAT6 = Most twists CAT5e is official standard
Fiber Multimode - Cheap, easy, less distance 275 Meters to few Miles. Singlemode - Costly, difficult, more distance one Mile to many Miles. Connection type varies for both Multimode and Singlemode. Cabling Standards
The way the cable twists, ends should follow standards, following standard gives good 100 Meters distance.
T568A = Green Stripes-Green, Blue Stripes-Blue, Orange Stripes-Orange, Brown Stripes-Brown T568B = Orange Stripes-Orange, Blue Stripes-Blue, Green Stripes-Green, Brown Stripes-Brown
T568A + T568A = Straight thru T568B + T568B = Straight thru (good) T568A + T568B = Cross over (good) Crimping should be Clip facing down Unlike devices use straight thru cables Like devices use cross over cables also called no modem cable. Wall Jack Patch cable Laptop Patch Panel Patch cable Switch
Shared CSMA/CD Communication

0060.47E2.0B96
68.110.171.98 ChakriR1 192.168.1.1 192.168.1.1
68.110.171.96/27
ISP 68.110.171.97
fa 0/1
Cisco.com
Loopback0
NA 172.30.2.100 255.255.255.0
NA 192.168.3.20
Laptop0
0000.0CB9.D07B
255.255.255.0
fa 0/3 192.168.1.10 255.255.255.0 192.168.1.1
192.168.3.1 ChakriR3
192.168.3.0/24
Laptop1
000A.4137.9CE6
fa 0/3 172.30.2.10 255.255.255.0 172.30.2.1
Rouge7
0005.5E73.E0DC
Rouge4
0060.70C9.DE22
fa 0/4 192.168.1.50
fa 0/4 192.168.1.40
255.255.255.0 255.255.255.0 0.0.0.0 Rouge8

00E0.8F32.30EC
0.0.0.0 Rouge5
0090.0CAB.157D
fa 0/4 172.30.2.220
fa 0/4 172.30.2.120
255.255.255.0 255.255.255.0 0.0.0.0 Rouge9

0060.7040.B9C5
0.0.0.0 Rouge6
00E0.A396.6750
fa 0/4 172.30.2.230
fa 0/4 172.30.2.130
255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0
HUB HUB uses Shared CSMA/CD Communication, meaning all ports are in one collision domain. HUB regerate signals. HUB is a One Collision Domain, only one device can talk or lission at a time. HUB treats Unicast, Broadcast and Multicast as Broadcast. HUB is a One Broadcast Domain. The broadcast travels to all the HUBs connected. HUB HUB HUB
More than 20 to 30 computers causes problem. HUB Collision LED indicator on HUB
If collision is detected one of the Laptops sends JAM signal, then all the Laptops stops sending for a Ramdom timer intervel 1 to 100 to 1000ms. This indicates over-all network works very slow. HUBs work at Physical Layer, they just boost the signal. They dont undetstand MAC Address. CSMA/CD Communication BRIDGE BRIDGE uses CSMA/CD Communication, meaning each port is a indipendent collision domain. BRIDGE has fever ports. BRIDGE increases number of Collision Domains depending on the number of ports it has. HUB BRIDGE HUB
Collision Domain BRIDGE learns MAC Addresses of both sides. BRIDGE blocks broadcasts to other side of Network. BRIDGE learns MAC Addresses.
Other Collision Domain
Since BRIDGE learns MAC Addresses they block broadcasts to other side of Network if not required.
BRIDGEs are software based, so they were slow. BRIDGEs work at Layer 2, so they understand MAC Addresses.
L2 SWITCH SWITCH uses CSMA/CD Communication, meaning each port is a indipendent collision domain. Each port is a Collision Domain. Full Duplex communication of 100Mbps, means Sending 100Mbps and Receiving 100Mbps, because each port has its own Collision Domain. This is achieved using ASIC = Application Specific IC by IBM. Switches Learns MAC Addresses, Unlike BRIDGE uses Hardware based, so wire speed. Switchs work at L2 because they understand MAC Addresses. Switches have CAM table which contains MAC Address to Port mapping. Switch is also One Broadcast Domain. ARP S: PORT D: PORT S: IP D: IP S: MAC D:FFFF:FFFF:FFFF All Fs indicate broadcast MAC A Switch takes 30sec to learn all MAC addresses and build CAM table. A Switch learns MAC Addresses from Source MAC field of a message , not from Destination MAC field of a message.
Note: A Switch cannot deliver a message with out having MAC Address to Port mapping in its CAM table.
Cisco IOS IOS = Internetwork Operating System Terminal programms to access IOS Hyperterminal Teraterm (Teraterm web supports SSH) Minicom Secure CRT CRT COM port setting on Laptop: 9600, 8, N, 1, None IOS Commands HELP #clock set 13:16:30 <0-31> Select a number from 0 to 31. MONTH Capital letters words means ALPHA-NUMERIC input. #? Help Use a 'TAB' key to finish a command. "Enter" gives one line at a time. "Space bar" gives one page at a time. Press any other character to Abort. Switch#clock ? set Set the time and date Switch#clock set ? hh:mm:ss Current Time Switch#clock set 18:21:00 Switch#clock set 18:21:00 ? <1-31> Day of the month MONTH Month of the year Switch#clock set 18:21:00 MAY ? <1-31> Day of the month Switch#clock set 18:21:00 MAY Switch#clock set 18:21:00 MAY 29 ? <1993-2035> Year Switch#clock set 18:21:00 MAY 29 2011 ? <cr> Switch#clock set 18:21:00 MAY 29 2011 Switch#
MODES Switch> User Mode or User EXEC enable Switch# Privilage Mode or Privilage EXEC conf t Switch(config)# Global Configuration Mode Switch>en Switch>enable Switch#con Switch#conf Switch#configure t Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# NAVIGATION Switch(config-int)#end Switch# Switch(config-int)#exit Switch(config)# Switch(config-int)#int gi .^Z (to bail out to Privilage Mode) Switch# Switch(config)#cloack (^ shows systax error in command) Use Up Down arrows to navigate recently used commands.
Note: Commands that work in one mode will not work in other modes.
Switch#sh history (shows last 10 recently used commands, the number can be changed using configuration)
Switch# Use ^A ^E, <- and -> keys for cursor movement on a command. Switch(config-if)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int fa 0/1 Switch(config-if)#exit Switch(config)#int fa 0/1 Switch(config-if)#switch port mode con^Z Switch# %SYS-5-CONFIG_I: Configured from console by console Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#cloack? % Unrecognized command Switch(config)#cloack ^ % Invalid input detected at '^' marker. Switch(config)#ip route 172.17.17.4 255.255.255.0 10.1.1.1 ^ % Invalid input detected at '^' marker. Switch(config)#
Initial Setup of a Switch Physical Indicators LED SYSTEM Blinks GREEN and goes to solid GREEN, GREEN is good, Amber is bad. LED RPS Redundent power supply, GREEN is good. LED STAT Status of ports. LED UTIL Utilization of ports. LED DUPLEX The ports lit are Full-duplex, the ports that are not lit are Half-duplex. LED SPEED The ports lit are 100Meg and not lit for 10Meg ports. MODE BUTTON Switches does not have power button, they are directly plugged. Initial Switch Configuration Each Switch has base Ethernet MAC Address, which is displayed. shows info about Flash IOS is stored in flash, it copies IOS to RAM. port lights ticking Shows verion of IOS, Shows memory size 65526k/8192k shows the Model of the Switch (eg: 6509/4510) Memory size of NVRAM no. of fa ports and no. of gi ports would you like to enter the initial configuration dialog?[Yes/No]:No Switch>en Switch>conf t Switch(config)#hostname ChakriSwitch ChakriSwitch(config)#hostname Switch Switch(config)#hostname ChakriSwitch ChakriSwitch(config)#hostname Switch Switch(config)# (takes default name) Switch(config)#hostname ChakriSwitch ChakriSwitch(config)# Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname ChakriSwitch ChakriSwitch(config)#hostname Switch Switch(config)#hostname ChakriSwitch ChakriSwitch(config)#no hostname Switch(config)#hostname ChakriSwitch ChakriSwitch(config)# Note: No VLAN concepts in CCENT, they will come in ICND2 Initially every single port in a switch are in vlan 1 by default. vlan interface "vlan 1" and "interface vlan 1" are two very different things. virtual interface (interface vlan 1) is a virtual interface, it does not have any ports attached to it. ChakriSwitch(config)#int vlan 1 ChakriSwitch(config-if)#ip address 172.30.2.100 255.255.255.0 (this is the ip address used to remote telnet into switch for configuration) ChakriSwitch#sh int vlan 1 Administratively down ---> Physical state down (give no shutdown on that interface) Line protocol down ---> Datalink state
(Setup Wizard)

0060.47E2.0B96
68.110.171.98 ChakriR1 192.168.1.1 192.168.1.1
68.110.171.96/27
ISP 68.110.171.97
fa 0/1
Cisco.com
Loopback0
NA 172.30.2.100 255.255.255.0
NA 192.168.3.20
Laptop0
0000.0CB9.D07B
255.255.255.0
fa 0/3 192.168.1.10 255.255.255.0 192.168.1.1
192.168.3.1 ChakriR3
192.168.3.0/24
Laptop1
000A.4137.9CE6
fa 0/3 172.30.2.10/230 255.255.255.0/252 172.30.2.1
Rouge7
0005.5E73.E0DC
Rouge4
0060.70C9.DE22
fa 0/4 192.168.1.50
fa 0/4 192.168.1.40
255.255.255.0 255.255.255.0 0.0.0.0 Rouge8

00E0.8F32.30EC
0.0.0.0 Rouge5
0090.0CAB.157D
fa 0/4 172.30.2.220
fa 0/4 172.30.2.120
255.255.255.0 255.255.255.0 0.0.0.0 Rouge9

0060.7040.B9C5
0.0.0.0 Rouge6
00E0.A396.6750
fa 0/4
fa 0/4
172.30.2.230/228-233 172.30.2.130 255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0
ChakriSwitch(config)#int vlan 1 ChakriSwitch(config-if)#ip address 172.30.2.100 255.255.255.0 ? <cr> ChakriSwitch(config-if)#ip address 172.30.2.100 255.255.255.0 ChakriSwitch(config-if)#no shutdown ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch(config-if)#^Z ChakriSwitch#sh int vlan 1 Vlan1 is up, line protocol is down Hardware is CPU Interface, address is 0060.47e2.0b96 (bia 0060.47e2.0b96) Internet address is 172.30.2.100/24 MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 21:40:21, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1682 packets input, 530955 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 563859 packets output, 0 bytes, 0 underruns 0 output errors, 23 interface resets 0 output buffer failures, 0 output buffers swapped out ChakriSwitch#
ChakriSwitch(config)#ip default-gateway 172.30.2.1 ChakriSwitch(config)#end ChakriSwitch#sh run ChakriSwitch#copy running-config startup-config (when switch starts it loads from startup-config) Destination filename [startup-config]? (saves to the filename given here, the default is startup-config if you press enter) ChakriSwitch#sh startup-config ChakriSwitch#sh version Shows kind of hardware kind of software version how long it has been running how much memory it has exact Model number of the switch ChakriSwitch(config)#ip default-gateway 172.30.2.1 ChakriSwitch(config)#end ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch#copy r ChakriSwitch#copy running-config s ChakriSwitch#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] ChakriSwitch#sh s ChakriSwitch#sh start ChakriSwitch#sh startup-config Using 480 bytes ! version 12.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname ChakriSwitch ! ! ! interface FastEthernet0/1 ! interface FastEthernet1/1 ! interface FastEthernet2/1 ! interface FastEthernet3/1 ! interface FastEthernet4/1 ! interface FastEthernet5/1 ! interface Vlan1 ip address 172.30.2.100 255.255.255.0 ! ip default-gateway 172.30.2.1 ! !
line con 0 ! line vty 0 4 login line vty 5 15 login ! ! end
ChakriSwitch#sh v ChakriSwitch#sh ver ChakriSwitch#sh version Cisco Internetwork Operating System Software
IOS (tm) PT3000 Software (PT3000-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Fri 12-May-06 17:19 by pt_team Image text-base: 0x80010000, data-base: 0x80562000 ROM: Bootstrap program is is C2950 boot loader Switch uptime is 19 hours, 2 minutes, 21 seconds System returned to ROM by power-on Cisco WS-CSwitch-PT (RC32300) processor (revision C0) with 21039K bytes of memory. Processor board ID FHK0610Z0WC Last reset from system-reset Running Standard Image 6 FastEthernet/IEEE 802.3 interface(s) 63488K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 0060.47E2.0B96 Motherboard assembly number: 73-5781-09 Power supply part number: 34-0965-01 Motherboard serial number: FOC061004SZ Power supply serial number: DAB0609127D Model revision number: C0 Motherboard revision number: A0 Model number: WS-CSwitch-PT System serial number: FHK0610Z0WC Configuration register is 0xF ChakriSwitch#
Configuring Switch Security Initially Cisco switch doesnot allow you telnet into Switch, because password is not set.
if login is set and password is not set, it will not allow you to connect into switch (both telnet and Console)
Configuring Passwords Protecting Privilage Mode to protect Privilage Mode / to set enable password ChakriSwitch(config)#enable password cisco ChakriSwitch#disable ChakriSwitch>enable password:cisco ChakriSwitch(config)#enable secret cisco1 type 5 or MD5 hashing supercedes enable password the switch will not allow enable password and enable secret to be same some older switches does not support enable secret ChakriSwitch#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriSwitch(config)#no enable secret ChakriSwitch(config)#enable password cisco ChakriSwitch(config)#enable secret cisco1 ChakriSwitch(config)#^Z ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch#disable ChakriSwitch>en Password: cisco1 ChakriSwitch#disable ChakriSwitch>enable Password: cisco Password: cisco1 ChakriSwitch#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriSwitch(config)#no enable password ChakriSwitch(config)#enable secret cisco ChakriSwitch(config)#exit ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch#disable ChakriSwitch>en Password: ChakriSwitch# ChakriSwitch> ChakriSwitch>en ChakriSwitch#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriSwitch(config)#enable password cisco ChakriSwitch(config)#exit ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch#disable ChakriSwitch>enable Password: ChakriSwitch#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriSwitch(config)#enable secret cisco
ChakriSwitch(config)#exit ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch#sh run Building configuration... Current configuration : 551 bytes ! version 12.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname ChakriSwitch ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 enable password cisco ! ! ! interface FastEthernet0/1 ! interface FastEthernet1/1 ! interface FastEthernet2/1 ! interface FastEthernet3/1 ! interface FastEthernet4/1 ! interface FastEthernet5/1 ! interface Vlan1 ip address 172.30.2.180 255.255.255.0 ! ip default-gateway 172.30.2.1 ! ! line con 0 ! line vty 0 4 login line vty 5 15 login ! ! end
ChakriSwitch#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriSwitch(config)#no enable password ChakriSwitch(config)#exit ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console
ChakriSwitch#sh run Building configuration... Current configuration : 529 bytes ! version 12.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname ChakriSwitch ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! interface FastEthernet0/1 ! interface FastEthernet1/1 ! interface FastEthernet2/1 ! interface FastEthernet3/1 ! interface FastEthernet4/1 ! interface FastEthernet5/1 ! interface Vlan1 ip address 172.30.2.100 255.255.255.0 ! ip default-gateway 172.30.2.1 ! ! line con 0 ! line vty 0 4 login line vty 5 15 login ! ! end
ChakriSwitch#
Protecting Console Port This protects Console port from even to access USER Mode by assigning a password to it. ChakriSwitch(config)#line con 0 ChakriSwitch(config-line)# (any command given here just effects console port only) ChakriSwitch(config-line)#password cisco ChakriSwitch(config-line)#login If login command is not given, the switch does not promt for ChakriSwitch(config)#enable secret cisco1 password while logging thru console even if password is set. Question: What will happen if console is configured for login and password is not set? Dangerous try only after successfully creating telnet login. ChakriSwitch(config)#line ? <0-16> First Line number console Primary terminal line vty Virtual terminal ChakriSwitch(config)#line con ChakriSwitch(config)#line console ? <0-0> First Line number ChakriSwitch(config)#line console 0 ChakriSwitch(config-line)#password cisco ChakriSwitch(config-line)#login ChakriSwitch(config-line)#end ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch#exit ChakriSwitch con0 is now available Press RETURN to get started. User Access Verification Password: ChakriSwitch>
ChakriSwitch>en Password: ChakriSwitch#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriSwitch(config)#line ? <0-16> First Line number console Primary terminal line vty Virtual terminal ChakriSwitch(config)#line con ChakriSwitch(config)#line console ? <0-0> First Line number ChakriSwitch(config)#line console 0 ChakriSwitch(config-line)#password cisco ChakriSwitch(config-line)#end ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch#exit ChakriSwitch con0 is now available Press RETURN to get started. ChakriSwitch>en Password: ChakriSwitch#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriSwitch(config)#line ? <0-16> First Line number console Primary terminal line vty Virtual terminal ChakriSwitch(config)#line con ChakriSwitch(config)#line console ? <0-0> First Line number ChakriSwitch(config)#line console 0 ChakriSwitch(config-line)#login ChakriSwitch(config-line)#end ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch#exit ChakriSwitch con0 is now available Press RETURN to get started. User Access Verification Password: ChakriSwitch>en Password: ChakriSwitch#conf t Enter configuration commands, one per line. End with CNTL/Z. Configuring VTY / TELNET ports of a Switch Initially Cisco switch doesnot allow you telnet into Switch, because password is not set.
if login is set and password is not set, it will not allow you to connect into switch (both telnet and Console)
ChakriSwitch#sh run line con 0 password cisco login line vty 0 4 login line vty 5 15 login
If you see the "line vty" configuration, login is set but password is not set, at this condition, if you try to telnet into switch, it says "password required, but none set." If we don't configure 'login' for line vty 0 - by giving following command ChakriSwitch(config)#line vty 0 4 ChakriSwitch(config-line)#no login
then it won't even ask for passsword, even if a password is set, it directly lets you login into the switch.
PC>ipconfig IP Address......................: 0.0.0.0 Subnet Mask.....................: 0.0.0.0 Default Gateway.................: 0.0.0.0 PC>ping 172.30.2.100 Pinging 172.30.2.100 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Ping statistics for 172.30.2.100: Packets: Sent = 3, Received = 0, Lost = 3 (100% loss), Control-C ^C PC>ipconfig 172.30.2.10 255.255.255.0 PC>ipconfig IP Address......................: 172.30.2.10 Subnet Mask.....................: 255.255.255.0 Default Gateway.................: 0.0.0.0 PC>ping 172.30.2.100 Pinging 172.30.2.100 with 32 bytes of data: Request timed out. Reply from 172.30.2.100: bytes=32 time=20ms TTL=255 Reply from 172.30.2.100: bytes=32 time=20ms TTL=255 Reply from 172.30.2.100: bytes=32 time=14ms TTL=255 Ping statistics for 172.30.2.100: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 14ms, Maximum = 20ms, Average = 18ms PC>ping 172.30.2.100 Pinging 172.30.2.100 with 32 bytes of data: Reply from Reply from Reply from Reply from 172.30.2.100: bytes=32 time=6ms TTL=255 172.30.2.100: bytes=32 time=20ms TTL=255 172.30.2.100: bytes=32 time=5ms TTL=255 172.30.2.100: bytes=32 time=5ms TTL=255
Ping statistics for 172.30.2.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 5ms, Maximum = 20ms, Average = 9ms PC>telnet 172.30.2.100 Trying 172.30.2.100 ...Open [Connection to 172.30.2.100 closed by foreign host] PC> ChakriSwitch(config)#line vty 0 4 ChakriSwitch(config-line)#no login ChakriSwitch(config-line)#^Z ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch# PC>telnet 172.30.2.100 Trying 172.30.2.100 ...Open ChakriSwitch> ChakriSwitch(config)#line vty 0 4 ChakriSwitch(config-line)#password ? 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) line password ChakriSwitch(config-line)#password cisco ChakriSwitch(config-line)#end ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch# PC>telnet 172.30.2.100 Trying 172.30.2.100 ...Open ChakriSwitch> ChakriSwitch(config)#line vty 0 4 ChakriSwitch(config-line)#login ChakriSwitch(config-line)#^Z ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch# PC>telnet 172.30.2.100 Trying 172.30.2.100 ...Open User Access Verification Password: cisco ChakriSwitch>
ChakriSwitch(config)#line vty 0 4 ChakriSwitch(config-line)#no password ChakriSwitch(config-line)#no login ChakriSwitch(config-line)#login (Note: login will not take with out setting a password) % Login disabled on line 1, until 'password' is set % Login disabled on line 2, until 'password' is set % Login disabled on line 3, until 'password' is set % Login disabled on line 4, until 'password' is set % Login disabled on line 5, until 'password' is set ChakriSwitch(config-line)#password ? 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) line password ChakriSwitch(config-line)#password cisco ChakriSwitch(config-line)#login ChakriSwitch(config-line)#end ChakriSwitch# %SYS-5-CONFIG_I: Configured from console by console ChakriSwitch# Understanding VTY / TELNET ports and Configuring login and password VTY = Virtual Terminal ports (they are telnet ports) Number of logins can be controlled using this configuration with differnet combinations. ChakriSwitch(config)#line vty ? <0-15> this shows the number of simultanious telnet sessions supported, i.e. 16.
they can be broken into max.16 groups and each group can have different passwords.
as shown in above "sh run", they were broken into 0-4 and 5-15. Note: VTY is faster than Console port. ChakriSwitch(config)#line vty 0 3 ChakriSwitch(config-line)#password cisco ChakriSwitch(config-line)#login ChakriSwitch(config-line)#line vty 4 11 ChakriSwitch(config-line)#password cisco1 ChakriSwitch(config-line)#login ChakriSwitch(config-line)#line vty 12 15 ChakriSwitch(config-line)#login ChakriSwitch(config-line)#password cisco3 ChakriSwitch(config-line)#login ChakriSwitch(config-line)#
Encripting Console and VTY (TELNET and SSH) Passwords ChakriSwitch(config)#service password-encryption this uses Level 7 encryption, not strong. (google search "cisco password cracker") this level does not cause processor over-head but weaker. MD5 hashing is strong which is used in enable secret. ChakriSwitch#sh run line con 0 password 7 110A1016141D login line vty 0 3 password 7 110A1016141D login line vty 4 11 password 7 110A1016141D login line vty 5 15 password 7 110A1016141D login line con 0 password 7 0822455D0A16 login line vty 0 4 password 7 0822455D0A1654 login line vty 5 9 password 7 0822455D0A1657 login line vty 10 15 password 7 0822455D0A1656 login Login Banners
Bigger banner occupies more storage space and booting takes longer time. Also saving takes longer time.
ChakriSwitch(config)#banner ? LINE C banner-text C, where C is a delimiting character exec incomming login vty (telnet) before asking password motd console or vty (telnet) prompt-timeout slip-ppp ChakriSwitch(config)#banner motd # ******************************************* DO NOT LOG ON ******************************************* # ChakriSwitch(config)#banner motd + DO NOT LOG ON + try telnetting and see the banner. ChakriSwitch(config)#banner ? motd Set Message of the Day banner ChakriSwitch(config)#banner motd ? LINE c banner-text c, where 'c' is a delimiting character ChakriSwitch(config)#banner motd # Enter TEXT message. End with the character '#'. *************************** DO NOT LOGIN EXCEPT CHAKRI
*************************** *************************** DO NOT LOGIN EXCEPT CHAKRI *************************** User Access Verification Password: ChakriSwitch> PC>telnet 172.30.2.100 Trying 172.30.2.100 ...Open *************************** DO NOT LOGIN EXCEPT CHAKRI *************************** User Access Verification Password: ChakriSwitch> Security using SSH
Telnet is a clear text application, using Wireshark you can capture every thing you enter from telnet session,
because telnet does not encrypt. Wireshark/capture/interfaces/select NIC card/and start ChakriSwitch(config)#enable secret cisco Now stop the catpure in Wireshark and open captured packets. Wireshark/analyze/follow/follow tcp stream Use CLEAR to clear filter if any
cc oo nn ff tt Enter configuration commands one per line. End with CTRL/Z. ChakriSwitch(config)#eennaabbllee sseccrreett cciissccoo ChakriSwitch(config)# Entire conversation Send ---> Receive <---
(.)
ASCII
SSH = Secure Shell, it is telnet with encryption If windows doesn't support ssh, use Teraterm web 3.1 for SSH support.
ChakriSwitch(config)#username chakri password cisco123 (this prompts for username while login)
(username works only with ssh) ChakriSwitch(config)#ip domain-name ttsl.com domain-name is used to generate encription certificates from ttsl.com ChakriSwitch(config)#crypto key generate rsa size of key[512]:1024
(the more the size of key, higher the processor cycles, both while configuring and using.)
ChakriSwitch(config)#ip ssh version 2 ChakriSwitch(config)#line vty 0 4

ChakriSwitch(config-line)#transport input ? (this allows what Application telnet(and/or)ssh to run on vty. )
all protocols none no protocols ssh tcp/ip ssh protocol telnet tcp/ip telnet protocol (default - telnet is default) We can select more than one protocol in the command line below ChakriSwitch(config-line)#transport input ssh telnet or can select only one like ssh, this will disable telnet, command shown below ChakriSwitch(config-line)#transport input ssh
ChakriSwitch(config)#username ? WORD User name ChakriSwitch(config)#username chakri ? password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user <cr> ChakriSwitch(config)#username chakri password ? 0 Specifies an UNENCRYPTED password will follow 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) user password ChakriSwitch(config)#username chakri password cisco123 PC>telnet 172.30.2.100 Trying 172.30.2.100 ...Open *************************** DO NOT LOGIN EXCEPT CHAKRI *************************** User Access Verification Password: cisco1 ChakriSwitch> ChakriSwitch(config)#ip domain-name ttsl.com ChakriSwitch(config)#crypto key generate rsa ChakriSwitch(config)#ip ssh version 2 These three commands are not supported in simulator ChakriSwitch(config)#username ? WORD User name ChakriSwitch(config)#username chakri ? password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user <cr> ChakriSwitch(config)#username chakri privilege ? <0-15> User privilege level ChakriSwitch(config)#username chakri privilege 15 ? password Specify the password for the user secret Specify the secret for the user <cr> ChakriSwitch(config)#username chakri privilege 15 secret cisco123 ChakriSwitch(config)#line vty 0 3 ChakriSwitch(config-line)#transport ? input Define which protocols to use when connecting to the terminal server output Define which protocols to use for outgoing connections ChakriSwitch(config-line)#transport input ? all All protocols none No protocols telnet TCP/IP Telnet protocol ChakriSwitch(config-line)#transport input telnet ? <cr> ChakriSwitch(config-line)#transport input telnet ChakriSwitch(config-line)#
ChakriSwitch(config)#line vty 0 4 ChakriSwitch(config-line)#transport input none PC>telnet 172.30.2.100 Trying 172.30.2.100 ...Open [Connection to 172.30.2.100 closed by foreign host] ChakriSwitch(config)#no enable secret PC>telnet 172.30.2.100 Trying 172.30.2.100 ...Open *************************** DO NOT LOGIN EXCEPT CHAKRI *************************** User Access Verification Password: cisco1 ChakriSwitch>en % Error in authentication. Port Security Instead of using one Laptop on one port, people may connect a hub and connect more Laptops,
to avaoid this and and lock one MAC address for that port and take necessary action if connected,
the below configuration is implemented. ChakriSwitch#sh ip int brief

Interface vlan 1 fa 0/1 fa 0/2 IP-address 172.30.2.100 unassigned unassigned OK? YES YES YES Method NVRAM unset unset Status UP UP DOWN Protocol UP UP DOWN
ChakriSwitch#terminal monitor (Allows you to see all the status messages on telnet like console)
ChakriSwitch#sh mac address-table ChakriSwitch(config)#int fa 0/2

ChakriSwitch(config-if)#switchport mode access (access means end devices like PC, SERVER, ROUTER.
but not for a Switch, for switch it will be Trunk) ChakriSwitch(config-if)#switchport port-security maximum 1
(max number of PCs that can be connected on this port simultaniously like using hub etc)
(maximum 1 is default, so it will not be shown in runnig-config) other oprions . Aging . Mac-address . Maximum (1 - 5120) . Violation ChakriSwitch(config-if)#switchport port-security violation shutdown other oprions
. Protect (ignores other MAC addresses meaning they cannot access network but does not log) . Restrict (ignores other MAC addresses meaning they cannot access network and logs them) . Stutdown (shutdown is default, so it will not be shown in running-config) (shutsdown the port, the Admin of the switch as to give shut and "no shut" commands on that port to bring it back to UP)
ChakriSwitch(config-if)#switchport port-security mac-address ? . H.H.H (48 bit MAC address) . Sticky (configure dynamic secure address as sticky) ChakriSwitch(config-if)#switchport port-security mac-address 0090.0CAB.157D (OR) ChakriSwitch(config-if)#switchport port-security mac-address sticky ChakriSwitch#sh run (check the difference on fa 0/2 configuration for the above two configs) Note: We can use "do" command to check configuration from any mode like below ChakriSwitch(config-if)#do sh run int fa 0/2
ChakriSwitch#sh port-security int fa 0/2 Port Security: Port Status:
Enabled Secure-up (if connected Original MAC) Secure-down (if dis-connected Original MAC) Secure-shutdown (if connected Wronge MAC) Violation mode: Shutdown Aging time: 0 minutes Aging type: Absolute Secure Static Address Aging: Disabled Maximum MAC addresses: 1 Total MAC addresses: 1 Configured MAC addresses: 0 Static MAC addresses: 1 Last Source address:vlan: 0015.c5af.ea37:1 (last source MAC address that was connected) Security Violation Count: 0 (shutdown and restrict will increment, protect will not increment after violation) Use port-security where ever required, but not on every port. Use them at public places, lobbies and where ever you want to restrict the ports only to employees and not for out siders. ChakriSwitch#sh port-security to Configure range of ports for port-security ChakriSwitch(config)#int range fa 0/2 - 24 ChakriSwitch(config-if-rangr)#switchport mode access ChakriSwitch(config-if-rangr)#switchport port-security ChakriSwitch#sh port-security ChakriSwitch>sh ip int bri ChakriSwitch>sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 FastEthernet1/1 FastEthernet2/1 FastEthernet3/1 FastEthernet4/1 FastEthernet5/1 unassigned unassigned unassigned unassigned unassigned unassigned YES manual down YES manual up YES manual up YES manual up YES manual down YES manual down down up up up down down
Vlan1 172.30.2.100 YES manual up ChakriSwitch>terminal ? history Enable and control the command history function ChakriSwitch>sh mac ChakriSwitch>sh mac-address-table ? dynamic Dynamic entry type interfaces Interface entry type static Static entry type <cr>
ChakriSwitch>sh mac-address-table Mac Address Table ------------------------------------------Vlan Mac Address Type ---- ------------------ ----Ports
ChakriSwitch> Rouge>ping 172.30.2.50 Pinging 172.30.2.50 with 32 bytes of data: Reply from Reply from Reply from Reply from 172.30.2.50: bytes=32 time=80ms TTL=128 172.30.2.50: bytes=32 time=40ms TTL=128 172.30.2.50: bytes=32 time=40ms TTL=128 172.30.2.50: bytes=32 time=40ms TTL=128
Ping statistics for 172.30.2.50: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 40ms, Maximum = 80ms, Average = 50ms Laptop1>ping 172.30.2.50 Pinging 172.30.2.50 with 32 bytes of data: Reply from Reply from Reply from Reply from 172.30.2.50: bytes=32 time=40ms TTL=128 172.30.2.50: bytes=32 time=40ms TTL=128 172.30.2.50: bytes=32 time=40ms TTL=128 172.30.2.50: bytes=32 time=9ms TTL=128
Ping statistics for 172.30.2.50: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 9ms, Maximum = 40ms, Average = 32ms ChakriSwitch>sh mac-address-table Mac Address Table ------------------------------------------Vlan Mac Address Type ---- ------------------ ----Ports
1 0000.0cb9.d07b DYNAMIC Fa1/1 1 0090.0cab.157d DYNAMIC Fa2/1 1 00d0.ff11.910e DYNAMIC Fa3/1 ChakriSwitch>
ChakriSwitch(config)#int fastEthernet 2/1 ChakriSwitch(config-if)#sw ChakriSwitch(config-if)#switchport ? access Set access mode characteristics of the interface mode Set trunking mode of the interface native Set trunking native characteristics when interface is in trunking mode nonegotiate Device will not engage in negotiation protocol on this interface port-security Security related command priority Set appliance 802.1p priority trunk Set trunking characteristics of the interface voice Voice appliance attributes ChakriSwitch(config-if)#switchport mod ChakriSwitch(config-if)#switchport mode ? access Set trunking mode to ACCESS unconditionally dynamic Set trunking mode to dynamically negotiate access or trunk mode trunk Set trunking mode to TRUNK unconditionally ChakriSwitch(config-if)#switchport mode acc ChakriSwitch(config-if)#switchport mode access ? <cr> ChakriSwitch(config-if)#switchport mode access ChakriSwitch(config-if)#sw ChakriSwitch(config-if)#switchport ? access Set access mode characteristics of the interface mode Set trunking mode of the interface native Set trunking native characteristics when interface is in trunking mode nonegotiate Device will not engage in negotiation protocol on this interface port-security Security related command priority Set appliance 802.1p priority trunk Set trunking characteristics of the interface voice Voice appliance attributes ChakriSwitch(config-if)#switchport po ChakriSwitch(config-if)#switchport port-security ? mac-address Secure mac address maximum Max secure addresses violation Security violation mode <cr> ChakriSwitch(config-if)#switchport port-security max ChakriSwitch(config-if)#switchport port-security maximum ? <1-132> Maximum addresses ChakriSwitch(config-if)#switchport port-security maximum 1 ChakriSwitch(config-if)#sw ChakriSwitch(config-if)#switchport ? access Set access mode characteristics of the interface mode Set trunking mode of the interface native Set trunking native characteristics when interface is in trunking mode nonegotiate Device will not engage in negotiation protocol on this interface port-security Security related command priority Set appliance 802.1p priority trunk Set trunking characteristics of the interface
voice Voice appliance attributes ChakriSwitch(config-if)#switchport po ChakriSwitch(config-if)#switchport port-security ? mac-address Secure mac address maximum Max secure addresses violation Security violation mode <cr> ChakriSwitch(config-if)#switchport port-security vio ChakriSwitch(config-if)#switchport port-security violation ? protect Security violation protect mode restrict Security violation restrict mode shutdown Security violation shutdown mode ChakriSwitch(config-if)#switchport port-security violation shu ChakriSwitch(config-if)#switchport port-security violation shutdown ? <cr> ChakriSwitch(config-if)#switchport port-security violation shutdown ChakriSwitch(config-if)# ChakriSwitch#sh port-security interface fa 2/1 Port Security : Disabled Port Status : Secure-down Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses :1 Total MAC Addresses :0 Configured MAC Addresses : 0 Sticky MAC Addresses :0 Last Source Address:Vlan : 0000.0000.0000:0 Security Violation Count : 0 ChakriSwitch(config-if)#switchport port-security mac-address 0090.0CAB.157D ChakriSwitch#sh port-security int fa 2/1 Port Security : Disabled Port Status : Secure-down Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses :1 Total MAC Addresses :1 Configured MAC Addresses : 1 Sticky MAC Addresses :0 Last Source Address:Vlan : 0000.0000.0000:0 Security Violation Count : 0 ChakriSwitch#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES manual down down FastEthernet1/1 unassigned YES manual up up FastEthernet2/1 unassigned YES manual up up FastEthernet3/1 unassigned YES manual down down FastEthernet4/1 unassigned YES manual down down FastEthernet5/1 Vlan1 unassigned 172.30.2.100 YES manual down YES manual up up down
ChakriSwitch#sh port-security int fa 2/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses :1 Total MAC Addresses :1 Configured MAC Addresses : 1 Sticky MAC Addresses :0 Last Source Address:Vlan : 0090.0CAB.157D:1 Security Violation Count : 0 ChakriSwitch# ChakriSwitch#sh ip int brief Interface IP-Address FastEthernet0/1 FastEthernet1/1 FastEthernet2/1 FastEthernet3/1 FastEthernet4/1 FastEthernet5/1
OK? Method Status YES manual down YES manual up YES manual down YES manual down YES manual down YES manual down
Protocol down up down down down down
unassigned unassigned unassigned unassigned unassigned unassigned
Vlan1 172.30.2.100 YES manual up up ChakriSwitch#sh port-security int fa 2/1 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses :1 Total MAC Addresses :1 Configured MAC Addresses : 1 Sticky MAC Addresses :0 Last Source Address:Vlan : 00D0.FF11.910E:1 Security Violation Count : 1 ChakriSwitch#sh run interface FastEthernet2/1 switchport mode access switchport port-security switchport port-security mac-address 0090.0CAB.157D ChakriSwitch(config)#int fa 2/1 ChakriSwitch(config-if)#shut ChakriSwitch(config-if)#shutdown %LINK-5-CHANGED: Interface FastEthernet2/1, changed state to administratively down ChakriSwitch(config-if)#no shutdown %LINK-5-CHANGED: Interface FastEthernet2/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/1, changed state to up
ChakriSwitch#sh ip int brief Interface IP-Address FastEthernet0/1 FastEthernet1/1 FastEthernet2/1 FastEthernet3/1 FastEthernet4/1 FastEthernet5/1
OK? Method Status YES manual down YES manual up YES manual up YES manual down YES manual down YES manual down
Protocol down up up down down down up
Vlan1 172.30.2.100 YES manual up ChakriSwitch# ChakriSwitch#sh port-security int fa 2/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses :1 Total MAC Addresses :1 Configured MAC Addresses : 1 Sticky MAC Addresses :0 Last Source Address:Vlan : 00D0.FF11.910E:1 Security Violation Count : 0
ChakriSwitch# ChakriSwitch(config)#int fa 2/1 ChakriSwitch(config-if)#sw ChakriSwitch(config-if)#switchport ? access Set access mode characteristics of the interface mode Set trunking mode of the interface native Set trunking native characteristics when interface is in trunking mode nonegotiate Device will not engage in negotiation protocol on this interface port-security Security related command priority Set appliance 802.1p priority trunk Set trunking characteristics of the interface voice Voice appliance attributes ChakriSwitch(config-if)#switchport po ChakriSwitch(config-if)#switchport port-security ? mac-address Secure mac address maximum Max secure addresses violation Security violation mode <cr> ChakriSwitch(config-if)#switchport port-security mac ChakriSwitch(config-if)#switchport port-security mac-address ? H.H.H 48 bit mac address sticky Configure dynamic secure addresses as sticky
ChakriSwitch(config-if)#switchport port-security mac-address s ChakriSwitch(config-if)#switchport port-security mac-address sticky ? H.H.H 48 bit mac address <cr> ChakriSwitch(config-if)#switchport port-security mac-address sticky ChakriSwitch(config-if)#no switchport port-security mac-address 0090.0CAB.157D ChakriSwitch(config-if)# ChakriSwitch#sh ip int brief
Interface FastEthernet0/1 FastEthernet1/1 FastEthernet2/1 FastEthernet3/1 FastEthernet4/1 FastEthernet5/1
IP-Address
OK? Method Status YES manual down YES manual up YES manual up YES manual down YES manual down YES manual down
Protocol down up up down down down up
Vlan1 172.30.2.180 YES manual up ChakriSwitch#sh po ChakriSwitch#sh port-security int fa 2/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses :1 Total MAC Addresses :1 Configured MAC Addresses : 1 Sticky MAC Addresses :0 Last Source Address:Vlan : 00D0.FF11.910E:1 Security Violation Count : 0
ChakriSwitch# ChakriSwitch#sh run interface FastEthernet2/1 switchport mode access switchport port-security switchport port-security mac-address sticky %LINK-5-CHANGED: Interface FastEthernet2/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/1, changed state to down %LINK-5-CHANGED: Interface FastEthernet2/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/1, changed state to up %LINK-5-CHANGED: Interface FastEthernet2/1, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/1, changed state to down ChakriSwitch>sh int fa 2/1 FastEthernet2/1 is down, line protocol is down (err-disabled) Hardware is Lance, address is 0006.2a1a.0b00 (bia 0006.2a1a.0b00)
BW 100000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s input flow-control is off, output flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:08, output 00:00:05, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 956 packets input, 193351 bytes, 0 no buffer Received 956 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2357 packets output, 263570 bytes, 0 underruns 0 output errors, 0 collisions, 10 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out ChakriSwitch> ChakriSwitch>sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 FastEthernet1/1 FastEthernet2/1 FastEthernet3/1 FastEthernet4/1 FastEthernet5/1 unassigned unassigned unassigned unassigned unassigned unassigned YES manual down YES manual up YES manual down YES manual down YES manual down YES manual down up down up down down down down
Vlan1 172.30.2.100 YES manual up ChakriSwitch> ChakriSwitch#sh port-security int fa 2/1 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses :1 Total MAC Addresses :1 Configured MAC Addresses : 0 Sticky MAC Addresses :1 Last Source Address:Vlan : 00D0.FF11.910E:1 Security Violation Count : 1
ChakriSwitch# ChakriSwitch(config)#int fa 2/1 ChakriSwitch(config-if)#no shutdown %LINK-5-CHANGED: Interface FastEthernet2/1, changed state to down ChakriSwitch(config-if)# ChakriSwitch(config-if)#shutdown %LINK-5-CHANGED: Interface FastEthernet2/1, changed state to administratively down ChakriSwitch(config-if)#no shutdown %LINK-5-CHANGED: Interface FastEthernet2/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/1, changed state to up ChakriSwitch(config-if)# ChakriSwitch#sh int fa 2/1 FastEthernet2/1 is up, line protocol is up (connected) Hardware is Lance, address is 0006.2a1a.0b00 (bia 0006.2a1a.0b00) BW 100000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s input flow-control is off, output flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:08, output 00:00:05, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 956 packets input, 193351 bytes, 0 no buffer Received 956 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2357 packets output, 263570 bytes, 0 underruns 0 output errors, 0 collisions, 10 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out ChakriSwitch# ChakriSwitch#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES manual down down FastEthernet1/1 unassigned YES manual up up FastEthernet2/1 unassigned YES manual up up FastEthernet3/1 unassigned YES manual down down FastEthernet4/1 FastEthernet5/1 Vlan1 unassigned unassigned 172.30.2.100 YES manual down YES manual down YES manual up up down down
ChakriSwitch# ChakriSwitch#sh port-security int fa 2/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses :1 Total MAC Addresses :1 Configured MAC Addresses : 0 Sticky MAC Addresses :1 Last Source Address:Vlan : 0090.0CAB.157D:1 Security Violation Count : 0
Note: ChakriSwitch(config)#int range fastEthernet 1/1 - fastEthernet 2/1 config not taking properly in simulator.
Optimizing and Trouble shooting of Switches Configuring Speed and Duplex of ports . Most of the time switch detects speed correctly, but duplex mis-match happens frequently. . Duplex mismatch errors are thrown on console port.
. #terminal monitor (this command acts as console port and you can see the errors now on vty(telnet/ssh) port)
terminal monitor is not supported by simulator

. Duplex mismatches slows down the speed, that means Send Receive was not happening simultaniously,
they are happening one at a time. Data gets dropped that is the reason for slowness.
ChakriSwitch(config)#int fa 0/2 error:ido2h:%CDP-4-Duplex MISMATCH: duplex mismatch discovered on fa 0/2 (not half duplex), with Access server Ethernet 0 (half duplex). ChakriSwitch(config-if)#duplex half ChakriSwitch(config-if)#speed ? 10 Mbps 100 Mbps auto Auto speed detection ChakriSwitch(config-if)#speed 10
Note: When duplex and speed is changed there will be a slight interruption in the interface,
because the interface will change states, down and up.

Note: Always configure Laptops in auto detection. Servers, Switches, Printers and Routers are hard
coded speed and duplex, so configure Switch ports correctly for these devices. ChakriSwitch(config)#int fa 3/1 ChakriSwitch(config-if)#duplex ? auto Enable AUTO duplex configuration full Force full duplex operation half Force half-duplex operation ChakriSwitch(config-if)#duplex auto ChakriSwitch(config-if)#speed ? 10 Force 10 Mbps operation 100 Force 100 Mbps operation auto Enable AUTO speed configuration ChakriSwitch(config-if)#speed 10 ChakriSwitch(config-if)#duplex full ChakriSwitch> %LINK-5-CHANGED: Interface FastEthernet3/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3/1, changed state to down ChakriSwitch(config-if)#duplex half ChakriSwitch(config-if)# %LINK-5-CHANGED: Interface FastEthernet3/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3/1, changed state to up
Logging synchronous ChakriSwitch(config)#line con 0 ChakriSwitch(config-line)#logging synchronous ChakriSwitch(config)#line vty 0 4 ChakriSwitch(config-line)#logging synchronous
This command "logging synchronous" will help not interrupting command sequence when typing,
check yourself) status message lines will display separately. ChakriSwitch(config)#line con 0 ChakriSwitch(config-line)#lo? logging login ChakriSwitch(config-line)#lo ChakriSwitch(config-line)#logg ChakriSwitch(config-line)#logging ? synchronous Synchronized message output ChakriSwitch(config-line)#logging syn ChakriSwitch(config-line)#logging synchronous ? <cr> ChakriSwitch(config-line)#logging synchronous ChakriSwitch(config-line)#exit ChakriSwitch(config)#line vty 0 15 ChakriSwitch(config-line)#logg ChakriSwitch(config-line)#logging syn ChakriSwitch(config-line)#logging synchronous exec-timeout ChakriSwitch(config)#line con 0 ChakriSwitch(config-line)#exec-timeout ? <0-35791> Timeout in minutes ChakriSwitch(config-line)#exec-timeout 30 ? <0-2147483> Timeout in seconds <cr> ChakriSwitch(config-line)#exec-timeout 30 0 ? <cr> ChakriSwitch(config-line)#exec-timeout 30 0
Note: To indefinitely keep the state, use the below command, but this could be security violation.
ChakriSwitch(config-line)#no exec-timeout Note: "exec-timeout" works for vty ports as well. ChakriSwitch(config)#line con 0 ChakriSwitch(config-line)#exec ChakriSwitch(config-line)#exec-timeout ? <0-35791> Timeout in minutes ChakriSwitch(config-line)#exec-timeout 30 ? <0-2147483> Timeout in seconds <cr> ChakriSwitch(config-line)#exec-timeout 30 0 ? <cr> ChakriSwitch(config-line)#exec-timeout 30 0 ChakriSwitch(config-line)#exit ChakriSwitch(config)#line vty 0 15 ChakriSwitch(config-line)#exe ChakriSwitch(config-line)#exec-timeout ? <0-35791> Timeout in minutes ChakriSwitch(config-line)#exec-timeout 0 ? <0-2147483> Timeout in seconds <cr> ChakriSwitch(config-line)#exec-timeout 30 0 ?
<cr> ChakriSwitch(config-line)#exec-timeout 30 0 ChakriSwitch(config-line)# ChakriSwitch(config)#line con 0 ChakriSwitch(config-line)#no exec ChakriSwitch(config-line)#no exec-timeout ? <cr> ChakriSwitch(config-line)#no exec-timeout ChakriSwitch(config-line)#exit ChakriSwitch(config)#line vty 0 15 ChakriSwitch(config-line)#no exec ChakriSwitch(config-line)#no exec-timeout ? <cr> ChakriSwitch(config-line)#no exec-timeout ChakriSwitch(config-line)# By mistake domain lookup ChakriSwitch#flow Translating "flow".domain server (255.255.255.255)--->broadcast ip % unknown command or computer name, or unable to find computer address. Note: This means the switch is thinking "flow" is a domain name and has sent a broadcast to all and waiting for a response with ip address, this will take a long time since no such domain or computer or any device exist with that name. to avoid this use the below command. ChakriSwitch(config)#no ip domain-lookup ChakriSwitch#flow Translating "flow"...domain server (0.0.0.0) % Unknown command or computer name, or unable to find computer address ChakriSwitch# ChakriSwitch(config)#no ip ? access-list Named access-list default-gateway Specify default gateway (if not routing IP) domain IP DNS Resolver domain-lookup Enable IP Domain Name System hostname translation hosts Add an entry to the ip hostname table name-server Specify address of name server to use ChakriSwitch(config)#no ip domain ChakriSwitch(config)#no ip domainChakriSwitch(config)#no ip domain-lookup ? <cr> ChakriSwitch(config)#no ip domain-lookup ChakriSwitch(config)# ChakriSwitch#flow Translating "flow" % Unknown command or computer name, or unable to find computer address ChakriSwitch# Creating Aliases for Commands ChakriSwitch#sh ip int brief ChakriSwitch(config)#alias exec s show ip interface brief Note: Here exec means privilaage mode
ChakriSwitch#s (So "s" is shortcut for show ip interface brief, like that we can create shortcuts for all commands)
eg: ChakriSwitch(config)#alias exec save copy run start usage eg: ChakriSwitch#save "alias" not supported in simulator
STP STP = Spanning Tree Protocol

. All switch ports starts blinking if broadcast loops happen, also known as broadcast stroms. . Spanning tree blocks redundant links till the primary link is up and blocks broadcasts looping around.
. Spanning tree comes in ICND2 Optimizing and Trouble shooting using show commands . sh ip interface brief . sh interface . sh run ChakriSwitch(config)#int fa 0/4 ChakriSwitch(config-if)#shutdown (shutdown for security purposes) ChakriSwitch#sh ip interface brief (shows physical/status and datalink layer/protocol of the port) fa 0/4 administratively down ChakriSwitch#sh int fa 0/2 max address of device can be seen here reliability 255/255, txload 1/255, rxload 1/255 (1 to 255) 0% to 100% (1 is 0% reliable and 255 is 100% reliable) Half-duplex, 10 Mbps, media type is 10/100 BaseTx connected to can support more BW if the other side is supporting. 5 minute input and 5 minute output rate is shown here 17928 packets input Received 14446 broadcasts
Note: 14446/17928 equals 0.80 ie. 80% are broadcasts because of lab environment,
high level of broadcasts should not exceed 20%. 198636919 packets input Received 425029 broadcasts Historical Note: 425029/198636919 equals 0.00213 ie. 0.213% lot better and lesser broadcasts perspective 0 runts (too small packet, does not carry any info, these packets get dropped) 0 giants (too big packets, has more info than can be handled 0 throttles These are 0 input errors, 0 crc, 0 frame, o overrun, 0 ignored bad things These indicate bad connection like cable, network card, interface port of switch, florocent lamps, microwave interface or packets not passing thru CRC check. 0 collisions (duplex mismatch and also cable length too long) 0 late collisions (these happen if the cable is too long)
Switch Switch
cable length>100meters message 10 message 10

too many devices between
Laptop Laptop
HUB
HUB
because of long length the message takes time to reach switch but Laptop thinks the message is lost because it did not receive acknowledgement for previous message, so resends the message, by this time the switch has already sent acknowledgement, but it receives a duplicate message from Laptop. ChakriSwitch#sh run (to check the running configuration) this helps a lot in trouble shooting, because of configuration wronges, easyest way to figure out a problem in test simulation. Some times Cisco suppresses "sh run" in test simulations. In such cases use other commands available like sh int fa 0/2 for checking duplex instead of checking in sh run
ChakriSwitch#sh ? access-lists List access lists arp Arp table boot show boot attributes cdp CDP information clock Display the system clock dtp DTP information etherchannel EtherChannel information flash: display information about flash: file system history Display the session command history hosts IP domain-name, lookup style, nameservers, and host table interfaces Interface status and configuration ip IP information logging Show the contents of logging buffers mac-address-table MAC forwarding table mls Show MultiLayer Switching information port-security Show secure port information privilege Show current privilege level processes Active process statistics running-config Current operating configuration sessions Information about Telnet connections snmp snmp statistics spanning-tree Spanning tree topology startup-config Contents of startup configuration storm-control Show storm control configuration tcp Status of TCP connections tech-support Show system information for Tech-Support terminal Display terminal configuration parameters users Display information about terminal lines version System hardware and software status vlan VTP VLAN status vtp VTP information ChakriSwitch#sh ip ? access-lists List access lists arp IP ARP table interface IP interface status and configuration ChakriSwitch#sh ip int ChakriSwitch#sh ip interface ? Vlan Catalyst Vlans brief Brief summary of IP status and configuration <cr> ChakriSwitch#sh ip interface br ChakriSwitch#sh ip interface brief ? <cr> ChakriSwitch#sh ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES manual down down FastEthernet1/1 unassigned YES manual up up FastEthernet2/1 unassigned YES manual up up FastEthernet3/1 unassigned YES manual up up FastEthernet4/1 unassigned YES manual down down FastEthernet5/1 Vlan1 unassigned 172.30.2.100 YES manual down YES manual up up down
ChakriSwitch#sh int ChakriSwitch#sh interfaces ? Ethernet IEEE 802.3 FastEthernet FastEthernet IEEE 802.3 GigabitEthernet GigabitEthernet IEEE 802.3z Vlan Catalyst Vlans etherchannel Show interface etherchannel information switchport Show interface switchport information trunk Show interface trunk information <cr> ChakriSwitch#sh interfaces fa ChakriSwitch#sh interfaces fastEthernet ? <0-9> FastEthernet interface number ChakriSwitch#sh interfaces fastEthernet 3/1 FastEthernet3/1 is up, line protocol is up (connected) Hardware is Lance, address is 0002.16c0.dec0 (bia 0002.16c0.dec0) BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 10Mb/s input flow-control is off, output flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:08, output 00:00:05, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 956 packets input, 193351 bytes, 0 no buffer Received 956 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2357 packets output, 263570 bytes, 0 underruns 0 output errors, 0 collisions, 10 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out ChakriSwitch#sh run Building configuration... Current configuration : 1445 bytes ! version 12.1 no service timestamps log datetime msec no service timestamps debug datetime msec service password-encryption ! hostname ChakriSwitch ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! no ip domain-lookup
ip name-server 0.0.0.0 ! username chakri password 7 08651D0A043C3705565E42057C1B700222370C1A2A2E5350434A ! ! interface FastEthernet0/1 ! interface FastEthernet1/1 switchport mode access switchport port-security mac-address 0000.0CB9.D07B ! interface FastEthernet2/1 switchport mode access switchport port-security mac-address 0090.0CAB.157D ! interface FastEthernet3/1 switchport mode access switchport port-security mac-address 00D0.FF11.910E duplex half speed 10 ! interface FastEthernet4/1 ! interface FastEthernet5/1 ! interface Vlan1 ip address 172.30.2.100 255.255.255.0 ! ip default-gateway 172.30.2.1 ! banner motd ^C *************************** DO NOT LOGIN EXCEPT CHAKRI *************************** ^C ! line con 0 password 7 0822455D0A16 logging synchronous login exec-timeout 0 0 ! line vty 0 exec-timeout 0 0 password 7 0822455D0A1654 logging synchronous login history size 256 transport input telnet line vty 1 4 exec-timeout 0 0 password 7 0822455D0A1654 logging synchronous login transport input telnet
line vty 5 9 exec-timeout 0 0 password 7 0822455D0A1657 logging synchronous login line vty 10 15 exec-timeout 0 0 password 7 0822455D0A1656 logging synchronous login ! ! end
ChakriSwitch# WLAN PAN = Personal Area Network (eg: blue tooth) . A Wireless Access Point (WAP) communicates like a HUB . Shared Signal . Half Duplex . Uses unlicensed bands of Radio Frequency (RF). . Wireless is a physical and Datalink standard. . Uses CSMA/CA instead of CSMA/CD besause of collision avoidance it is much slower due to Access point stops other communication when it receives "ready to send" from a device, it reserves that slot only for that device. . More Interferences and jungle of unlicensed frequency bands. Unlicensed Frequencies Unlicensed frequencies are local government controlled, cordless and other also operate in this range. . 900MHz Range: 902 - 928 . 2.4GHz Range: 2.400 - 2.483 . 5GHz Range: 5.150 - 5.350 The lower the frequency, the more the coverage but lesser BW. That is the reason 900MHz equipment is lesser produced. Isulation, wood, thickness of wall, metal obsorbs and reflects frequencies. "Play Cisco wireless game" available in CCNA prep centre. 802.11 wireless standards 802.11b (won due to chip availability) . 2.4GHz Range . September 1999 . Most popular . Upto 11Mbps (1, 2, 5.5, 11 data rates) . Three 'Clean' channels 802.11g . 2.4GHz Range . June 2003 . Backward compatible with 802.11b . upto 54Mbps (12 data rates) . Three 'Clean' channels
802.11a (lost due to chip shortage) . 5.8GHz . September 1999 . upto 54Mbps . Not cross compatible with 802.11b/g . 12 to 23 'Clean' channels 802.11n (MIMO=Multiple Input Multiple Output) . . . upto 100Mbps . . Understanding wireless channels These channels are over lapping channels 802.11(b)(g)
6 1
7 2
8 3
9 4
10 5
11 6
10 11 802.11(b)(g)(US) Channels
2.401GHz
Access point frequencies and choices 22MHz 2.473GHz
So if we select 1, then 1, 1+5=6, 6+5=11 are clear channels, that means they dont over-lap with each other. 802.11(a)
1 2 -----802.11(a)(US) Channels
3 -------------------------------------------------------------
Access point frequencies and choices

5.180GHz 5.200GHz 0.040GHz 5.220GHz
Designing your Wireless coverage 802.11(b)(g)

1 1 11 6 1 11 6 11 6
N
Neighbour Wireless Access Point, they should choose (1) here, they should not choose any other frequency like 6, 11, 8 etc, if they choose they will interfere with your network.
Note: If the density is more choose 5GHz Access points eg:802.11a standard, because it has more clear channels.
Regulations of Wireless Frequencies, Standards and Organization 1> ITU-R (International Telecommunications Union - Radio Communications Sector) Regulates Radio Frequencies used for wireless transmissions 2> IEEE (Institute of Electrical and Electronic Engineers) Maintains Ethernet Standards like 802.x Maintains the 802.11(x) wireless transmission standards 3> WiFi Alliance: Ensures certified interoperability between 802.11(x) wireless vendors. Wireless Valnirabilities . Ward driving cars for access (sniffing for wireless networks) . Hackers can get onto organization and damage . Hackers can get into and steal info for personal gains . Employees mischief (rouge wireless access is connecting personal access points to their cubile for LAN access, out of ignorance or for better access. Wireless Security 1> Authentication (a) Username and Password (b) Certain Laptops with cirtificates and/or MAC address 2> Encription (a) Encription (Srambling) 3> IPS (a) Intrusion Prevention System (IPS) Detects rouge wireless access point and shuts down the port or sends you a message on phone/pager/email that there is a violation. Note: Wireless Security could be implemented as good as wireline security. Implementing wireless security with combination of Encryption and Authentication Originally: Pre-Shared key WEP (Extreamly weak)
All Laptops should use the same key, if Admin want to change the key, they have to be changed on all Laptops. This pre-shared key generates the encryption key, that means
if it has to be changed monthly, it will become very difficult to change on all Laptops of the organization. Evolution#1: Pre-Shared key WPA (or) WPA1 Because all the Access Point hardware is already manufactured with WEP hardware, they have comeup with WPA1 using same hardware. Not a perfect security but improved security encryption from WEP. WPA1 is a interim solution, encryption method is called TKIP. Evolution#2: Combination of WPA1 and 802.1x Authentication (Standard)
Laptop
AP (Access Point)
Server
username, password (or) certificate!!! is this username, password (or) certificate allowed??? yes yes generates a set of encryption keys. So every time or every session generates a fresh set of encryption keys.
Evolution#3:WPA2 (802.11i - standard that was widely supported) and 802.1x Authentication (standard)
This comes with new hardware from 2004, this encryption is called AES.
Access Points still support WPA1 and WPA2 with either preshared keys (PSK) or 802.1x Authentication.
All these Access points still support WEP.
Design and Implementation of Wireless SSID = Service Set Identifier; uniquely identifies and separates from other wireless
networks. SSID defines the name of your network (eg: wireless networks like 'Netgear', 'Linksys' etc)
wireless network should have atleast one network ID. That is what, will be displayed on Laptop, when you try to connect to a wireless network. One wireless access point can send out multiple SSIDs. eg: one SSID named public --> no security requirements configured. eg: other SSID named private --> security requirements configured. What happens when a Wireless CLIENT (Laptop) is enabled: 1> The Client/Laptop issues a probe (wireless Beacon) saying hello, what is out there. 2> All the wireless Access point(s), who get that probe responds with a Beacon with SSID(s). 3> Client Associates with chosen SSID (like public), to what ever Access point closest to (meaning which ever Access point gets stronger signal takes ownership of that client and own's clients MAC address. 4> That Access point then adds clients MAC address to its association table. 5> If signal gets weak with that Access point, the client re-initiates probe and re-associates with
nearest Access point. So this a break and make connection. No hand-offs like in mobile phones.
Correct Design of a WLAN
Fluke networks sell measurement kits but expensive. Software based cheaper kits using Laptop sniffers.
. RF service areas should have 10-15% overlap . Repeaters should have 50% overlap (if cable not available use repeater) . Boardering Access points should use different channels, so that there is no interference. Understanding Wireless network terms . BSS = Basic Service Set (Is a single Access point with SSIDs) . ESS = Extended Service Set (Is two or more BSS with common goal i.e., SSIDs)
Note: Roaming not in CCNA and CCENT cirriculum, using special config using ESS wireless ip phones.
Implimenting a Wireless Network 1> Pre-test switch port with laptop (DHCP, DNS, Internet access etc.) 2> Connect WAP (Check leds on WAP glowing) 3> Setup and test SSID with no security (try accessing Internet) 4> Add and test security (Pre-Shared key) WEP (or) WPA1 (or) WPA2
5> Add and test Authentication (802.1x) (If you have a back end server for Authentication/username, password)
Note: The above topics cover CCENT and CCNA level of wireless LAN.
Internet Protocol (IP) IP Versions IPv4 (0-255).(0-255).(0-255).(0-255) IPv6 12AB:215C:39AA:54B6:FF6A:7890:77AA:AABC Even IPv6 has subnetting just like IPv4 IP address when combined with a subnet mask, defines a network and host portion. Operates at layer 3 of the OSI Model. Network portion Host portion IP Address 172 17 17 4 Mask 255 255 255 0 Binary Numbers 2^7 2^6 128 64
1 1 1 0 0 1 1 1 1 0 0 1 1 1 1 0 1 0 0 0 1 1
4.3 * 10^9 4.3 * 10^38
2^5 32
1 1 0 1 1 0 1 1 0 1 0
2^4 16
1 0 0 1 1 1 1 0 1 0 1
2^3 8
0 0 0 0 0 0 0 0 0 0 0
2^2 4
0 0 0 0 0 0 0 0 0 0 0
2^1 2
0 0 0 0 0 0 0 0 0 0 0
2^0 1
0 0 0 0 0 0 0 0 0 0 0
Decimal
255
15*16=240 14*16=224 12*16=192 7*16=112 3*16=48 13*16=208 11*16=176 10*16=160 9*16=144 6*16=96 5*16=80
Subnetting & VLSM (Variable Length Subnet Mask) Subnetting based on Networks Scenario#1: A organisation has purchased a Class C Address 216.21.5.0 and would like to use it to address this network.
Analysis:
Class C Private range is 192.168.0.0 to 192.168.255.255 so the above is from Public range.
Step1:
Step2:
Step3:
Class C subnet mask is 255.255.255.0, so they can get 216.21.5.(0-255) i.e., 255 IPs. They need 5 subnets. Determine number of networks and convert to binary (5 = 00000101) Borrow bits ---> 3 No. of usable Networks (2^n) = 2^3 = 8 No. of usable Hosts (2^h-2) = 2^5-2 = 30 Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.255.0 = 11111111.11111111.11111111.00000000 New SNM ==> borrow 3 host bits = 11111111.11111111.11111111.11100000 Increment (I)= 32 is our increment and is in 4th Octet 255.255.255.224 (or) /27 use increment to find your network ranges No. of Subnet ranges = 256/Increment = 8 N = No. of the Subnet range = 0 to 7
Dec No. N Network N*I Range 1 0 216.21.5. 0 to 31 2 1 216.21.5. 32 to 63 3 2 216.21.5. 64 to 95 4 3 216.21.5. 96 to 127 5 4 216.21.5. 128 to 159 6 5 216.21.5. 160 to 191 7 6 216.21.5. 192 to 223 8 7 216.21.5. 224 to 255 Answer2: Finding the number of the network. IP = (k4/I) = no. of network calculated from 0. IP = (128/32) = 4 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 4 k4/I = no. of the network calculated from 0. k4/32 = 4 then k4 = 128 Scenario#2: Class C: 195.5.20.0. Need 50 networks. SNM = 255.255.255.0 Step1: Determine number of networks and convert to binary (50 = 00110010) Borrow bits ---> 6 No. of usable Networks (2^n) = 2^6 = 64 No. of usable Hosts (2^h-2) = 2^2-2 = 2 Step2: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.255.0 = 11111111.11111111.11111111.00000000 New SNM ==> borrow 6 host bits = 11111111.11111111.11111111.11111100 Increment (I)= 4 is our increment and is in 4th Octet 255.255.255.252 (or) /30 Step3: use increment to find your network ranges No. of Subnet ranges = 256/Increment = 64 N = No. of the Subnet range =0 to 63 Dec No. N Network N*I Range 1 0 195.5.20. 0 to 3 2 1 195.5.20. 4 to 7 3 2 195.5.20. 8 50 49 195.5.20. 196
63 62 195.5.20. 248 to 251 64 63 195.5.20. 252 to 255 Answer2: Finding the number of the network. k4/I = no. of network calculated from 0. 196/4 = 49 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 49 (k4/I) = no. of network calculated from 0. k4 = 49*4 = 196 Scenario#3: Class B: 150.5.0.0. Need 100 networks. SNM = 255.255.0.0 Step1: Determine number of networks and convert to binary (100 = 01100100) Borrow bits ---> 7 No. of usable Networks (2^n) = 2^7 = 128 No. of usable Hosts (2^h-2) = 2^9-2 = 510 Step2: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.0.0 = 11111111.11111111.00000000.00000000 New SNM ==> borrow 7 host bits = 11111111.11111111.11111110.00000000 Increment (I)= 2 is our increment and is in 3rd Octet 255.255.254.0 (or) /23
Step3: Dec No. 1 2 3 100
use increment to find your network ranges No. of Subnet ranges = 256/Increment = 128 N Network N*I Range 0 150.5. 0 .0 to 1.255 1 150.5. 2 .0 to 3.255 2 150.5. 4 .0 to 99 150.5. 198
N = No. of the Subnet range = 0 to 127
127 126 150.5. 252 .0 to 253.255 128 127 150.5. 254 .0 to 255.255 Answer2: Finding the number of the network. k3/I = no. of network calculated from 0. 198/2 = 99 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 99 k3/I = no. of network calculated from 0. k3 = 99*2 = 198 Scenario#4: Class A: 10.0.0.0. Need 500 networks. SNM = 255.0.0.0 Step1: Determine number of networks and convert to binary (500 = 111110100) Borrow bits ---> 9 No. of usable Networks (2^n) = 2^9 = 512 No. of usable Hosts (2^h-2) = 2^15-2 = 32766 Step2: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.0.0.0 = 11111111.00000000.00000000.00000000 New SNM ==> borrow 9 host bits = 11111111.11111111.10000000.00000000 Increment (I)= 128 is our increment and is in 3rd Octet 255.255.128.0 (or) /17 Step3: use increment to find your network ranges No. of Subnet ranges = 256*256/Increment = 512 N = No. of the Subnet range = 0 to 511
3rd Octet 2nd Octet No. of Subnet ranges = 256/Increment = No. of Subnet ranges = 256/Increment = 2 256 N = No. of the Subnet range = 0 to 1 N = No. of the Subnet range = 0 to 255
Dec No. 1 2 3 4 480
N 0 1 2 3 479
Network 10 10 10 10 10
N*I 0 0 1 1 239
N*I 0 128 0 128 128
Range
.0 to 0.127.255 .0 to 0.255.255 .0 to 1.127.255
511 510 10 255 0 .0 to 255.127.255 512 511 10 255 128 .0 to 255.255.255 Answer2: Finding the number of the network. (k3*256/I)+(k4/I) = no. of network calculated from 0. (239*256/128)+(128/128) = 479 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 479 (k3*256/I)+(k4/I) = no. of network (k3*256/128)+(k4/128) = 479 if k4=0, then k3=239 and when k3=239 then k4=128 Home work#1:Class C: 200.1.1.0. Need 40 networks. SNM = 255.255.255.0 Step1: Determine number of networks and convert to binary (40 = 00101000) Borrow bits ---> 6 No. of usable Networks (2^n) = 2^6 = 64 No. of usable Hosts (2^h-2) = 2^2-2 = 2
Step2:
Step3: Dec No. 1 2 3 30
Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.255.0 = 11111111.11111111.11111111.00000000 New SNM ==> borrow 6 host bits = 11111111.11111111.11111111.11111100 Increment (I)= 4 is our increment and is in 4th Octet 255.255.255.252 (or) /30 use increment to find your network ranges No. of Subnet ranges = 256/Increment = 64 N = No. of the Subnet range =0 to 63 N Network N*I Range 0 200.1.1. 0 to 3 1 200.1.1. 4 to 7 2 200.1.1. 8 29 200.1.1. 116
63 62 200.1.1. 248 to 251 64 63 200.1.1. 252 to 255 Answer2: Finding the number of the network. k4/I = no. of network calculated from 0. 116/4 = 29 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 29 k4/I = no. of network calculated from 0. k4/4 = 29, then k4 = 116 Home work#2:Class C: 199.9.10.0. Need 14 networks. SNM = 255.255.255.0 Step1: Determine number of networks and convert to binary (14 = 00001110) Borrow bits ---> 4 No. of usable Networks (2^n) = 2^4 = 16 No. of usable Hosts (2^h-2) = 2^4-2 = 14 Step2: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.255.0 = 11111111.11111111.11111111.00000000 New SNM ==> borrow 6 host bits = 11111111.11111111.11111111.11110000 Increment (I)= 16 is our increment and is in 4th Octet 255.255.255.240 (or) /28 Step3: use increment to find your network ranges No. of Subnet ranges = 256/Increment = 16 N = No. of the Subnet range =0 to 15 Dec No. N Network N*I Range 1 0 199.9.10. 0 to 15 2 1 199.9.10. 16 to 31 3 2 199.9.10. 32 10 9 199.9.10. 144
15 14 199.9.10. 224 to 239 16 15 199.9.10. 240 to 255 Answer2: Finding the number of the network. k4/I = no. of network calculated from 0. 144/16 = 9 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 9 k4/I = no. of network calculated from 0. k4/16 = 9, then k4 = 144
Home work#3:Class B: 170.50.0.0. Need 1000 networks. SNM = 255.255.0.0 Step1: Determine number of networks and convert to binary (1000 =11 11101000) Borrow bits ---> 10 No. of usable Networks (2^n) = 2^10 = 1024 No. of usable Hosts (2^h-2) = 2^6-2 = 62 Step2: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.255.0 = 11111111.11111111.00000000.00000000 New SNM ==> borrow 10 host bits = 11111111.11111111.11111111.11000000 Increment (I)= 64 is our increment and is in 4th Octet 255.255.255.192 (or) /26 Step3: use increment to find your network ranges No. of Subnet ranges = 256*256/Increment = 1024 N = No. of the Subnet range = 0 to 1023
4th Octet 3rd Octet No. of Subnet ranges = 256/Increment = No. of Subnet ranges = 256/Increment = 4 256 N = No. of the Subnet range = 0 to 3 N = No. of the Subnet range = 0 to 255
Dec No. 1 2 3 4 958
N 0 1 2 3 957
Network 170.50 170.50 170.50 170.50 170.50
N*I 0 0 0 0 239
N*I 0 64 128 192 64
Range to 0.63 to 0.127 to 0.191
1023 1022 170.50 255 128 to 255.191 1024 1023 170.50 255 192 to 255.255 Answer2: Finding the number of the network. (k3*256/I)+(k4/I) = no. of network calculated from 0. (239*256/64)+(64/64) = 957 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 957 (k3*256/I)+(k4/I) = no. of network calculated from 0. (256*k3/64)+(k4/64) = 957 if k4=0, then k3=239 and when k3=239 then k4=64 Home work#4:Class A: 12.0.0.0. Need 25 networks. SNM = 255.0.0.0 Step1: Determine number of networks and convert to binary (25 =00011001) Borrow bits ---> 5 No. of usable Networks (2^n) = 2^5 = 32 No. of usable Hosts (2^h-2) = 2^19-2 = 524286 Step2: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.0.0.0 = 11111111.00000000.00000000.00000000 New SNM ==> borrow 10 host bits = 11111111.11111000.00000000.00000000 Increment (I)= 8 is our increment and is in 2nd Octet 255.248.0.0 (or) /13 Step3: use increment to find your network ranges
2rd Octet No. of Subnet ranges = 256/Increment = 32 N = No. of the Subnet range = 0 to 31
Dec No. 1 2 3 4 20 31 32
N 0 1 2 3 19 30 31
Network 12 12 12 12 12 12 12
N*I 0 8 16 24 152 240 248
Range
0.0 to 7.255.255 0.0 to 15.255.255 0.0 to 23.255.255
0.0 to 247.255.255 0.0 to 255.255.255
Answer2: Finding the number of the network. k2/I = no. of network calculated from 0. 152/8 = 19 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 19 k2/I = no. of network calculated from 0. k2/8 = 19, then k2 = 152 www.nuggetlab.com (CCENT support files, pdf files and Answers) Subnetting based on Hosts Scenario#1: A organisation has purchased a Class C Address 216.21.5.0 and would like to use it to create networks of 30 hosts each.
Analysis:
Class C Private range is 192.168.0.0 to 192.168.255.255 so the above is from Public range.
Step1:
Step2:
Step3: Dec No. 1 2 3 5
Class C subnet mask is 255.255.255.0, so they can get 216.21.5.(0-255) i.e., 255 IPs. They need 30 hosts per subnet. Determine number of hosts and convert to binary (30 = 00011110) Reserve bits ---> 5 No. of usable Networks (2^n) = 2^3 = 8 No. of usable Hosts (2^h-2) = 2^5-2 = 30 Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.255.0 = 11111111.11111111.11111111.00000000 New SNM ==> borrow 3 host bits = 11111111.11111111.11111111.11100000 Increment (I)= 32 is our increment and is in 4th Octet 255.255.255.224 (or) /27 use increment to find your network ranges No. of Subnet ranges = 256/Increment = 8 N = No. of the Subnet range = 0 to 7 N Network N*I Range 0 216.21.5. 0 to 31 1 216.21.5. 32 to 63 2 216.21.5. 64 4 216.21.5. 128
7 6 216.21.5. 192 to 223 8 7 216.21.5. 224 to 255 Answer2: Finding the number of the network. k4/I = no. of network calculated from 0. 128/32 = 4 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 4 k4/I = no. of network calculated from 0. k4/32 = 4, then k4 = 128 Scenario#2: Class C: 195.5.20.0. Need 50 hosts per network. SNM = 255.255.255.0 Step1: Determine number of hosts per network and convert to binary (50 = 00110010) Reserve bits ---> 6 No. of usable Networks (2^n) = 2^6 = 64 No. of usable Hosts (2^h-2) = 2^2-2 = 2
Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.255.0 = 11111111.11111111.11111111.00000000 New SNM ==> borrow 2 host bits = 11111111.11111111.11111111.11000000 Increment (I)= 64 is our increment and is in 4th Octet 255.255.255.192 (or) /26 Step3: use increment to find your network ranges No. of Subnet ranges = 256/Increment = 4 N = No. of the Subnet range = 0 to 3 Dec No. N Network N*I Range 1 0 195.5.20. 0 to 63 2 1 195.5.20. 64 to 127 3 2 195.5.20. 128 to 191 4 3 195.5.20. 192 to 255 Answer2: Finding the number of the network. k4/I = no. of network calculated from 0. 128/64 = 2 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 2 k4/I = no. of network calculated from 0. k4/64 = 2, then k4 = 128 Scenario#3: Class B: 150.5.0.0. Need 500 hosts per network. SNM = 255.255.0.0 Step1: Determine number of hosts per network and convert to binary (500 = 111110100) Reserve bits ---> 9 No. of usable Networks (2^n) = 2^7 = 128 No. of usable Hosts (2^h-2) = 2^9-2 = 510 Step2: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.0.0 = 11111111.11111111.00000000.00000000 New SNM ==> borrow 7 host bits = 11111111.11111111.11111110.00000000 Increment (I)= 2 is our increment and is in 3rd Octet 255.255.254.0 (or) /23 Step3: use increment to find your network ranges No. of Subnet ranges = 256/Increment = 128 N = No. of the Subnet range = 0 to 127 Dec No. N Network N*I Range 1 0 150.5. 0 0 to 1.255 2 1 150.5. 2 0 to 3.255 3 2 150.5. 4 100 99 150.5. 198
Step2:
127 126 150.5. 252 0 to 253.255 128 127 150.5. 254 0 to 255.255 Answer2: Finding the number of the network. k3/I = no. of network calculated from 0. 198/2 = 99 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 99 k3/I = no. of network calculated from 0. k3/2 = 99, then k3 = 198 Scenario#4: Class A: 10.0.0.0. Need 100 hosts per network. SNM = 255.0.0.0 Step1: Determine number of hosts per network and convert to binary (100 = 01100100) Reserve bits ---> 7 No. of usable Networks (2^n) = 2^17 = 131072 No. of usable Hosts (2^h-2) = 2^7-2 = 126
Step2:
Step3:
4th Octet 3rd Octet 2nd Octet
Reserve bits in subnet mask and find your increment. Original SNM ==> 255.0.0.0 = 11111111.00000000.00000000.00000000 New SNM ==> borrow 9 host bits = 11111111.11111111.11111111.10000000 Increment (I)= 128 is our increment and is in 4th Octet 255.255.255.128 (or) /25 use increment to find your network ranges No. of Subnet ranges = 256*256/Increment = 131072 N = No. of the Subnet range =0 to 131071
No. of Subnet ranges = 256/Increment = No. of Subnet ranges = 256/Increment = No. of Subnet ranges = 256/Increment = 2 256 256 N = No. of the Subnet range = 0 to 1 N = No. of the Subnet range = 0 to 255 N = No. of the Subnet range = 0 to 255
Dec No.
Network
N*I
N*I
N*I
Range
to 127 to 255
1 2 3 4 130000
0 1 2 3 129999
10 10 10 10 10
0 0 0 0 253
0 0 1 1 231
0 128 0 128 128
to 127
131071 131071 10 255 255 0 to 127 131072 131072 10 255 255 128 to 255 Answer2: Finding the number of the network. (k2*256*256/I)+(k3*256/I)+(k4/I) = no. of network calculated from 0. (253*256*256/128)+(231*256/128)+(128/128) = 129999 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 129999 (k2*256*256/I)+(k3*256/I)+(k4/I) = no. of network calculated from 0. (k2*256*256/128)+(k3*256/128)+(k4/128) = 129999
if k4=0 and k3=0, then k2=253 and when k2=253 and k4=0 then k3=231, and then k4=128
Home work#1:Class C: 200.1.1.0. Need 40 hosts per network. SNM = 255.255.255.0 Step1: Determine number of hosts per network and convert to binary (40 = 00101000) Reserve bits ---> 6 No. of usable Networks (2^n) = 2^2 = 4 No. of usable Hosts (2^h-2) = 2^6-2 = 62 Step2: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.255.0 = 11111111.11111111.11111111.00000000 New SNM ==> borrow 6 host bits = 11111111.11111111.11111111.11000000 Increment (I)= 64 is our increment and is in 4th Octet 255.255.255.192 (or) /26 Step3: use increment to find your network ranges No. of Subnet ranges = 256/Increment = 4 N = No. of the Subnet range = 0 to 3 Dec No. N Network N*I Range 1 0 200.1.1. 0 to 63 2 1 200.1.1. 64 to 127 3 2 200.1.1. 128 to 191 4 3 200.1.1. 192 to 255 Answer2: Finding the number of the network. k4/I = no. of network calculated from 0. 128/64 = 2 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 2 k4/I = no. of network calculated from 0. k4/64 = 2, the k4 = 128
Home work#2:Class C: 199.9.10.0. Need 12 hosts per network. SNM = 255.255.255.0 Step1: Determine number of hosts per network and convert to binary (14 = 00001110) Reserve bits ---> 4 No. of usable Networks (2^n) = 2^4 = 16 No. of usable Hosts (2^h-2) = 2^4-2 = 14 Step2: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.255.0 = 11111111.11111111.11111111.00000000 New SNM ==> borrow 6 host bits = 11111111.11111111.11111111.11110000 Increment (I)= 16 is our increment and is in 4th Octet 255.255.255.240 (or) /28 Step3: use increment to find your network ranges No. of Subnet ranges = 256/Increment = 16 N = No. of the Subnet range =0 to 15 Dec No. N Network N*I Range 1 0 199.9.10. 0 to 15 2 1 199.9.10. 16 to 31 3 2 199.9.10. 32 10 9 199.9.10. 144
15 14 199.9.10. 224 to 239 16 15 199.9.10. 240 to 255 Answer2: Finding the number of the network. k4/I = no. of network calculated from 0. 144/16 = 9 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 9 k4/I = no. of network calculated from 0. k4/16 = 9, then k4 = 144 Home work#3:Class B: 170.50.0.0. Need 1000 hosts per network. SNM = 255.255.0.0 Step1: Determine number of hosts per network and convert to binary (1000 =11 11101000) Reserve bits ---> 10 No. of usable Networks (2^n) = 2^6 = 64 No. of usable Hosts (2^h-2) = 2^10-2 = 1022 Step2: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.0.0 = 11111111.11111111.00000000.00000000 New SNM ==> borrow 10 host bits = 11111111.11111111.11111100.00000000 Increment (I)= 4 is our increment and is in 3rd Octet 255.255.252.0 (or) /22 Step3: use increment to find your network ranges
3rd Octet No. of Subnet ranges = 256/Increment = 64 N = No. of the Subnet range = 0 to 63
Dec No.
1 2 3 4 40
N 0 1 2 3 39
Network
170.50. 170.50. 170.50. 170.50. 170.50.
N*I 0 4 8 12 156
Range .0 to 3.255 .0 to 7.255 .0 to 11.255
63 62 170 248 .0 to 251.255 64 63 170 252 .0 to 255.255 Answer2: Finding the number of the network. k3/I = no. of network calculated from 0. 156/4 = 39
Answer3: Finding the IP range if number of the network is given. To find out the range for network number 39 k3/I = no. of network calculated from 0. k3/4 = 39, then k3 = 156 Home work#4:Class A: 12.0.0.0. Need 100 hosts per network. SNM = 255.0.0.0 Step1: Determine number of hosts per network and convert to binary (100 =01100100) Reserve bits ---> 7 No. of usable Networks (2^n) = 2^17 = 131072 No. of usable Hosts (2^h-2) = 2^7-2 = 126 Step2: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.0.0.0 = 11111111.00000000.00000000.00000000 New SNM ==> borrow 17 host bits = 11111111.11111111.11111111.10000000 Increment (I)= 128 is our increment and is in 4th Octet 255.255.255.128 (or) /25 Step3: use increment to find your network ranges No. of Subnet ranges = 256*256*256/Increment = 131072 N = No. of the Subnet range= 0 to 131071
4th Octet 3rd Octet 2nd Octet No. of Subnet ranges = 256/Increment = No. of Subnet ranges = 256/Increment = No. of Subnet ranges = 256/Increment = 2 256 256 N = No. of the Subnet range = 0 to 1 N = No. of the Subnet range = 0 to 255 N = No. of the Subnet range = 0 to 255
Dec No.
Network
1 2 3 4 122831 122832
0 1 2 3 122830 122831
12 12 12 12 12 12
N*I 0 0 0 0 239 239
N*I 0 0 1 1 231 231
N*I 0 128 0 128 0 128
Range
to 127 to 255 to 127
to 127
131071 131070 12 255 255 0 to 127 131072 131071 12 255 255 128 to 255 Answer2: Finding the number of the network. (k2*256*256/I)+(k3*256/I)+(k4/I) = no. of network calculated from 0. (239*256*256/128)+(231*256/128)+(0/128) = 122830 Answer3: Finding the IP range if number of the network is given. To find out the range for network number 122830 (k2*256*256/I)+(k3*256/I)+(k4/I) = no. of network calculated from 0. (k2*256*256/128)+(k3*256/128)+(k4/128) = 122830
if k4=0 and k3 = 0, then k2=239.90 and when k2=239 and k4 = 0 then k3=231 and then k4=0
Reverse Engineering Subnets Scenario#1: A Laptop given a ip = 192.168.1.127 and SNM = 255.255.255.224 is this valid ip. Step1: Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.255.0 = 11111111.11111111.11111111.00000000 New SNM ==> borrow 3 host bits = 11111111.11111111.11111111.11100000 Increment (I)= 32 is our increment and is in 4th Octet 255.255.255.224 (or) /27 Step2: use increment to find your network ranges
4th Octet No. of Subnet ranges = 256/Increment = 8 N = No. of the Subnet range = 0 to 7
Dec No.
Network
1 2 4 5
0 1 3 4
192.168.1. 192.168.1. 192.168.1. 192.168.1.
N*I 0 32 96 128
Range
to 31
to 127
Not a valid ip, broadcast of this network.
7 6 192.168.1. 192 to 223 8 7 192.168.1. 224 to 225 There are multiple ways of answering this question Answer2: Finding the number of the network. k4/I = no. of network calculated from 0. 127/32 = 3.9 To check the validity of a given IP, also ckeck the IPs before and after it, all should fall in same "no. of network". 126/32 = 3.9 128/32 = 4 The results 3.9, 3.9 and 4 are not equal, So this is not a valid network. Answer3: Finding the IP range if number of the network is given. k4/I = no. of network calculated from 0. 127/32 = 3.9 Finding the IP range if number of the network is 3 k4/I = no. of network calculated from 0. k4/32 = 3, then k4 = 96 Also find the IP range if number of the network is 2 and 4 k4/I = no. of network calculated from 0. k4/32 = 2, then k4 = 64 k4/I = no. of network calculated from 0. k4/32 = 4, then k4 = 128 192.168.1.127 will be in network no. 3 and 192.168.1.128 is in network no. 4 This in indicates 127 cannot be used as host ip since it is a broadcast ip. Scenario#2: Laptop IP:172.16.68.65 SNM:255.255.255.240 GW:172.16.68.62
IP:172.16.68.62 MASK:255.255.255.240
Step1:
Step2:
3rd Octet 4th Octet
172 series is originally a Class B network but SNM here is Class C. Reserve bits in subnet mask and find your increment. Original SNM ==> 255.255.0.0 = 11111111.11111111.00000000.00000000 New SNM ==> borrow 12 host bits = 11111111.11111111.11111111.11110000 Increment (I)= 16 is our increment and is in 4th Octet 255.255.255.240 (or) /28 use increment to find your network ranges No. of Subnet ranges = 256*256/Increment = 4096 N = No. of the Subnet range = 0 to 4095
No. of Subnet ranges = 256/Increment = No. of Subnet ranges = 256/Increment = 256 16 N = No. of the Subnet range = 0 to 255 N = No. of the Subnet range = 0 to 15
Dec No. 1 2 3 4 5 6 1089 1090 1091 1092 1093 1094
N 0 1 2 3 4 5 1088 1089 1090 1091 1092 1093
Network 172.16. 172.16. 172.16. 172.16. 172.16. 172.16. 172.16. 172.16. 172.16. 172.16. 172.16. 172.16.
N*I 0 0 0 0 0 0 68 68 68 68 68 68
N*I 0 16 32 48 64 80 0 16 32 48 64 80 240
Range
GW is here IP is here
4096 4095 172.16. 255 There are multiple ways of answering this question Answer1: Finding the mask result.
172.16.68. 255.255.255. 172.16.68. 01000001 11110000 64 172.16.68. 255.255.255. 172.16.68.
So this is not a valid Network
00111110 11110000 48
The result is not equal, So this is not a valid network. Answer2: Finding the number of the network. Gateway = (k3*256/I)+(k4/I) = no. of network calculated from 0. Gateway = (68*256/16)+(62/16) = 1091.875 IP = (k3*256/I)+(k4/I) = no. of network calculated from 0. IP = (68*256/16)+(65/16) = 1092.063 The result 1091 and 1092 are not equal, So this is not a valid network. Answer3: Finding the IP range if number of the network is given. To find out the range for network number 1091 (k3*256/I)+(k4/I) = no. of network calculated from 0. (k3*256/16)+(k4/16) = 1091 if k4=0, then k3=68 and when k3=68 then k4=48 so 172.16.68.48 is in network no. 1091 To find out the range for network number 1092 (k3*256/I)+(k4/I) = no. of network calculated from 0. (k3*256/16)+(k4/16) = 1092 if k4=0, then k3=68 and when k3=68 then k4=64 so 172.16.68.64 is in network no. 1092 The IP and GW are falling different ranges of networks, so they are not valid.
Note: While subnetting a Class B network, the borrowing of host part can go into Class C and below.
This is what happened in this scenario. So while subnetting a Class can change from A-->B-->C-->D-->E
Note: Cisco got many show commands, that can show subnet mask in both formats. >===> 255.255.255.252 >===> /30 (bit notation / slash notation / short notation / side notation) www.cbtnuggets.com www.cbtnuggetlab.com www.nuggetlab.com (ccent support files) Exception while Subnetting Beacause binary values begins counting from "Zero". . These network values may throw off calculations 128, 64, 32, 16, 8, 4, 2 . These host values may throw off calculations 127, 63, 31, 15, 7, 3 To play it safe, Always: . Substract 1 when finding networks . Add 1 when finding hosts Initial Cisco Router Setup Some Router Models Great Lab Routers
851 / 871 (Supports wireless, VPN, 4 switch ports, single interface to connect to WAN,
Ethernet interface to connect to Internet.) Medium 2800 Ports on Routers USB Port - put Encryption key, USB key use that as Flash to store different IOS images. Fast Ethernet T1 Interface WIC Card - WAN Interface Card (Slide in cards optionally can insert other cards like , interchangable)
WIC card is redundant has two serial ports. WIC 1T - One serial port. Switch ports Console port AUX port Router Boot Process The boot process is a bit different from switch. Shows memory 65536 Kbytes main memory Booting Flash:/ C850-advsecurityk9-m2.123-8.y12.bin IOS version Release 8 5 Ethernet interfaces 1 802.11 Radio 128k bytes of non-volatile Configuration memory 2048k bytes of processor board system flash (Intel strata flash) This is used to store IOS Would you like to enter the initial configuration dialog?[yes/no]:yes Would you like to enter basic management setup?[yes/no]:no Do you want to see interface summary?[yes]: Configuring Global Parameters: Enter hostname[Router]:ChakriR1 Enter Enable Secret: Password Enter Enable Password: Cisco Enter Virtual terminal password: ^C etc, etc, etc. Configuration aborted, no changes made.
Router> hostname, logon banner, ChakriR1(config)#line con 0 ChakriR1(config-line)#login % Login disabled on line 0, until 'password' is set The same ChakriR1(config-line)# Do not abort at this point, if you exit at this point with out setting password, applies for you cannot login using console port -Be carefull and set the password if you give login command. vty ports ChakriR1(config-line)#password cisco
ChakriR1(config-line)#logging syschronous (will set the status messages from not interrupting your
config commands that you are typing.) ChakriR1(config-line)#exec-timeout 30 0 ChakriR1(config)#enable secret cisco ChakriR1#sh ip int brief System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1) Copyright (c) 2000 by cisco Systems, Inc. cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory Self decompressing the image : ########################################################################## [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 06:21 by pt_rel_team Image text-base: 0x400A925C, data-base: 0x4372CE20 This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49 2 FastEthernet/IEEE 802.3 interface(s) 239K bytes of non-volatile configuration memory. 62720K bytes of ATA CompactFlash (Read/Write)
Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 06:21 by pt_rel_team
--- System Configuration Dialog --Continue with configuration dialog? [yes/no]: no
Press RETURN to get started!
Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname ChakriR1 ChakriR1(config)#banner motd c Enter TEXT message. End with the character 'c'. ********************************************** No Login without Permission ********************************************** c ChakriR1(config)#line ? <0-81> First Line number console Primary terminal line vty Virtual terminal ChakriR1(config)#line con ChakriR1(config)#line console ? <0-0> First Line number ChakriR1(config)#line console 0 ChakriR1(config-line)#password ? 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) line password ChakriR1(config-line)#password cisco ChakriR1(config-line)#logg ChakriR1(config-line)#logging ? synchronous Synchronized message output ChakriR1(config-line)#logging s ChakriR1(config-line)#logging synchronous ? <cr> ChakriR1(config-line)#logging synchronous ChakriR1(config-line)#exec ChakriR1(config-line)#exec-timeout 30 0 ChakriR1(config-line)#en ChakriR1(config-line)#ena ChakriR1(config-line)#exit ChakriR1(config)#ena
ChakriR1(config)#enable se ChakriR1(config)#enable ? password Assign the privileged level password secret Assign the privileged level secret ChakriR1(config)#enable se ChakriR1(config)#enable secret ? 0 Specifies an UNENCRYPTED password will follow 5 Specifies an ENCRYPTED secret will follow LINE The UNENCRYPTED (cleartext) 'enable' secret level Set exec level password ChakriR1(config)#enable secret cisco ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1#sh int brief ^ % Invalid input detected at '^' marker. ChakriR1#sh ip int br ChakriR1#sh ip int brief Interface IP-Address FastEthernet0/0 FastEthernet0/1 Vlan1 ChakriR1#
OK? Method Status
Protocol
unassigned unassigned unassigned
YES manual administratively down down YES manual administratively down down
YES manual administratively down down
Module number 2800 series fe 0/0 fe 0/1 Module
Port number
ChakriR1(config)#int fa 0/1 ChakriR1(config-if)#description INTERNET WAN PORT ChakriR1(config-if)#ip address 68.110.171.98 255.255.255.224 ChakriR1(config-if)#no shutdown Administratively down--->means 'shutdown', issue 'no shutdown' Line protocol down--->will also come up if physically connected. DHCP configuration on WAN interface of serial 2/0 if dynamically allotted by ISP. ChakriR1(config-if)#ip address dhcp ChakriR1(config)#int range fa 0/0 - 3 ChakriR1(config-if-range)#no shutdown ChakriR1#sh ip int brief ChakriR1(config)#int vlan 1 ChakriR1(config-if)#ip address 192.168.1.1 255.255.255.0 ChakriR1#sh ip int brief ChakriR1#sh int fa 0/1 ***************Configuration Complete****************** www.cisco.com/products & services/routers and routing systems ChakriR1#sh ip int br ChakriR1#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES manual administratively down down FastEthernet0/1 unassigned YES manual administratively down down Vlan1 unassigned YES manual administratively down down ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#int fa 0/1 ChakriR1(config-if)#description INTERNET WAN PORT ChakriR1(config-if)#ip address 68.110.171.98 255.255.255.224 ChakriR1(config-if)#no shutdown ChakriR1(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up ChakriR1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up ChakriR1(config-if)# ChakriR1(config-if)#exit ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console
ChakriR1#sh ip int brief Interface IP-Address FastEthernet0/0 FastEthernet0/1
OK? Method Status
Protocol
unassigned
YES manual administratively down down up
68.110.171.98 YES manual up
Vlan1 unassigned YES manual administratively down down ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#int fa 0/0 ChakriR1(config-if)#no shutdown ChakriR1(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up ChakriR1(config-if)#exit ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 FastEthernet0/1 unassigned YES manual up up up
Vlan1 unassigned YES manual administratively down down ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#int vlan 1 ChakriR1(config-if)#ip address 192.168.1.1 255.255.255.0 ChakriR1(config-if)#exit ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 FastEthernet0/1 unassigned YES manual up up up
Vlan1 192.168.1.1 YES manual administratively down down ChakriR1# ChakriR1#sh int fa 0/1 FastEthernet0/1 is up, line protocol is up (connected) Hardware is Lance, address is 0060.3e7d.4d02 (bia 0060.3e7d.4d02) Description: INTERNET WAN PORT Internet address is 68.110.171.98/27 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00, Last input 00:00:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 input packets with dribble condition detected 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out ChakriR1# ChakriR1#sh int fa 0/1 FastEthernet0/1 is up, line protocol is up (connected) Hardware is Lance, address is 0060.3e7d.4d02 (bia 0060.3e7d.4d02) Description: INTERNET WAN PORT Internet address is 68.110.171.98/27 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00, Last input 00:00:08, output 00:00:05, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 input packets with dribble condition detected 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#int vlan 1 ChakriR1(config-if)#no shutdow ChakriR1(config-if)#no shutdown %LINK-5-CHANGED: Interface Vlan1, changed state to up ChakriR1(config-if)# ChakriR1(config-if)#exit ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console
ChakriR1#sh ip int brief Interface IP-Address FastEthernet0/0 FastEthernet0/1 Vlan1 ChakriR1#
OK? Method Status YES manual up
Protocol up up down
unassigned
68.110.171.98 YES manual up 192.168.1.1 YES manual up
SDM and DHCP Server Configuration SDM = Security Device Manager A GUI that you can use to configure and manage your Cisco Router. Monitor Routers, see the traffic WEB based Java Application Works on all mainline Cisco Routers 2800, 2600, 800, 1800, 3600, 3800. SDM is not supported on 2500 old routers and high end routers. Designed to allow IOS config without extensive knowledge. Configuring your Router to support SDM and SSH http https (secure SDM) http is non-secured web surfing. SDM can also be used with http. https is secured web surfing. www.cisco.com/go/sdm ---> download software --->install on your PC and/or on Router.
Step#1: Generate Encryption keys that is used in SSH and HTTPS. ChakriR1(config)#ip domain-name nuggetlab.com ChakriR1(config)#crypto key generate rsa ? general-keys--->general key (all doors generally opens with this key) usage-keys----->specific key (eg: a door has a spesific key) ChakriR1(config)#crypto key generate rsa general-keys The name for the key will be ChakriR1.nuggetlab.com domain-name hostname given to Router Note: So if you change hostname of Router or domain-name you will have to generate encryption keys again. How many bits in the Modulus[512]: 1024 --->strength of key Step#2: Turning on the http/https servers on your Router. ChakriR1(config)#ip http server ChakriR1(config)#ip http secure-server
Step#3: Create a previlage level 15 user account. This is the highest level privilage also called Enable mode.
ChakriR1(config)#username chakri privilage 15 password <7> /secret cisco
Step#4: Configure your vty ports and http access ports for privilage level 15 and to use the local user database.
ChakriR1(config)#ip http authentication local/enable local password created now has to known enable ChakriR1(config)#line vty 0 4 ChakriR1(config-line)#login local/tacacs local password checking use tacacs server for password checking ChakriR1(config-line)#transport input telnet/ssh Home work: Now try to login to the Router and check the difference. Step#5: Install Java on your Laotop and access the Router using a WEB browser.
Note: Almost all Laptops are installed with JAVA and WEB browers. If SDM is on Router.
If SDM is on Laptop, use SDM to launch browser. ********************************************** No Login without Permission **********************************************
ChakriR1>enable Password: ChakriR1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)# ChakriR1(config)#ip do ChakriR1(config)#ip domain ChakriR1(config)#ip domain ChakriR1(config)#ip domainChakriR1(config)#ip ? access-list Named access-list default-network Flags networks as candidates for default routes dhcp Configure DHCP server and relay parameters domain IP DNS Resolver domain-lookup Enable IP Domain Name System hostname translation domain-name Define the default domain name forward-protocol Controls forwarding of physical and directed IP broadcasts host Add an entry to the ip hostname table inspect Context-based Access Control Engine ips Intrusion Prevention System local Specify local options name-server Specify address of name server to use nat NAT configuration commands route Establish static routes ssh secure shell configuration tcp Global TCP parameters ChakriR1(config)#ip domain-na ChakriR1(config)#ip domain-name nuggetlab.com ChakriR1(config)#cryp ChakriR1(config)#crypto ? dynamic-map Specify a dynamic crypto map template ipsec Configure IPSEC policy isakmp Configure ISAKMP policy key Long term key operations map Enter a crypto map ChakriR1(config)#crypto key ? generate Generate new keys zeroize Remove keys ChakriR1(config)#crypto key ge
ChakriR1(config)#crypto key generate ? rsa Generate RSA keys ChakriR1(config)#crypto key generate rsa ? <cr> ChakriR1(config)#crypto key generate rsa The name for the keys will be: ChakriR1.nuggetlab.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] ChakriR1(config)#ip ? *Mar 1 0:45:54.622: %SSH-5-ENABLED: SSH 1.99 has been enabled access-list Named access-list default-network Flags networks as candidates for default routes dhcp Configure DHCP server and relay parameters domain IP DNS Resolver domain-lookup Enable IP Domain Name System hostname translation domain-name Define the default domain name forward-protocol Controls forwarding of physical and directed IP broadcasts host Add an entry to the ip hostname table inspect Context-based Access Control Engine ips Intrusion Prevention System local Specify local options name-server Specify address of name server to use nat NAT configuration commands route Establish static routes ssh secure shell configuration tcp Global TCP parameters ChakriR1(config)#user ChakriR1(config)#username ? WORD User name ChakriR1(config)#username chakri ? password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user <cr> ChakriR1(config)#username chakri pri ChakriR1(config)#username chakri privilege ? <0-15> User privilege level ChakriR1(config)#username chakri privilege 15 ? password Specify the password for the user secret Specify the secret for the user <cr> ChakriR1(config)#username chakri privilege 15 pass ChakriR1(config)#username chakri privilege 15 password ? 0 Specifies an UNENCRYPTED password will follow 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) user password ChakriR1(config)#username chakri privilege 15 password cisco ChakriR1(config)#
ChakriR1(config)#ip ? access-list Named access-list default-network Flags networks as candidates for default routes dhcp Configure DHCP server and relay parameters domain IP DNS Resolver domain-lookup Enable IP Domain Name System hostname translation domain-name Define the default domain name forward-protocol Controls forwarding of physical and directed IP broadcasts host Add an entry to the ip hostname table inspect Context-based Access Control Engine ips Intrusion Prevention System local Specify local options name-server Specify address of name server to use nat NAT configuration commands route Establish static routes ssh secure shell configuration tcp Global TCP parameters ChakriR1(config)#line vty ? <0-15> First Line number ChakriR1(config)#line vty 0 15 ChakriR1(config-line)#login ? authentication authenticate using aaa method list local Local password checking <cr> ChakriR1(config-line)#login local ChakriR1(config-line)#tr ChakriR1(config-line)#transport ? input Define which protocols to use when connecting to the terminal server output Define which protocols to use for outgoing connections ChakriR1(config-line)#transport input ? all All protocols none No protocols ssh TCP/IP SSH protocol telnet TCP/IP Telnet protocol ChakriR1(config-line)#transport input telnet ssh ^ % Invalid input detected at '^' marker. ChakriR1(config-line)#transport input all ChakriR1(config-line)#exit ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1#enable
192.168.1.200 . DHCP allows you to give ip addresses to devices without manual configuration. (ip manually configured on laptop)
Laptop
00A0:1131:3391
Laptop powered off
. Typically given for a limited time (to save ip addresses)
192.168.1.100 00A0:1121:3392 eMail Server
. Can be "Manually Alloted" for key network devices from a DHCP server or DHCP enabled Router.
Windows DHCP Server
DHCP enabled Router
. DHCP servers can be Server-based or Router-based, we can setup a pool of ip addresses that are handed-out from either a Server or Router or Switch or where ever we decide to have our DHCP server. Router is more stable than windows based DHCP server, because Routers don't crash. Windows based DHCP server has GUI and easy to configure.
ISP
DHCP Process Laptop Router/Server DHCP Discover (Broad cast) DHCP Offer (Unicast) 192.168.1.150 directed to PCs MAC address 00A0:1131:3391 DHCP Request (Unicast) DHCP ACK (Unicast)
At this point DHCP Router/Server will add to its database.
Using SDM to Configure DHCP . Edit/Preferences/Preview commands 'ON' so that we can see commands sent. . Configure / Additional tasks
+ + -
Router Properties Router Access DHCP DHCP Pools DHCP Bindings DNS Dynamic DNS methods ACL Editor Port to Application Mappings URL Filtering Zone Pairs Zones AAA Local Pools Router Positioning 802.1x C3PL Configuration Management
Edit Delete DHCP Pool Status
+ + +
+ +
Add
Add DHCP Pool
DHCP Pool name: LAN_Address DHCP Pool Network: 192.168.1.0 SNM: 255.255.255.0 DHCP Pool Starting IP: 192.168.1.20 Ending IP: 192.168.1.100 Lease Length ( ) Never Expires ( . ) User Defined
Days : 3 ---> If not being used expires after 3 days, if using they get extended next 3 days and so on and so forth.
HH:MM:00 DHCP Options

DNS Server1(*): 4.2.2.2 ---> Public DNS Server, ping it from CMD from your Laptop or you can use what ever DNS server your service provider has given to you or DNS server internal to internal network.
DNS Server2(*):
Domain name(*): home.local ---> adds at the end of site address eg: win2003.home.local;
WINS Server1(*): addtec.home.local; exchange.home.local. Ping win2003 WINS Server2(*): it actually takes ping win2003.home.local. Default Router(*):192.168.1.1 Import all DHCP options into the DHCP server database(*) (*) optional fields
DHCP Client of Router
DHCP Client of ISP
DHCP
ISP
<--- DNS (Optional) (like 4.2.2.2) <--- WINS (Optional) <--- IP <--- Domain Name (Optional)
Import these that comes from ISP and automatically assign them to your DHCP Clients (Laptops)
Deliver Configuration to Router
Deliver delta Commands to the router's running Config Preview Commands that will be delivered to the router's running Configuration ip dhcp pool LAN_Addresses network 192.168.1.0 255.255.255.0 domain-name home.local dns-server 4.2.2.2 default-router 192.168.1.1 import all lease 3 exit ip dhcp excluded-address 192.168.1.1 192.168.1.19 ip dhcp excluded-address 192.168.1.101 192.168.1.254 The differences between the running Configuration and Startup Configuration are lost whenever the router is turned off. Save Running Config to router's Startup Config.
Deliver Cancel Save to File Help
cmd C>ipconfig /renew Connection-specific DND suffix IPv4 Address Subnet Mask Default Gateway DHCP pool status Note: Check in SDM ChakriR1#sh ip dhcp binding
IP address 192.168.1.20
:home.local :192.168.1.20 :255.255.255.0 :192.168.1.1
Client ID/Hardware address/user name 0100.15cf.afea.37
lease expiration Mar 05 2002 05:39PM
Type Automatic
MAC address of Laptop Client ID IP address assigned cmd C>ipconfig /all ---> check the MAC address, equals
SDM Configure Monitor Refresh Save
00-15-C5-AF-EA-37
Search
Help
********************************************** No Login without Permission **********************************************
ChakriR1>en Password: ChakriR1#en ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#ip ? access-list Named access-list default-network Flags networks as candidates for default routes dhcp Configure DHCP server and relay parameters domain IP DNS Resolver domain-lookup Enable IP Domain Name System hostname translation domain-name Define the default domain name forward-protocol Controls forwarding of physical and directed IP broadcasts host Add an entry to the ip hostname table inspect Context-based Access Control Engine ips Intrusion Prevention System local Specify local options name-server Specify address of name server to use nat NAT configuration commands route Establish static routes ssh secure shell configuration tcp Global TCP parameters ChakriR1(config)#ip dhcp ? excluded-address Prevent DHCP from assigning certain addresses pool Configure DHCP address pools ChakriR1(config)#ip dhcp pool ? WORD Pool name ChakriR1(config)#ip dhcp pool LAN_Addresses ChakriR1(dhcp-config)#netwo ChakriR1(dhcp-config)#network ? A.B.C.D Network number in dotted-decimal notation ChakriR1(dhcp-config)#network 192.168.1.0 255.255.255.0 ChakriR1(dhcp-config)#do ChakriR1(dhcp-config)#domain-na ChakriR1(dhcp-config)#domain-nam ChakriR1(dhcp-config)#domain-name ? % Unrecognized command ChakriR1(dhcp-config)#? default-router Default routers dns-server Set name server exit Exit from DHCP pool configuration mode network Network number and mask no Negate a command or set its defaults ChakriR1(dhcp-config)#dns ChakriR1(dhcp-config)#dns-server ? A.B.C.D Set ip address of DNS server ChakriR1(dhcp-config)#dns-server 4.2.2.2 ChakriR1(dhcp-config)#de ChakriR1(dhcp-config)#default-router ? A.B.C.D Router's IP address
ChakriR1(dhcp-config)#default-router 192.168.1.1 ChakriR1(dhcp-config)#im ChakriR1(dhcp-config)#lea ChakriR1(dhcp-config)#exit ChakriR1(config)#ip dhcp ? excluded-address Prevent DHCP from assigning certain addresses pool Configure DHCP address pools ChakriR1(config)#ip dhcp ex ChakriR1(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.19 ChakriR1(config)#ip dhcp excluded-address ? A.B.C.D Low IP address ChakriR1(config)#ip dhcp excluded-address 192.168.1.101 192.168.1.254 ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1# Routing Static Routing (Mannual) C1>ping 192.168.1.1 ---> ping happens C1>ping 68.110.171.98 ---> ping happens C1>ping 68.110.171.97 ---> ping does not happen PC>ipconfig 192.168.1.10 255.255.255.0 192.168.1.1 PC>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1.1: bytes=32 time=50ms TTL=255 Reply from 192.168.1.1: bytes=32 time=40ms TTL=255 Reply from 192.168.1.1: bytes=32 time=32ms TTL=255 Reply from 192.168.1.1: bytes=32 time=36ms TTL=255 Ping statistics for 192.168.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 32ms, Maximum = 50ms, Average = 39ms PC>ping 68.110.171.98 Pinging 68.110.171.98 with 32 bytes of data: Reply from 68.110.171.98: bytes=32 time=50ms TTL=255 Reply from 68.110.171.98: bytes=32 time=40ms TTL=255 Reply from 68.110.171.98: bytes=32 time=32ms TTL=255 Reply from 68.110.171.98: bytes=32 time=6ms TTL=255 Ping statistics for 68.110.171.98: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 6ms, Maximum = 50ms, Average = 32ms PC>ping 68.110.171.97 Pinging 68.110.171.97 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 68.110.171.97: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), PC>
ChakriR1#ping 68.110.171.97 ---> ping happens ChakriR1#ping 4.2.2.2 ---> ping does not happen ChakriR1#sh ip route 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, Fast Ethernet 4 C 192.168.1.0/24 is directly connected, vlan 1/Fast Ethernet 0/0 "C" indicates directly connected
Definition of Routing: A list of networks that a Router knows how to reach. Routers by default knows only the Networks that are directly connected. A list of Networks that the router knows
how to reach is called Routing table. ChakriR1>ping 68.110.171.97 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 68.110.171.97, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/10/31 ms ChakriR1>ping 4.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) ChakriR1>sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 ChakriR1>
ChakriR1#telnet 192.168.1.2 ChakriR2#sh ip int brief ChakriR2#telnet 192.168.2.2 ********************************************** No Login without Permission **********************************************
ChakriR1>ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms ChakriR1>telnet 192.168.1.2 Trying 192.168.1.2 ...Open ********************************************** DO NOT LOGIN UNAUTHORISED **********************************************
User Access Verification Password: ChakriR2>sh ip int br ChakriR2>sh ip int brief Interface IP-Address FastEthernet0/0 FastEthernet1/0 Serial2/0 Serial3/0 FastEthernet4/0
OK? Method Status
Protocol
unassigned 192.168.1.2 192.168.2.1 unassigned
YES manual administratively down down YES manual up up
YES manual administratively down down YES manual administratively down down YES manual up up
192.168.2.1
FastEthernet5/0 unassigned ChakriR2>ping 192.168.2.2
YES manual administratively down down
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 10/15/20 ms ChakriR2>telnet 192.168.2.2 Trying 192.168.2.2 ...Open *********************************************** UNAUTHORISED LOGINS NOT ALLOWED *********************************************** User Access Verification Password: ChakriR3>
ChakriR3#sh ip int brief ChakriR3>sh ip int br Interface IP-Address FastEthernet0/0 FastEthernet1/0 Serial2/0 Serial3/0 FastEthernet4/0 FastEthernet5/0 Loopback0 ChakriR3>
OK? Method Status
Protocol
192.168.3.1 unassigned unassigned 192.168.2.2
192.168.2.2 unassigned 192.168.3.20
Loopback 0
192.168.3.20
this is set to simulate a Laptop 192.168.3.20 which is not physically present.
ChakriR3(config)#int fa 0/0 ChakriR3(config-if)#sh ChakriR3(config-if)#shutdown ChakriR3(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down ChakriR3(config-if)#exit ChakriR3(config)#int loop ChakriR3(config)#int loopback 0 ChakriR3(config-if)#ip address 192.168.3.20 255.255.255.255 ChakriR3(config-if)#no sh ChakriR3(config-if)#no shutdown ChakriR3(config-if)#exit ChakriR3(config)#exit ChakriR3# %SYS-5-CONFIG_I: Configured from console by console ChakriR3#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 FastEthernet1/0 Serial2/0 Serial3/0 FastEthernet4/0 FastEthernet5/0 Loopback0 ChakriR3# 192.168.3.1 unassigned unassigned 192.168.2.2 YES manual administratively down down YES manual administratively down down YES manual administratively down down YES manual administratively down down YES manual up up
192.168.2.2 unassigned 192.168.3.20
Note: CTRL+Shift+6+X ---> keys to toggle between Routers ChakriR2#sh ip route ChakriR2#ping 192.168.2.2 ---> ping happens ChakriR2#ping 192.168.3.20 ---> ping does not happen ChakriR2(config)#ip route 192.168.3.0 255.255.255.0 192.168.2.2 ChakriR2#ping 192.168.3.20 ---> ping happens now ChakriR2#sh ip route 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, Fast Ethernet 4 C 192.168.1.0/24 is directly connected, vlan 1/Fast Ethernet 0/0 C 192.168.2.0/24 is directly connected, serial 0/1/0 S 192.168.3.0/24[1/0] via 192.168.2.2 "S" indicates, this is a maually entered "Static route" ChakriR2>sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.1.0/24 is directly connected, FastEthernet1/0 C 192.168.2.0/24 is directly connected, FastEthernet4/0 ChakriR2>ping 192.168.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/10 ms ChakriR2> ChakriR2#ping 192.168.3.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.20, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) ChakriR2# ChakriR2>en Password: ChakriR2#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR2(config)#ip route 192.168.3.0 255.255.255.0 192.168.2.2 ChakriR2(config)#exit ChakriR2#ping 192.168.3.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.20, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 6/15/20 ms ChakriR2#
ChakriR2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.1.0/24 is directly connected, FastEthernet1/0 C 192.168.2.0/24 is directly connected, FastEthernet4/0 S 192.168.3.0/24 [1/0] via 192.168.2.2 ChakriR2#
ChakriR2#ping 192.168.3.20 ---> ping will be successful (ping shows min/avg/max speed) --->20/22/24ms ChakriR2#ping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) ChakriR2#ping 192.168.3.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.20, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/6/22 ms ChakriR2# [Connection to 192.168.1.2 closed by foreign host] ChakriR1>
C1>ping 192.168.3.1 ---> ping fails (because there is no route for 192.168.1.0/24 in ChakriR3 router) PC>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.3.1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), PC>ping 192.168.3.20 Pinging 192.168.3.20 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.3.20: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), PC>
ChakriR3#ping 192.168.2.1 ---> ping happens ChakriR3#ping 192.168.1.2 ---> ping does not happen
ChakriR3>ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/15/20 ms ChakriR3>ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) ChakriR3> ChakriR3>
ChakriR3#sh ip route ChakriR3>sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C C 192.168.2.0/24 is directly connected, FastEthernet4/0 192.168.3.0/32 is subnetted, 1 subnets 192.168.3.20 is directly connected, Loopback0 ChakriR3>
ChakriR3(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1 ChakriR3#ping 192.168.1.2 ChakriR3#sh ip route ChakriR3#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR3(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1 ChakriR3(config)#exit ChakriR3#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/16/20 ms
ChakriR3# ChakriR3#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set S C C 192.168.1.0/24 [1/0] via 192.168.2.1 192.168.2.0/24 is directly connected, FastEthernet4/0 192.168.3.0/32 is subnetted, 1 subnets 192.168.3.20 is directly connected, Loopback0 ChakriR3#
Default route: Routers route any address that they don't know where to route, uses the default route to route these unknown addresses.
ChakriR3#ping 68.110.171.97 ---> pings ISP ChakriR3#ping 4.2.2.2 ---> ping does not happen to Internet (eg: 4.2.2.2 is Internet DNS server)
ChakriR1>ping 68.110.171.97 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 68.110.171.97, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms ChakriR1>ping 4.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) ChakriR1>
ChakriR1#ping 4.2.2.2 ChakriR1#sh ip route ChakriR1(congfig)#ip route 0.0.0.0 0.0.0.0 68.110.171.97 ---> Default route ChakriR1#sh ip route Note: Observe that Gateway of last resort changed. earlier ---> Gateway of last resort is not set. now ---> Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, Fast Ethernet 4 C 192.168.1.0/24 is directly connected, vlan 1/Fast Ethernet 0/0 C 192.168.2.0/24 is directly connected, serial 0/1/0 S 192.168.3.0/24[1/0] via 192.168.2.2 S* 0.0.0.0/0[1/0] via 68.110.171.97 The "*" indicates default
ChakriR1>ping 4.2.2.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) ChakriR1>sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 ChakriR1>en Password: ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#ip route 0.0.0.0 0.0.0.0 68.110.171.97 ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 68.110.171.97 ChakriR1# ChakriR2#ping 4.2.2.2 ---> it will ping now ChakriR2#ping 72.14.207.99 ---> googles ip address and this will ping. ChakriR2#ping www.google.com ---> it cannot resolve www.google.com to ip address. to configure name resolution, configure DNS servers ip address, the example shown below is public DNS server which usually has ip address 4.2.2.2 Like how we configure in Windows for DNS server ip lookup, we can do the same for Routers as well as below. ChakriR2(config)#ip name-server 4.2.2.2 Once configured, you can directly ping using names of web sites. ChakriR2#ping www.google.com Translating "www.google.com" domain server (4.2.2.2) [ok] sending 5, 100-byte ICMP Echos to 64.233.169.147, timeout is 2 seconds !!!!! ---> this shows it is pinging. resolved to this address
ChakriR1#ping 4.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 5/17/57 ms ChakriR1# ChakriR1#ping www.google.com Translating "www.google.com"...domain server (255.255.255.255) % Unrecognized host or address or protocol not running. ChakriR1(config)#ip ? access-list Named access-list default-network Flags networks as candidates for default routes dhcp Configure DHCP server and relay parameters domain IP DNS Resolver domain-lookup Enable IP Domain Name System hostname translation domain-name Define the default domain name forward-protocol Controls forwarding of physical and directed IP broadcasts host Add an entry to the ip hostname table inspect Context-based Access Control Engine ips Intrusion Prevention System local Specify local options name-server Specify address of name server to use nat NAT configuration commands route Establish static routes ssh secure shell configuration tcp Global TCP parameters ChakriR1(config)#ip nam ChakriR1(config)#ip name-server ? A.B.C.D Domain server IP address X:X:X:X::X Domain server IP address (maximum of 6) ChakriR1(config)#ip name-server 4.2.2.2 ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1#ping www.google.com Translating "www.google.com"...domain server (4.2.2.2) % Unrecognized host or address or protocol not running.
C1>ping 192.168.1.1 C1>ping 68.110.171.98 C1>ping 68.110.171.97 C1>ping 72.14.209.99 ---> does not ping due to private source address of this Laptop.
To do this we need a feature called NAT, the ISP discards packets coming from private addresses.
C1>ping 4.2.2.2 PC>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1.1: bytes=32 time=32ms TTL=255 Reply from 192.168.1.1: bytes=32 time=4ms TTL=255 Reply from 192.168.1.1: bytes=32 time=12ms TTL=255 Reply from 192.168.1.1: bytes=32 time=5ms TTL=255 Ping statistics for 192.168.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 4ms, Maximum = 32ms, Average = 13ms
PC>ping 68.110.171.98 Pinging 68.110.171.98 with 32 bytes of data: Reply from 68.110.171.98: bytes=32 time=52ms TTL=255 Reply from 68.110.171.98: bytes=32 time=40ms TTL=255 Reply from 68.110.171.98: bytes=32 time=40ms TTL=255 Reply from 68.110.171.98: bytes=32 time=40ms TTL=255 Ping statistics for 68.110.171.98: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 40ms, Maximum = 52ms, Average = 43ms PC>ping 68.110.171.97 Pinging 68.110.171.97 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 68.110.171.97:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), PC>ping 4.2.2.2 Pinging 4.2.2.2 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 4.2.2.2: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), PC>
Scenario Homework: Check pinging 192.168.2.1 from ChakriR1 by adding 192.168.2.0/24 route in
ChakriR1 towards 192.168.1.2 and pinging 192.168.2.2 with out having a route for 192.168.1.0/24 in ChakriR3.
0060.47E2.0B96
68.110.171.98 ChakriR1 192.168.1.1 192.168.1.1
68.110.171.96/27
ISP 68.110.171.97
fa 0/1
Cisco.com
Loopback0
NA 172.30.2.100 255.255.255.0
NA 192.168.3.20
Laptop0
0000.0CB9.D07B
255.255.255.0
fa 0/3 192.168.1.10 255.255.255.0 192.168.1.1
192.168.3.1 ChakriR3
192.168.3.0/24
Laptop1
000A.4137.9CE6
fa 0/3 172.30.2.10/230 255.255.255.0/252 172.30.2.1
Rouge7
0005.5E73.E0DC
Rouge4
0060.70C9.DE22
fa 0/4 192.168.1.50
fa 0/4 192.168.1.40
255.255.255.0 255.255.255.0 0.0.0.0 Rouge8

00E0.8F32.30EC
0.0.0.0 Rouge5
0090.0CAB.157D
fa 0/4 172.30.2.220
fa 0/4 172.30.2.120
255.255.255.0 255.255.255.0 0.0.0.0 Rouge9

0060.7040.B9C5
0.0.0.0 Rouge6
00E0.A396.6750
fa 0/4
fa 0/4
172.30.2.230/228-233 172.30.2.130 255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0
ChakriR1#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 3/21/50 ms ChakriR1#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 68.110.171.97 ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#ip route 192.168.2.0 255.255.255.0 192.168.1.2 ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/40 ms ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 S 192.168.2.0/24 [1/0] via 192.168.1.2 S* 0.0.0.0/0 [1/0] via 68.110.171.97 ChakriR1#ping 192.168.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
ChakriR3#ping 192.168.2.1 ---> ping happens ChakriR3#ping 192.168.1.1 ---> ping does not happen ChakriR3#sh ip route ChakriR3(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1 ChakriR3#sh ip route ChakriR3#ping 192.168.2.1 ---> ping happens ChakriR3#ping 192.168.1.1 ---> ping happens *********************************************** UNAUTHORISED LOGINS NOT ALLOWED *********************************************** ChakriR3>en Password: ChakriR3#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/14/30 ms ChakriR3#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) ChakriR3#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.2.0/24 is directly connected, FastEthernet4/0 192.168.3.0/32 is subnetted, 1 subnets C 192.168.3.20 is directly connected, Loopback0 ChakriR3#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR3(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1 ChakriR3(config)#exit ChakriR3# %SYS-5-CONFIG_I: Configured from console by console ChakriR3#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set S 192.168.1.0/24 [1/0] via 192.168.2.1 C 192.168.2.0/24 is directly connected, FastEthernet4/0 192.168.3.0/32 is subnetted, 1 subnets C 192.168.3.20 is directly connected, Loopback0
ChakriR3#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/26/50 ms ChakriR3#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 6/46/60 ms ChakriR3# ChakriR1#ping 192.168.3.20 ---> ping does not happen ChakriR1#sh ip route ChakriR1(config)#ip route 192.168.3.0 255.255.255.0 192.168.1.2 ChakriR1#sh ip route ChakriR1#ping 192.168.3.20 ---> ping happens ChakriR1#ping 192.168.3.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.20, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 S 192.168.2.0/24 [1/0] via 192.168.1.2 S* 0.0.0.0/0 [1/0] via 68.110.171.97 ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#ip route 192.168.3.0 255.255.255.0 192.168.1.2 ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console
ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 S 192.168.2.0/24 [1/0] via 192.168.1.2 S 192.168.3.0/24 [1/0] via 192.168.1.2 S* 0.0.0.0/0 [1/0] via 68.110.171.97 ChakriR1#ping 192.168.3.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.20, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 50/59/65 ms ChakriR1# Routing Protocols Routing protocol: Tell your friend what you know/gossip/rumour. Allows routers to build paths automatically. Types of Routing Protocols 1. Distance vector: Slow in detecting problems in network; small network environment; Backup will be an alternative. . Easy to configure . Not many features . RIP IGRP (Routing Information Protocol, Interoir Gateway Routing Protocol) 2. Link state: . Difficult to configure (More knowledge is required) . Feature-riffic (speed etc) . OSPF, IS-IS 3. Hybrid: . The best of both worlds (not standards based) . Proprietary (Cisco) (not the most popular protocol)
. EIGRP (Enhanced Interior Gateway Routing Protocol) (Best routing protocol that exists)
Understanding RIP . Algorithm first developed in 1969 . Comes in two versions RIPv1 and RIPv2 RIP v1: . Classful version (does not support VLSM) (Advertises networks but not subnet masks) . No Authentication (Rouge routers can poison the network by advertising networks, no password authentication) . Uses broadcast (once every 30 seconds advertises chocking network, even the PCs receives the routing info broadcasted, which is a waste and eventually drops the packets) adds 172.16.1.0/16 only if 172.16.x.x exists with one of its interfaces, then adds its subnet mask to 172.16.1.0/24.

0060.47E2.0B96
68.110.171.98 ChakriR1 192.168.1.1 192.168.1.1
68.110.171.96/27
ISP 68.110.171.97
fa 0/1
Cisco.com
Loopback0
NA 172.30.2.100 255.255.255.0
NA 192.168.3.20
Laptop0
0000.0CB9.D07B
255.255.255.0
fa 0/3 192.168.1.10 255.255.255.0 192.168.1.1
192.168.3.1 ChakriR3
192.168.3.0/24
Laptop1
000A.4137.9CE6
fa 0/3 172.30.2.10/230 255.255.255.0/252 172.30.2.1
Rouge7
0005.5E73.E0DC
Rouge4
0060.70C9.DE22
fa 0/4 192.168.1.50
fa 0/4 192.168.1.40
255.255.255.0 255.255.255.0 0.0.0.0 Rouge8

00E0.8F32.30EC
0.0.0.0 Rouge5
0090.0CAB.157D
fa 0/4 172.30.2.220
fa 0/4 172.30.2.120
255.255.255.0 255.255.255.0 0.0.0.0 Rouge9

0060.7040.B9C5
0.0.0.0 Rouge6
00E0.A396.6750
fa 0/4
fa 0/4
172.30.2.230/228-233 172.30.2.130 255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0
172.16.1.0
ChakriR2 ChakriR3
172.16.1.0/24
eMail Server
172.16.3.0/24
NA 192.168.1.55 255.255.255.0 int vlan 1

0060.47E2.0B96
192.168.1.1 192.168.1.0/24
68.110.171.98 ChakriR1 192.168.1.1
68.110.171.96/27
ISP 68.110.171.97
Cisco.com
ChakriSwitch
NA 172.30.2.180 255.255.255.0
192.168.3.20 192.168.1.2 ChakriR2 192.168.2.1 192.168.2.0/24 192.168.2.2 192.168.3.1 ChakriR3
192.168.3.0/24
Laptop3
0090.0CAB.157D
Rouge1
Laptop0
00D0.FF11.910E 0000.0CB9.D07B fa 3/1 192.168.1.51 fa 1/1 192.168.1.20 255.255.255.0 0.0.0.0
fa 2/1 192.168.1.50
255.255.255.0 255.255.255.0 0.0.0.0 Laptop4

0090.0CAB.157D
0.0.0.0 Rouge2 00E0.8F82.5297 fa 3/1 172.30.2.166
fa 2/1 172.30.2.51
255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0
RIP v2:
. Classless version (supports VLSM) (subnet masks are advertised)
. Adds Authentication . Uses Multicast (Instead of broadcast, uses Multicast, this reduces network traffic) only the routers receives the routing info Multicast.
Configuring RIP 1> Turn ON RIP (Global configuration) 2> Change version 3> Enter network statements ChakriR2#sh ip route Gateway of last resort not set C 192.168.1.0/24 is directly connected, Fast Ethernet 0/0 C 192.168.2.0/24 is directly connected, Serial 0/1/0 ChakriR2(congfig)#router rip ChakriR2(congfig-router)#version 2 Tell RIP what networks to advertise Tell RIP what interfaces to send Advertisements on. ChakriR2(congfig-router)#network 192.168.1.0 ChakriR2(congfig-router)#network 192.168.2.0
Note: At this point ChakriR2 starts advertising both the networks, but the other router drop the packets,
because they are configured with RIP. ChakriR2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.1.0/24 is directly connected, FastEthernet1/0 C 192.168.2.0/24 is directly connected, FastEthernet4/0 ChakriR2#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR2(config)#router ? eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) ospf Open Shortest Path First (OSPF) rip Routing Information Protocol (RIP) ChakriR2(config)#router rip ChakriR2(config-router)#version ? <1-2> version ChakriR2(config-router)#version 2 ChakriR2(config-router)#network 192.168.2.0 ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 68.110.171.97
ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#router ? eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) ospf Open Shortest Path First (OSPF) rip Routing Information Protocol (RIP) ChakriR1(config)#router rip ChakriR1(config-router)#version 2 ChakriR1(config-router)#exit ChakriR1(config)#router rip ChakriR1(config-router)#network 192.168.1.0 ChakriR1(config-router)#exit ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 68.110.171.97 ChakriR2(config-router)#network 192.168.1.0 ChakriR2(config-router)# ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:09, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 68.110.171.97 ChakriR1#
ChakriR3(config)#router rip ChakriR3(config-router)#version 2 ChakriR3(config-router)#network 192.168.3.2.0 ChakriR3#sh ip route Gateway of last resort is not set R 192.168.1.0/24 [120/1] via 192.168.2.1 00:00:06, Serial 0/0 One hop (how far away) Administrative distance (route cast) lower the better, for OSPF it will be less (110). Administrative distance indicates how believable is that route, lowe the better. "R" indicates RIP. "O" indicates OSPF. C 192.168.2.0/24 is directly connected, Serial 0/0 192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.3.0/30 is directly connected, Ethernet 0/0 C 192.168.3.20/32 is directly connected, Loopback 0 ChakriR2#sh ip route Gateway of last resort not set C 192.168.1.0/24 is directly connected, Fast Ethernet 0/0 C 192.168.2.0/24 is directly connected, Serial 0/1/0 ChakriR3(config)#router rip ChakriR3(config-router)#network 192.168.3.0 ChakriR2#sh ip route Gateway of last resort not set C 192.168.1.0/24 is directly connected, Fast Ethernet 0/0 C 192.168.2.0/24 is directly connected, Serial 0/1/0 R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:18, Serial 0/1/0 ChakriR3#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.2.0/24 is directly connected, FastEthernet4/0 ChakriR3#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR3(config)#router rip ChakriR3(config-router)#version 2 ChakriR3(config-router)#network 192.168.3.20 ChakriR3(config-router)#^Z ChakriR3# %SYS-5-CONFIG_I: Configured from console by console ChakriR3#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR, P - periodic downloaded static route
Gateway of last resort is not set C 192.168.2.0/24 is directly connected, FastEthernet4/0 C 192.168.3.20 is directly connected, Loopback0 ChakriR3#
ChakriR2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.1.0/24 is directly connected, FastEthernet1/0 C 192.168.2.0/24 is directly connected, FastEthernet4/0 ChakriR2# ChakriR3(config-router)#network 192.168.2.0 ChakriR3(config-router)#exit ChakriR3(config)#exit ChakriR3# %SYS-5-CONFIG_I: Configured from console by console ChakriR3#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R C 192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:00, FastEthernet4/0 192.168.2.0/24 is directly connected, FastEthernet4/0 192.168.3.0/32 is subnetted, 1 subnets C 192.168.3.20 is directly connected, Loopback0 ChakriR2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.1.0/24 is directly connected, FastEthernet1/0 C 192.168.2.0/24 is directly connected, FastEthernet4/0 R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:06, FastEthernet4/0 ChakriR2#
ChakriR1#sh ip route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, Fast Ethernet 4 C 192.168.1.0/24 is directly connected, Vlan1 S 192.168.2.0/24 [1/0] via 192.168.1.2 S 192.168.3.0/24 [1/0] via 192.168.1.2 S* 0.0.0.0/0[1/0] via 68.110.171.97 ChakriR1#sh run | include ip route All static routes will be displayed. ChakriR1(config)#remove all static routes except default routes. Note: The best solution to routing is the combination of dynamic and static routing. ChakriR1(config)#router rip ChakriR1(config-router)#version 2 ChakriR1(config-router)#network 192.168.1.0 ChakriR1#sh ip route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, Fast Ethernet 4 C 192.168.1.0/24 is directly connected, Vlan1 R 192.168.2.0/24 [120/1] via 192.168.1.2 00:00:09, Vlan1 RIP updates R 192.168.3.0/24 [120/2] via 192.168.1.2, 00:00:09, Vlan1 received S* 0.0.0.0/0[1/0] via 68.110.171.97 ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:15, FastEthernet0/0 R 192.168.3.0/24 [120/2] via 192.168.1.2, 00:00:15, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 68.110.171.97 ChakriR1#
Now routing ISP link using RIP (68.110.171.96/27 is by default Class A network, RIP being very old routing protocol, you will have to give them as Classfull (or) default class with SNM:255.0.0.0) ChakriR1(config)#router rip ChakriR1(config-router)#network 68.0.0.0 ChakriR2#sh ip route Gateway of last resort is not set R 68.0.0.0/8 [120/1] via 192.168.1.1, 00:00:14, Fast Ethernet 0/0 ---> summarised to Class A by ChakriR2 and Advertised. C 192.168.1.0/24 is directly connected, Fast Ethernet 0/0 C 192.168.2.0/24 is directly connected, Serial 0/1/0 R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:27, Serial 0/1/0 ChakriR1(config)#router rip ChakriR1(config-router)#no auto-summary ChakriR2(config)#router rip ChakriR2(config-router)#no auto-summary ChakriR3(config)#router rip ChakriR3(config-router)#no auto-summary ChakriR2#sh ip route Note: Check the difference Gateway of last resort is not set 68.0.0.0/8 is variably subnetted, 2 subnets, 2 masks R 68.0.0.0/8 [120/1] via 192.168.1.1, 00:00:57, Fast Ethernet 0/0 ---> This will disappear after timeout value. R 68.110.171.96/27 [120/1] via 192.168.1.1, 00:00:00, Fast Ethernet 0/0 ---> check this C 192.168.1.0/24 is directly connected, Fast Ethernet 0/0 C 192.168.2.0/24 is directly connected, Serial 0/1/0 192.168.3.0/24 is variably subnetted, 3 subnets, 3 masks R 192.168.3.0/30 [120/1] via 192.168.2.2, 00:00:07, Serial 0/1/0 R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:36, Serial 0/1/0 R 192.168.3.0/32 [120/1] via 192.168.2.2, 00:00:07, Serial 0/1/0 ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#router rip ChakriR1(config-router)#network 68.0.0.0 ChakriR1(config-router)# ChakriR2>sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R 68.0.0.0/8 [120/1] via 192.168.1.1, 00:00:04, FastEthernet1/0 C 192.168.1.0/24 is directly connected, FastEthernet1/0 C 192.168.2.0/24 is directly connected, FastEthernet4/0 R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:20, FastEthernet4/0 ChakriR2> ChakriR1(config-router)#no auto-summary ChakriR1(config-router)#
ChakriR2>sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 68.0.0.0/8 is variably subnetted, 2 subnets, 2 masks R 68.0.0.0/8 [120/1] via 192.168.1.1, 00:00:44, FastEthernet1/0 R 68.110.171.96/27 [120/1] via 192.168.1.1, 00:00:15, FastEthernet1/0 C 192.168.1.0/24 is directly connected, FastEthernet1/0 C 192.168.2.0/24 is directly connected, FastEthernet4/0 R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:09, FastEthernet4/0 ChakriR2> ChakriR3>sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R 68.0.0.0/8 [120/2] via 192.168.2.1, 00:00:26, FastEthernet4/0 R 192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:26, FastEthernet4/0 C 192.168.2.0/24 is directly connected, FastEthernet4/0 192.168.3.0/32 is subnetted, 1 subnets C 192.168.3.20 is directly connected, Loopback0 ChakriR3> ChakriR2(config)#router rip ChakriR2(config-router)#no a ChakriR2(config-router)#no auto-summary ChakriR2(config-router)# ChakriR3>sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 68.0.0.0/8 is variably subnetted, 2 subnets, 2 masks R 68.0.0.0/8 is possibly down, routing via 192.168.2.1, FastEthernet4/0 R 68.110.171.96/27 [120/2] via 192.168.2.1, 00:00:01, FastEthernet4/0 R 192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:01, FastEthernet4/0 C 192.168.2.0/24 is directly connected, FastEthernet4/0 192.168.3.0/32 is subnetted, 1 subnets C 192.168.3.20 is directly connected, Loopback0 ChakriR3>
Note: Even if "no auto-summary" is configured, you will have to give the network statements class-full version, if we make a mistake and give 68.110.171.96 (reverse engineered) it will accept, but it fixes for you and takes only 68.0.0.0 (check sh run) but in exam,
the simulators may take but does not fix it for you, therefore results in wronge configuration.
ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:15, FastEthernet0/0 R 192.168.3.0/24 [120/2] via 192.168.1.2, 00:00:15, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 68.110.171.97 ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#no router rip ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C 68.110.171.96 is directly connected, FastEthernet0/1 C 192.168.1.0/24 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 68.110.171.97 ChakriR1#sh run Building configuration... Current configuration : 1146 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname ChakriR1 ! !
! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ! username chakri privilege 15 password 0 cisco ! ! ! ! ! ip domain-name nuggetlab.com ip name-server 4.2.2.2 ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 description INTERNET WAN PORT ip address 68.110.171.98 255.255.255.224 duplex auto speed auto ! interface Vlan1 no ip address ! ip classless ip route 0.0.0.0 0.0.0.0 68.110.171.97 ! ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.19 ip dhcp excluded-address 192.168.1.101 192.168.1.254 ! ip dhcp pool LAN_Addresses network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 4.2.2.2 ! banner motd ^C ********************************************** No Login without Permission ********************************************** ^C ! ! !
! line con 0 exec-timeout 30 0 password cisco logging synchronous line vty 0 4 login local line vty 5 15 login local ! ! ! end
ChakriR1# ChakriR2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 68.0.0.0/27 is subnetted, 1 subnets R 68.110.171.96 is possibly down, routing via 192.168.1.1, FastEthernet1/0 C 192.168.1.0/24 is directly connected, FastEthernet1/0 C 192.168.2.0/24 is directly connected, FastEthernet4/0 R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:18, FastEthernet4/0 ChakriR2#
After some time RIP routes of ChakriR1 are completely gone from ChakriR2, because RIP was removed from ChakriR1
ChakriR2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.1.0/24 is directly connected, FastEthernet1/0 C 192.168.2.0/24 is directly connected, FastEthernet4/0 R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:01, FastEthernet4/0 ChakriR2#
Configure RIP back on router ChakriR1 with Classless network. ChakriR1# ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#router rip ChakriR1(config-router)#no auto ChakriR1(config-router)#no auto-summary ChakriR1(config-router)#network 68.110.171.96 ChakriR1(config-router)#exit ChakriR1(config)# ChakriR1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 68.110.171.97 to network 0.0.0.0 68.0.0.0/27 is subnetted, 1 subnets C C R R 68.110.171.96 is directly connected, FastEthernet0/1 192.168.1.0/24 is directly connected, FastEthernet0/0 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:23, FastEthernet0/0 192.168.3.0/24 [120/2] via 192.168.1.2, 00:00:23, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 68.110.171.97 ChakriR1#sh run Building configuration... Current configuration : 1188 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname ChakriR1 ! ! ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ! username chakri privilege 15 password 0 cisco ! ! ! ! ! ip domain-name nuggetlab.com ip name-server 4.2.2.2 !
! ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 description INTERNET WAN PORT ip address 68.110.171.98 255.255.255.224 duplex auto speed auto ! interface Vlan1 no ip address ! router rip version 2 network 68.0.0.0 network 192.168.1.0 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 68.110.171.97 ! ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.19 ip dhcp excluded-address 192.168.1.101 192.168.1.254 ! ip dhcp pool LAN_Addresses network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 4.2.2.2 ! banner motd ^C ********************************************** No Login without Permission ********************************************** ^C ! line con 0 exec-timeout 30 0 password cisco logging synchronous line vty 0 4 login local line vty 5 15 login local ! end ChakriR1#
ChakriR1#sh ip route ChakriR2#sh ip route ChakriR3#sh ip route Gateway of last resort is not set 68.0.0.0/8 is variably subnetted, 2 subnets, 2 masks R 68.0.0.0/8 [120/2] via 192.168.2.1, 00:00:22, Serial 0/0 R 68.110.171.96/27 [120/2] via 192.168.2.1, 00:00:22, Serial 0/0 R 192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:22, Serial 0/0 C 192.168.2.0/24 is directly connected, Serial 0/0 192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.3.0/30 is directly connected, Ethernet 0/0 C 192.168.3.20/32 is directly connected, Loopback0
ChakriR1#ping 68.110.171.98 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 68.110.171.98, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/10 ms ChakriR1# ChakriR3>ping 192.168.3.20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.20, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 10/22/71 ms ChakriR3>
ChakriR3#sh ip protocols Shows all running protocols with details. ChakriR2#sh ip protocols ChakriR1#sh ip protocols ChakriR3#debug ip rip ---> boggs you down (production network) (Check RIP updates) ChakriR3#no debug ip rip ChakriR3#u all ---> stops all debug ChakriR3> ChakriR3>sh ip ? arp IP ARP table dhcp Show items in the DHCP database eigrp IP-EIGRP show commands interface IP interface status and configuration nbar Network-Based Application Recognition ospf OSPF information protocols IP routing protocol process parameters and statistics rip IP RIP show commands route IP routing table ssh Information on SSH ChakriR3>sh ip pr ChakriR3>sh ip protocols ? <cr> ChakriR3>sh ip protocols Routing Protocol is "rip" Sending updates every 30 seconds, next due in 16 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set Redistributing: rip Default version control: send version 2, receive 2 Interface Send Recv Triggered RIP Key-chain FastEthernet4/0 2 2 Loopback0 2 2 Automatic network summarization is in effect Maximum path: 4 Routing for Networks: 192.168.2.0 192.168.3.0 Passive Interface(s): Routing Information Sources: Gateway Distance Last Update 192.168.2.1 120 00:00:18 Distance: (default is 120) ChakriR3>debug ? % Unrecognized command ChakriR3>en Password: ChakriR3#deg ChakriR3#deb ChakriR3#debug ? aaa AAA Authentication, Authorization and Accounting custom-queue Custom output queueing eigrp EIGRP Protocol information frame-relay Frame Relay ip IP information ntp NTP information ppp PPP (Point to Point Protocol) information ChakriR3#debug ip ? icmp ICMP transactions nat NAT events ospf OSPF information packet Packet information rip RIP protocol transactions routing Routing table events ChakriR3#debug ip rip ? events RIP protocol events <cr> ChakriR3#debug ip rip RIP protocol debugging is on ChakriR3#RIP: received v2 update from 192.168.2.1 on FastEthernet4/0 68.110.171.96/27 via 0.0.0.0 in 2 hops 192.168.1.0/24 via 0.0.0.0 in 1 hops RIP: sending v2 update to 224.0.0.9 via FastEthernet4/0 (192.168.2.2) RIP: build update entries 192.168.3.0/24 via 0.0.0.0, metric 1, tag 0 RIP: sending v2 update to 224.0.0.9 via Loopback0 (192.168.3.20) RIP: build update entries 68.0.0.0/8 via 0.0.0.0, metric 3, tag 0 192.168.1.0/24 via 0.0.0.0, metric 2, tag 0 192.168.2.0/24 via 0.0.0.0, metric 1, tag 0 RIP: received v2 update from 192.168.2.1 on FastEthernet4/0 68.110.171.96/27 via 0.0.0.0 in 2 hops
192.168.1.0/24 via 0.0.0.0 in 1 hops RIP: sending v2 update to 224.0.0.9 via FastEthernet4/0 (192.168.2.2) RIP: build update entries 192.168.3.0/24 via 0.0.0.0, metric 1, tag 0 RIP: sending v2 update to 224.0.0.9 via Loopback0 (192.168.3.20) RIP: build update entries 68.0.0.0/8 via 0.0.0.0, metric 3, tag 0 192.168.1.0/24 via 0.0.0.0, metric 2, tag 0 192.168.2.0/24 via 0.0.0.0, metric 1, tag 0 ChakriR3#no debug ip rip RIP protocol debugging is off ChakriR3#u ? aaa AAA Authentication, Authorization and Accounting all Enable all debugging custom-queue Custom output queueing eigrp EIGRP Protocol information frame-relay Frame Relay ip IP information ntp NTP information ppp PPP (Point to Point Protocol) information ChakriR3#u all All possible debugging has been turned off ChakriR3# NAT = Network Address Translator Internet is so big that it ran out of Public ip addresses. NAT allows multiple devices to share an internet ip address. NAT helped this way. Now a days NAT became a prohibitor of progress from moving ahead for IPv6. NAT first started in 1990's. NAT has some disadvantages also. How NAT works NAT Table Inside Address Outside Address 192.168.1.50:6751 200.1.1.1:6751 192.168.1.100:1536 200.1.1.1:1536 Ports = 0 to 65535 How PAT works PAT Table Inside Address Outside Address 192.168.1.50:6751 (sent first) 200.1.1.1:6751 (sent first) sent out first
192.168.1.100:6751 (a millisecond later) 200.1.1.1:6752 (because 6751 is tiedup it allots 6752)
sent out later
This form of NAT is commonly called PAT = Port Address Translator. Static NAT Hosting Servers using Static NAT (eg: eMail Server) NAT/PAT Table Type Inside Address Outside Address NAT/PAT 192.168.1.50:6751 (sent first) 200.1.1.1:6751 (sent first) Static entry 192.168.1.100 (eMail Server) 200.1.1.2
Note: Static NAT has no problem at all being combined with PAT (technically called NAT overload).
Configuring NAT using the SDM C>ping 192.168.1.1 ---> it pings C>ping 68.110.171.98 ---> it pings (because this public ip is on own router interface it allows private source address to ping) C>ping 68.110.171.97 ---> it does not ping (because the ISP does not allow private address as source addresses) PC>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from Reply from Reply from Reply from 192.168.1.1: bytes=32 time=33ms TTL=255 192.168.1.1: bytes=32 time=40ms TTL=255 192.168.1.1: bytes=32 time=40ms TTL=255 192.168.1.1: bytes=32 time=40ms TTL=255
Ping statistics for 192.168.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 33ms, Maximum = 40ms, Average = 38ms PC>ping 68.110.171.98 Pinging 68.110.171.98 with 32 bytes of data: Reply from Reply from Reply from Reply from 68.110.171.98: bytes=32 time=50ms TTL=255 68.110.171.98: bytes=32 time=30ms TTL=255 68.110.171.98: bytes=32 time=40ms TTL=255 68.110.171.98: bytes=32 time=40ms TTL=255
Ping statistics for 68.110.171.98: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 30ms, Maximum = 50ms, Average = 40ms PC>ping 68.110.171.97 Pinging 68.110.171.97 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 68.110.171.97: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), PC>
use SDM to login into Router

Home Configure NAT Interfaces and Connection Firewall and ACL Create NAT Configuration Edit NAT Configuration Monitor Refresh Save Search Help
( . ) Basic NAT (PAT) this called NAT overload.

If you have PCs or hosts on the LAN that need access to the
VPN
internal, select this one. ( . ) Advanced NAT (this is called STATIC NAT) If you are hosting Servers (eg: WEB Servers, eMail Servers)
that users outside your network need access to, select this option.
Security Audit
Note: If you have already configured basic NAT you can always convert it to advanced NAT by using tab
Edit NAT Configuration Launch the Select task Choose an interface Details
Routing
NAT
IP Address range
68.110.171.96 to 68.110.171.127 192.168.1.0 to 192.168.1.255
Connected thru
Fast Ethernet Vlan 1
Comment
Intrusion Prevention Quality of Service
Share the connection that you have chosen above.

Finish
NAC
access-list 1 remark SDM-ACL Category=2

access-list 1 permit 192.168.1.0 0.0.0.255 ---> wild card mask, it is essentially the oposite of subnet mask.
Access list permitting or allowing any address starting with 192.168.1 (Access list 1) interface vlan1 ip nat inside exit interface Fast Ethernet 4 ip nat outside exit ip nat inside source list 1 interface Fast Ethernet 4 overload if this not there it allows only one Laptop to connect to internet. (I would like to NAT from the inside of my network which I designated the source ip addresses in access list number 1.) Note: DNS lookup uses UDP protocol and uses destination port 53. After some time if you leave the web page inactive, the sessions will close down, now check router ChakriR1#sh ip nat translation they will become lesser.
ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#access ChakriR1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list ChakriR1(config)#access-list 1 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment ChakriR1(config)#access-list 1 re ChakriR1(config)#access-list 1 remark ? LINE Comment up to 100 characters ChakriR1(config)#access-list 1 remark SDM-ACL ? <cr> ChakriR1(config)#access-list 1 remark SDM-ACL ChakriR1(config)#acc ChakriR1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list ChakriR1(config)#access-list 1 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment ChakriR1(config)#access-list 1 pe ChakriR1(config)#access-list 1 permit ? A.B.C.D Address to match any Any source host host A single host address ChakriR1(config)#access-list 1 permit 192.168.1.0 0.0.0.255 ChakriR1(config)#int ChakriR1(config)#interface ? Ethernet IEEE 802.3 FastEthernet FastEthernet IEEE 802.3 GigabitEthernet GigabitEthernet IEEE 802.3z Loopback Loopback interface Serial Serial Tunnel Tunnel interface Vlan Catalyst Vlans range interface range command ChakriR1(config)#interface fa 0/0 ChakriR1(config-if)#ip ? access-group Specify access control for packets address Set the IP address of an interface hello-interval Configures IP-EIGRP hello interval helper-address Specify a destination address for UDP broadcasts inspect Apply inspect name ips Create IPS rule mtu Set IP Maximum Transmission Unit nat NAT interface commands ospf OSPF interface commands split-horizon Perform split horizon summary-address Perform address summarization virtual-reassembly Virtual Reassembly ChakriR1(config-if)#ip nat ?
inside Inside interface for address translation outside Outside interface for address translation ChakriR1(config-if)#ip nat inside ChakriR1(config-if)#ip nat inside ? <cr> ChakriR1(config-if)#ip nat inside ? <cr> ChakriR1(config-if)#ip nat inside ChakriR1(config-if)#int ChakriR1(config-if)#int ChakriR1(config-if)#inte ChakriR1(config-if)#exit ChakriR1(config)#int ChakriR1(config)#interface ? Ethernet IEEE 802.3 FastEthernet FastEthernet IEEE 802.3 GigabitEthernet GigabitEthernet IEEE 802.3z Loopback Loopback interface Serial Serial Tunnel Tunnel interface Vlan Catalyst Vlans range interface range command ChakriR1(config)#interface fa 0/1 ChakriR1(config-if)#ip ? access-group Specify access control for packets address Set the IP address of an interface hello-interval Configures IP-EIGRP hello interval helper-address Specify a destination address for UDP broadcasts inspect Apply inspect name ips Create IPS rule mtu Set IP Maximum Transmission Unit nat NAT interface commands ospf OSPF interface commands split-horizon Perform split horizon summary-address Perform address summarization virtual-reassembly Virtual Reassembly ChakriR1(config-if)#ip nat ? inside Inside interface for address translation outside Outside interface for address translation ChakriR1(config-if)#ip nat outside ChakriR1(config-if)#exit ChakriR1(config)#ip ? access-list Named access-list default-network Flags networks as candidates for default routes dhcp Configure DHCP server and relay parameters domain IP DNS Resolver domain-lookup Enable IP Domain Name System hostname translation domain-name Define the default domain name forward-protocol Controls forwarding of physical and directed IP broadcasts host Add an entry to the ip hostname table inspect Context-based Access Control Engine ips Intrusion Prevention System local Specify local options name-server Specify address of name server to use nat NAT configuration commands
route Establish static routes ssh secure shell configuration tcp Global TCP parameters ChakriR1(config)#ip nat ? inside Inside address translation outside Outside address translation pool Define pool of addresses ChakriR1(config)#ip nat inside ? source Source address translation ChakriR1(config)#ip nat inside source ? list Specify access list describing local addresses static Specify static local->global mapping ChakriR1(config)#ip nat inside source list ? <1-199> Access list number for local addresses WORD Access list name for local addresses ChakriR1(config)#ip nat inside source list 1 ? interface Specify interface for global address pool Name pool of global addresses ChakriR1(config)#ip nat inside source list 1 inter ChakriR1(config)#ip nat inside source list 1 interface ? Ethernet IEEE 802.3 FastEthernet FastEthernet IEEE 802.3 GigabitEthernet GigabitEthernet IEEE 802.3z Serial Serial ChakriR1(config)#ip nat inside source list 1 interface fa ChakriR1(config)#ip nat inside source list 1 interface fastEthernet ? <0-9> FastEthernet interface number ChakriR1(config)#ip nat inside source list 1 interface fastEthernet 0/1 ? overload Overload an address translation <cr> ChakriR1(config)#ip nat inside source list 1 interface fastEthernet 0/1 ove ChakriR1(config)#ip nat inside source list 1 interface fastEthernet 0/1 overload ? <cr> ChakriR1(config)#ip nat inside source list 1 interface fastEthernet 0/1 overload ChakriR1(config)#
C>ping 68.110.171.97 ---> it will ping now (because the NAT changes source address to public address of interface) C>ping 4.2.2.2 ---> it will ping now (because the NAT changes source address to public address of interface) PC>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from Reply from Reply from Reply from 192.168.1.1: bytes=32 time=24ms TTL=255 192.168.1.1: bytes=32 time=14ms TTL=255 192.168.1.1: bytes=32 time=40ms TTL=255 192.168.1.1: bytes=32 time=40ms TTL=255
Ping statistics for 192.168.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 14ms, Maximum = 40ms, Average = 29ms PC>ping 68.110.171.98 Pinging 68.110.171.98 with 32 bytes of data: Reply from Reply from Reply from Reply from 68.110.171.98: bytes=32 time=33ms TTL=255 68.110.171.98: bytes=32 time=40ms TTL=255 68.110.171.98: bytes=32 time=40ms TTL=255 68.110.171.98: bytes=32 time=40ms TTL=255
Ping statistics for 68.110.171.98: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 33ms, Maximum = 40ms, Average = 38ms PC>ping 68.110.171.97 Pinging 68.110.171.97 with 32 bytes of data: Reply from 68.110.171.97: bytes=32 time=61ms TTL=254 Reply from 68.110.171.97: bytes=32 time=30ms TTL=254 Reply from 68.110.171.97: bytes=32 time=16ms TTL=254 Reply from 68.110.171.97: bytes=32 time=15ms TTL=254 Ping statistics for 68.110.171.97: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 15ms, Maximum = 61ms, Average = 30ms PC>ping 4.2.2.2 Pinging 4.2.2.2 with 32 bytes of data: Reply from 4.2.2.2: bytes=32 time=62ms TTL=126 Reply from 4.2.2.2: bytes=32 time=14ms TTL=126 Reply from 4.2.2.2: bytes=32 time=70ms TTL=126 Reply from 4.2.2.2: bytes=32 time=80ms TTL=126 Ping statistics for 4.2.2.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 14ms, Maximum = 80ms, Average = 56ms PC>
eMail Server>ping -n 1000 4.2.2.2 Laptop0>ping -n 1000 4.2.2.2 DHCP Client>ping -n 1000 4.2.2.2 ChakriR1#sh ip nat translations
Protocol Inside Global Inside Local Outside Local Outside Global
Home work: Study the output ChakriR1#sh ip ? access-lists List access lists arp IP ARP table dhcp Show items in the DHCP database eigrp IP-EIGRP show commands inspect CBAC (Context Based Access Control) information interface IP interface status and configuration ips IPS (Intrusion Prevention System) information nat IP NAT information nbar Network-Based Application Recognition ospf OSPF information protocols IP routing protocol process parameters and statistics rip IP RIP show commands route IP routing table ssh Information on SSH ChakriR1#sh ip nat ? statistics Translation statistics translations Translation entries ChakriR1#sh ip nat t ChakriR1#sh ip nat translations ? <cr> ChakriR1#sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 68.110.171.98:39 192.168.1.10:39 4.2.2.2:39 4.2.2.2:39 icmp 68.110.171.98:40 192.168.1.10:40 4.2.2.2:40 4.2.2.2:40 icmp 68.110.171.98:41 192.168.1.10:41 4.2.2.2:41 4.2.2.2:41 icmp 68.110.171.98:42 192.168.1.10:42 4.2.2.2:42 4.2.2.2:42 icmp 68.110.171.98:43 192.168.1.10:43 4.2.2.2:43 4.2.2.2:43 icmp 68.110.171.98:44 192.168.1.10:44 4.2.2.2:44 4.2.2.2:44 icmp 68.110.171.98:45 192.168.1.10:45 4.2.2.2:45 4.2.2.2:45 icmp 68.110.171.98:46 192.168.1.10:46 4.2.2.2:46 4.2.2.2:46 icmp 68.110.171.98:47 192.168.1.10:47 4.2.2.2:47 4.2.2.2:47 icmp 68.110.171.98:48 192.168.1.10:48 4.2.2.2:48 4.2.2.2:48 icmp 68.110.171.98:49 192.168.1.10:49 4.2.2.2:49 4.2.2.2:49 icmp 68.110.171.98:50 192.168.1.10:50 4.2.2.2:50 4.2.2.2:50 icmp 68.110.171.98:51 192.168.1.10:51 4.2.2.2:51 4.2.2.2:51 icmp 68.110.171.98:52 192.168.1.10:52 4.2.2.2:52 4.2.2.2:52 icmp 68.110.171.98:53 192.168.1.10:53 4.2.2.2:53 4.2.2.2:53 icmp 68.110.171.98:54 192.168.1.10:54 4.2.2.2:54 4.2.2.2:54 icmp 68.110.171.98:55 192.168.1.10:55 4.2.2.2:55 4.2.2.2:55 icmp 68.110.171.98:56 192.168.1.10:56 4.2.2.2:56 4.2.2.2:56 icmp 68.110.171.98:57 192.168.1.10:57 4.2.2.2:57 4.2.2.2:57 icmp 68.110.171.98:58 192.168.1.10:58 4.2.2.2:58 4.2.2.2:58 icmp 68.110.171.98:59 192.168.1.10:59 4.2.2.2:59 4.2.2.2:59 icmp 68.110.171.98:60 192.168.1.10:60 4.2.2.2:60 4.2.2.2:60 icmp 68.110.171.98:61 192.168.1.10:61 4.2.2.2:61 4.2.2.2:61 icmp 68.110.171.98:62 192.168.1.10:62 4.2.2.2:62 4.2.2.2:62 icmp 68.110.171.98:63 192.168.1.10:63 4.2.2.2:63 4.2.2.2:63 icmp 68.110.171.98:64 192.168.1.10:64 4.2.2.2:64 4.2.2.2:64
icmp 68.110.171.98:65 192.168.1.10:65 4.2.2.2:65 icmp 68.110.171.98:66 192.168.1.10:66 4.2.2.2:66 icmp 68.110.171.98:67 192.168.1.10:67 4.2.2.2:67 icmp 68.110.171.98:68 192.168.1.10:68 4.2.2.2:68 icmp 68.110.171.98:69 192.168.1.10:69 4.2.2.2:69 icmp 68.110.171.98:70 192.168.1.10:70 4.2.2.2:70 icmp 68.110.171.98:71 192.168.1.10:71 4.2.2.2:71 icmp 68.110.171.98:72 192.168.1.10:72 4.2.2.2:72 icmp 68.110.171.98:73 192.168.1.10:73 4.2.2.2:73 icmp 68.110.171.98:74 192.168.1.10:74 4.2.2.2:74 icmp 68.110.171.98:75 192.168.1.10:75 4.2.2.2:75 icmp 68.110.171.98:76 192.168.1.10:76 4.2.2.2:76 icmp 68.110.171.98:77 192.168.1.10:77 4.2.2.2:77 icmp 68.110.171.98:78 192.168.1.10:78 4.2.2.2:78 icmp 68.110.171.98:79 192.168.1.10:79 4.2.2.2:79 icmp 68.110.171.98:80 192.168.1.10:80 4.2.2.2:80 icmp 68.110.171.98:81 192.168.1.10:81 4.2.2.2:81 icmp 68.110.171.98:82 192.168.1.10:82 4.2.2.2:82 icmp 68.110.171.98:83 192.168.1.10:83 4.2.2.2:83 icmp 68.110.171.98:84 192.168.1.10:84 4.2.2.2:84 icmp 68.110.171.98:85 192.168.1.10:85 4.2.2.2:85 icmp 68.110.171.98:86 192.168.1.10:86 4.2.2.2:86 icmp 68.110.171.98:87 192.168.1.10:87 4.2.2.2:87 icmp 68.110.171.98:88 192.168.1.10:88 4.2.2.2:88 icmp 68.110.171.98:89 192.168.1.10:89 4.2.2.2:89 icmp 68.110.171.98:90 192.168.1.10:90 4.2.2.2:90 icmp 68.110.171.98:381 192.168.1.100:381 4.2.2.2:381 icmp 68.110.171.98:382 192.168.1.100:382 4.2.2.2:382 icmp 68.110.171.98:383 192.168.1.100:383 4.2.2.2:383 icmp 68.110.171.98:384 192.168.1.100:384 4.2.2.2:384 icmp 68.110.171.98:385 192.168.1.100:385 4.2.2.2:385 icmp 68.110.171.98:386 192.168.1.100:386 4.2.2.2:386 icmp 68.110.171.98:387 192.168.1.100:387 4.2.2.2:387 icmp 68.110.171.98:388 192.168.1.100:388 4.2.2.2:388 icmp 68.110.171.98:389 192.168.1.100:389 4.2.2.2:389 icmp 68.110.171.98:390 192.168.1.100:390 4.2.2.2:390 icmp 68.110.171.98:391 192.168.1.100:391 4.2.2.2:391 icmp 68.110.171.98:392 192.168.1.100:392 4.2.2.2:392 icmp 68.110.171.98:393 192.168.1.100:393 4.2.2.2:393 icmp 68.110.171.98:394 192.168.1.100:394 4.2.2.2:394 icmp 68.110.171.98:395 192.168.1.100:395 4.2.2.2:395 icmp 68.110.171.98:396 192.168.1.100:396 4.2.2.2:396 icmp 68.110.171.98:397 192.168.1.100:397 4.2.2.2:397 icmp 68.110.171.98:398 192.168.1.100:398 4.2.2.2:398 icmp 68.110.171.98:399 192.168.1.100:399 4.2.2.2:399 icmp 68.110.171.98:400 192.168.1.100:400 4.2.2.2:400 icmp 68.110.171.98:401 192.168.1.100:401 4.2.2.2:401 icmp 68.110.171.98:402 192.168.1.100:402 4.2.2.2:402 icmp 68.110.171.98:403 192.168.1.100:403 4.2.2.2:403 icmp 68.110.171.98:404 192.168.1.100:404 4.2.2.2:404 icmp 68.110.171.98:405 192.168.1.100:405 4.2.2.2:405 icmp 68.110.171.98:406 192.168.1.100:406 4.2.2.2:406 icmp 68.110.171.98:407 192.168.1.100:407 4.2.2.2:407 icmp 68.110.171.98:408 192.168.1.100:408 4.2.2.2:408 icmp 68.110.171.98:409 192.168.1.100:409 4.2.2.2:409
4.2.2.2:65 4.2.2.2:66 4.2.2.2:67 4.2.2.2:68 4.2.2.2:69 4.2.2.2:70 4.2.2.2:71 4.2.2.2:72 4.2.2.2:73 4.2.2.2:74 4.2.2.2:75 4.2.2.2:76 4.2.2.2:77 4.2.2.2:78 4.2.2.2:79 4.2.2.2:80 4.2.2.2:81 4.2.2.2:82 4.2.2.2:83 4.2.2.2:84 4.2.2.2:85 4.2.2.2:86 4.2.2.2:87 4.2.2.2:88 4.2.2.2:89 4.2.2.2:90 4.2.2.2:381 4.2.2.2:382 4.2.2.2:383 4.2.2.2:384 4.2.2.2:385 4.2.2.2:386 4.2.2.2:387 4.2.2.2:388 4.2.2.2:389 4.2.2.2:390 4.2.2.2:391 4.2.2.2:392 4.2.2.2:393 4.2.2.2:394 4.2.2.2:395 4.2.2.2:396 4.2.2.2:397 4.2.2.2:398 4.2.2.2:399 4.2.2.2:400 4.2.2.2:401 4.2.2.2:402 4.2.2.2:403 4.2.2.2:404 4.2.2.2:405 4.2.2.2:406 4.2.2.2:407 4.2.2.2:408 4.2.2.2:409
icmp 68.110.171.98:410 192.168.1.100:410 4.2.2.2:410 icmp 68.110.171.98:411 192.168.1.100:411 4.2.2.2:411 icmp 68.110.171.98:412 192.168.1.100:412 4.2.2.2:412 icmp 68.110.171.98:413 192.168.1.100:413 4.2.2.2:413 icmp 68.110.171.98:414 192.168.1.100:414 4.2.2.2:414 icmp 68.110.171.98:415 192.168.1.100:415 4.2.2.2:415 icmp 68.110.171.98:416 192.168.1.100:416 4.2.2.2:416 icmp 68.110.171.98:417 192.168.1.100:417 4.2.2.2:417 icmp 68.110.171.98:418 192.168.1.100:418 4.2.2.2:418 icmp 68.110.171.98:419 192.168.1.100:419 4.2.2.2:419 icmp 68.110.171.98:420 192.168.1.100:420 4.2.2.2:420 icmp 68.110.171.98:421 192.168.1.100:421 4.2.2.2:421 icmp 68.110.171.98:422 192.168.1.100:422 4.2.2.2:422 icmp 68.110.171.98:423 192.168.1.100:423 4.2.2.2:423 icmp 68.110.171.98:424 192.168.1.100:424 4.2.2.2:424 icmp 68.110.171.98:425 192.168.1.100:425 4.2.2.2:425 icmp 68.110.171.98:426 192.168.1.100:426 4.2.2.2:426 icmp 68.110.171.98:427 192.168.1.100:427 4.2.2.2:427 icmp 68.110.171.98:428 192.168.1.100:428 4.2.2.2:428 icmp 68.110.171.98:429 192.168.1.100:429 4.2.2.2:429 icmp 68.110.171.98:430 192.168.1.100:430 4.2.2.2:430 icmp 68.110.171.98:431 192.168.1.100:431 4.2.2.2:431 icmp 68.110.171.98:432 192.168.1.100:432 4.2.2.2:432 icmp 68.110.171.98:433 192.168.1.100:433 4.2.2.2:433 icmp 68.110.171.98:434 192.168.1.100:434 4.2.2.2:434 icmp 68.110.171.98:435 192.168.1.100:435 4.2.2.2:435 icmp 68.110.171.98:436 192.168.1.100:436 4.2.2.2:436 icmp 68.110.171.98:437 192.168.1.100:437 4.2.2.2:437 icmp 68.110.171.98:317 192.168.1.20:317 4.2.2.2:317 icmp 68.110.171.98:318 192.168.1.20:318 4.2.2.2:318 icmp 68.110.171.98:319 192.168.1.20:319 4.2.2.2:319 icmp 68.110.171.98:320 192.168.1.20:320 4.2.2.2:320 icmp 68.110.171.98:321 192.168.1.20:321 4.2.2.2:321 icmp 68.110.171.98:322 192.168.1.20:322 4.2.2.2:322 icmp 68.110.171.98:323 192.168.1.20:323 4.2.2.2:323 icmp 68.110.171.98:324 192.168.1.20:324 4.2.2.2:324 icmp 68.110.171.98:325 192.168.1.20:325 4.2.2.2:325 icmp 68.110.171.98:326 192.168.1.20:326 4.2.2.2:326 icmp 68.110.171.98:327 192.168.1.20:327 4.2.2.2:327 icmp 68.110.171.98:328 192.168.1.20:328 4.2.2.2:328 icmp 68.110.171.98:329 192.168.1.20:329 4.2.2.2:329 icmp 68.110.171.98:330 192.168.1.20:330 4.2.2.2:330 icmp 68.110.171.98:331 192.168.1.20:331 4.2.2.2:331 icmp 68.110.171.98:332 192.168.1.20:332 4.2.2.2:332 icmp 68.110.171.98:333 192.168.1.20:333 4.2.2.2:333 icmp 68.110.171.98:334 192.168.1.20:334 4.2.2.2:334 icmp 68.110.171.98:335 192.168.1.20:335 4.2.2.2:335 icmp 68.110.171.98:336 192.168.1.20:336 4.2.2.2:336 icmp 68.110.171.98:337 192.168.1.20:337 4.2.2.2:337 icmp 68.110.171.98:338 192.168.1.20:338 4.2.2.2:338 icmp 68.110.171.98:339 192.168.1.20:339 4.2.2.2:339 icmp 68.110.171.98:340 192.168.1.20:340 4.2.2.2:340 icmp 68.110.171.98:341 192.168.1.20:341 4.2.2.2:341 icmp 68.110.171.98:342 192.168.1.20:342 4.2.2.2:342 icmp 68.110.171.98:343 192.168.1.20:343 4.2.2.2:343
4.2.2.2:410 4.2.2.2:411 4.2.2.2:412 4.2.2.2:413 4.2.2.2:414 4.2.2.2:415 4.2.2.2:416 4.2.2.2:417 4.2.2.2:418 4.2.2.2:419 4.2.2.2:420 4.2.2.2:421 4.2.2.2:422 4.2.2.2:423 4.2.2.2:424 4.2.2.2:425 4.2.2.2:426 4.2.2.2:427 4.2.2.2:428 4.2.2.2:429 4.2.2.2:430 4.2.2.2:431 4.2.2.2:432 4.2.2.2:433 4.2.2.2:434 4.2.2.2:435 4.2.2.2:436 4.2.2.2:437 4.2.2.2:317 4.2.2.2:318 4.2.2.2:319 4.2.2.2:320 4.2.2.2:321 4.2.2.2:322 4.2.2.2:323 4.2.2.2:324 4.2.2.2:325 4.2.2.2:326 4.2.2.2:327 4.2.2.2:328 4.2.2.2:329 4.2.2.2:330 4.2.2.2:331 4.2.2.2:332 4.2.2.2:333 4.2.2.2:334 4.2.2.2:335 4.2.2.2:336 4.2.2.2:337 4.2.2.2:338 4.2.2.2:339 4.2.2.2:340 4.2.2.2:341 4.2.2.2:342 4.2.2.2:343
icmp 68.110.171.98:344 192.168.1.20:344 icmp 68.110.171.98:345 192.168.1.20:345 icmp 68.110.171.98:346 192.168.1.20:346 icmp 68.110.171.98:347 192.168.1.20:347 icmp 68.110.171.98:348 192.168.1.20:348 icmp 68.110.171.98:349 192.168.1.20:349 icmp 68.110.171.98:350 192.168.1.20:350 icmp 68.110.171.98:351 192.168.1.20:351 icmp 68.110.171.98:352 192.168.1.20:352 icmp 68.110.171.98:353 192.168.1.20:353 icmp 68.110.171.98:354 192.168.1.20:354 icmp 68.110.171.98:355 192.168.1.20:355 icmp 68.110.171.98:356 192.168.1.20:356 icmp 68.110.171.98:357 192.168.1.20:357 icmp 68.110.171.98:358 192.168.1.20:358 icmp 68.110.171.98:359 192.168.1.20:359 icmp 68.110.171.98:360 192.168.1.20:360 icmp 68.110.171.98:361 192.168.1.20:361 icmp 68.110.171.98:362 192.168.1.20:362 icmp 68.110.171.98:363 192.168.1.20:363 icmp 68.110.171.98:364 192.168.1.20:364 icmp 68.110.171.98:365 192.168.1.20:365 icmp 68.110.171.98:366 192.168.1.20:366 icmp 68.110.171.98:367 192.168.1.20:367 icmp 68.110.171.98:368 192.168.1.20:368 icmp 68.110.171.98:369 192.168.1.20:369 icmp 68.110.171.98:370 192.168.1.20:370 icmp 68.110.171.98:371 192.168.1.20:371 icmp 68.110.171.98:372 192.168.1.20:372 icmp 68.110.171.98:373 192.168.1.20:373
4.2.2.2:344 4.2.2.2:345 4.2.2.2:346 4.2.2.2:347 4.2.2.2:348 4.2.2.2:349 4.2.2.2:350 4.2.2.2:351 4.2.2.2:352 4.2.2.2:353 4.2.2.2:354 4.2.2.2:355 4.2.2.2:356 4.2.2.2:357 4.2.2.2:358 4.2.2.2:359 4.2.2.2:360 4.2.2.2:361 4.2.2.2:362 4.2.2.2:363 4.2.2.2:364 4.2.2.2:365 4.2.2.2:366 4.2.2.2:367 4.2.2.2:368 4.2.2.2:369 4.2.2.2:370 4.2.2.2:371 4.2.2.2:372 4.2.2.2:373
4.2.2.2:344 4.2.2.2:345 4.2.2.2:346 4.2.2.2:347 4.2.2.2:348 4.2.2.2:349 4.2.2.2:350 4.2.2.2:351 4.2.2.2:352 4.2.2.2:353 4.2.2.2:354 4.2.2.2:355 4.2.2.2:356 4.2.2.2:357 4.2.2.2:358 4.2.2.2:359 4.2.2.2:360 4.2.2.2:361 4.2.2.2:362 4.2.2.2:363 4.2.2.2:364 4.2.2.2:365 4.2.2.2:366 4.2.2.2:367 4.2.2.2:368 4.2.2.2:369 4.2.2.2:370 4.2.2.2:371 4.2.2.2:372 4.2.2.2:373
ChakriR1# Note: DNS lookup uses UDP protocol and uses destination port 53. After some time if you leave the web page inactive or the sessions become inactive or sessions are closed, then the translations will become lesser. ChakriR1#sh ip nat translation ---> they will become lesser. ChakriR1#sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 68.110.171.98:1006192.168.1.10:1006 4.2.2.2:1006 4.2.2.2:1006 icmp 68.110.171.98:1007192.168.1.10:1007 4.2.2.2:1007 4.2.2.2:1007 icmp 68.110.171.98:1008192.168.1.10:1008 4.2.2.2:1008 4.2.2.2:1008 icmp 68.110.171.98:1009192.168.1.10:1009 4.2.2.2:1009 4.2.2.2:1009 icmp 68.110.171.98:1010192.168.1.10:1010 4.2.2.2:1010 4.2.2.2:1010 icmp 68.110.171.98:1011192.168.1.10:1011 4.2.2.2:1011 4.2.2.2:1011 icmp 68.110.171.98:1012192.168.1.10:1012 4.2.2.2:1012 4.2.2.2:1012 icmp 68.110.171.98:1013192.168.1.10:1013 4.2.2.2:1013 4.2.2.2:1013 icmp 68.110.171.98:1014192.168.1.10:1014 4.2.2.2:1014 4.2.2.2:1014 icmp 68.110.171.98:1015192.168.1.10:1015 4.2.2.2:1015 4.2.2.2:1015 icmp 68.110.171.98:1016192.168.1.10:1016 4.2.2.2:1016 4.2.2.2:1016 icmp 68.110.171.98:1017192.168.1.10:1017 4.2.2.2:1017 4.2.2.2:1017 icmp 68.110.171.98:1018192.168.1.10:1018 4.2.2.2:1018 4.2.2.2:1018 icmp 68.110.171.98:1019192.168.1.10:1019 4.2.2.2:1019 4.2.2.2:1019 icmp 68.110.171.98:1020192.168.1.10:1020 4.2.2.2:1020 4.2.2.2:1020 icmp 68.110.171.98:1021192.168.1.10:1021 4.2.2.2:1021 4.2.2.2:1021 icmp 68.110.171.98:1022192.168.1.10:1022 4.2.2.2:1022 4.2.2.2:1022
icmp 68.110.171.98:1023192.168.1.10:1023 icmp 68.110.171.98:1024192.168.1.10:1024 icmp 68.110.171.98:1025192.168.1.10:1025 icmp 68.110.171.98:1026192.168.1.10:1026 icmp 68.110.171.98:1027192.168.1.10:1027 icmp 68.110.171.98:1028192.168.1.10:1028 icmp 68.110.171.98:1029192.168.1.10:1029 icmp 68.110.171.98:1030192.168.1.10:1030 icmp 68.110.171.98:1031192.168.1.10:1031 icmp 68.110.171.98:1032192.168.1.10:1032 icmp 68.110.171.98:1033192.168.1.10:1033 icmp 68.110.171.98:1034192.168.1.10:1034 icmp 68.110.171.98:1035192.168.1.10:1035 icmp 68.110.171.98:1036192.168.1.10:1036 icmp 68.110.171.98:1037192.168.1.10:1037 icmp 68.110.171.98:1038192.168.1.10:1038 ChakriR1#
4.2.2.2:1023 4.2.2.2:1024 4.2.2.2:1025 4.2.2.2:1026 4.2.2.2:1027 4.2.2.2:1028 4.2.2.2:1029 4.2.2.2:1030 4.2.2.2:1031 4.2.2.2:1032 4.2.2.2:1033 4.2.2.2:1034 4.2.2.2:1035 4.2.2.2:1036 4.2.2.2:1037 4.2.2.2:1038
4.2.2.2:1023 4.2.2.2:1024 4.2.2.2:1025 4.2.2.2:1026 4.2.2.2:1027 4.2.2.2:1028 4.2.2.2:1029 4.2.2.2:1030 4.2.2.2:1031 4.2.2.2:1032 4.2.2.2:1033 4.2.2.2:1034 4.2.2.2:1035 4.2.2.2:1036 4.2.2.2:1037 4.2.2.2:1038
ChakriR1#sh run check interface Fast Ethernet 4 . Description INTERNET WAN PORT&ETH-LAN$ ---> added by SDM ip address 68.110.171.98 255.255.255.224 ip nat outside ip virtual-reaasembly duplex auto speed auto interface vlan1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reaasembly ip nat inside source list 1 interface FastEthernet 4 overload access-list 1 remark SDM-ACL Category=2 access-list 1 permit 192.168.1.0 0.0.0.255 Home Work: Study output NAT and DHCP ChakriR1#sh run Building configuration... Current configuration : 1392 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname ChakriR1 ! ! ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ! username chakri privilege 15 password 0 cisco ! ! ! ! ! ip domain-name nuggetlab.com ip name-server 4.2.2.2 ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside duplex auto speed auto
! interface FastEthernet0/1 description INTERNET WAN PORT ip address 68.110.171.98 255.255.255.224 ip nat outside duplex auto speed auto ! interface Vlan1 no ip address ! router rip version 2 network 68.0.0.0 network 192.168.1.0 no auto-summary ! ip nat inside source list 1 interface FastEthernet0/1 overload ip classless ip route 0.0.0.0 0.0.0.0 68.110.171.97 ! ! access-list 1 remark SDM-ACL access-list 1 permit 192.168.1.0 0.0.0.255 ! ip dhcp excluded-address 192.168.1.1 192.168.1.19 ip dhcp excluded-address 192.168.1.101 192.168.1.254 ! ip dhcp pool LAN_Addresses network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 4.2.2.2 ! banner motd ^C ********************************************** No Login without Permission ********************************************** ^C ! ! ! ! line con 0 exec-timeout 30 0 password cisco logging synchronous line vty 0 4 login local line vty 5 15 login local ! ! ! end ChakriR1#
WAN Connectivity Routers are the only things that can connect to WAN Catagories of WAN connections
. Till now we have thought of Layer2 as Ethernet because this is where MAC addresses come from.
WAN connections also uses Layer2 but WAN is not Ethernet. . WAN links define a new type of L1 and L2 connectivity . Allows links to the Internet or other offices . Many different types of connectivity (speed and price are the deciding factors)
Data Link (L2): Frame Relay, ATM, PPP, HDLC, MPLS, ISDN, MetroEthernet (no more MAC addresses)
Each one having its own different data link layer protocol that it speaks. So if Frame Relay is chosen, DLCI is used instead of MAC, that is how end points communicate in a Frame Relay cloud connectivity over the WAN. DLCI = Data Link Connection Identifier Physical (L1): Serial physical connections (no more RJ45 and Ethernet CAT5 cable) Three Major Catagories of WAN 1> Leased Lines: Dedicated BW between locations 1> T1, CAS ---> it is just a measure of speed 1.544 Mbps, 2> E1, CAS ---> E1s 2.048 Mbps speed.
They can be T1/E1 Cable modem connection or T1/E1 DSL or T1/E1 Frame relay.
These are costly dedicated connections but very reliable. eg: E1 Cable Modem, E1 DSL, E1 Frame Relay, E1 ATM etc. 2> Circuit Switched: On-demand BW between locations. 1> Dial-up Modem 2> ISDN They use Telephone companies Switching, they are cheaper price, Accessability is high. Disadvantage is setup time and lower BW. Telephone companies upgrading with DSL, so they are ripping up streets
to lay fiber optic cables and upgrade copper cables to meet (distance, reach and BW).
3> Packet Switched: 1> X.25 2> Frame Relay 3> ATM
HYD Shared BW Cloud
DEL
BLR
Uses Shared but guaranteed BW between locations, uses Bursting

and Virtual circuits, with one Serial port we can connect to 100 different sites. The guarantee depends on the money you pay. Its very flexible.
Physical Connections WIC = WAN Interface Card slot WIC-1T has single Serial port WIC-2T has two Serial ports Serial cable, 5 different kinds CSU/DSU of cables like v.35 etc. gives one serial port Converts cable type per card
WIC-1T
RJ45 for E1 RJ48 for T1
Wall-Jack
Demark
smart connector a different and sleek cable connector gives two serial port per card, more price
WIC-2T
CSU/DSU CSU/DSU
Wall-Jack Wall-Jack
T1 Card
RJ45 for E1 RJ48 for T1
Wall-Jack
WIC-1T-DSU means it has built in CSU/DSU it also comes with two port model.
ChakriR2
DTE
DCE
CSU/DSU
Wall-Jack
Clocking, servive provider sets the clocking, the more the clock, the higher the speed of WAN, the clock rate is set in CSU/DSU.
ChakriR2 DTE Router
DTE
Serial cross over cable There is a serial cross over cable, for LAB environment directly connect the Routers. Clocking should be provided only on one router Clocking should be provided on DCE side.
DCE
ChakriR3 DCE Router
Layer 2 WAN Protocols: There are many Layer 2 WAN protocols like ATM, Frame Relay and MPLS and so on, but we will discuss HDLC and PPP for CCENT. Configuring Leased Line Connections for WAN (CCENT has only HDLC/PPP) At CCENT level, we only need to know configuring dedicated/leased line connectivity between two points, using T1 line between sites. ChakriR2#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet 0/0 192.168.1.2 YES NVRAM Up Up Service-Engine 0/1 unassigned YES NVRAM Admin down Down FastEthernet 0/1 unassigned YES NVRAM Admin down Down Serial 0/1/0 192.168.2.1 YES NVRAM Up Up This is WAN the interface ChakriR2#sh int serial 0/1/0 Encapsulation HDLC --->High level-Data Link Control is the Layer2 protocol, that is running between ChakriR2 and ChakriR3, this the replacement for Ethernet. This protocol, the way Cisco runs it is proprietary, so both sides should be Cisco routers. The benefits of HDLC is simplicity, to set up a router it is very fast, you just need to plug-in the cable both sides, no config required. PPP ---> The alternative to HDLC is PPP. PPP stands for Point to Point Protocol.
It is an Industry standard protocol, so both ends need not be Cisco. Therfore very popular.
C>telnet 192.168.1.2 ChakriR2#telnet 192.168.2.2 ChakriR3#sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet 0/0 192.168.3.1 YES NVRAM Up Up Serial 0/0 192.168.2.2 YES NVRAM Up Up Loopback0 192.168.3.20 YES NVRAM Up Up This is the WAN interface ChakriR3#sh int serial 0/0 Encapsulation HDLC ChakriR3(config)#int serial 0/0 ChakriR3(config)#encapsulation PPP ---> lost connection, because we telnetted into ChakriR3 and the WAN link is lost due to protocol mis-match. CTRL+SHIFT+6+X
ChakriR2#sh ip int brief Interface FastEthernet 0/0 Service-Engine 0/1 FastEthernet 0/1 Serial 0/1/0
IP-Address 192.168.1.2 unassigned unassigned 192.168.2.1
OK? YES YES YES YES
Method NVRAM NVRAM NVRAM NVRAM
Status Up Admin down Admin down Up
Protocol Up Down Down Down
getting locking from other side, due to encapsulation mis-match. This means physically up but down with the protocol or datalink layer. ChakriR2(config)#int serial 0/1/0 ChakriR2(config-if)#encapsulation ppp ChakriR2#terminal monitor ---> this shows the status messages on vty. Line protocol on Interface 0/1/0, changed state to up. ChakriR2#sh ip int brief Interface IP-Address OK? Method Status FastEthernet 0/0 192.168.1.2 YES NVRAM Up Service-Engine 0/1 unassigned YES NVRAM Admin down FastEthernet 0/1 unassigned YES NVRAM Admin down Serial 0/1/0 192.168.2.1 YES NVRAM Up Note: The telnet session as come back alive.
Protocol Up Down Down Up
Since both sides encapsulation
at L2 is same, the interface has come up. ChakriR3#sh int serial 0/0 Encapsulation PPP, LCP open Open: IPCP, CDPCP, Note: PPP, LCP, IPCP and CDPCP are known as control protocols, allowing TCP/IP to work on the WAN link. There is another protocol known as CDP.
For LAB environment you dont have Service provider/wall jack, you will have to buy a Serial cross-over cable.
ChakriR2#sh controllers serial 0/0 DTE V.35 Tx and Rx clocks detected. ---> meaning somebody is sending clock. ChakriR3#sh controllers serial 0/1/0 DCE V.35, Clock rate 2000000 ---> this is sending the clock. Cable connector ends
How to set the Clock-Rate ChakriR2(config)#int serial 0/1/0

ChakriR2(config-if)#clock rate 2000000 ---> the Clock rate is set to 2Mbps, so this the speed of the link.
Note: The clock has to be set at the DCE side only, normally the service provider sets the clock, so service provider side will be DCE and Customer side will be DTE. ChakriR2#sh controllers se 2/0 Interface Serial2/0 Hardware is PowerQUICC MPC860 DTE V.35 clocks stopped. idb at 0x81081AC4, driver data structure at 0x81084AC0 SCC Registers: General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8 Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00 Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E Interrupt Registers: Config [CICR]=0x00367F80, Pending [CIPR]=0x0000C000 Mask [CIMR]=0x00200000, In-srv [CISR]=0x00000000 Command register [CR]=0x580 Port A [PADIR]=0x1030, [PAPAR]=0xFFFF [PAODR]=0x0010, [PADAT]=0xCBFF Port B [PBDIR]=0x09C0F, [PBPAR]=0x0800E [PBODR]=0x00000, [PBDAT]=0x3FFFD Port C [PCDIR]=0x00C, [PCPAR]=0x200 [PCSO]=0xC20, [PCDAT]=0xDF2, [PCINT]=0x00F Receive Ring rmd(68012830): status 9000 length 60C address 3B6DAC4 rmd(68012838): status B000 length 60C address 3B6D444 Transmit Ring tmd(680128B0): status 0 length 0 address 0 tmd(680128B8): status 0 length 0 address 0 tmd(680128C0): status 0 length 0 address 0 tmd(680128C8): status 0 length 0 address 0 tmd(680128D0): status 0 length 0 address 0 tmd(680128D8): status 0 length 0 address 0 tmd(680128E0): status 0 length 0 address 0 tmd(680128E8): status 0 length 0 address 0 tmd(680128F0): status 0 length 0 address 0 tmd(680128F8): status 0 length 0 address 0 tmd(68012900): status 0 length 0 address 0 tmd(68012908): status 0 length 0 address 0 tmd(68012910): status 0 length 0 address 0 tmd(68012918): status 0 length 0 address 0 tmd(68012920): status 0 length 0 address 0 tmd(68012928): status 2000 length 0 address 0 tx_limited=1(2) SCC GENERAL PARAMETER RAM (at 0x68013C00) Rx BD Base [RBASE]=0x2830, Fn Code [RFCR]=0x18 Tx BD Base [TBASE]=0x28B0, Fn Code [TFCR]=0x18 Max Rx Buff Len [MRBLR]=1548 Rx State [RSTATE]=0x0, BD Ptr [RBPTR]=0x2830 Tx State [TSTATE]=0x4000, BD Ptr [TBPTR]=0x28B0 SCC HDLC PARAMETER RAM (at 0x68013C38)
CRC Preset [C_PRES]=0xFFFF, Mask [C_MASK]=0xF0B8 Errors: CRC [CRCEC]=0, Aborts [ABTSC]=0, Discards [DISFC]=0 Nonmatch Addr Cntr [NMARC]=0 Retry Count [RETRC]=0 Max Frame Length [MFLR]=1608 Rx Int Threshold [RFTHR]=0, Frame Cnt [RFCNT]=0 User-defined Address 0000/0000/0000/0000 User-defined Address Mask 0x0000
buffer size 1524 PowerQUICC SCC specific errors: 0 input aborts on receiving flag sequence 0 throttles, 0 enables 0 overruns 0 transmitter underruns 0 transmitter CTS losts 0 aborted short frames ChakriR2# ChakriR2#sh ip int br Interface IP-Address FastEthernet0/0 FastEthernet1/0 Serial2/0 Serial3/0 FastEthernet4/0
OK? Method Status
Protocol
YES manual administratively down down YES manual up up down
YES manual up
192.168.2.1
FastEthernet5/0 unassigned YES manual administratively down down ChakriR2# ChakriR3#sh ip int br Interface IP-Address OK? Method Status Protocol FastEthernet0/0 FastEthernet1/0 Serial2/0 Serial3/0 FastEthernet4/0 FastEthernet5/0 Loopback0 ChakriR3# 192.168.3.1 unassigned unassigned 192.168.2.2 YES manual up up
YES manual administratively down down YES manual administratively down down YES manual up down
192.168.2.2 unassigned 192.168.3.20
ChakriR3#sh controllers se ChakriR3#sh controllers serial ? <0-9> Serial interface number ChakriR3#sh controllers serial 3/0 Interface Serial3/0 Hardware is PowerQUICC MPC860 DCE V.35, no clock idb at 0x81081AC4, driver data structure at 0x81084AC0 SCC Registers: General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8 Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00 Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E Interrupt Registers: Config [CICR]=0x00367F80, Pending [CIPR]=0x0000C000 Mask [CIMR]=0x00200000, In-srv [CISR]=0x00000000 Command register [CR]=0x580 Port A [PADIR]=0x1030, [PAPAR]=0xFFFF [PAODR]=0x0010, [PADAT]=0xCBFF Port B [PBDIR]=0x09C0F, [PBPAR]=0x0800E [PBODR]=0x00000, [PBDAT]=0x3FFFD Port C [PCDIR]=0x00C, [PCPAR]=0x200 [PCSO]=0xC20, [PCDAT]=0xDF2, [PCINT]=0x00F Receive Ring rmd(68012830): status 9000 length 60C address 3B6DAC4 rmd(68012838): status B000 length 60C address 3B6D444 Transmit Ring tmd(680128B0): status 0 length 0 address 0 tmd(680128B8): status 0 length 0 address 0 tmd(680128C0): status 0 length 0 address 0 tmd(680128C8): status 0 length 0 address 0 tmd(680128D0): status 0 length 0 address 0 tmd(680128D8): status 0 length 0 address 0 tmd(680128E0): status 0 length 0 address 0 tmd(680128E8): status 0 length 0 address 0 tmd(680128F0): status 0 length 0 address 0 tmd(680128F8): status 0 length 0 address 0 tmd(68012900): status 0 length 0 address 0 tmd(68012908): status 0 length 0 address 0 tmd(68012910): status 0 length 0 address 0 tmd(68012918): status 0 length 0 address 0 tmd(68012920): status 0 length 0 address 0 tmd(68012928): status 2000 length 0 address 0 tx_limited=1(2) SCC GENERAL PARAMETER RAM (at 0x68013C00) Rx BD Base [RBASE]=0x2830, Fn Code [RFCR]=0x18 Tx BD Base [TBASE]=0x28B0, Fn Code [TFCR]=0x18 Max Rx Buff Len [MRBLR]=1548 Rx State [RSTATE]=0x0, BD Ptr [RBPTR]=0x2830 Tx State [TSTATE]=0x4000, BD Ptr [TBPTR]=0x28B0 SCC HDLC PARAMETER RAM (at 0x68013C38) CRC Preset [C_PRES]=0xFFFF, Mask [C_MASK]=0xF0B8 Errors: CRC [CRCEC]=0, Aborts [ABTSC]=0, Discards [DISFC]=0
Nonmatch Addr Cntr [NMARC]=0 Retry Count [RETRC]=0 Max Frame Length [MFLR]=1608 Rx Int Threshold [RFTHR]=0, Frame Cnt [RFCNT]=0 User-defined Address 0000/0000/0000/0000 User-defined Address Mask 0x0000
buffer size 1524 PowerQUICC SCC specific errors: 0 input aborts on receiving flag sequence 0 throttles, 0 enables 0 overruns 0 transmitter underruns 0 transmitter CTS losts 0 aborted short frames ChakriR3# ChakriR3#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR3(config)#int se ChakriR3(config)#int serial ? <0-9> Serial interface number ChakriR3(config)#int serial 3/0 ChakriR3(config-if)#clo ChakriR3(config-if)#clock ? rate Configure serial interface clock speed ChakriR3(config-if)#clock rate ? Speed (bits per second 1200 2400 4800 9600 19200 38400 56000 64000 72000 125000 128000 148000 250000 500000 800000 1000000 1300000 2000000 4000000 <300-4000000> Choose clockrate from list above ChakriR3(config-if)#clock rate 2000000 ChakriR3(config-if)#exit %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/0, changed state to up ChakriR3(config)#exit ChakriR3#
%SYS-5-CONFIG_I: Configured from console by console ChakriR3#sh ip int br Interface IP-Address OK? Method Status FastEthernet0/0 FastEthernet1/0 Serial2/0 Serial3/0 FastEthernet4/0 FastEthernet5/0 192.168.3.1 unassigned unassigned 192.168.2.2 YES manual up
Protocol up
192.168.2.2 unassigned
Loopback0 192.168.3.20 YES manual up up ChakriR3#sh con ChakriR3#sh controllers ? Ethernet IEEE 802.3 FastEthernet FastEthernet IEEE 802.3 GigabitEthernet GigabitEthernet IEEE 802.3z Serial Serial <cr> ChakriR3#sh controllers se ChakriR3#sh controllers serial ? <0-9> Serial interface number ChakriR3#sh controllers serial 3/0 Interface Serial3/0 Hardware is PowerQUICC MPC860 DCE V.35, clock rate 2000000 idb at 0x81081AC4, driver data structure at 0x81084AC0 SCC Registers: General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8 Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00 Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E Interrupt Registers: Config [CICR]=0x00367F80, Pending [CIPR]=0x0000C000 Mask [CIMR]=0x00200000, In-srv [CISR]=0x00000000 Command register [CR]=0x580 Port A [PADIR]=0x1030, [PAPAR]=0xFFFF [PAODR]=0x0010, [PADAT]=0xCBFF Port B [PBDIR]=0x09C0F, [PBPAR]=0x0800E [PBODR]=0x00000, [PBDAT]=0x3FFFD Port C [PCDIR]=0x00C, [PCPAR]=0x200 [PCSO]=0xC20, [PCDAT]=0xDF2, [PCINT]=0x00F Receive Ring rmd(68012830): status 9000 length 60C address 3B6DAC4 rmd(68012838): status B000 length 60C address 3B6D444 Transmit Ring tmd(680128B0): status 0 length 0 address 0 tmd(680128B8): status 0 length 0 address 0 tmd(680128C0): status 0 length 0 address 0 tmd(680128C8): status 0 length 0 address 0 tmd(680128D0): status 0 length 0 address 0
tmd(680128D8): status 0 length 0 address 0 tmd(680128E0): status 0 length 0 address 0 tmd(680128E8): status 0 length 0 address 0 tmd(680128F0): status 0 length 0 address 0 tmd(680128F8): status 0 length 0 address 0 tmd(68012900): status 0 length 0 address 0 tmd(68012908): status 0 length 0 address 0 tmd(68012910): status 0 length 0 address 0 tmd(68012918): status 0 length 0 address 0 tmd(68012920): status 0 length 0 address 0 tmd(68012928): status 2000 length 0 address 0 tx_limited=1(2) SCC GENERAL PARAMETER RAM (at 0x68013C00) Rx BD Base [RBASE]=0x2830, Fn Code [RFCR]=0x18 Tx BD Base [TBASE]=0x28B0, Fn Code [TFCR]=0x18 Max Rx Buff Len [MRBLR]=1548 Rx State [RSTATE]=0x0, BD Ptr [RBPTR]=0x2830 Tx State [TSTATE]=0x4000, BD Ptr [TBPTR]=0x28B0 SCC HDLC PARAMETER RAM (at 0x68013C38) CRC Preset [C_PRES]=0xFFFF, Mask [C_MASK]=0xF0B8 Errors: CRC [CRCEC]=0, Aborts [ABTSC]=0, Discards [DISFC]=0 Nonmatch Addr Cntr [NMARC]=0 Retry Count [RETRC]=0 Max Frame Length [MFLR]=1608 Rx Int Threshold [RFTHR]=0, Frame Cnt [RFCNT]=0 User-defined Address 0000/0000/0000/0000 User-defined Address Mask 0x0000
buffer size 1524 PowerQUICC SCC specific errors: 0 input aborts on receiving flag sequence 0 throttles, 0 enables 0 overruns 0 transmitter underruns 0 transmitter CTS losts 0 aborted short frames ChakriR3# ChakriR2#sh ip int br Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES manual administratively down down FastEthernet1/0 192.168.1.2 YES manual up up Serial2/0 Serial3/0 FastEthernet4/0 FastEthernet5/0 192.168.2.1 unassigned YES manual up up
YES manual administratively down down YES manual administratively down down YES manual administratively down down
ChakriR2#sh controllers se 2/0 Interface Serial2/0 Hardware is PowerQUICC MPC860 DTE V.35 TX and RX clocks detected idb at 0x81081AC4, driver data structure at 0x81084AC0 SCC Registers: General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8 Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00 Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E Interrupt Registers: Config [CICR]=0x00367F80, Pending [CIPR]=0x0000C000 Mask [CIMR]=0x00200000, In-srv [CISR]=0x00000000 Command register [CR]=0x580 Port A [PADIR]=0x1030, [PAPAR]=0xFFFF [PAODR]=0x0010, [PADAT]=0xCBFF Port B [PBDIR]=0x09C0F, [PBPAR]=0x0800E [PBODR]=0x00000, [PBDAT]=0x3FFFD Port C [PCDIR]=0x00C, [PCPAR]=0x200 [PCSO]=0xC20, [PCDAT]=0xDF2, [PCINT]=0x00F Receive Ring rmd(68012830): status 9000 length 60C address 3B6DAC4 rmd(68012838): status B000 length 60C address 3B6D444 Transmit Ring tmd(680128B0): status 0 length 0 address 0 tmd(680128B8): status 0 length 0 address 0 tmd(680128C0): status 0 length 0 address 0 tmd(680128C8): status 0 length 0 address 0 tmd(680128D0): status 0 length 0 address 0 tmd(680128D8): status 0 length 0 address 0 tmd(680128E0): status 0 length 0 address 0 tmd(680128E8): status 0 length 0 address 0 tmd(680128F0): status 0 length 0 address 0 tmd(680128F8): status 0 length 0 address 0 tmd(68012900): status 0 length 0 address 0 tmd(68012908): status 0 length 0 address 0 tmd(68012910): status 0 length 0 address 0 tmd(68012918): status 0 length 0 address 0 tmd(68012920): status 0 length 0 address 0 tmd(68012928): status 2000 length 0 address 0 tx_limited=1(2) SCC GENERAL PARAMETER RAM (at 0x68013C00) Rx BD Base [RBASE]=0x2830, Fn Code [RFCR]=0x18 Tx BD Base [TBASE]=0x28B0, Fn Code [TFCR]=0x18 Max Rx Buff Len [MRBLR]=1548 Rx State [RSTATE]=0x0, BD Ptr [RBPTR]=0x2830 Tx State [TSTATE]=0x4000, BD Ptr [TBPTR]=0x28B0 SCC HDLC PARAMETER RAM (at 0x68013C38) CRC Preset [C_PRES]=0xFFFF, Mask [C_MASK]=0xF0B8 Errors: CRC [CRCEC]=0, Aborts [ABTSC]=0, Discards [DISFC]=0 Nonmatch Addr Cntr [NMARC]=0 Retry Count [RETRC]=0 Max Frame Length [MFLR]=1608
Rx Int Threshold [RFTHR]=0, Frame Cnt [RFCNT]=0 User-defined Address 0000/0000/0000/0000 User-defined Address Mask 0x0000
buffer size 1524 PowerQUICC SCC specific errors: 0 input aborts on receiving flag sequence 0 throttles, 0 enables 0 overruns 0 transmitter underruns 0 transmitter CTS losts 0 aborted short frames ChakriR2# ChakriR3#sh ip int br Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.3.1 YES manual up up FastEthernet1/0 unassigned YES manual administratively down down Serial2/0 unassigned YES manual administratively down down Serial3/0 192.168.2.2 YES manual up up FastEthernet4/0 192.168.2.2 YES manual administratively down down FastEthernet5/0 unassigned YES manual administratively down down
Loopback0 192.168.3.20 YES manual up up ChakriR3#sh int se 3/0 Serial3/0 is up, line protocol is up (connected) Hardware is HD64570 Internet address is 192.168.2.2/24 MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 96 kilobits/sec 5 minute input rate 48 bits/sec, 0 packets/sec 5 minute output rate 41 bits/sec, 0 packets/sec 258 packets input, 11971 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 252 packets output, 13035 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up ChakriR3#
ChakriR2#sh ip int br Interface IP-Address FastEthernet0/0 FastEthernet1/0 Serial2/0 Serial3/0 FastEthernet4/0
OK? Method Status
Protocol
YES manual administratively down down YES manual up up up
YES manual up
192.168.2.1
FastEthernet5/0 unassigned YES manual administratively down down ChakriR2#sh int se 2/0 Serial2/0 is up, line protocol is up (connected) Hardware is HD64570 Internet address is 192.168.2.1/24 MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 96 kilobits/sec 5 minute input rate 43 bits/sec, 0 packets/sec 5 minute output rate 41 bits/sec, 0 packets/sec 301 packets input, 16588 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 267 packets output, 12368 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up ChakriR2# ChakriR2#telnet 192.168.2.2 Trying 192.168.2.2 ...Open *********************************************** UNAUTHORISED LOGINS NOT ALLOWED *********************************************** User Access Verification Password: ChakriR3>en Password: ChakriR3# ChakriR3#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR3(config)#
ChakriR3(config)#int se 3/0 ChakriR3(config-if)#en ChakriR3(config-if)#encapsulation ? frame-relay Frame Relay networks hdlc Serial HDLC synchronous ppp Point-to-Point protocol ChakriR3(config-if)#encapsulation ppp ? <cr> ChakriR3(config-if)#encapsulation ppp % Connection timed out; remote host not responding ChakriR2# ChakriR2#sh ip int br Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES manual administratively down down FastEthernet1/0 Serial2/0 Serial3/0 FastEthernet4/0 192.168.1.2 192.168.2.1 unassigned YES manual up up down
YES manual up
192.168.2.1
FastEthernet5/0 unassigned YES manual administratively down down ChakriR2# ChakriR2# ChakriR2#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR2(config)#int se 2/0 ChakriR2(config-if)#en ChakriR2(config-if)#encapsulation ? frame-relay Frame Relay networks hdlc Serial HDLC synchronous ppp Point-to-Point protocol ChakriR2(config-if)#encapsulation ppp ? <cr> ChakriR2(config-if)#encapsulation ppp ChakriR2(config-if)#exit ChakriR2(config)#exit ChakriR2#sh ip int br Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES manual administratively down down FastEthernet1/0 192.168.1.2 YES manual up up Serial2/0 192.168.2.1 YES manual up up Serial3/0 unassigned YES manual administratively down down FastEthernet4/0 192.168.2.1 YES manual administratively down down FastEthernet5/0 unassigned YES manual administratively down down ChakriR2#telnet 192.168.2.2 Trying 192.168.2.2 ...Open *********************************************** UNAUTHORISED LOGINS NOT ALLOWED *********************************************** User Access Verification Password: ChakriR3>
Switch and Router Management and Security Managing TELNET and SSH Sessions and Users (Moving around sessions) C> ping 192.168.1.2 ---> telnet takes 30 seconds to timeout, if connection not available. ChakriR2#telnet 192.168.1.2 ChakriR2#ping 192.168.2.2 ChakriR2#telnet 192.168.2.2 ChakriR3# CTRL+SHIFT+6 then X ---> Suspend telnet / ssh session ChakriR2#sh sessions ---> shows open sessions from your router Conn Host Address Byte Idle Conn Name *1 192.168.2.2 192.168.2.2 0 0 192.168.2.2 ChakriR3 connection ChakriR2#resume 1 ChakriR3#CTRL+SHIFT+6 let go then X ChakriR2#1 ChakriR2#ENTER ---> takes you to most resent session. ChakriR3#CTRL+SHIFT+6 let go then X ChakriR2#telnet 192.168.1.1 ChakriR1#CTRL+SHIFT+6 let go then X ChakriR2#sh sessions Conn Host Address Byte Idle Conn Name 1 192.168.2.2 192.168.2.2 0 0 192.168.2.2 *2 192.168.1.1 192.168.1.1 0 0 192.168.1.1 ChakriR2#ENTER ---> takes you to most resent session, most resent will have a * ChakriR1# ChakriR1>en Password: ChakriR1#telnet 192.168.1.2 Trying 192.168.1.2 ...Open ********************************************** DO NOT LOGIN UNAUTHORISED ********************************************** User Access Verification Password: ChakriR2>en Password: ChakriR2#sh sess ChakriR2#sh sessions % No connections open ChakriR2#telnet 192.168.2.2 Trying 192.168.2.2 ...Open *********************************************** UNAUTHORISED LOGINS NOT ALLOWED *********************************************** User Access Verification Password: ChakriR3>en Password: ChakriR3#sh sessions % No connections open ChakriR3# ChakriR1#sh sess ChakriR1#sh sessions Conn Host Address Byte Idle Conn Name * 1 192.168.1.2 192.168.1.2 0 0 192.168.1.2
ChakriR1#resume 1 [Resuming connection 1 to 192.168.1.2 ... ] ChakriR3# ChakriR1#sh sessions Conn Host Address Byte Idle Conn Name * 1 192.168.1.2 192.168.1.2 0 1 192.168.1.2 ChakriR1#1 [Resuming connection 1 to 192.168.1.2 ... ] ChakriR3# ChakriR1# ChakriR1# [Resuming connection 1 to 192.168.1.2 ... ] ChakriR3# ChakriR3> ChakriR3>en Password: ChakriR3#sh sess ChakriR3#sh sessions % No connections open ChakriR3#telnet 192.168.1.2 Trying 192.168.1.2 ...Open ********************************************** DO NOT LOGIN UNAUTHORISED ********************************************** User Access Verification Password: ChakriR2>en Password: ChakriR2#sh sess ChakriR2#sh sessions % No connections open ChakriR2# ChakriR3#sh sess ChakriR3#sh sessions Conn Host Address Byte Idle Conn Name * 1 192.168.1.2 192.168.1.2 0 0 192.168.1.2 ChakriR3#telnet 192.168.1.1 Trying 192.168.1.1 ...Open ********************************************** No Login without Permission ********************************************** User Access Verification User Host(s) Idle Location Username: chakri idle 0:00:00 192.168.1.50 --->user connected to ChakriR2 Password: 192.168.2.2 0:00:02 ChakriR1# 192.168.1.1 0:01:34 ChakriR3#sh User sess Mode Idle Peer Address ChakriR3#sh sessions Sync PPP 0:00:02 192.168.2.2 Conn Host Address Byte Idle Conn Name 1 192.168.1.2 192.168.1.2 0 0 192.168.1.2 * 2 192.168.1.1 192.168.1.1 0 0 192.168.1.1 ChakriR3#
ChakriR3#sh users Line User Host(s) Idle Location 0 Con 0 idle 00:00:00 * 66 vty 0 idle 00:00:00 192.168.2.1 ---> from ChakriR2 Interface User Mode Idle Peer Address Se 0/0 Sync PPP 00:00:00 192.168.2.1 Note: Observe delay in output, this is due to ip domain name lookup (configured earlier), it is trying to lookup reverse DNS lookup, so that it can put it there, eg:google.com, to remove reverse DNS lookup, use the below command. SERVER>telnet 192.168.1.1 Trying 192.168.1.1 ...Open ********************************************** No Login without Permission **********************************************
User Access Verification Username: chakri Password: ChakriR1#telnet 192.168.1.2 Trying 192.168.1.2 ...Open ********************************************** DO NOT LOGIN UNAUTHORISED **********************************************
User Access Verification Password: ChakriR2>en Password: ChakriR2#telnet 192.168.2.2 Trying 192.168.2.2 ...Open *********************************************** UNAUTHORISED LOGINS NOT ALLOWED ***********************************************
User Access Verification Password: ChakriR3>en Password: ChakriR3#sh users Line User Host(s) 67 vty 0 idle * 68 vty 1 idle Interface User ChakriR3# Mode
Idle Location 00:00:33 192.168.2.1 00:00:00 192.168.2.1 Idle Peer Address
PC>telnet 192.168.1.2 Trying 192.168.1.2 ...Open ********************************************** DO NOT LOGIN UNAUTHORISED **********************************************
User Access Verification Password: ChakriR2>en Password: ChakriR2#telnet 192.168.2.2 Trying 192.168.2.2 ...Open *********************************************** UNAUTHORISED LOGINS NOT ALLOWED ***********************************************
User Access Verification Password: ChakriR3>en Password: ChakriR3# ChakriR1#telnet 192.168.1.2 Trying 192.168.1.2 ...Open ********************************************** DO NOT LOGIN UNAUTHORISED ********************************************** User Access Verification Password: ChakriR2>en Password: ChakriR2#telnet 192.168.2.2 Trying 192.168.2.2 ...Open *********************************************** UNAUTHORISED LOGINS NOT ALLOWED *********************************************** User Access Verification Password: ChakriR3>en Password: ChakriR3#sh sessions % No connections open ChakriR3#sh users Line User Host(s) Idle Location 67 vty 0 idle 00:01:34 192.168.2.1 68 vty 1 idle 00:01:02 192.168.2.1 * 69 vty 2 idle 00:00:00 192.168.2.1 Interface User Mode Idle Peer Address ChakriR3#
ChakriR1#sh sess ChakriR1#sh sessions Conn Host Address * 1 192.168.1.2 192.168.1.2 ChakriR1#sh use ChakriR1#sh users Line User Host(s) * 0 con 0 192.168.1.2 67 vty 0 chakri 192.168.1.2
Byte Idle Conn Name 0 0 192.168.1.2
Idle Location 00:00:27 00:01:28 192.168.1.100
Interface User Mode Idle Peer Address ChakriR1# ChakriR2> ChakriR2>en Password: ChakriR2#telnet 192.168.2.2 Trying 192.168.2.2 ...Open *********************************************** UNAUTHORISED LOGINS NOT ALLOWED *********************************************** User Access Verification Password: ChakriR3>en Password: ChakriR3# ChakriR2#sh sess ChakriR2#sh sessions Conn Host Address Byte Idle Conn Name * 1 192.168.2.2 192.168.2.2 0 0 192.168.2.2 ChakriR2#sh user ChakriR2#sh users Line User Host(s) Idle Location * 0 con 0 192.168.2.2 00:00:10 67 vty 0 192.168.2.2 00:02:40 192.168.1.10 68 vty 1 192.168.2.2 00:02:07 192.168.1.1 69 vty 2 192.168.2.2 00:01:05 192.168.1.1 Interface User Mode Idle Peer Address ChakriR2# ChakriR3>en Password: ChakriR3#sh sess ChakriR3#sh sessions % No connections open ChakriR3#sh user ChakriR3#sh users Line User Host(s) Idle Location * 0 con 0 idle 00:00:00 67 vty 0 idle 00:03:00 192.168.2.1 68 vty 1 idle 00:02:28 192.168.2.1 69 vty 2 idle 00:01:26 192.168.2.1 70 vty 3 idle 00:00:32 192.168.2.1 Interface User Mode Idle Peer Address ChakriR3#
ChakriR3(config)#no ip domain-lookup ChakriR3#sh users Note: Observe the output comes faster now. ChakriR2#sh sessions ---> (Disconnect - Kills one of your open telnet sessions) Conn Host Address Byte Idle *1 192.168.2.2 192.168.2.2 0 0 2 192.168.1.1 192.168.1.1 0 0 ChakriR2#disconnect 2 Closing connection to 192.168.1.1 [Confirm] ChakriR2#sh sessions ---> check to see the session is killed. Conn Host Address Byte Idle *1 192.168.2.2 192.168.2.2 0 0 ChakriR2#sh sess ChakriR2#sh sessions Conn Host Address Byte Idle Conn Name * 1 192.168.2.2 192.168.2.2 0 0 192.168.2.2 ChakriR2#telnet 192.168.1.1 Trying 192.168.1.1 ...Open ********************************************** No Login without Permission ********************************************** User Access Verification Username: chakri Password: ChakriR1# ChakriR2#sh sess ChakriR2#sh sessions Conn Host Address Byte Idle Conn Name 1 192.168.2.2 192.168.2.2 0 1 192.168.2.2 * 2 192.168.1.1 192.168.1.1 0 0 192.168.1.1 ChakriR2#telnet 192.168.2.2 Trying 192.168.2.2 ...Open *********************************************** UNAUTHORISED LOGINS NOT ALLOWED *********************************************** User Access Verification Password: ChakriR3>en Password: ChakriR3# ChakriR2#sh sessions Conn Host Address Byte Idle Conn Name 1 192.168.2.2 192.168.2.2 0 1 192.168.2.2 2 192.168.1.1 192.168.1.1 0 1 192.168.1.1 * 3 192.168.2.2 192.168.2.2 0 0 ChakriR2#disconnect 2 Closing connection to 192.168.1.1 [confirm] ChakriR2#sh sess ChakriR2#sh sessions Conn Host Address Byte Idle Conn Name 1 192.168.2.2 192.168.2.2 0 2 192.168.2.2 * 2 192.168.2.2 192.168.2.2 0 0 ChakriR2#
Conn Name 192.168.2.2 192.168.1.1
Conn Name 192.168.2.2
ChakriR3#sh users Line User Host(s) Idle Location 0 Con 0 idle 00:00:00 * 66 vty 0 idle 00:00:00 192.168.2.1 ---> user Interface User Mode Idle Peer Address Se 0/0 Sync PPP 00:00:00 192.168.2.1 ChakriR3#clear line 66 % Not allowed to clear current line ---> because you are the user (CLEAR LINE <X> - Kills an open telnet session to you)
ChakriR3#sh line ---> sh line is same as sh users, these two commends works depending IOS version. for sh line the line number comes in the beginning and for sh users line nummber comes after.
Observation ChakriR2#telnet 192.168.2.2 ChakriR3# [Connection to 192.168.2.2 closed by foreign host] ChakriR2# Action ChakriR1#telnet 192.168.1.2 ChakriR3#sh users Line User Host(s) Idle * 66 vty 0 idle 00:00:00 67 vty 1 idle 00:00:18 ChakriR3#clear line 67 [Confirm] [ok] ChakriR3# ChakriR2#sh users Line User Host(s) Idle 0 Con 0 idle 0:00:00 * vty 194 192.168.2.2 00:00:01 vty 195 idle 00:00:07 Interface User Mode Idle Se 0/1/0 Sync PPP 00:00:00 Action ChakriR2#sh line ChakriR2#clear line 195 [Confirm] [ok] Observation ChakriR3> [Connection to 192.168.2.2 closed by foreign host] ChakriR2> [Connection to 192.168.1.2 closed by foreign host] ChakriR1#
Location
192.168.2.1 192.168.2.1 ---> kill this user
Location
192.168.1.50 192.168.1.1
Peer Address
192.168.2.2
Understanding CDP CDP = Cisco Discovery Protocol . Allows you to see directly connected Cisco devices ---> shows only Cisco devices, 3Com and HP licenced CDP so it works on these also. . Useful for building accurate network diagrams ---> they show who they are, what router platform they are running, theit IOS versions running.

0060.47E2.0B96
68.110.171.98-Fas 0/1 ChakriR1 68.110.171.96/27 C2800 192.168.1.1 192.168.1.1-Fas 0/0 Fas 0/1
ISP 68.110.171.97
NA 172.30.2.100 255.255.255.0
ChakriSwitch-2960 Fas 0/2
192.168.1.0/24
Loopback0
4.2.2.2-DNS Server
192.168.3.20
Laptop0
0000.0CB9.D07B
192.168.1.2-Fas 1/0
255.255.255.255 192.168.3.1
fa 0/3 192.168.1.10 255.255.255.0 192.168.1.1
192.168.3.1- Fas 0/0 192.168.2.0/24 ChakriR2 ChakriR3PT1000 PT1000 192.168.2.2-Ser 3/0 192.168.2.1-Ser 2/0 192.168.3.0/28- Fas 0/1
Laptop1
000A.4137.9CE6
fa 0/3 172.30.2.10/230 255.255.255.0/252 172.30.2.1
Rouge7
0005.5E73.E0DC
Rouge4
0060.70C9.DE22
fa 0/4 192.168.1.50
fa 0/4 192.168.1.40
255.255.255.0 255.255.255.0 0.0.0.0 Rouge8

00E0.8F32.30EC
0.0.0.0 Rouge5
0090.0CAB.157D
fa 0/4 172.30.2.220
fa 0/4 172.30.2.120
255.255.255.0 255.255.255.0 0.0.0.0 Rouge9

0060.7040.B9C5
0.0.0.0 Rouge6
00E0.A396.6750
fa 0/4
fa 0/4
172.30.2.230/228-233 172.30.2.130 255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0
CDP Commands Note: CDP is allowed both in USER and Previlage mode . sh cdp neighbors . sh cdp entry . no cdp enable . no cdp run ChakriR2>sh cdp neighbors ---> allowed in both user and privilege mode. Device ID Local Interface Hold time Capability Platform Port ID ChakriSwitch Fas 0/0 151 S WS-C3550 Fas 0/4 ChakriR3 Ser 0/1/0 145 R 2610 Ser 0/0
Local Interface Last heard from that Neighbor Router Model Remote Interface
ChakriR2>sh cd ChakriR2>sh cdp ? entry Information for specific neighbor entry interface CDP interface status and configuration neighbors CDP neighbor entries <cr> ChakriR2>sh cdp ne ChakriR2>sh cdp neighbors ? detail Show detailed information <cr> ChakriR2>sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriSwitch Fas 1/0 168 S 2960 Fas 0/2 ChakriR3 Ser 2/0 173 R PT1000 Ser 3/0 ChakriR2> ChakriR2>sh ip int brief and take the ip addresses from here ChakriR2>sh ip int br Interface IP-Address OK? Method Status Protocol FastEthernet0/0 FastEthernet1/0 Serial2/0 Serial3/0 FastEthernet4/0 FastEthernet5/0 ChakriR2> unassigned 192.168.1.2 192.168.2.1 unassigned YES manual administratively down down YES manual up up up
YES manual up
YES manual administratively down down YES manual administratively down down YES manual administratively down down
ChakriR2>sh cdp entry ChakriR3 and take the ip addresses (interface ip) of ChakriR3 IP Address: 192.168.2.2 Platform: Cisco 2610 Capabilities: Router Interface: Serial 0/1/0 ---> the interface I am plegged into them. Port ID (Outgoing port): Serial 0/0 ---> the interface they are connected to me on Hold time: 148 sec ---> last hard from that neighbor, meaning if the interface goes down, waits for 148 seconds (dead timer) and will consider the neighbor is down and removes the entry from its neighbor table. Version: Version 12.3 (22) ---> 12.3 is the Version and 22 is the Release of the IOS software Note: CDP only shows directly connected neighbors. ChakriR2>sh cdp entry ChakriR3 Device ID: ChakriR3 Entry address(es): IP address : 192.168.2.2 Platform: cisco PT1000, Capabilities: Router Interface: Serial2/0, Port ID (outgoing port): Serial3/0 Holdtime: 139 Version : Cisco Internetwork Operating System Software IOS (tm) PT1000 Software (PT1000-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Wed 27-Apr-04 19:01 by miwang advertisement version: 2 Duplex: full --------------------------ChakriR2>
ChakriR2>sh cdp entry * ---> shows all cdp neighbor entries Device ID: Switch IP Address: 172.30.2.100 ---> the IP address to access switch ChakriR2>sh cdp ChakriR2>sh cdp ? entry Information for specific neighbor entry interface CDP interface status and configuration neighbors CDP neighbor entries <cr> ChakriR2>sh cdp entry ? * all CDP neighbor entries WORD Name of CDP neighbor entry ChakriR2>sh cdp entry * Device ID: ChakriSwitch Entry address(es): IP address : 172.30.2.100 Platform: cisco 2960, Capabilities: Switch Interface: FastEthernet1/0, Port ID (outgoing port): FastEthernet0/2 Holdtime: 132 Version :
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Wed 12-Oct-05 22:05 by pt_team advertisement version: 2 Duplex: full --------------------------Device ID: ChakriR3 Entry address(es): IP address : 192.168.2.2 Platform: cisco PT1000, Capabilities: Router Interface: Serial2/0, Port ID (outgoing port): Serial3/0 Holdtime: 137 Version : Cisco Internetwork Operating System Software IOS (tm) PT1000 Software (PT1000-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Wed 27-Apr-04 19:01 by miwang advertisement version: 2 Duplex: full ChakriR2>
ChakriR3>sh cdp neighbors Device ID Local Interface Hold time Capability Platform ChakriR2 Ser 0/0 134 RSI 2801 ChakriR3>sh ip int brief Interface IP-Address OK? Method Status FastEthernet 0/0 192.168.3.1 YES NVRAM Up Serial 0/0 192.168.2.2 YES NVRAM Up Loopback0 192.168.3.20 YES NVRAM Up ChakriR3>sh cd ChakriR3>sh cdp ? entry Information for specific neighbor entry interface CDP interface status and configuration neighbors CDP neighbor entries <cr> ChakriR3>sh cdp ne ChakriR3>sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID Switch Fas 0/0 139 S 2960 Fas 0/1 ChakriR2 Ser 3/0 144 R PT1000 Ser 2/0 ChakriR3>sh ip int br ChakriR3>sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 FastEthernet1/0 Serial2/0 192.168.3.1 unassigned unassigned YES manual up up
Port ID Ser 0/1/0 Protocol Up Up Up
Serial3/0 192.168.2.2 YES manual up up FastEthernet4/0 192.168.2.2 YES manual administratively down down FastEthernet5/0 unassigned YES manual administratively down down Loopback0 192.168.3.20 YES manual up up ChakriR3> ChakriR2>telnet 192.168.1.101 ---> ChakriSwitch IP ChakriSwitch>sh cdp neighbors Device ID Local Interface Hold time Capability Platform Port ID Access Server Fas 0/2 170 2511 Eth 0 EAST Fas 0/12 164 H Win2000 S Eth 1/1 Cisco call manager server running on cisco built using windows2000 server CAT3550 Fas 0/1 148 RSI WS-C3550- Fas 0/23 ChakriR2 Fas 0/4 149 RSI 2801 Fas 0/0 CDP broadcasts lot of sensitive information, we might want to disable on specific interfaces or on the device on the whole. Once every 60 seconds is the default timer to broadcast CDP details. CDP is a broadcast protocol. ChakriSwitch>sh cdp neighbors details ChakriR2>SH cdp ne ChakriR2>SH cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriSwitch Fas 1/0 130 S 2960 Fas 0/2 ChakriR3 Ser 2/0 135 R PT1000 Ser 3/0
ChakriR2>sh cdp entry ChakriSwitch Device ID: ChakriSwitch Entry address(es): IP address : 192.168.1.101 Platform: cisco 2960, Capabilities: Switch Interface: FastEthernet1/0, Port ID (outgoing port): FastEthernet0/2 Holdtime: 135 Version :
Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Wed 12-Oct-05 22:05 by pt_team advertisement version: 2 Duplex: full ---------------------------
ChakriR2> ChakriSwitch#sh cdp ChakriSwitch#sh cdp ? entry Information for specific neighbor entry interface CDP interface status and configuration neighbors CDP neighbor entries <cr> ChakriSwitch#sh cdp ne ChakriSwitch#sh cdp neighbors ? detail Show detailed information <cr> ChakriSwitch#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/1 144 R C2800 Fas 0/0 ChakriR2 Fas 0/2 150 R PT1000 Fas 1/0
ChakriSwitch#sh cd ChakriSwitch#sh cdp ne ChakriSwitch#sh cdp neighbors de ChakriSwitch#sh cdp neighbors detail ? <cr> ChakriSwitch#sh cdp neighbors detail Device ID: ChakriR1 Entry address(es): IP address : 192.168.1.1 Platform: cisco C2800, Capabilities: Router Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/0 Holdtime: 162 Version :
Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 06:21 by pt_rel_team advertisement version: 2 Duplex: full --------------------------Device ID: ChakriR2 Entry address(es): IP address : 192.168.1.2 Platform: cisco PT1000, Capabilities: Router Interface: FastEthernet0/2, Port ID (outgoing port): FastEthernet1/0 Holdtime: 167 Version : Cisco Internetwork Operating System Software IOS (tm) PT1000 Software (PT1000-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Wed 27-Apr-04 19:01 by miwang advertisement version: 2 Duplex: full ChakriSwitch# ChakriR1#sh ip int brief ChakriR1#sh cdp neighbors ChakriR1#sh cdp neighbors detail ChakriR1(config)#int fa 4 ChakriR1(config-if)#no cdp enable ---> disables outgoing CDP on fa 4 interface. ChakriR1(config)#no cdp run ---> disables outgoing CDP on the whole router. Once every 60 seconds (default) sends out a broadcast of CDP info. ChakriR1#sh ip int br Interface IP-Address OK? Method Status Protocol FastEthernet0/0 FastEthernet0/1 Vlan1 192.168.1.1 YES manual up up up down
68.110.171.98 YES manual up unassigned YES manual up
ChakriR1#sh cdp ChakriR1#sh cdp ne ChakriR1#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ISP-Router Fas 0/1 126 R C2800 Fas 0/0 ChakriSwitch Fas 0/0 126 S 2960 Fas 0/1 ChakriR1#sh cdp neighbors de ChakriR1#sh cdp neighbors detail Device ID: ISP-Router Entry address(es): IP address : 68.110.171.97 Platform: cisco C2800, Capabilities: Router Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/0 Holdtime: 122 Version :
Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 06:21 by pt_rel_team advertisement version: 2 Duplex: full --------------------------Device ID: ChakriSwitch Entry address(es): IP address : 192.168.1.101 Platform: cisco 2960, Capabilities: Switch Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1 Holdtime: 122 Version :
Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Wed 12-Oct-05 22:05 by pt_team advertisement version: 2 Duplex: full ChakriR1# ChakriR1# ChakriR1#telnet 68.110.171.97 Trying 68.110.171.97 ...Open [Connection to 68.110.171.97 closed by foreign host] ChakriR1#ping 68.110.171.97 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 68.110.171.97, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 13/20/30 ms ChakriR1#telnet 68.110.171.97 Trying 68.110.171.97 ...Open [Connection to 68.110.171.97 closed by foreign host] ChakriR1#
ISP-Router#conf t Enter configuration commands, one per line. End with CNTL/Z. ISP-Router(config)#line vty ? <0-15> First Line number ISP-Router(config)#line vty 0 15 ISP-Router(config-line)#login % Login disabled on line 66, until 'password' is set % Login disabled on line 67, until 'password' is set % Login disabled on line 68, until 'password' is set % Login disabled on line 69, until 'password' is set % Login disabled on line 70, until 'password' is set % Login disabled on line 71, until 'password' is set % Login disabled on line 72, until 'password' is set % Login disabled on line 73, until 'password' is set % Login disabled on line 74, until 'password' is set % Login disabled on line 75, until 'password' is set % Login disabled on line 76, until 'password' is set % Login disabled on line 77, until 'password' is set % Login disabled on line 78, until 'password' is set % Login disabled on line 79, until 'password' is set % Login disabled on line 80, until 'password' is set % Login disabled on line 81, until 'password' is set ISP-Router(config-line)#password % Incomplete command. ISP-Router(config-line)#password cisco ISP-Router(config-line)#exit ISP-Router(config)#exit ISP-Router# %SYS-5-CONFIG_I: Configured from console by console ISP-Router#
ChakriR1#telnet 68.110.171.97 Trying 68.110.171.97 ...Open
User Access Verification Password: ISP-Router>sh cdp ISP-Router>sh cdp ne ISP-Router>sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/0 151 R C2800 Fas 0/1 ISP-Router>
ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#int fa ChakriR1(config)#int fastEthernet 0/1 ChakriR1(config-if)#no cdp ChakriR1(config-if)#no cdp ? enable Enable CDP on interface ChakriR1(config-if)#no cdp enable ? <cr> ChakriR1(config-if)#no cdp enable ChakriR1(config-if)#exit ChakriR1(config)#exit ChakriR1# ISP-Router#sh cdp ne ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/0 89 R C2800 Fas 0/1 ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/0 81 R C2800 Fas 0/1 ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/0 76 R C2800 Fas 0/1 ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/0 68 R C2800 Fas 0/1 ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/0 60 R C2800 Fas 0/1 ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/0 51 R C2800 Fas 0/1 ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/0 42 R C2800 Fas 0/1 ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/0 17 R C2800 Fas 0/1 ISP-Router#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/0 8 R C2800 Fas 0/1 ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1 Fas 0/0 0 R C2800 Fas 0/1 ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ISP-Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ISP-Router# ChakriR1#telnet 68.110.171.97 Trying 68.110.171.97 ...Open ISP-Router>exit ISP-Router(config)#line vty 0 15 ISP-Router(config-line)#no login ChakriR1#telnet 68.110.171.97 Trying 68.110.171.97 ...Open ISP-Router>exit ISP-Router(config)#line vty 0 15 ISP-Router(config-line)#no password ChakriR1#telnet 68.110.171.97 Trying 68.110.171.97 ...Open ISP-Router>exit ISP-Router(config)#line vty 0 15 ISP-Router(config-line)#login % Login disabled on line 66, until 'password' is set % Login disabled on line 67, until 'password' is set % Login disabled on line 68, until 'password' is set % Login disabled on line 69, until 'password' is set % Login disabled on line 70, until 'password' is set % Login disabled on line 71, until 'password' is set % Login disabled on line 72, until 'password' is set % Login disabled on line 73, until 'password' is set % Login disabled on line 74, until 'password' is set % Login disabled on line 75, until 'password' is set % Login disabled on line 76, until 'password' is set % Login disabled on line 77, until 'password' is set % Login disabled on line 78, until 'password' is set % Login disabled on line 79, until 'password' is set % Login disabled on line 80, until 'password' is set % Login disabled on line 81, until 'password' is set ISP-Router(config-line)#exit
ChakriR1#telnet 68.110.171.97 Trying 68.110.171.97 ...Open [Connection to 68.110.171.97 closed by foreign host] ChakriR1#ping 68.110.171.97 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 68.110.171.97, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/14/20 ms ChakriR1#telnet 68.110.171.97 Trying 68.110.171.97 ...Open [Connection to 68.110.171.97 closed by foreign host] ChakriR1# ChakriSwitch#sh cdp ne ChakriSwitch#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR2 Fas 0/2 141 R PT1000 Fas 1/0 ChakriR1 Fas 0/1 129 R C2800 Fas 0/0 ChakriSwitch# ISP-Router>sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#no cd ChakriR1(config)#no cdp ? run ChakriR1(config)#no cdp run ? <cr> ChakriR1(config)#no cdp run ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1# ChakriSwitch#sh cdp ne ChakriSwitch#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR2 Fas 0/2 141 R PT1000 Fas 1/0 ChakriR1 Fas 0/1 129 R C2800 Fas 0/0 ChakriSwitch# ChakriSwitch#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR2 Fas 0/2 178 R PT1000 Fas 1/0 ChakriR1 Fas 0/1 107 R C2800 Fas 0/0 ChakriSwitch#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR2 Fas 0/2 153 R PT1000 Fas 1/0
ChakriR1 Fas 0/1 22 R C2800 Fas 0/0 ChakriSwitch#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR2 Fas 0/2 124 R PT1000 Fas 1/0 ChakriSwitch# ISP-Router>sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ISP-Router> ChakriR1#conf t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#cdp run ChakriR1(config)#exit ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1# ChakriSwitch#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR2 Fas 0/2 175 R PT1000 Fas 1/0 ChakriR1 Fas 0/1 158 R C2800 Fas 0/0 ChakriSwitch#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR2 Fas 0/2 160 R PT1000 Fas 1/0 ChakriR1 Fas 0/1 143 R C2800 Fas 0/0 ChakriSwitch#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR2 Fas 0/2 140 R PT1000 Fas 1/0 ChakriR1 Fas 0/1 124 R C2800 Fas 0/0 ChakriSwitch# ChakriSwitch#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ChakriR2 Fas 0/2 126 R PT1000 Fas 1/0 ChakriR1 Fas 0/1 169 R C2800 Fas 0/0 ChakriSwitch# ISP-Router>sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ISP-Router>
File Management . Backup running config . Backup IOS . Upgrade IOS to a newer version Copy Command: Allows to move files between memory components and TO and FROM Router. ChakriR1>sh version ---> Identify all the below memory components from the output.
Location: run RAM Fast but Volatile

. Running-Config . Packet buffer . Partitioned memory 60416K + equal to 64MB 5120K . Faster
Location: start NVRAM Non-Volatile RAM

. Startup-Config . Small (239KB) . Slower than RAM
Location: flash FLASH Non-Volatile

. IOS . 62720KB . Copies IOS when you bootup to RAM, therefore you see ### on the monitor. . Slower than RAM
TFTP Not part of Ciscodevice

TFTP = Trivial File Transfer Protocol . TFTP Server . UDP Port 69 . Free (http://tftpd32.jounin.net/tftpd32_download.html) (or) google "tftp32" ChakriR1>sh version
Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 06:21 by pt_rel_team ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1) Copyright (c) 2000 by cisco Systems, Inc. System returned to ROM by power-on System image file is "c2800nm-advipservicesk9-mz.124-15.T1.bin"
This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.
cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory Processor board ID JAD05190MTZ (4292891495) M860 processor: part number 0, mask 49 2 FastEthernet/IEEE 802.3 interface(s) 239K bytes of NVRAM. 62720K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 ChakriR1> ChakriR1#copy running-config startup-config Destination filename [Startup-Config]? ChakriR1> ChakriR1> ChakriR1>copy r ChakriR1>copy runn ChakriR1>copy ? % Unrecognized command ChakriR1>en Password: ChakriR1#co ChakriR1#cop ChakriR1#copy ? flash: Copy from flash: file system running-config Copy from current system configuration startup-config Copy from startup configuration tftp: Copy from tftp: file system ChakriR1#copy r ChakriR1#copy running-config ? flash: Copy to flash file startup-config Copy to startup configuration tftp: Copy to current system configuration ChakriR1#copy running-config s ChakriR1#copy running-config startup-config ? <cr> ChakriR1#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] ChakriR1# ChakriR1#copy ? ChakriR1#copy ? flash: Copy from flash: file system running-config Copy from current system configuration startup-config Copy from startup configuration tftp: Copy from tftp: file system ChakriR1#copy
ChakriR1#copy running-config tftp Address or name of remote host[ ]? 192.168.1.50 Destination filename [ChakriR2-Config]? ChakriR1-Config.txt ChakriR1#copy ? flash: Copy from flash: file system running-config Copy from current system configuration startup-config Copy from startup configuration tftp: Copy from tftp: file system ChakriR1#copy r ChakriR1#copy running-config ? flash: Copy to flash file startup-config Copy to startup configuration tftp: Copy to current system configuration ChakriR1#copy running-config t ChakriR1#copy running-config tftp: ? <cr> ChakriR1#copy running-config tftp: Address or name of remote host []? 192.168.1.100 Destination filename [ChakriR1-confg]? ChakriR1-Config.txt .!! [OK - 1407 bytes] 1407 bytes copied in 3.043 secs (0 bytes/sec) ChakriR1# ChakriR1#sh flash ---> To see the IOS file itself. 1 2 ChakriR1#sh version ---> To find out the IOS filename. System Image file is "." ---> IOS file name. ChakriR1#sh fl ChakriR1#sh flash: ? <cr> ChakriR1#sh flash: System flash directory: File Length Name/status 3 50938004 c2800nm-advipservicesk9-mz.124-15.T1.bin 2 28282 sigdef-category.xml 1 227537 sigdef-default.xml [51193823 bytes used, 12822561 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write)
ChakriR1#sh version ? <cr> ChakriR1#sh version

Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 06:21 by pt_rel_team ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1) Copyright (c) 2000 by cisco Systems, Inc. System returned to ROM by power-on System image file is "c2800nm-advipservicesk9-mz.124-15.T1.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory Processor board ID JAD05190MTZ (4292891495) M860 processor: part number 0, mask 49 2 FastEthernet/IEEE 802.3 interface(s) 239K bytes of NVRAM. 62720K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 ChakriR1# ChakriR1#copy flash tftp ChakriR1#copy flash:"source file" tftp:"//192.168.1.50/destination file name" Destination filename [c2801-adventerprisek9-mz.124-4.xc.bin]? ChakriR1#copy ? flash: Copy from flash: file system running-config Copy from current system configuration startup-config Copy from startup configuration tftp: Copy from tftp: file system ChakriR1#copy f ChakriR1#copy flash: ? running-config Update (merge with) current system configuration startup-config Copy to startup configuration tftp: Copy to tftp: file system ChakriR1#copy flash: t ChakriR1#copy flash: tftp: ? <cr> ChakriR1#copy flash: tftp: Source filename []? c2800nm-advipservicesk9-mz.124-15.T1.bin Address or name of remote host []? 192.168.1.100 Destination filename [c2800nm-advipservicesk9-mz.124-15.T1.bin]? !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 50938004 bytes] 50938004 bytes copied in 10.988 secs (4635000 bytes/sec) ChakriR1#
ChakriR1#copy tftp flash ChakriR1#sh fla ChakriR1#sh flash: System flash directory: File Length Name/status 3 50938004 c2800nm-advipservicesk9-mz.124-15.T1.bin 2 28282 sigdef-category.xml 1 227537 sigdef-default.xml [51193823 bytes used, 12822561 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write)
ChakriR1#copy f ChakriR1#copy flash: t ChakriR1#copy flash: tftp: ? <cr> ChakriR1#copy flash: tftp: Source filename []? sigdef-category.xml Address or name of remote host []? 192.168.1.100 Destination filename [sigdef-category.xml]? !! [OK - 28282 bytes] 28282 bytes copied in 0.09 secs (314000 bytes/sec) ChakriR1#sh flash: ? <cr> ChakriR1#copy flash: tftp: Source filename []? sigdef-category.xml Address or name of remote host []? 192.168.1.100 Destination filename [sigdef-category.xml]? !! [OK - 28282 bytes] 28282 bytes copied in 0.042 secs (673000 bytes/sec) ChakriR1#copy flash: tftp: Source filename []? c2800nm-advipservicesk9-mz.124-15.T1.bin Address or name of remote host []? 192.168.1.100 Destination filename [c2800nm-advipservicesk9-mz.124-15.T1.bin]? !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 50938004 bytes] 50938004 bytes copied in 9.546 secs (5336000 bytes/sec) ChakriR1# ChakriR1#copy ? flash: Copy from flash: file system running-config Copy from current system configuration startup-config Copy from startup configuration tftp: Copy from tftp: file system ChakriR1#copy t ChakriR1#copy tftp: ? flash: Copy to flash: file system running-config Copy configuration from system startup-config Copy startup configuration from system ChakriR1#copy tftp: f ChakriR1#copy tftp: flash: ? <cr>
ChakriR1#copy tftp: flash: Address or name of remote host []? 192.168.1.100 Source filename []? c2800nm-advipservicesk9-mz.124-15.T1.bin Destination filename [c2800nm-advipservicesk9-mz.124-15.T1.bin]? %Warning:There is a file already existing with this name Do you want to over write? [confirm] Accessing tftp://192.168.1.100/c2800nm-advipservicesk9-mz.124-15.T1.bin... Erase flash: before copying? [confirm] Erasing the flash filesystem will remove all files! Continue? [confirm] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased
Erase of flash: completeAccessing tftp://192.168.1.100/c2800nm-advipservicesk9-mz.124-15.T1.bin...
Loading c2800nm-advipservicesk9-mz.124-15.T1.bin from 192.168.1.100: !!!!!!!!!!!!!!!!!!!!!!!!! [OK - 50938004 bytes] 50938004 bytes copied in 8.569 secs (431014 bytes/sec) ChakriR1#sh fa ChakriR1#sh fl ChakriR1#sh flash: System flash directory: File Length Name/status 4 50938004 c2800nm-advipservicesk9-mz.124-15.T1.bin [50938004 bytes used, 13078380 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write)
ChakriR1#copy tftp: flash: Address or name of remote host []? 192.168.1.100 Source filename []? sigdef-category.xml Destination filename [sigdef-category.xml]? Accessing tftp://192.168.1.100/sigdef-category.xml... Loading sigdef-category.xml from 192.168.1.100: ! [OK - 28282 bytes] 28282 bytes copied in 0.023 secs (1229652 bytes/sec) ChakriR1#sh fl ChakriR1#sh flash: System flash directory: File Length Name/status 4 50938004 c2800nm-advipservicesk9-mz.124-15.T1.bin 5 28282 sigdef-category.xml [50966286 bytes used, 13050098 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write)
ChakriR1#copy tftp: flash: Address or name of remote host []? 192.168.1.100 Source filename []? sigdef-category.xml Destination filename [sigdef-category.xml]? %Warning:There is a file already existing with this name Do you want to over write? [confirm] Accessing tftp://192.168.1.100/sigdef-category.xml... Erase flash: before copying? [confirm] Erasing the flash filesystem will remove all files! Continue? [confirm] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased Erase of flash: completeAccessing tftp://192.168.1.100/sigdef-category.xml... Loading sigdef-category.xml from 192.168.1.100: ! [OK - 28282 bytes] 28282 bytes copied in 0.04 secs (707050 bytes/sec) ChakriR1#sh flash: System flash directory: File Length Name/status 6 28282 sigdef-category.xml [28282 bytes used, 63988102 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write)
ChakriR1#copy tftp: flash: Address or name of remote host []? 192.168.1.100 Source filename []? c2800nm-advipservicesk9-mz.124-15.T1.bin Destination filename [c2800nm-advipservicesk9-mz.124-15.T1.bin]? Accessing tftp://192.168.1.100/c2800nm-advipservicesk9-mz.124-15.T1.bin... Loading c2800nm-advipservicesk9-mz.124-15.T1.bin from 192.168.1.100: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 50938004 bytes] 50938004 bytes copied in 10.206 secs (361881 bytes/sec) ChakriR1# ChakriR1# ChakriR1# ChakriR1# ChakriR1#sh flash: System flash directory: File Length Name/status 7 50938004 c2800nm-advipservicesk9-mz.124-15.T1.bin 6 28282 sigdef-category.xml [50966286 bytes used, 13050098 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write) ChakriR1#copy tftp run Note: When copying things to running config, the IOS always merges both of them. eg: If the config on TFTP says your ip address of fa 0/0 is 10.1.1.1 and the one in RAM says 10.1.1.2. When you copy the TFTP will replace that because it is a direct conflict, therefore your new ip address is 10.1.1.1, that is on good side. The bad side of merge is eg: some NAT configuration on RAM, that did not exist in the TFTP configuration, when you copy from TFTP to RAM, the configuration merges,
NAT config on RAM still exist, which you don't wanted but still remains because merge
only replaces only directly conflict configuration.

So how do you fix this: copy TFTP to Startup-Config, here it strait away replaces startup config.
Note: Any Config that copies to RAM merges with running-config.
ChakriR1#cop ChakriR1#copy ? flash: Copy from flash: file system running-config Copy from current system configuration startup-config Copy from startup configuration tftp: Copy from tftp: file system ChakriR1#copy t ChakriR1#copy tftp: ? flash: Copy to flash: file system running-config Copy configuration from system startup-config Copy startup configuration from system ChakriR1#copy tftp: r ChakriR1#copy tftp: running-config ? <cr> ChakriR1#copy tftp: running-config Address or name of remote host []? 192.168.1.100 Source filename []? ChakriR1-Config.txt Destination filename [running-config]? Accessing tftp://192.168.1.100/ChakriR1-Config.txt... Loading ChakriR1-Config.txt from 192.168.1.100: ! [OK - 1407 bytes] 1407 bytes copied in 0.007 secs (201000 bytes/sec) ChakriR1# %SYS-5-CONFIG_I: Configured from console by console ChakriR1# ChakriR1#copy tftp start ---> replaces startup file with tftp file. Address or name of remote host[ ]? 192.168.1.100 Source filename [ ]? Chakrir2-config.txt Destination filename [Startup-Config]? Accessing tftp://192.168.1.100/ChakriR2-Config.txt Loading ChakriR1-Config.txt from 192.168.1.100 (via FastEthernet 0/0): ! [ok-1223 bytes] when rebooted the new startup config loads into running config. ChakriR1#cop ChakriR1#copy t ChakriR1#copy tftp: s ChakriR1#copy tftp: startup-config ? <cr> ChakriR1#copy tftp: startup-config Address or name of remote host []? 192.168.1.100 Source filename []? ChakriR1-Config.txt Destination filename [startup-config]? Accessing tftp://192.168.1.100/ChakriR1-Config.txt... Loading ChakriR1-Config.txt from 192.168.1.100: ! [OK - 1407 bytes] 1407 bytes copied in 0.07 secs (20100 bytes/sec) ChakriR1#
Upgrading IOS and boot system command ChakriR1#sh flash ---> check for IOS. Download new IOS to TFTP, and a known good older one sits in Flash. Now boot the router to use tftp (with new IOS) to boot with new IOS.
Once you are satisfied with the new IOS then you can copy the new IOS to Flash.
ChakriR1(config)#boot system tftp://192.168.1.50/"new ios file name.bin". The next time you boot the Router, it boots from tftp, if the file is not available or tftp not available then it boots from Flash. ChakriR1(config)#boot system flash ChakriR1>en Password: ChakriR1#sh flas System flash directory: File Length Name/status 7 50938004 c2800nm-advipservicesk9-mz.124-15.T1.bin 6 28282 sigdef-category.xml [50966286 bytes used, 13050098 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write)
ChakriR1#config Configuring from terminal, memory, or network [terminal]? t Enter configuration commands, one per line. End with CNTL/Z. ChakriR1(config)#bo ChakriR1(config)#boot ? system System image file ChakriR1(config)#boot s ChakriR1(config)#boot system ? flash Boot from flash memory ChakriR1(config)#boot system t ChakriR1(config)#boot system f ChakriR1(config)#boot system flash ? WORD System image filename ChakriR1(config)#boot system flash c2800nm-advipservicesk9-mz.124-15.T1.bin ? <cr> ChakriR1(config)#boot system flash c2800nm-advipservicesk9-mz.124-15.T1.bin ChakriR1(config)#
Running Configurations ChakriSwitch#sh run Building configuration... Current configuration : 1773 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec service password-encryption ! hostname ChakriSwitch ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! no ip domain-lookup ip name-server 0.0.0.0 ! username chakri password 7 08651D0A043C3705565E42057C1B700222370C1A2A2E5350434A ! ! interface FastEthernet0/1 ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 !
interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 ip address 192.168.1.101 255.255.255.0 ! ip default-gateway 172.30.2.1 ! banner motd ^C *************************** DO NOT LOGIN EXCEPT CHAKRI *************************** ^C ! line con 0 password 7 0822455D0A16 logging synchronous login exec-timeout 0 0 ! line vty 0 exec-timeout 0 0 password 7 0822455D0A1654 logging synchronous login history size 256 transport input telnet line vty 1 4 exec-timeout 0 0 password 7 0822455D0A1654 logging synchronous login transport input telnet line vty 5 9 exec-timeout 0 0 password 7 0822455D0A1657 logging synchronous login line vty 10 15 exec-timeout 0 0
password 7 0822455D0A1656 logging synchronous login ! ! end
ChakriSwitch# ChakriR1#sh run Building configuration... Current configuration : 1548 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname ChakriR1 ! ! boot system flash c2800nm-advipservicesk9-mz.124-15.T1.bin ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ! username chakri privilege 15 password 0 cisco ! ! ! ! ! ip domain-name nuggetlab.com ip name-server 4.2.2.2 ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside duplex auto speed auto ! interface FastEthernet0/1 description INTERNET WAN PORT no ip address ip nat outside duplex auto
speed auto no cdp enable shutdown ! interface FastEthernet1/0 ip address 68.110.171.98 255.255.255.224 ! interface Vlan1 no ip address ! router rip version 2 network 68.0.0.0 network 192.168.1.0 no auto-summary ! ip nat inside source list 1 interface FastEthernet0/1 overload ip classless ip route 0.0.0.0 0.0.0.0 68.110.171.97 ! ! access-list 1 remark SDM-ACL access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 remark SDM-ACL ! ip dhcp excluded-address 192.168.1.1 192.168.1.19 ip dhcp excluded-address 192.168.1.101 192.168.1.254 ! ip dhcp pool LAN_Addresses network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 4.2.2.2 ! banner motd ^C ********************************************** No Login without Permission ********************************************** ^C ! ! ! ! line con 0 exec-timeout 30 0 password cisco logging synchronous line vty 0 4 login local line vty 5 15 login local ! ! ! end
ChakriR1# ISP-Router#sh run Building configuration... Current configuration : 563 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname ISP-Router ! ! ! ! ! ! ! ! ! ! ip name-server 0.0.0.0 ! ! ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet0/1 ip address 4.0.0.1 255.0.0.0 duplex auto speed auto ! interface FastEthernet1/0 ip address 68.110.171.97 255.255.255.224 ! interface Vlan1 no ip address ! ip classless ! ! ! ! ! !
! ! ! line con 0 line vty 0 4 login line vty 5 15 login ! ! ! end
ISP-Router# ChakriR2#sh run Building configuration... Current configuration : 1014 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname ChakriR2 ! ! ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet1/0 ip address 192.168.1.2 255.255.255.0 duplex auto speed auto
! interface Serial2/0 ip address 192.168.2.1 255.255.255.0 encapsulation ppp ! interface Serial3/0 no ip address shutdown ! interface FastEthernet4/0 ip address 192.168.2.1 255.255.255.128 shutdown ! interface FastEthernet5/0 no ip address shutdown ! router rip version 2 network 192.168.1.0 network 192.168.2.0 no auto-summary ! ip classless ! ! ! ! ! banner motd ^C ********************************************** DO NOT LOGIN UNAUTHORISED ********************************************** ^C ! ! ! ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! ! ! end
ChakriR2# ChakriR3#sh run Building configuration...
Current configuration : 1089 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname ChakriR3 ! ! ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 192.168.3.20 255.255.255.255 ! interface FastEthernet0/0 ip address 192.168.3.1 255.255.255.240 duplex auto speed auto ! interface FastEthernet1/0 no ip address duplex auto speed auto shutdown ! interface Serial2/0 no ip address shutdown ! interface Serial3/0 ip address 192.168.2.2 255.255.255.0 encapsulation ppp clock rate 2000000 ! interface FastEthernet4/0 ip address 192.168.2.2 255.255.255.128 shutdown ! interface FastEthernet5/0
no ip address shutdown ! router rip version 2 network 192.168.2.0 network 192.168.3.0 ! ip classless ! ! ! ! ! banner motd ^C *********************************************** UNAUTHORISED LOGINS NOT ALLOWED *********************************************** ^C ! ! ! ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! ! ! end
ChakriR3# Switch#sh run Building configuration... Current configuration : 1009 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Switch ! ! ! interface FastEthernet0/1 ! interface FastEthernet0/2
! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 no ip address shutdown ! ! line con 0
! line vty 0 4 login line vty 5 15 login ! ! end
Switch# **** THE END *****

Ccent Study

Enviado por

Dados do documento

Descrição original:

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Ccent Study

Enviado por

Direitos autorais:

Formatos disponíveis

CCENT / ICND1 ICND = Interconnecting Cisco Networking Devices Exam: 640-822 What is a Network?

Packet formation S. Port FTP

TCP/IP Protocol suite

Network Access Layer

IP Address format (IP and MAC)

Medium Access eg:FFFF:FFFF:FFFF (or) FF-FF-FF-FF-FF-FF (or) FF:FF:FF:FF:FF:FF Control

AND 0&0 0&1 1&0 1&1

eMail Server 0002.176A.6E37 fa 0/5 192.168.1.100 255.255.255.0 192.168.1.1 int vlan 1

68.110.171.98 ChakriR1 192.168.1.1 192.168.1.1

fa 0/3 192.168.1.10 255.255.255.0 192.168.1.1

fa 0/3 172.30.2.10 255.255.255.0 172.30.2.1

255.255.255.0 255.255.255.0 0.0.0.0 Rouge8

255.255.255.0 255.255.255.0 0.0.0.0 Rouge9

255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0

SYN SYN-ACK ACK Connection Oriented - Three-way hand shake

S4 S3 S2 S1 ACK3 S1 S2 S3 S4 S5 S4 S3 ACK6 ACK5 S6 S7 S8 S9 S10

Sequence numbers, Acknowledgements, Windowing / Flow-Control

eMail Server 0002.176A.6E37 fa 0/5 192.168.1.100 255.255.255.0 192.168.1.1 int vlan 1

68.110.171.98 ChakriR1 192.168.1.1 192.168.1.1

fa 0/3 192.168.1.10 255.255.255.0 192.168.1.1

fa 0/3 172.30.2.10 255.255.255.0 172.30.2.1

255.255.255.0 255.255.255.0 0.0.0.0 Rouge8

255.255.255.0 255.255.255.0 0.0.0.0 Rouge9

255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0

Shared CSMA/CD Communication

68.110.171.98 ChakriR1 192.168.1.1 192.168.1.1

fa 0/3 192.168.1.10 255.255.255.0 192.168.1.1

fa 0/3 172.30.2.10 255.255.255.0 172.30.2.1

255.255.255.0 255.255.255.0 0.0.0.0 Rouge8

255.255.255.0 255.255.255.0 0.0.0.0 Rouge9

255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0

Other Collision Domain

eMail Server 0002.176A.6E37 fa 0/5 192.168.1.100 255.255.255.0 192.168.1.1 int vlan 1

68.110.171.98 ChakriR1 192.168.1.1 192.168.1.1

fa 0/3 192.168.1.10 255.255.255.0 192.168.1.1

fa 0/3 172.30.2.10/230 255.255.255.0/252 172.30.2.1

255.255.255.0 255.255.255.0 0.0.0.0 Rouge8

255.255.255.0 255.255.255.0 0.0.0.0 Rouge9

172.30.2.230/228-233 172.30.2.130 255.255.255.0 255.255.255.0 0.0.0.0 0.0.0.0

line con 0 ! line vty 0 4 login line vty 5 15 login ! ! end

ChakriSwitch(config)#ip ssh version 2 ChakriSwitch(config)#line vty 0 4

the below configuration is implemented. ChakriSwitch#sh ip int brief

ChakriSwitch#sh mac address-table ChakriSwitch(config)#int fa 0/2

ChakriSwitch#sh port-security int fa 0/2 Port Security: Port Status:

Protocol down up down down down down

unassigned unassigned unassigned unassigned unassigned unassigned

Protocol down up up down down down up

unassigned unassigned unassigned unassigned unassigned unassigned

Interface FastEthernet0/1 FastEthernet1/1 FastEthernet2/1 FastEthernet3/1 FastEthernet4/1 FastEthernet5/1

Protocol down up up down down down up

unassigned unassigned unassigned unassigned unassigned unassigned

terminal monitor is not supported by simulator

because the interface will change states, down and up.

STP STP = Spanning Tree Protocol

cable length>100meters message 10 message 10

Access point frequencies and choices 22MHz 2.473GHz

Access point frequencies and choices

Designing your Wireless coverage 802.11(b)(g)

All these Access points still support WEP.

Correct Design of a WLAN

4.3 * 10^9 4.3 * 10^38

Step3: Dec No. 1 2 3 100

N = No. of the Subnet range = 0 to 127

No Login without Permission