Lab m Annual
Transcript of Lab m Annual
-
7/27/2019 Lab m Annual
1/84
-
7/27/2019 Lab m Annual
2/84
Lab manual
COMMAND LINE INTERFACE (CLI)
To enter the hyper terminalPrograms Accessories CommunicationHyperTerminal
(HyperTerminal window opens)
-prompts for the screen name (not the router name)
-connect to window select com1 ok
-com1 properties window select restore default ok
Switch ON the router (if new router that is not configured it will ask -----Would u like to enter initial configuration dialog[yes/no]: no
Press return to get started (enter)
Router>
* User Mode/User Executable Mode
Router> enable (enter)
Router#
* Privileged Mode/Enable Mode Executable Mode.
The following commands can be executed in this mode
Router#show running-config(enter)
Router#debug xxx
Router#copy xxx
Router#configure terminal(enter)
Router(config)#
* Global Configuration Mode- Any configuration change in this mode affects the
whole router.
Router(config)#interface e 0/fastethernet 0/ S0 / S 1(enter)
Router(config-if)#
* Specific Configuration Mode configuration changes to specific part of the
router like lines and interfaces.
-
7/27/2019 Lab m Annual
3/84
Lab manual Setting User mode Password
Router(config)#Line console 0(enter)
Router(config-line)#password xxxx
Router(config-line)#login
To set username & password for the user modeRouter(config)#username xxxx password xxxx
Router(config)#Line console 0
Router(config-line)#login local
To change the hostnameRouter(config)#hostname HOR(enter)HOR(config)#
T o encrypt all the passwordsRouter(config)#service password-encryption
To set password for the privileged modeRouter(config)#enable password/secret xxxx
-
7/27/2019 Lab m Annual
4/84
Lab manualQUESTIONS
1 . What are the different modes in a router?
oRouter> ------------- User mode or the user executable modeEnable (enter)
o Router# ---------- Privileged mode/Enable modeShow running-config
Debug xxx
Ping A.B.C.D
o Router# configure terminal (enter)Router(config)# ----------- Global configuration mode
o Router(config)#interface ethernet 0/fastethernet 0/serial 0/ serial 1(enter)o Router(config)# line console 0
Router(config-if/line)# ---------- Specific configuration mode
2 . Difference between Login and Login Local?
o Login activates the usermode entry password for a single user without username.o Login local activates the username and password for the same usermode, incase of multiple
users.
3 . How to encrypt our passwords?
o Router(config)#service password-encryption Encrypts all the passwords at a time.Thepasswords once encrypted, cannot be decrypted by any command.
4 . How to set password to the user mode?
o Router(config)#Line console 0(enter)Router(config-line)#password xxxx
Router(config-line)#login - Login activates the usermode entry password for a single user
without username.
5 . How to set password to the privilege mode?
o Router(config)#enable password/secret xxxx6 . How to set username and password to the user mode?
o Router(config)#username xxxx password xxxxo Router(config-line)#login local - Login local activates the username and password for the
same usermode, incase of multiple users.
-
7/27/2019 Lab m Annual
5/84
Lab manualSTATIC ROUTING
DTE DCE10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10n/w 30 n/w
E0 S0 S0 E0HOR BOR
R1(config)#interface e 0 R2(config)#interface e 0
R1(config-if)#ip address 10.0.0.1 255.0.0.0 R2(config-if)#ip address 30.0.0.1 255.0.0.0
R1(config-if)#no shutdown * R2(config-if)#no shutdown
R1(config)#interface s 0 R2(config)#interface s 0
R1(config-if)#ip address 20.0.0.1 255.0.0.0 R2(config-if)#ip address 20.0.0.2 255.0.0.0
R1(config-if)#no shutdown R2(config-if)#clock rate 64000R2(config-if)#no shutdown
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2 **
R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1 **
* All interfaces are administratively down when the router is switched on. We change their
status to up by using the command no shutdown.
** In static routing, we are manually adding the destination network to our Routing table.
Router(config-if)#ip route Next hop address refers to the address of the next router that receives the packet and then
forwards it to the remote location.
R1 R2
-
7/27/2019 Lab m Annual
6/84
Lab manualCommands
1 . Router#show running-config
This will display the current configuration of the router.
2 . Router#show controllers serial 0
To identify the DCE & DTE ends of the Serial cable.
3 . Router#show interface ethernet 0
This will displays the details of ethernet interface.
4 . Router#show interface serial 0
This will display the details of serial interface.
5. Router#show ip interface brief
This will display the interface & line protocol status in a tabular format.
Outputs
Router#sh running-config
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
!interface Ethernet1
no ip address
shutdown
!
interface Serial0
ip address 20.0.0.2 255.0.0.0
clockrate 64000
!
interface Serial1
no ip address
shutdown
!
IP route 30.0.0.0 255.0.0.0 20.0.0.1
!
line con 0
line aux 0
line vty 0 4
login
!
End
-
7/27/2019 Lab m Annual
7/84
Lab manualRouter#sh int e0
Ethernet0 is up, line protocol is up
Hardware is Lance, address is 0010.7b80.c3c6 (bia 0010.7b80.c3c6)
Internet address is 10.0.0.1/8MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
Router#sh int s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 20.0.0.2/8
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keep alive set (10 sec)
Router#show ip int brief
State 1 - When both no shutdown andclock rate is applied to corresponding interfaces
Interface IP-Address OK? Method Status Protocol
Ethernet0 30.0.0.1 YES manual up upSerial0 20.0.0.2 YES manual up up
Router#show ip int brief
State 2 - When clock rate is not given on DCE end & layer 1 problem
Interface IP-Address OK? Method Status Protocol
Ethernet0 30.0.0.1 YES manual up up
Serial0 20.0.0.2 YES manual up down
Router#show ip int brief
State 3 - When the other end serial interface is shut down
Interface IP-Address OK? Method Status Protocol
Ethernet0 30.0.0.1 YES manual up up
Serial0 20.0.0.2 YES manual down down
-
7/27/2019 Lab m Annual
8/84
Lab manualRouter#show controllers s 0
HD unit 0, idb = 0xB883C, driver structure at 0xBDB98
buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
Gateway of last resort is not set
C 20.0.0.0/8 is directly connected, Serial0
C 10.0.0.0/8 is directly connected, Ethernet0S 30.0.0.0/8 [1/0] via 20.0.0.1
Router#sh protocolsGlobal values:
Internet Protocol routing is enabled
Ethernet0 is up, line protocol is up
Internet address is 10.0.0.1/8
Ethernet1 is administratively down, line protocol is down
Serial0 is up, line protocol is up
Internet address is 20.0.0.2/8
Serial1 is administratively down, line protocol is down
-
7/27/2019 Lab m Annual
9/84
Lab manualQuestions
1 . How to assign an IP address to the Router and configure it?
oRouter(config)interface e 0 / s 0Router(config-if)ip address
Router(config-if)no shutdown
We assign our default-gateway as the IP address to the ethernet port. When the router is switchedON, by default all the interfaces are administratively
down. To make the interfaces up we give no shutdown
2 . Why and where we use the clock rate?
o The serial line has two ends DTE and DCE. This line goes up and down when IP addressand no shutdown is configured on both sides and will be in asynchronous state always. To
synchronize the link clock rate should be configured at DCE end.
3 . How to find out the DCE end?
o Router#sh controllers s 04 . Difference between
Request timed out
Destination host unreachableReply from : time
-
7/27/2019 Lab m Annual
10/84
Lab manual
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.110 N/w 30 N/w
E0 S0 S0 E0
Make sure you are able to ping the destination network before you configure WANProtocols
R1(config)#int s 0
R1(config-if)#encapsulation PPP
R1(config-if)#exit
When line protocol is not same on both routers, then the state of the link goes up anddown i.e. the encapsulation on R1 --- PPP, R2 --- HDLC.
R2(config)#int s 0
R2(config-if)#encapsulation PPP
R2(config-if)#exit
CHAP
R1(config)#username R2 password 123
R1(config)#int s 0
R1(config-if)#PPP authentication CHAP
R2(config)#username R1 password 123R2(config)#int s 0
R2(config-if)#PPP authentication CHAP
In case of CHAP, the user password should be the same. Here 3-way handshake takesplace.
PAP
R1(config)#username R2 password 123
R1(config)#int s 0
R1(config-if)#PPP authentication PAPR1(config-if)#PPP PAP sent-username R1 password 321
R2(config)#username R1 password 321
R2(config)#int s 0
R2(config-if)#PPP authentication PAP
R2(config-if)#PPP PAP sent-username R2 password 123
In PAP, the username and password is sent manually.
R2R1
-
7/27/2019 Lab m Annual
11/84
Lab manualCOMMANDS
1. Router#sh int s 0To check the encapsulation in the serial interface
2. R1#debug PPP authenticationTo debug PPP authentication
OUTPUTS
Router#sh int s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 20.0.0.1/8
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
hor#debug ppp authentication ( PAP )
Se0 PPP: Treating connection as a dedicated line
Se0 PPP: Phase is AUTHENTICATING, by both
Se0 PAP: O AUTH-REQ id 2 len 12 from "hor"
Se0 PAP: I AUTH-REQ id 2 len 12 from "bor"
Se0 PAP: Authenticating peer bor
Se0 PAP: O AUTH-ACK id 2 len 5
Se0 PAP: I AUTH-ACK id 2 len 5
HOR#debug ppp authentication ( CHAP )
Se0 PPP: Treating connection as a dedicated line
Se0 PPP: Phase is AUTHENTICATING, by both
Se0 CHAP: O CHALLENGE id 21 len 24 from "HOR"
Se0 CHAP: I CHALLENGE id 20 len 24 from "BOR"
Se0 CHAP: O RESPONSE id 20 len 24 from "HOR"
Se0 CHAP: I RESPONSE id 21 len 24 from "BOR"
Se0 CHAP: O SUCCESS id 21 len 4
Se0 CHAP: I SUCCESS id 20 len 4
Questions
-
7/27/2019 Lab m Annual
12/84
Lab manual
1 . Different WAN Protocols?
o HDLC High level Data Link Controlo
PPP Point-to-Point Protocolo Frame-Relay2 . Difference between PPP and HDLC?
PPP HDLC
Open Protocol Cisco Proprietary
Authentication is allowed. Authentication is not possible
PAP CHAP
3 . What are the advantages of using PPP encapsulation over ISDN links?
o PPP authentication prevents unauthorized callers from establishing an ISDN circuit.o PPP can be implemented among different equipment vendors.
4 . How PAP and CHAP works?
o PAPUsername is xxx and password xxxx
Authentication Request
Authentication Acknowledgement
When the username and password are matched in the HOR Database, BOR is allowed.o CHAP
Can I Talk to you
Challenge
Response
Success / Failure
Message Digest (Message Integrity) is one of the forms of Encryption
HOR BOR
HOR BOR
HOR BOR
-
7/27/2019 Lab m Annual
13/84
Lab manual
Packet + Hash Function =Message Digest1. MD 5 is one-way process.2. It is always constant.3.
A small change will result in a big change in MD.
5 . What command would you enter to display the CHAP authentication as it occurs in
real time?
o debug PPP authentication6 . Difference between PAP and CHAP?
o CHAP is more secure than PAP as the password is encrypted here using MD5,while in PAP the clear text password is sent over the link.
7 . The output shown below was taken from two directly connected routers. Based on the
output of these two routers, What happen when the below command Router#show interface
serial 0 is entered?
Corp#show running-config
!
Isdn switch-type basic-5ess
Username Remote password cisco
!
interface s0ip address 192.168.0.1 255.255.255.0
encapsulation ppp
Remote#show running-config
!
Isdn switch-type basic-5ess
Username Corp password Cisco
!
interface s0
ip address 192.168.0.2 255.255.255.0
encapsulation pppppp authentication chap
o The passwords in the username do not match, so the link will not come up and the lineprotocol will be down, which would make LCP closed.Both the usernames and the
passwords are case sensitive.
-
7/27/2019 Lab m Annual
14/84
Lab manualRIP AND IGRPPROTOCOLS
DCE DTE10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10 n/w E0 S0 S0 E0 30 n/w
HOR BOR
RIP
R1(config)#routerRIP * R2(config)#routerRIP
R1(config-router)#network 10.0.0.0 R2(config-router)#network 20.0.0.0
R1(config-router)#network 20.0.0.0 R2(config-router)#network 30.0.0.0
IGRP
R1(config)#routerIGRP 123 ** R2(config)#routerIGRP 123
R1(config-router)#network 10.0.0.0 R2(config-router)#network 20.0.0.0
R1(config-router)#network 20.0.0.0 R2(config-router)#network 30.0.0.0
* In RIP, we specify only those networks that belong to us. RIP sends routing table updates to
its neighbors for every 30secs. RIP uses hop count as a unit of metric. The administrative distance
of RIP is 120
** IGRP uses autonomous number system. Here, only the networks that come under the same
autonomous system number will communicate with each other. Autonomous number is provided
by ISP. (By default, networks in different Autonomous system will not communicate, for different
Autonomous systems to communicate redistribution should be done - CCNP concept).
IGRP sends updates for every 90secs and uses bandwidth and delay as unit of metric. IGRP has
an administrative distance of 100
R1 R2
-
7/27/2019 Lab m Annual
15/84
Lab manual
Commands
1 . Router#debug ip rip
It shows the updates sent to the neighbor routers for every 30 sec.
2. Router#Clear ip route *
This allows the routing table to switch to the new updates by clearing the old entries.
3 . Router#debug ip igrp transactions
Displays the routing table updates that is sent for every 90sec
4 . Router#Undebug all (u all)
To stop all debug commands those are active.
5 . Router#debug ip routing
Displays the dynamic changes made in the routing table
Time Intervals RIP IGRP
Update Interval 30 90
Hold-down timer 180 280
Invalid after 180 270
Flushed after 240 630
-
7/27/2019 Lab m Annual
16/84
Lab manualOutputs
Router#debug ip rip
RIP protocol debugging is on
Router#
00:29:26: RIP: received v1 update from 20.0.0.1 on Serial0
00:29:26: 30.0.0.0 in 1 hops
00:29:30: RIP: sending v1 update to 255.255.255.255 via Ethernet0 (10.0.0.1)
00:29:30: network 20.0.0.0, metric 1
00:29:30: network 30.0.0.0, metric 2
00:29:30: RIP: sending v1 update to 255.255.255.255 via Serial0 (20.0.0.2)
00:29:30: network 10.0.0.0, metric 1
00:29:55: RIP: received v1 update from 20.0.0.1 on Serial0
00:29:55: 30.0.0.0 in 1 hops
Router#debug ip igrp transactions
IGRP protocol debugging is on
Router#
00:26:16: IGRP: sending update to 255.255.255.255 via Ethernet0 (10.0.0.1)
00:26:16: network 20.0.0.0, metric=8476
00:26:16: network 30.0.0.0, metric=8576
00:26:16: IGRP: sending update to 255.255.255.255 via Serial0 (20.0.0.2)
00:26:16: network 10.0.0.0, metric=110000:26:32: IGRP: received update from 20.0.0.1 on Serial0
00:26:32: network 30.0.0.0, metric 8576 (neighbor 1100)
Router#debug ip igrp events
IGRP event debugging is on
Router#
00:22:47: IGRP: received update from 20.0.0.1 on Serial0
00:22:47: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes.
00:22:47: IGRP: Total routes in update: 1
00:23:40: IGRP: sending update to 255.255.255.255 via Ethernet0 (10.0.0.1)
00:23:40: IGRP: Update contains 0 interior, 2 system, and 0 exterior routes.
00:23:40: IGRP: Total routes in update: 2
00:23:40: IGRP: sending update to 255.255.255.255 via Serial0 (20.0.0.2)
00:23:40: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes.
00:23:40: IGRP: Total routes in update: 1
-
7/27/2019 Lab m Annual
17/84
Lab manual
Router#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
C 20.0.0.0/8 is directly connected, Serial0
C 10.0.0.0/8 is directly connected, Ethernet0
R 30.0.0.0/8 [120/1] via 20.0.0.1, 00:00:06, Serial0
E:\ftp 30.0.0.10connected to 30.0.0.10
220 mohan Microsoft FTP service .
user :anonymous331 Anonymous access allowed, send identity as password.
Password:
230 Anonymous user logged in
ftp> dir200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
09-17-07 07:41PM 26 Frame.txt
09-17-07 07:41PM 9 Igrp.txt09-17-07 07:41PM 32 Isdn.txt
09-17-07 07:40PM 10 Rip.txt
226 Transfer complete.
ftp:247 bytes received in 0.00seconds 284000.00kbytes/sec.
ftp>get frame.txt
200 PORT command successful.
226 Transfer complete.
ftp:28 bytes received in 0.00seconds 26000.00kbytes/sec.
ftp>bye
-
7/27/2019 Lab m Annual
18/84
Lab manual
Questions
1. Difference between Static Routing & Dynamic Routing?
o In static routing, we are manually adding the destination network to our Routing table.o In Dynamic Routing, the protocols build the routing table automatically.
2. Difference between RIP and IGRP?
Interior Gateway Routing Protocol Routing Information Protocol
Uses autonomous number system. Does not use autonomous number system.
Works only on Cisco routers. Works on multi-vendor routers.
Sends updates for every 90secs. Sends updates for every 30secs.
Bandwidth, delay and distance as a unit of
metric.
Hop count as a unit of metric.
Administrative distance is 100 Administrative distance is 120
Has a maximum hop count of 100 Has a maximum hop count of 16
.
Time Intervals RIP IGRP
Update Interval 30 90
Hold-down timer 180 280
Invalid after 180 270
Flushed after 240 630
-
7/27/2019 Lab m Annual
19/84
Lab manual
3 . What is Routing loop and when it occurs?
Distance-vector routing protocols sends routing table updates at regular intervals to keep
track of any changes in the Internetwork. Routing loops can occur when a network outage happensand no router is updated with the change in routing table.
Ra Rb Rc Re
n/w 3 n/w 4 n/w 5
Rd
o Assume that the first update has been received by every router and now they are in the dueof 29sec.o Now, the interface to Network 5 is down and also all routers know about Network 5.
Then Re prompts Rc to stop routing to Network 5 through it. But Ra, Rb andRd dont
know about Network 5 yet, so they keep sending the updates.
o Rc will be sending its update and cause Rb to stop routing to Network 5, but Ra andRdare not updated. To them, it appears that Network 5 is still available through Rb.
o Ra will continue to send its updates for every 30secs and unfortunately Rb and Rdreceives a message that Network 5 can be reached from Ra. So Rb and Rd sends theinformation that Network 5 is available.
o Any packet destined forNetwork 5 will go from Ra to Rb and then back to Ra. This leadsto a routing loop.
3. Methods to avoid Routing loop?
Maximum hop count:
When the routing loop occurs, the hop count increases indefinitely each time a packetpasses through a router. To resolve thismaximum hop count was defined. RIP permits hop count
up to 15, so anything that requires 16th hop will be considered as unreachable.
Split horizon:
Split horizon defines that the routing information cannot be sent back in the direction from
which it was received i.e., the routing protocol determines which interface a network route was
learned on and it wont advertise the route back to that same interface.
-
7/27/2019 Lab m Annual
20/84
Lab manual
Route poisoning:
This helps to avoid routing loops in a meshed structure even if split horizon works out. E.g.
when Network 5 goes down, Re initiates route poisoning by advertising Network 5 as 16 hops orunreachable, this poisoning of the route to Network 5 keeps Rc from being susceptible to
incorrect updates about the route to Network 5. When Rc receives aroute poisoningfrom Re; it
sends an update, calledPoison reverseback to Re. This ensures all routes on the segment have
received the poisoned route information.
4. Define Hold down timer
o This sets the amount of time for which the routing information is suppressed. Routes willenter into the hold down state, when an update packet is received indicating the route as
unreachable. This continues, either till it receives an update packet with a better metric or
till the hold down timer is expired. By default Hold down timer is for 180 seconds.
5. You type debug ip rip on your router console and see that 172.16.10.0 is being
advertised to you with a metric of 16. What does this mean?
o The route is inaccessible.
6. What command is used to stop RIP routing updates from exiting out an interface but still
receive RIP route updates?
o Router(config-router)#passive-interface s0
7. A network that is advertised by both RIP and IGRP appears in the routing table flagged
as an IGRP route. Why is the RIP route to this network not used in the routing table?
o IGRP has a lower administrative distance
8. Which parameters does IGRP use to find out the best path to a remote network?
o Bandwidth and Delay.
9. Which command displays RIP routing updates?
o Router#debug ip rip
-
7/27/2019 Lab m Annual
21/84
Lab manual
TELNET
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10 n/w 20 n/w 30 n/w
Make sure you are able to ping the destination network before you configure WANProtocols
R1(config)#line vty 0 4 R2(config)#line vty 0 4
R1(config-line)#password xxx R2(config-line)#password xxx
R1(config-line)#Login R2(config-line)#Login
R1(config)#enable password xxx R2(config)#enable password xxx
If vty password is not configured in R2R1#telnet 20.0.0.2
Password required, but none set
Connection to 20.0.0.2 is closed
After password is configured on R2, try to telnet R2(20.0.0.2)R1>telnet 20.0.0.2
User access verification
Password:
If password is not enabled for the privileged modeR2>enable
%No password set
If the password is setR2>enable
Password:R2#
R2>exitR1# ----------- Will disconnect the session.
R2>(Press) ctrl + shift + 6 and xR1# ----------- Will suspend the session.
R1 R2
-
7/27/2019 Lab m Annual
22/84
Lab manualCommands
1. R1#sh sessions - To display the sessions opened by a particular user.2. R1#(enter)(enter) - To move to the lastly opened session3. R1#sh users - To display the users logged on4. R1#clear line 3 - To disconnect a user
[Confirm]
R1#
5. R1#sh cdp - Works only on directly connected Cisco routersCDP runs every 60 sec.
6. Hold time 180 sec.7. R1#sh cdp neighbors
R1#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
Router Ser 0 143 R 2500 Ser 0
8. R1#show cdp neighbors detail-------------------------
Device ID: Router
Entry address(es):
IP address: 20.0.0.2
Platform: cisco 2500, Capabilities: Router
Interface: Serial0, Port ID (outgoing port): Serial0
Holdtime : 122 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(13), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Thu 10-Feb-05 11:49 by ssearch
advertisement version: 2
9. R1(config)#ip host 20.0.0.2 Creates Host Table.
-
7/27/2019 Lab m Annual
23/84
Lab manualOutputs
Router#sh sessions
Conn Host Address Byte Idle Conn Name1 20.0.0.1 20.0.0.1 0 0 20.0.0.1
* 2 20.0.0.1 20.0.0.1 0 0
Router#sh users
Line User Host(s) Idle Location
* 0 con 0 20.0.0.1 00:06:03
20.0.0.1 00:05:42
2 vty 0 idle 00:07:45 20.0.0.1
-
7/27/2019 Lab m Annual
24/84
Lab manualSECURITy DEvICE MANAGER (SDM) GUI
Security Device Manager (SDM) is a web-based device-management tool for Cisco
routers that can simplify router deployments by allowing us to manage and troubleshoot complex
network and connectivity issues and also supports a wide range of Cisco IOS Software releases toset up advanced configurations. It is used to configure a router through a HTTP service. To do
this make sure your router is configured with atleast one ip address on a LAN interface and
connects a host to the router.
Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0Router(config-if)#ip address 1.1.1.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#do ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
From here, you just open a browser & type http://1.1.1.1, SDM gets loaded and open a window.
Clicking the Configure button at the top of the page, choose the type of interface we want to
configure and then click the Create New Connection button at the bottom of the page (fig.1a). This
opens the LAN or WAN wizard, depending on which interface we chose to configure. By clicking
the Edit Interface/Connection tab, you get to see your interface status. (fig.1b).
-
7/27/2019 Lab m Annual
25/84
Lab manual
Fig.1a
Fig.1b
You can double-click to edit that particular interface. Click on the Additional Tasks Button at thebottom left portion and then select Router properties icon. Here, you can set the hostname, MOTD
banner, and enable secret password.
You can also create a DHCP pool on your router. Click on the DHCP folder, then the DHCP pool
icon and then click Add button.
-
7/27/2019 Lab m Annual
26/84
Lab manualQuestions
1. Difference between exit and using ctrl+shift+6 x?
Using exit command will disconnect the current session Using ctrl+shift +6 x command we can suspend a session without disconnecting that
session
2. Differentiate between show sessions and show users?
Show sessions will show the sessions we opened by telnet ting to the correspondingDestinations.
Show users will show the sessions opened by other destinations to us.
3. What are two characteristics of Telnet? (Choose two.)
It sends data in clear text format. It is no longer supported on Cisco network devices. It is more secure than SSH. It requires an enterprise license in order to be implemented. It requires that destination device be configured to support Telnet connections.
A and E4. What happens if we try to open a 6th session to a destination?
If 6th session is opened an error message is displayed.R1#telnet
Trying Telnet < destination IP address >
% connection refused by remote host.
5. What are two reasons a network administrator would use CDP? (Choose two.)
to verify the type of cable interconnecting two devices to determine the status of network services on a remote device to obtain VLAN information from directly connected switches to verify Layer 2 connectivity between two devices when Layer 3 fails to obtain the IP address of a connected device in order to telnet to the device to determine the status of the routing protocols between directly connected routers D and E
-
7/27/2019 Lab m Annual
27/84
Lab manual
ACCESS CONTROL LISTS (ACL)
In Out
E0 S0 S0 E0
Out In
LAN1 LAN230.0.0.0 10.0.0.0
An access list is a list of conditions that classify the packets (or) the packet definition).Unauthorized access can be blocked by using access list. These lists can be used to
control the traffic passing through the router. Following are different types of access lists.
Standard ACL -Access-list No.1-99Action, ACL number, Source IP, SWCM (Source Wild Card Mask) are the parameters to
be considered while configuring standard ACL which considers only the source address when rules
are defined and to be checked.
Syntax:
R1(config)#Access-list
R1(config)#Access-list 5 deny 30.0.0.10 0.0.0.0R1(config)#Access-list 5 permit 30.0.0.15 0.0.0.0 - Here it considers the source address only
Once you have defined the access-list, binding should be done at the interfacerequired (E0 or S0).
For an interface at any time there are maximum of two binding (in and out). R1(config)#int e 0 / s0
R1(config-if)#ip Access-group 5 in/out
For binding we consider two directions: In & Out. This specifies the direction in which thedata packets are moving with respect to the Router.
Extended ACL - Access-list No. 100-199Action, ACL number, Source IP, SWCM (Source Wild Card Mask), Destination IP, DWCM,
Protocol, interface and the destination port number are the parameters considered while
configuring Extended ACL.
R1 R2
-
7/27/2019 Lab m Annual
28/84
Lab manualSyntax:
R1(config)#Access-listeq
Port no - can be replaced by the port names. Source IP From IP address. Destination IP To IP address. Eq equivalent to. Action permit or deny.
R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 80
R1(config)#Access-list 101 permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 23
R1(config)#Access-list 101 deny ICMP any any
Syntax:
R1(config)#Access-listeq
log
R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq ftp log
Log - gives information about the port no of source, number of packets send, number ofmatches made etc.,
NAMED ACCESS LIST
StandardR1(config)#IP Access-list standard
R1(config)#IP access-list standard moon
R1(config-std-nacl)#
R1(config-std-nacl)#deny 30.0.0.10 0.0.0.0
R1(config-std-nacl)# permit 30.0.0.15 0.0.0.0
ExtendedR1(config)#IP Access-list Extended R1(config)#ip access-list extended sun
R1(config-ext-nacl)#eq
R1(config-ext-nacl)#deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq www
R1(config-ext-nacl)#permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq telnet
R1(config-ext-nacl)#deny ICMP any any
Command
-
7/27/2019 Lab m Annual
29/84
Lab manual
1 . Show access-listsThis displays all the access lists created.
Output
Router#sh access-lists
Extended access-list 123
10 deny tcp host 10.0.0.10 host 30.0.0.10 eq telnet
Questions
1 . Different types of Access lists?
o Standard Access Lists - Standard access list considers only the source address.Deny/Permit actions are applied on the source address. Once the access list is defined,
binding can be done at any one of the interface (Ethernet or serial).
o Extended Access Lists - This considers source address, Destination address, protocol,destination ports etc .In Extended access list we can specify the applications that are to be
permitted or denied from the source to destination.
o Named Access Lists - As the name suggests, we can define an access list using aname instead of number wherein we can modify (or delete) the list by individual
conditions which is not possible in the numbered lists.
2 . Difference between numbered access lists and named access lists?
o In numbered access lists, if we try to delete an individual statement from the access list,the whole list will be deleted. In named access lists, we can edit the list by individual
statement.
3 . what are the benefits provided by access control lists (ACLs)?
o ACL helps to define the packet parameterso ACLs classify and organize network traffico ACLs provide IP route filtering
4 . Which command is required to apply an access list on a virtual terminal line of a
router?
o Router(config-line)# access-class 10 in
5 . Which single access list statement will combine all four of these statements into asingle statements that will have exactly the same effect?
-
7/27/2019 Lab m Annual
30/84
Lab manual
access-list 15 permit 172.29.16.0 0.0.0.255
access-list 15 permit 172.29.17.0 0.0.0.255
access-list 15 permit 172.29.18.0 0.0.0.255
access-list 15 permit 172.29.19.0 0.0.0.255
o access-list 10 permit 172.29.16.0 0.0.3.255
6 . If you want to deny all Telnet connections to the network 192.168.10.0, which
Command will you use?
o access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 237 . What are the possible ways to refer to a host 172.16.30.55 in an IP access list?
o 172.16.30.55 0.0.0.0o host 172.16.30.55
8 . Which access lists will allow only HTTP traffic into network 196.15.7.0?
o access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www9. Which command connect access list 110 inbound to interface ethernet0?
o Router(config)#interface ethernet 0o Router(config-if)#ip access-group 110 in
NETWORK ADDRESS TRANSLATION (NAT)
-
7/27/2019 Lab m Annual
31/84
Lab manual
20.0.0.2
Private10.0.0.10 Public
30.0.0.20
Inside local Inside global
R1(config)#Ip route 0.0.0.0 0.0.0.0 S0 -------------- Default Network
R1(config)#access-list 15 permit 10.0.0.0 0.255.255.255 -------- Defining the range of hosts
R1(config)#int e 0
R1(config-if)#ip NAT insideR1(config)#int s 0
R1(config-if)#ip NAT outside
1. Dynamic NAT configuringR1(config)#IP NAT inside source list 15 int S0 overload *
2. Pool NATR1(config)#IP NAT pool MOHAN 20.0.0.30 20.0.0.35 netmask 255.0.0.0
R1(config)#IP NAT inside source list 15 pool MOHAN overload **
3. Static NATR1(config)#IP NAT inside source static 10.0.0.10 20.0.0.5 ***
* Router translates source addresses reaching inside (say e0) if it matches the list, to the same
public address at serial interface.
** Router translates source addresses reaching inside (say e0) if it matches the list, from the range
of addresses mentioned in the pool.
*** When a packet comes from 10.0.0.10 through inside source, then source is always translated
to only one address (20.0.0.5) and vice versa.
Commands
R1
-
7/27/2019 Lab m Annual
32/84
Lab manual
1. Router#debug ip nat ------------- To debug NAT2. Router#sh ip nat translations ----------- To display translations( Displays Inside
local, Inside Global, Outside local and Outside Global )
3. R1#clear ip nat translations * ----------- To clear translations
OUTPUTS
Router#debug ip nat
IP NAT debugging is onRouter#
01:10:59: NAT*: s=10.0.0.10->20.0.0.5, d=30.0.0.1 [205]
01:10:59: NAT*: s=30.0.0.1, d=20.0.0.5->10.0.0.10 [205]
01:11:00: NAT*: s=10.0.0.10->20.0.0.5, d=30.0.0.1 [206]
01:11:00: NAT*: s=30.0.0.1, d=20.0.0.5->10.0.0.10 [206]
Router#sh ip nat translations
Pro Inside global Inside local Outside local Outside globalICMP 20.0.0.5 10.0.0.10 --- ---
Questions
-
7/27/2019 Lab m Annual
33/84
-
7/27/2019 Lab m Annual
34/84
Lab manualallow many users to connect to the global Internet?
NAT Static
Dynamic PAT Overloading
E8. Which of the following are disadvantages of using NAT? (Choose three.)
Translation introduces switching path delays. Conserves legally registered addresses. Causes loss of end-to-end IP traceability. Increases flexibility when connecting to the Internet. Certain applications will not function with NAT enabled. Reduces address overlap occurrence.
A,C and E
OSPF & EIGRP
-
7/27/2019 Lab m Annual
35/84
Lab manual
10.0.0.0 10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1 30.0.0.0
OSPF
Router(config)#router OSPF ------- [Process-id 1 to 65535]
Router(config-router)#network area
R1(config)#router OSPF 15
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R1(config-router)#network 20.0.0.0 0.255.255.255 area 0
R2(config)#router OSPF 12
R2(config-router)#network 30.0.0.0 0.255.255.255 area 0
R2(config-router)#network 20.0.0.0 0.255.255.255 area 0
Between two OSPF routers the process-ids need not be the same
EIGRP
R1(config)#router EIGRP ---------- [autonomous-no 1 to 65535]
R1(config-router)#network
R1(config)#router EIGRP 123
R1(config-router)#network 10.0.0.0
R1(config-router)#network 20.0.0.0
R2(config)#router EIGRP 123
R2(config-router)#network 30.0.0.0
R2(config-router)#network 20.0.0.0
The autonomous system numbers should be the same while communicating betweenEIGRPs
In OSPF, area should be same.
Loop back interface
R2R1
-
7/27/2019 Lab m Annual
36/84
Lab manualIts a logical interface i.e., not a real router interface. When the Router ID of a router-
interface with the highest address, goes up and down, re-election for the new DR will not get
completed. Loop back interface resolves this problem, as it never goes down & router id never
changes.
Types of network using OSPF
Broadcast (multi-access) networks provide a broadcast ability in which every single
broadcast is delivered to all nodes on the network. This can be avoided in OSPF by electing a DR
and BDR for each broadcast multi-access networks.
LSA LSA
LSA
Non-broadcast multi-access network allows for multi-access, but have no broadcast
ability. So, NBMA networks require special OSPF configuration to function properly and neighbor
relationships must be defined.
Here,
Information of Ra is not sent to Rc
Information of Rc is not sent to Ra
But Rb knows about Ra and Rc
Point-to-point refers to a type of network topology consisting of a direct connection
between two routers that provides a single communication path. This type of configuration
eliminates the need for DRs or BDRs, but neighbors are discovered automatically.
Commands
Rb
Ra Rc
Ra Rb
-
7/27/2019 Lab m Annual
37/84
Lab manual
OSPF
Router#sh ip ospf interface e 0 Router#sh ip ospf int f 0 Router#sh ip ospf int s 0 Router#sh ip ospf neighbor shows neighbor router-id. Router#sh ip protocols
EIGRP
Router#sh ip eigrp neighbors Router#sh ip eigrp topology Router#sh ip eigrp traffic
OUTPUTS
-
7/27/2019 Lab m Annual
38/84
Lab manualRouter#debug ip ospf events
OSPF events debugging is on
Router#
OSPF: Rcv hello from 100.0.0.1 area 0 from Serial0 20.0.0.2
OSPF: End of hello processingOSPF: Rcv hello from 100.0.0.1 area 0 from Serial0 20.0.0.2
OSPF: End of hello processing
OSPF: Rcv hello from 100.0.0.1 area 0 from Serial0 20.0.0.2
OSPF: End of hello processing
Router#sh ip ospf int e0Ethernet0 is up, line protocol is up
Internet Address 30.0.0.1/8, Area 0
Process ID 5, Router ID 30.0.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1Designated Router (ID) 30.0.0.1, Interface address 30.0.0.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Router#sh ip ospf int s0Serial0 is up, line protocol is up
Internet Address 20.0.0.1/8, Area 0
Process ID 5, Router ID 30.0.0.1, Network Type POINT_TO_POINT, Cost: 64Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 100.0.0.1
Suppress hello for 0 neighbor(s)
Router#sh ip eigrp topology
IP-EIGRP Topology Table for process 5
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,r - Reply status
P 20.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial0
P 30.0.0.0/8, 1 successors, FD is 281600
via Connected, Ethernet0
P 100.0.0.0/8, 1 successors, FD is 2195456
via 20.0.0.2 (2195456/281600), Serial0
Questions
-
7/27/2019 Lab m Annual
39/84
Lab manual1. Differentiate between Distance vector and Link state Protocol?
Sl.
No
Distance vector Link state
1 Considers only distance. Bandwidth, delay, load, Reliability and MTU.
2 Sends the routing table. Sends the state of the link.
3 Learns about the adjacent routers. Learns the entire topology.
2. Differentiate between OSPF and EIGRP?
Sl.
No OSPF EIGRP
1 Link state. Hybrid(DV + LS).
2 Open protocol (multi-vendor). Cisco Proprietary Protocol.
3
Supports only IP protocol.
Supports multiple protocols like
IP, IPX, Apple Talk etc.,
4 Cost = 108
/ Bandwidth. Cost is calculated based on theBandwidth, Delay etc.,
5 Link State Advertisement (LSA) is
made. (State of Link is broadcasted).
Routing Table is sent.
6 For every 10 sec a Hello packet is sent. For every 5 sec a Hello packet is sent.
7 For every 30 min LSA is broadcasted. Broadcast is sent only when there is a
change in the Routing table.
8 When the Link goes down OSPF needs
to run the SPF algorithm again.
When the link goes down EIGRP
proceeds with the Next Best Path
(Feasible Successor).
9 Area is used for administrative
convenience of a large network
Autonomous System is used for
administrative convenience of a large
network
10 Uses Dijsktra algorithm to find the best
path (Shortest path).
Uses DUAL (Diffusing Update
Algorithm) is used to find the best path.
Backbone Router Switch
3. How OSPF works out? ABR
-
7/27/2019 Lab m Annual
40/84
Lab manual
ASBR Internal Router AS 100
AS 200
ABR Area Border Router.ASBR Autonomous System Border Router.AS Autonomous System. OSPF is designed to have a hierarchical structure as large networks are a bit difficult to
manage. This allows to decrease routing overhead and to confine n/w instability to single
area of n/w.
OSPF must have an area 0 (backbone area) and all routers should connect to this area. Butrouters (i.e., ABRs) that connect other areas to backbone area should have at least one
interface connecting to area 0.
4. Show commands that will display the state of the OSPF DR/BDR election process?
Router# show ip ospf interface
ABR
Area 2
Area 1
Area 1
ABRArea 0
Area 3 Area 2
Area 1
-
7/27/2019 Lab m Annual
41/84
Lab manual
5. Which command will display all the EIGRP feasible successor routes known to a router?
Router# show ip eigrp topology
6. When designing OSPF networks; what is the purpose of using a hierarchical design?
To speed up convergence To confine network instability to single areas of the network To reduce routing overhead
7. If routers in a single area are configured with the same priority value, what value does a
router use for the OSPF Router ID?
The highest IP address of any physical interface
8. Which one of the following EIGRP commands can check the IP addresses of the
adjacent neighbors?
R1#show ip eigrp neighbors
9 . Which commands will place network 10.2.3.0/24 into area 0?
Router(config)# router ospf 10Router (config_router) #network 10.2.3.0 0.0.0.255 area 0
10. With which network type will OSPF establish router adjacencies but not perform the
DR/BDR election process?
Point-to-point
11. Which is true regarding EIGRP successor routes?
A successor route may be backed up by a feasible successor route. A successor route is used by EIGRP to forward traffic to a destination.
o A
12. A network administrator typed the following into his router:
-
7/27/2019 Lab m Annual
42/84
Lab manualRouter(config)# router ospf 1
Router(config-router)#network 10.0.0.0 255.0.0.0 area 0
But still he cant see any routes in the routing table. What configuration error did the
administrator make?
The wildcard mask is incorrect. The wildcard should have been 0.255.255.255.
13 . Which EIGRP information is held in RAM and maintained through the use of
Hello and update packets?
Neighbor table Topology table
o A
ROUTING INFORMATION PROTOCOL vERSION 2
-
7/27/2019 Lab m Annual
43/84
Lab manual10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10.0.0.0 30.0.0.0E0 S0 S0 E0
R1(config)#router RIP R2(config)#router RIP
R1(config-router)#version 2 R2(config-router)#version 2
R1(config-router)#network 10.0.0.0 R2(config-router)#network 20.0.0.0
R1(config-router)#network 20.0.0.0 R2(config-router)#network 30.0.0.0
Here the command version 2 is added to the RIP protocol to change it to RIPv2.
Authenticating Packets using RIPv2
R1(config)#Key chainABC // Key chain
R1(config-keychain)#key 2 // Key Identifier
R1(config-keychain-key)#key-string 123 // Key-string Line
R2(config)#Key chainXYZ
R2(config-keychain)#key 2
R2(config-keychain-key)#key-string 123
The Key identifier and the Key-string should be same on the both end routers.
R1(config)#int s0
R1(config-if)#ip rip authentication key-chainABC
R1(config-if)#ip rip authentication mode text / md5
R2(config)#int s0
R2(config-if)#ip rip authentication key-chainXYZ
R2(config-if)#ip rip authentication mode text / md5
Text andmd5 are the two authentication methods used in RIPv2. By default RIPv2
can send & receive only version 2 updates. RIPv2 also allows sending and receiving
version 1 updates on any of the interface.
R1(config)#int s0
R1(config-if)#ip rip send / receive version 1 2
R2(config)#int s0
R2(config-if)#ip rip send / receive version 1 2
RIP version 2 has all its characteristics same as RIPv1 except some changes.
R1 R2
-
7/27/2019 Lab m Annual
44/84
-
7/27/2019 Lab m Annual
45/84
Lab manual
Router#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v2 update to 224.0.0.9 via Ethernet0/0 (10.0.0.1)RIP: build update entries
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
30.0.0.0/8 via 0.0.0.0, metric 2, tag 0
RIP: sending v2 update to 224.0.0.9 via Serial0/1 (20.0.0.1)
RIP: build update entries
10.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: received v2 update from 20.0.0.2 on Serial0/1
30.0.0.0/8 via 0.0.0.0 in 1 hops
RIPv2 on one router & the other end is configured with RIPv1Router#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)
RIP: build update entries
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)
RIP: build update entries
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0RIP: ignored v1 packet from 20.0.0.1 (illegal version)
Using debug command on the other end.Router#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v1 update to 255.255.255.255 via Ethernet0/0(30.0.0.1)
RIP: build update entries
network 10.0.0.0 metric 2
network 20.0.0.0 metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0/1 (20.0.0.2)
RIP: build update entries
network 30.0.0.0 metric 1
RIP: received v2 update from 20.0.0.1 on Serial0/1
10.0.0.0/8 via 0.0.0.0 in 1 hops
Router#show ip protocolsRouting Protocol is "rip"Sending updates every 30 seconds, next due in 21 seconds
-
7/27/2019 Lab m Annual
46/84
Lab manualInvalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Ethernet0/0 2 2Serial0/1 2 2
Routing for Networks:
20.0.0.0
30.0.0.0
Routing Information Sources:
Gateway Distance Last Update
20.0.0.1 120 00:00:03
Distance: (default is 120)
[ By default RIPv2 can send & receive only version 2 updates ]
Authentication modes istext on both routersRouter#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)
RIP: build update entries
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: received packet with text authentication abc
RIP: received v2 update from 20.0.0.1 on Serial0
10.0.0.0/8 via 0.0.0.0 in 1 hopsRIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)
RIP: build update entries
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
md5 is the authentication mode on both routersRouter#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)
RIP: build update entries
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)
RIP: build update entries
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: received packet withMD5 authentication
RIP: received v2 update from 20.0.0.1 on Serial010.0.0.0/8 via 0.0.0.0 in 1 hops
-
7/27/2019 Lab m Annual
47/84
Lab manual
Different Authentication modes on both ends i.e., md5authentication on one end &text on the other end.
Router#debug ip ripRIP protocol debugging is on
Router#
RIP: ignored v2 packet from 20.0.0.1 (invalid authentication)
RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)
RIP: build update entries
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)
RIP: build update entries
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
Questions
1. Which three statements are correct about RIPv2?
-
7/27/2019 Lab m Annual
48/84
Lab manual It has the same maximum hop count as version 1 It uses broadcasts for its routing updates It is a classless routing Protocol It has a lower administrative distance than RIPv1 It supports authentication
o It has the same maximum hop count as version 1o It is a classless routing Protocolo It supports authentication
2. Which statement is true regarding classless routing protocols? (Choose two.)
The use of discontinuous networks is not allowed. The use of variable length subnet masks is permitted. RIPv1 is a classless routing protocol. IGRP supports classless routing within the same autonomous system. RIPv2 supports classless routing.
o The use of variable length subnet masks is permittedo RIPv2 supports classless routing.
3. RIPv2 uses ---- to send the routing table updates
Broadcast Multicast Unicast
o Multicast
4. The network shown in the exhibit is running the RIPv2 routing protocol. The
fastEthernet0/0 interface on R1 goes down. In which two ways will the routers in this
network respond to this change? (Choose two.)
A. All routers will reference their topology database to determine if any backup routes
to the 192.168.1.0 network are known.
B. Routers R2 and R3 mark the route as inaccessible and will not accept any further
-
7/27/2019 Lab m Annual
49/84
Lab manualrouting updates from R1 until their hold down timers expire.
C. Because of the split-horizon rule, router R2 will be prevented from sending
erroneous information to R1 about connectivity to the 192.168.1.0 network.
D. When router R2 learns from R1 that the link to the 192.168.1.0 network has been
lost, R2 will respond by sending a route back to R1 with an infinite metric to the
192.168.1.0 network.
E. R1 will send LSAs to R2 and R3 informing them of this change, and then all
routers will send periodic updates at an increased rate
o C and D5. What does the below output depicts?
Router#debug ip rip
RIP protocol debugging is on
Router#
RIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)
RIP: build update entries
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)
RIP: build update entries
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: ignored v1 packet from 20.0.0.1 (illegal version)
o The above output depicts that the other end router is using RIPv1 and the routingprotocol used on this router is RIPv2. As RIPv2 cannot receive version 1 by default, it is
ignoring version1 packets sent by the router that is configured with RIPv1
FRAME RELAy
-
7/27/2019 Lab m Annual
50/84
Lab manualX X
HO hor bor HO
Frame-relay switch
Y Y
Frame-relay is an example of a Packet Switched Network. This network enablesend-stations to dynamically share the existing connection
Frame relay connections are often given a Committed Information Rate (CIR) and an allowanceofburstablebandwidth known as the Extended Information Rate (EIR). The provider guarantees
that the connection will always support the CIR rate, and sometimes the EIR rate. Frames that are
sent in excess of the CIR are marked as "discard eligible" (DE) which means they can be dropped
when congestion occurs within the frame relay network. Frames sent in excess of the EIR are
dropped immediately.
Congestions in the network are reported by
1. FECN=Forward Explicit Congestion Notification bit2. BECN=Backward Explicit Congestion Notification bit3. DE=Discard Eligibility bit provides the network with a signal to determine which
frames to be discarded, when there is a congestion on the line. The Frame-relay
switch will discard frames with a DE value of 1 before discarding other frames.
R(config)#int s 0
R(config)#encapsulation frame-relay
//Defining the wan protocol
Once Encapsulation Frame-relay is given, serial interface requests the Frame-relay switch for
the LMI type it uses and accordingly it changes. Then a DLCI is allocated to the link by the
Frame Relay Switch. Then inverse arp maps destination ip address to the links DLCI No.
.
Frame Relay mapping
http://en.wikipedia.org/wiki/Burstablehttp://en.wikipedia.org/wiki/Burstable -
7/27/2019 Lab m Annual
51/84
Lab manualR3
S0 s1
100 200
20.0.0.1 20.0.0.2
R1 R2
R(config)#int S 0
R(config-if)#frame-relay map ip 20.0.0.2 100 broadcast
Frame-relay mapping can be used in partially meshed topology or Hub & Spoke. If R1
wants to communicate with R2, which is not directly connected, we map R1 to R2 through thesource DLCI number i.e, 100.
Point-to-point (Sub-interface)
R3
Frame Switch
100 200
R1 R2
We can have multiple virtual circuits on a single serial interface, treating each and every
single virtual circuit as a separate interface. This is achieved by creating sub interfacesin aFrame
Relay network to avoid split horizon issues from preventing routing updates. We can configure
separate sub interfaces for each PVC with a unique DLCI and subnet assigned to the sub interface.
. R3(config)#int S 0
R3(config-if)#no ip addressR3(config-if)#exit
R3(config)#int S 0.5 point-to-point
// logically dividing the physical interface
R3(config-subif)#ip address 20.0.0.1 255.0.0.0
// Assigning the IP address to the sub-interface
R3(config-subif)#frame-relay interface-DLCI 100
Lab Setup :
-
7/27/2019 Lab m Annual
52/84
Lab manual
S1 S0
DCE DCE
20 .0.0.1 20.0.0.2DTE S0 S0 DTE
E0 E0
HOR BOR
Step : 1
Configure Frame-Relay Switch
FRSW (config)#Frame-relay switching
Frsw(config)#int S 0
Frsw(config-if)#encapsulation frame-relay *
Frsw(config-if)#frame-relay intf-type dce **
Frsw(config-if)#frame-relay route 100 int S 1 200 ***
Frsw(config-if)#clock rate 64000
Frsw(config-if)#no shutdown
Frsw(config)#int S 1
Frsw(config-if)#encapsulation frame-relay
Frsw(config-if)#frame-relay intf-type dceFrsw(config-if)#frame-relay route 200 int S 0 100
Frsw(config-if)#clock rate 64000
Frsw(config-if)#no shutdown
* FRSW (config-if)#encapsulation frame-relay ietf ( for non Cisco routers)
** By default Routers serial interface is DTE.
*** Routing the packets from S0 (DLCI=100) to S1 (DLCI no=200)
Step : 2
Configuring Head Office & Branch Office Routers
Configure HOR & BOR using routing protocols. Then
HOR(config)#int s0 BOR(config)#int s0
HOR(config-if)#encapsulation frame-relay BOR(config-if)#encapsulation frame-relay
Step : 3
Frame switch
-
7/27/2019 Lab m Annual
53/84
Lab manualHOR#sh frame-relay map
Serial0 (up): ip 20.0.0.2 dlci 100(0xC8,0x3080), dynamic,
broadcast,, status defined, active
BOR#sh frame-relay mapSerial0 (up): ip 20.0.0.1 dlci 200(0xC8,0x3080), dynamic,
broadcast,, status defined, active
Step : 4
Statically mapping - IP address to DLCI number (frame-mapping)
HOR(config)#int s0 BOR(config)#int s0HOR(config-if)#no frame-relay inverse-arp BOR(config-if)#no frame-relay inverse-arp
HOR(config-if)# ^z BOR(config-if)# ^z
HOR#clear frame-relay-inarp BOR#clear frame-relay-inarp
This will remove the dynamic address resolution done by Frame Relay SwitchHOR(config)#int s0
HOR(config-if)#frame-relay map ip 20.0.0.2 100 broadcast *
BOR(config)#int s0
BOR(config-if)#frame-relay map ip 20.0.0.1 200 broadcast
* Here we are mapping Branch office IP address to the Head office DLCI number manually. If
dynamic routing protocols are used, we use the keywordbroadcast.
Step : 5
HOR#sh frame-relay map
Serial0 (up): ip 20.0.0.2 dlci 100(0xC8,0x3080), Static,
broadcast,, status defined, active
BOR#sh frame-relay map
Serial0 (up): ip 20.0.0.1 dlci 200(0xC8,0x3080), Static,
broadcast,, status defined, active
Step : 6
Creating Sub-interface
-
7/27/2019 Lab m Annual
54/84
Lab manual
HOR(config)#int s0
HOR(config-if)#no ip address
HOR(config-if)#exitHOR(config)#int s0.100 point-to-point
HOR(config-subif)#ip address 20.0.0.1 255.0.0.0
HOR(config-subif)#frame-relay interface-dlci 100
BOR(config)#int s0
BOR(config-if)#no ip address
BOR(config-if)#exit
BOR(config)#int s0.200 point-to-point
BOR(config-subif)#ip address 20.0.0.2 255.0.0.0
BOR(config-subif)#frame-relay interface-dlci 200
Commands
Router#sh frame-relay LMITo show frame-relay LMI type (CISCO, ANSI, Q933a)
Router#sh frame-relay PVCTo show frame-relay PVC
(Shows the FECN, BECN, DE, etc bits in the frame )
Router#sh frame-relay mapTo show frame-relay mapping (Shows the DLCI number assigned)
Outputs
Router#sh frame-relay map
Serial0 (up): ip 20.0.0.2 dlci 200(0xC8,0x3080), dynamic,
broadcast,, status defined, active
Router#sh frame-relay lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Information ID 0 Invalid Report IE Len 0
Num Status Enq. Sent 13 Num Status msgs Rcvd 9
Router#sh frame-relay pvc
PVC Statistics for interface Serial0 (Frame Relay DTE)
-
7/27/2019 Lab m Annual
55/84
Lab manualActive Inactive Deleted Static
Local 1 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0
DLCI = 200, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0
input pkts 13 output pkts 12 in bytes 1104
out bytes 1090 dropped pkts 1 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 7 out bcast bytes 570
pvc create time 00:02:21, last time pvc status changed 00:02:01
Questions
1 . What is frame-relay?
-
7/27/2019 Lab m Annual
56/84
Lab manual
o Frame-relay is an example of a Packet Switched Network. This network enables end-stations to dynamically use the available bandwidth and share the connection. Frame relay
connections are often given a Committed Information Rate (CIR) and an allowance ofburst ablebandwidth known as the Extended Information Rate (EIR). Frames that are sent
in excess of the CIR are marked as discard eligible(DE) which means they can be dropped
when congestion occur in the network
2 . What is Link Management Interface (LMI)?
o LMI manages the link between frame switch and the router WAN port. Once the line isencapsulated to frame-relay, it requests frame switch which LMI it is using and accordingly
WAN port also changes.
3 . Difference between Inverse ARP, ARP & RARP
o Inverse ARP helps to map destination IP address to local DLCI number at the frame Switcho ARP helps to get the MAC address from the corresponding IP address.o RARP helps to get the IP address from the corresponding MAC address
4 . What is DLCI (Data Link Connection Identifier)?
o The DLCI serves to identify the virtual connection so that the receiving end knows whichinformation connection a frame belongs to.(Range=16 to 1007). This helps in Layer 2
identification.
5 . You are troubleshooting a frame relay connection and wish to view the LMI traffic status.
Which command should you issue?
o Show frame-relay lmi6 . When setting up Frame Relay for point-to-point subinterface, what should not
be configured?
o An IP address on the physical interface.
7 . You need to configure a router for a Frame Relay connection to a non-Cisco
router. Which command will prepare the WAN interface of the router for thisconnection?
http://en.wikipedia.org/wiki/Burstablehttp://en.wikipedia.org/wiki/Burstable -
7/27/2019 Lab m Annual
57/84
Lab manual
o Router(config-if)#encapsulation frame-relay ietf
8 . How should a router that is being used in a Frame Relay network be configured toavoid split horizon issues from preventing routing updates?
o Configure a separate subinterface for each PVC with a unique DLCI and subnetassigned to the subinterface.
9 . What does the term dynamic in the below output refers to :
Router#sh frame-relay map
Serial0 (up): ip 20.0.0.2 dlci 200(0xC8,0x3080), dynamic,
broadcast,, status defined, active
o The mapping between DLCI 100 and the end station IP address 20.0.0.2 was learnedthrough Inverse ARP
10. In Frame Relay; what is the purpose of Inverse ARP?
o It is used to map a known DLCI to an IP address
11. By looking at the graphic below, what functions does the Frame Relay DLCI provide
with respect to Router A?
DLCI 100 DLCI 200
Router A RouterB
o Router A would use DLCI 100 to get to the RouterB networks. RouterB would use DLCI200 to get to the Router A networks.
12 . What does the STATUS=ACTIVE refers to in the output of the show frame-relay
pvc command?
-
7/27/2019 Lab m Annual
58/84
Lab manualRouter#sh frame-relay pvc
pvc statistics for interface serial0 (frame relay dte)
dlci = 200, dlci usage = local, pvc status = active
o Active state - Indicates that the connection is active and that routers can exchange data.This is the state of an operational Permanent virtual Connection
13 . A default Frame Relay WAN is classified as what type of physical network?
o Non-broadcast multi-access
SWITCHING
-
7/27/2019 Lab m Annual
59/84
Lab manual
Trunk Port
Trunk Link
Switches
Hosts Access Link
Would you like to start initial configuration [yes/no]: no
Press return to get started
Switch>enable
Switch#configure terminalSwitch (config) #int vlan 1
* By default all ports are in the VLAN1
Switch (config-if) #ip address 10.0.0.5 255.0.0.0
Switch (config-if) #no shutdown
Switch (config-if) #exit
Switch (config) #ip default gateway 10.0.0.1
Configuring different VLANs
Switch (config) #vlan 2 // Creating the vlanSwitch (config-vlan) #name finance
Switch (config-vlan) #exit
Switch (config) #vlan 3
Switch (config-vlan) #name production
Switch (config-vlan) #exit
[VLAN-no ranges from 2 to 1001] [VLAN name (xxx) is optional]
Allocating the ports to the VLANs
Switch(config)#int f 0/1
Switch(config-if)#switchport access vlan 3 // allocating ports to vlan
Switch(config-if)#exit
Switch(config)#int f 0/2
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
Configuring the trunk Port
** Switch(config)#int f 0/24
-
7/27/2019 Lab m Annual
60/84
Lab manualSwitch(config-if)#switchport mode trunk // creating the trunk port
Switch(config-if)#exit
By default, trunk port of the switch is in VLAN1. So this port should be configured as trunkport to carry all Vlan information.
Domain Name
Switch(config)#VTP domain
Switch(config-if)#VTP domain MOHAN
All the switches should be in the same domain
Switchs operating mode
Switch(config)#VTP server/client/transparent
Commands
-
7/27/2019 Lab m Annual
61/84
Lab manual1. Switch#sh MAC-address-table
Displays the MAC address of the device and the corresponding port nos. to which
the devices are connected.
2. Switch#sh vlanDisplays the vlan information including port nos. that are in use, existing vlans &
which port belongs to which vlan.
3. Switch#sh VTP statusDisplays configuration register, operating mode, domain name, etc..,
4. Switch#sh spanning-treeDisplays priority, Root ID, Bridge ID, Mac address, Root Bridge
OUTPUTS
Switch#sh vlan
-
7/27/2019 Lab m Annual
62/84
Lab manual
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
SwX#sh vtp status
Switch#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0014.a845.7280
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0014.a845.7280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/4 Desg FWD 100 128.4 Shr
Fa0/17 Desg FWD 100 128.17 Shr
INTERvLAN ROUTING
-
7/27/2019 Lab m Annual
63/84
Lab manual By default, only hosts that are within the same VLAN can communicate. To allow inter-VLAN
communication, we need a router or a layer 3 switch.
Intervlan switching using two fast Ethernet interfaces of the RouterRouter
f 0/0 f 0/1
f 0/4 f 0/9PC 1 PC 2
f 0/3 f 0/8
IP address: 10.1.0.10 IP address: 10.2.0.10SNM : 255.255.0.0 SNM : 255.255.0.0DG : 10.1.0.1 DG : 10.2.0.1
Vlan 2 Vlan 3
Configu r ing Sw itchSwitch(config)#vlan 2 Switch(config)#vlan 3
Switch(config-vlan)#name Fin Switch(config-vlan)#name mktg
Allocating Ports
Switch(config)#int f0/3 Switch(config)#int f0/8
Switch(config-if)#switchport access vl 2 Switch(config-if)#switchport access vl 3
Switch(config)#int f0/4 Switch(config)#int f0/9
Switch(config-if)#switchport access vl 2 Switch(config-if)#switchport access vl 3
Configuring Router
Router(config)#int f0/0Router (config-if)#ip add 10.1.0.1 255.255.0.0
Router (config-if)#no shutdown
Router(config)#int f0/1
Router (config-if)#ip add 10.2.0.1 255.255.0.0
Router (config-if)#no shutdown
Intervlan communication using single fast Ethernet interface of the Router is achieved bycreating sub interfaces.
Switch
-
7/27/2019 Lab m Annual
64/84
Lab manualRouter
f 0/0
f 0/5
PC 1 f 0/3 f 0/8 PC 2
IP address: 10.1.0.10 IP address: 10.2.0.10
SNM : 255.255.0.0 SNM : 255.255.0.0
DG : 10.1.0.1 DG : 10.2.0.1
Vlan 2 Vlan 3
Configuring Switch
Switch(config)#vlan 2 Switch(config)#vlan 3
Switch(config-vlan)#name Fin Switch(config-vlan)#name mktg
Allocating Ports
Switch(config)#int f0/3 Switch(config)#int f0/8
Switch(config-if)#switchport access vl 2 Switch(config-if)#switchport access vl 3
Switch(config)#int f0/5
Switch(config-if)#switchport mode trunk
Configuring Router
Router(config)#int f0/0
Router (config-if)#no ip address
Router (config-if)#no shutdown
Router (config-if)#exit
Router(config)#int f0/0 .1
Router(config-subif)#encapsulation dot1q Router(config-subif)#encapsulation dot1q 2
Router(config-subif)#ip add 10.1.0.1 255.255.0.0
Router(config)#int f0/0 .2
Router(config-subif)#encapsulation dot1q
Router(config-subif)#encapsulation dot1q 3
Router(config-subif)#ip add 10.2.0.1 255.255.0.0
Questions
-
7/27/2019 Lab m Annual
65/84
Lab manual
1. Difference between Switch and Hub?
Switch Hub
Switch is a layer-2 component Hub is a layer-1 component Switch learn MAC address Hub doesnt learn MAC address Has one Broadcast Domain Has one Broadcast domain Has multiple collision domain Has only one collision domain
2 . Different forwarding trends in switch?
o Store & forward-- stores the frame, checks for the errors and forwards only the errorfree frames.
o Cut-through Noerror checking; just receives and forwards the frames.o Fragment free is also called as Modified Cut-through. The minimum ip packet size
is of 64 bytes. The 1st 64 bytes of frame is checked for errors, where this 64 bytes
include the frame header, Destination MAC add (DMAC), Source MAC add (SMAC)
and some data. So, if these 64 bytes seem to be a good frame set then it is forwarded or
else it dumps the packets.
3 . Facts of Vlans
o Vlan is created to avoid unnecessary broadcastso Vlans are created without changing the physical set upo By default each switch is in vlan 1o Only systems in same vlan will communicateo For inter-vlan communication we need Router/Layer 3 Switcho VLAN setup is controlled by VTP(VLAN Trunk Protocol)
4 . Difference between Access link and Trunk link?
o Systems are connected to the switch through the access link and the switches areconnected each other through the trunk links.
5 . Different Operating modes in switch?
-
7/27/2019 Lab m Annual
66/84
Lab manual
o Server By default, all switches are in Server mode.Vlans can configured in created inthis mode.
oClients No changes can be made in client mode.
o Transparent will not take any condition; it just forwards the conditions to the otherswitches.
6. Why spanning-tree Protocol is used?
o Spanning-tree Protocol is been run to avoid the routing loops in a switched network. Itelects the Root Bridge and the Non-Root Bridge with the help of bpdu. The one with the
lesser bpdu will be elected as the Root Bridge. Root Bridge will be having every port in
forwarding mode of a frame on interface.
7 . What does a switch do when it receives a frame on interface and destination address is
unknown?
o It floods the network with the frame looking for the device8 . How to manually elect a switch as root bridge?
o We could manually elect a switch as root bridge by changing the priority asSwitch(config)#spanning-tree vlan1 priority
8 . Different Spanning-tree port states?
o Blocking: It wont forward frames, prevent looping and by defaults all ports are blocked.o Listening: Listens no loop has formed on N/W before passing frame.o Learning: Listens and learns all paths in the N/W and updates MAC table.o Forwarding: Sends and receives frames.o Disabled: Does not participate in forwarding frame.
9 . What are the different functions of Switch?
o Address Learning: Learns the source hardware/Mac address of each frame received andstores it in MAC address table.
o Forwarding/Filtering Decision: When received a frame on an interface, switch looks thedestination hardware address and finds the exit interface in the MAC table.
o Loop Avoidance: When more connection are made on switch for redundancy, BC loopsoccur. Spanning-tree Protocol is used to stop BC loops.
10 . What is the result of segmenting a network with a switch?
-
7/27/2019 Lab m Annual
67/84
Lab manual
o It increases the number of collision domains and will be smaller collision domains 11 . What will occur if two Cisco LAN switches are connected with a single crossover cable?
o The switch port link lights will be green, indicating normal operation.12 . What are the three distinct functions of layer 2 switching that increase available
bandwidth on the network?
Address learningForwarding and filteringLoop avoidance
o A13 . What technology is used by Catalyst switches to resolve topology loops and ensure that
data flows properly through a single network path?
o Spanning Tree Protocol (STP )14 . Your core switch needs to be set as the root bridge of your network. What will make our
core switch the root bridge?
o Setting the bridge priority to less than 32,76815 . What purpose in a switched LAN does STP perform?
o Prevent switching loops in a network with redundant switched paths.16 . Which LAN switch type waits for the collision window to pass before looking up the
destination hardware address in the MAC filter table and forwarding the frame?
o Fragment Free looks at the first 64 bytes of a frame to make sure a collision does notoccur. It is sometimes referred to as modified cut-through.
17 . When a new trunk link is configured on an IOS-based switch, which VLANs are allowed
over the link?
o By default, all Vlans are allowed on the trunk.
18 . What VTP mode allows you to change VLAN information on the switch?
o Server
19 . These two switches are not sharing VLAN information. From the output below,
-
7/27/2019 Lab m Annual
68/84
Lab manualwhat is the reason. why these switches are not sharing VTP messages?
SwitchA#sh vtp status
VTP Version : 2
Configuration Revision : 0Maximum VLANs supported locally : 64
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : RouterSim
VTP Pruning Mode : Disabled
SwitchB#sh vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 64
Number of existing VLANs : 7VTP Operating Mode : Server
VTP Domain Name : GlobalNet
VTP Pruning Mode : Disabled
o The VTP domain names are not configured correctly.
20 . What is the benefit of creating Vlans?
o They allow logical grouping of users by function.o They can enhance network security.o They increase the number of broadcast domains while decreasing the size of the
Broadcast domains.
A
21 . How many broadcast domain exist in the exhibited topology?
o Three
vIRTUAL PRIvATE NETWORK (vPN)
-
7/27/2019 Lab m Annual
69/84
Lab manual
A virtual private network (VPN) allows the creation of private networks across the
Internet. VPNs are used daily to give remote users and disjointed networks connectivity over a
public medium like the Internet instead of using more expensive permanent means.
Virtual private network is a method of encrypting point-to-point logical connections across a
public network, such as the Internet. This allows secure communications across a public network.
Questions
http://computer.howstuffworks.com/enlarge-image.htm?terms=vpn+-phantom&page=0 -
7/27/2019 Lab m Annual
70/84
Lab manual1. What are the two security appliances that can be installed in a network? (choose 2)
A. ATM (Asynchronous Transfer Mode)B. IDS (Intrusion Detection System)C.
IOS (Internetwork Operating System)D. IOX
E. IPS (Intrusion Prevention System)F. SDM (Security Device Manager)o B and E
2. What are the 3 typical categories of VPNs?
Remote access VPNs
Site-to-site VPNs
Extranet VPNs
Remote access VPNs allow remote users like telecommuters to securely access the corporatenetwork wherever and whenever they need to.
Site-to-site VPNs or intranet VPNs, allow a company to connect its remote sites to thecorporate backbone securely over a public medium like the Internet instead of requiring more
expensive WAN connections like Frame Relay.
Extranet VPNs allow an organizations suppliers, partners, and customers to be connectedto the corporate network in a limited way for business-to-business (B2B) communications.
3. To provide security in your VPN tunnel, what protocol suite would you use?
o IPSecIPSec is an industry-wide standard suite of protocols and algorithms that allows for secure
data transmission over an IP-based network that functions at the layer 3 Network layer of the OSI
model.
4. Which of the following describes the creation of private networks across the Internet,
enabling privacy and tunneling of non-TCP/IP protocols?
A. HDLC
B. Cable
C. VPN
D. IPSec
E. xDSL
o CINTERNET PROTOCOL vERSION 6 (IPv6)
-
7/27/2019 Lab m Annual
71/84
Lab manual
Ipv4 is a 32 bit addressing scheme, whereas IPv6 is a 128 bit hexa decimal addressing
scheme, represented in 8 combinations of 4 hexa decimal numbers each separated by a colon.
Hence IPV6 is called a 16-bit Hexadecimal Colon-delimited Block.
Representation:
An IPV6 address is represented as shown below:
2003:1234:ABCD:0001:5678:DCBA:4321:EFGH
Global Interface IDUnicast
Subnet
Global Prefix
1. Global Unicast recognizes the particular Region or Zone. It is a publicly routable address.
2. Global Prefix is provided by ISP, its of 48 bits.
3. Subnet tells you to which particular organization it belongs.
4. Interface id is of 64 bits, where the 48 bit MAC address is padded with FFFE which is of 16
bits and is placed exactly in the middle of the MAC address to make it a 64 bit interface id.
Ex: 2000:12ab:34cd:00ef:1234:4295:0000:00cd
In the above expression 00ef can be represented as ef and the continuous zeros can bereplaced by double colons( :: ).It can be re-written as
2000:12ab:34cd:ef:1234:4295::cd
Ex : 2000:0000:0000:00ef:1234:kf34:eef0:cd4e
=>
2000::ef: 1234:kf34:eef0:cd4e
Ex : 2001:0000:0000:0012:0000:0000:1234:56ab
And you cantdo this:
-
7/27/2019 Lab m Annual
72/84
Lab manual2001::12::1234:56ab
Instead, the best way you can do is
2001::12:0:0:1234:56ab
Difference between IPv4 & IPv6:
0:0:0:0:0:0:0:0This is the equivalent of IPv4s 0.0.0.0
0:0:0:0:0:0:0:1
The equivalent of 127.0.0.1 in IPv4
2000::/3The global Unicast address range.
FC00::/7The unique local Unicast range.
FE80::/10The link-local Unicast range.
FF00::/8The multicast range.
3FFF:FFFF::/32Reserved for examples and documentation.
2001:0DB8::/32Also reserved for examples and documentation.
Extended Uniform Identification (eui-64):
You can specify the entire 128-bit global IPv6 address or you can use the eui-64 option.The eui-64 format allows the device to use its MAC address and pad it to make the interface ID.
Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64
The Globe is divided into 5 Zones and each zone will be assigned a number range to identify them.
Here the /64 represents the identification of the Zone and the IP of the company in that zone.Eui-
64 will pad an extra FFFE to the MAC address exactly to its center.
E.g. MAC address 0060.d673.1987 after padding would look like 0260.d6ff.fe73.1987
-
7/27/2019 Lab m Annual
73/84
Lab manualIn the above e.g.
0 0 6 0 D 6 7 3 1 9 8 7
0000 0000
7th
bit is 0 then the address is locally unique.
0 2 6 0 D 6 F F F E 7 3 1 9 8 7
0000 0010
After padding the 7th
bit changes to 1, now the address is Link local address. It is globally unique
address.
This padding process is called as EUI-64 i.e. Extended Uniform Identifier. EUI-64 is an IEEE
standard that is given to the MAC address of any particular system where every systems MAC
address will be automatically assigned. MAC address is the part of IPV6 address which makes it a
unique address.
LAB
-
7/27/2019 Lab m Annual
74/84
Lab manualDTE DCE
E0 S0 S0 E0
R1 R2
R1(config)#ipv6 unicast-routing // By default ipv6 is disabled
R1(config)#int e0
R1(config-if)#ipv6 add 2004:abcd:1234:0001::/64 eui-64
R1(config-if)#ipv6 rip 1 enable
R1(config-if)#no shutdown
R1(config)#int s0
R1(config-if)#ipv6 add 2005:abcd:1234:0002::/64 eui-64
R1(config-if)#ipv6 rip 1 enable
R1(config-if)#no shutdown
R2(config)#ipv6 unicast-routing
R2(config)#int e0
R2(config-if)#ipv6 add 2003:abcd:1234:0001::/64 eui-64
R2(config-if)# ipv6 rip 1 enable
R2(config-if)#no shutdown
R2(config)#int s0
R2(config-if)#ipv6 add 2005:abcd:1234:0002::/64 eui-64
R2(config-if)#no shutdown
R2(config-if)# ipv6 rip 1 enable
R2(config-if)#clock rate 64000
Outputs
-
7/27/2019 Lab m Annual
75/84
Lab manual
R2#sh ipv6 int brief
Ethernet0 [up/up]
FE80::210:7BFF:FE7F:B8EA2003:ABCD:1234:1:210:7BFF:FE7F:B8EA
Serial0 [up/up]
FE80::210:7BFF:FE7F:B8EA
2005:ABCD:1234:2:210:7BFF:FE7F:B8EA
Serial1 [administratively down/down]
For each interface IPv6 will create a Link local & Global Unicast address.
Global unicast addressesThese are publicly routable addresses, and theyre the same as they are in IPv4.
Link-local addressesThese are like the private addresses in IPv4, that means theyre not routable on a public
network.
R2#sh ipv6 int e0
Ethernet0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::210:7BFF:FE7F:B8EA
Global unicast address(es):2003:ABCD:1234:1:210:7BFF:FE7F:B8EA, subnet is 2003:ABCD:1234:1::/64
Joined group address(es):FF02::1
FF02::2
FF02::1:FF7F:B8EA
MTU is 1500 bytes
R2#sh ipv6 int s0
Serial0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::210:7BFF:FE7F:B8EA
Global unicast address(es):
2005:ABCD:1234:2:210:7BFF:FE7F:B8EA, subnet is 2005:ABCD:1234:2::/64Joined group address(es):
FF02::1
FF02::2
FF02::1:FF17:2
FF02::1:FF7F:B8EA
MTU is 1500 bytes
R2#sh ipv6 route ( without configuring RIP )IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
-
7/27/2019 Lab m Annual
76/84
Lab manualC 2003:ABCD:1234:1::/64 [0/0]
via ::, Ethernet0
L 2003:ABCD:1234:1:210:7BFF:FE7F:B8EA/128 [0/0]
via ::, Ethernet0
C 2005:ABCD:1234:2::/64 [0/0]via ::, Serial0
L 2005:ABCD:1234:2:210:7BFF:FE7F:B8EA/128 [0/0]
via ::, Serial0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
R2#sh ipv6 route (configuring RIP )IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
C 2003:ABCD:1234:1::/64 [0/0]
via ::, Ethernet0
L 2003:ABCD:1234:1:210:7BFF:FE7F:B8EA/128 [0/0]
via ::, Ethernet0
R 2004:abcd:1234:1::/64 [120/2]
Via FE80::200:CFF:FE91:811E, serial 0
C 2005:ABCD:1234:2::/64 [0/0]via ::, Serial0
L 2005:ABCD:1234:2:210:7BFF:FE7