Lab m Annual

7/27/2019 Lab m Annual

1/84


2/84

Lab manual

COMMAND LINE INTERFACE (CLI)

To enter the hyper terminalPrograms Accessories CommunicationHyperTerminal

(HyperTerminal window opens)

-prompts for the screen name (not the router name)

-connect to window select com1 ok

-com1 properties window select restore default ok

Switch ON the router (if new router that is not configured it will ask -----Would u like to enter initial configuration dialog[yes/no]: no

Press return to get started (enter)

Router>

* User Mode/User Executable Mode

Router> enable (enter)

Router#

* Privileged Mode/Enable Mode Executable Mode.

The following commands can be executed in this mode

Router#show running-config(enter)

Router#debug xxx

Router#copy xxx

Router#configure terminal(enter)

Router(config)#

* Global Configuration Mode- Any configuration change in this mode affects the

whole router.

Router(config)#interface e 0/fastethernet 0/ S0 / S 1(enter)

Router(config-if)#

* Specific Configuration Mode configuration changes to specific part of the

router like lines and interfaces.


3/84

Lab manual Setting User mode Password

Router(config)#Line console 0(enter)

Router(config-line)#password xxxx

Router(config-line)#login

To set username & password for the user modeRouter(config)#username xxxx password xxxx

Router(config)#Line console 0

Router(config-line)#login local

To change the hostnameRouter(config)#hostname HOR(enter)HOR(config)#

T o encrypt all the passwordsRouter(config)#service password-encryption

To set password for the privileged modeRouter(config)#enable password/secret xxxx


4/84

Lab manualQUESTIONS

1 . What are the different modes in a router?

oRouter> ------------- User mode or the user executable modeEnable (enter)

o Router# ---------- Privileged mode/Enable modeShow running-config

Debug xxx

Ping A.B.C.D

o Router# configure terminal (enter)Router(config)# ----------- Global configuration mode

o Router(config)#interface ethernet 0/fastethernet 0/serial 0/ serial 1(enter)o Router(config)# line console 0

Router(config-if/line)# ---------- Specific configuration mode

2 . Difference between Login and Login Local?

o Login activates the usermode entry password for a single user without username.o Login local activates the username and password for the same usermode, incase of multiple

users.

3 . How to encrypt our passwords?

o Router(config)#service password-encryption Encrypts all the passwords at a time.Thepasswords once encrypted, cannot be decrypted by any command.

4 . How to set password to the user mode?

o Router(config)#Line console 0(enter)Router(config-line)#password xxxx

Router(config-line)#login - Login activates the usermode entry password for a single user

without username.

5 . How to set password to the privilege mode?

o Router(config)#enable password/secret xxxx6 . How to set username and password to the user mode?

o Router(config)#username xxxx password xxxxo Router(config-line)#login local - Login local activates the username and password for the

same usermode, incase of multiple users.


5/84

Lab manualSTATIC ROUTING

DTE DCE10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10n/w 30 n/w

E0 S0 S0 E0HOR BOR

R1(config)#interface e 0 R2(config)#interface e 0

R1(config-if)#ip address 10.0.0.1 255.0.0.0 R2(config-if)#ip address 30.0.0.1 255.0.0.0

R1(config-if)#no shutdown * R2(config-if)#no shutdown

R1(config)#interface s 0 R2(config)#interface s 0

R1(config-if)#ip address 20.0.0.1 255.0.0.0 R2(config-if)#ip address 20.0.0.2 255.0.0.0

R1(config-if)#no shutdown R2(config-if)#clock rate 64000R2(config-if)#no shutdown

R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2 **

R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1 **

* All interfaces are administratively down when the router is switched on. We change their

status to up by using the command no shutdown.

** In static routing, we are manually adding the destination network to our Routing table.

Router(config-if)#ip route Next hop address refers to the address of the next router that receives the packet and then

forwards it to the remote location.

R1 R2


6/84

Lab manualCommands

1 . Router#show running-config

This will display the current configuration of the router.

2 . Router#show controllers serial 0

To identify the DCE & DTE ends of the Serial cable.

3 . Router#show interface ethernet 0

This will displays the details of ethernet interface.

4 . Router#show interface serial 0

This will display the details of serial interface.

5. Router#show ip interface brief

This will display the interface & line protocol status in a tabular format.

Outputs

Router#sh running-config

interface Ethernet0

ip address 10.0.0.1 255.0.0.0

!interface Ethernet1

no ip address

shutdown

!

interface Serial0

ip address 20.0.0.2 255.0.0.0

clockrate 64000

!

interface Serial1

no ip address

shutdown

!

IP route 30.0.0.0 255.0.0.0 20.0.0.1

!

line con 0

line aux 0

line vty 0 4

login

!

End


7/84

Lab manualRouter#sh int e0

Ethernet0 is up, line protocol is up

Hardware is Lance, address is 0010.7b80.c3c6 (bia 0010.7b80.c3c6)

Internet address is 10.0.0.1/8MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set, keepalive set (10 sec)

Router#sh int s0

Serial0 is up, line protocol is up

Hardware is HD64570

Internet address is 20.0.0.2/8

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,reliability 255/255, txload 1/255, rxload 1/255

Encapsulation HDLC, loopback not set, keep alive set (10 sec)

Router#show ip int brief

State 1 - When both no shutdown andclock rate is applied to corresponding interfaces

Interface IP-Address OK? Method Status Protocol

Ethernet0 30.0.0.1 YES manual up upSerial0 20.0.0.2 YES manual up up


State 2 - When clock rate is not given on DCE end & layer 1 problem


Ethernet0 30.0.0.1 YES manual up up

Serial0 20.0.0.2 YES manual up down


State 3 - When the other end serial interface is shut down


Ethernet0 30.0.0.1 YES manual up up

Serial0 20.0.0.2 YES manual down down


8/84

Lab manualRouter#show controllers s 0

HD unit 0, idb = 0xB883C, driver structure at 0xBDB98

buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

Gateway of last resort is not set

C 20.0.0.0/8 is directly connected, Serial0

C 10.0.0.0/8 is directly connected, Ethernet0S 30.0.0.0/8 [1/0] via 20.0.0.1

Router#sh protocolsGlobal values:

Internet Protocol routing is enabled



Ethernet1 is administratively down, line protocol is down



Serial1 is administratively down, line protocol is down


9/84

Lab manualQuestions

1 . How to assign an IP address to the Router and configure it?

oRouter(config)interface e 0 / s 0Router(config-if)ip address

Router(config-if)no shutdown

We assign our default-gateway as the IP address to the ethernet port. When the router is switchedON, by default all the interfaces are administratively

down. To make the interfaces up we give no shutdown

2 . Why and where we use the clock rate?

o The serial line has two ends DTE and DCE. This line goes up and down when IP addressand no shutdown is configured on both sides and will be in asynchronous state always. To

synchronize the link clock rate should be configured at DCE end.

3 . How to find out the DCE end?

o Router#sh controllers s 04 . Difference between

Request timed out

Destination host unreachableReply from : time


10/84

Lab manual

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.110 N/w 30 N/w

E0 S0 S0 E0

Make sure you are able to ping the destination network before you configure WANProtocols

R1(config)#int s 0

R1(config-if)#encapsulation PPP

R1(config-if)#exit

When line protocol is not same on both routers, then the state of the link goes up anddown i.e. the encapsulation on R1 --- PPP, R2 --- HDLC.

R2(config)#int s 0

R2(config-if)#encapsulation PPP

R2(config-if)#exit

CHAP

R1(config)#username R2 password 123

R1(config)#int s 0

R1(config-if)#PPP authentication CHAP

R2(config)#username R1 password 123R2(config)#int s 0

R2(config-if)#PPP authentication CHAP

In case of CHAP, the user password should be the same. Here 3-way handshake takesplace.

PAP


R1(config)#int s 0

R1(config-if)#PPP authentication PAPR1(config-if)#PPP PAP sent-username R1 password 321


R2(config)#int s 0

R2(config-if)#PPP authentication PAP

R2(config-if)#PPP PAP sent-username R2 password 123

In PAP, the username and password is sent manually.

R2R1


11/84

Lab manualCOMMANDS

1. Router#sh int s 0To check the encapsulation in the serial interface

2. R1#debug PPP authenticationTo debug PPP authentication

OUTPUTS

Router#sh int s0


Hardware is HD64570


MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255

Encapsulation PPP, loopback not set, keepalive set (10 sec)

LCP Open

Open: IPCP, CDPCP

hor#debug ppp authentication ( PAP )

Se0 PPP: Treating connection as a dedicated line

Se0 PPP: Phase is AUTHENTICATING, by both

Se0 PAP: O AUTH-REQ id 2 len 12 from "hor"

Se0 PAP: I AUTH-REQ id 2 len 12 from "bor"

Se0 PAP: Authenticating peer bor

Se0 PAP: O AUTH-ACK id 2 len 5

Se0 PAP: I AUTH-ACK id 2 len 5

HOR#debug ppp authentication ( CHAP )

Se0 PPP: Treating connection as a dedicated line

Se0 PPP: Phase is AUTHENTICATING, by both

Se0 CHAP: O CHALLENGE id 21 len 24 from "HOR"

Se0 CHAP: I CHALLENGE id 20 len 24 from "BOR"

Se0 CHAP: O RESPONSE id 20 len 24 from "HOR"

Se0 CHAP: I RESPONSE id 21 len 24 from "BOR"

Se0 CHAP: O SUCCESS id 21 len 4

Se0 CHAP: I SUCCESS id 20 len 4

Questions


12/84

Lab manual

1 . Different WAN Protocols?

o HDLC High level Data Link Controlo

PPP Point-to-Point Protocolo Frame-Relay2 . Difference between PPP and HDLC?

PPP HDLC

Open Protocol Cisco Proprietary

Authentication is allowed. Authentication is not possible

PAP CHAP

3 . What are the advantages of using PPP encapsulation over ISDN links?

o PPP authentication prevents unauthorized callers from establishing an ISDN circuit.o PPP can be implemented among different equipment vendors.

4 . How PAP and CHAP works?

o PAPUsername is xxx and password xxxx

Authentication Request

Authentication Acknowledgement

When the username and password are matched in the HOR Database, BOR is allowed.o CHAP

Can I Talk to you

Challenge

Response

Success / Failure

Message Digest (Message Integrity) is one of the forms of Encryption

HOR BOR

HOR BOR

HOR BOR


13/84

Lab manual

Packet + Hash Function =Message Digest1. MD 5 is one-way process.2. It is always constant.3.

A small change will result in a big change in MD.

5 . What command would you enter to display the CHAP authentication as it occurs in

real time?

o debug PPP authentication6 . Difference between PAP and CHAP?

o CHAP is more secure than PAP as the password is encrypted here using MD5,while in PAP the clear text password is sent over the link.

7 . The output shown below was taken from two directly connected routers. Based on the

output of these two routers, What happen when the below command Router#show interface

serial 0 is entered?

Corp#show running-config

!

Isdn switch-type basic-5ess

Username Remote password cisco

!

interface s0ip address 192.168.0.1 255.255.255.0

encapsulation ppp

Remote#show running-config

!

Isdn switch-type basic-5ess

Username Corp password Cisco

!

interface s0

ip address 192.168.0.2 255.255.255.0

encapsulation pppppp authentication chap

o The passwords in the username do not match, so the link will not come up and the lineprotocol will be down, which would make LCP closed.Both the usernames and the

passwords are case sensitive.


14/84

Lab manualRIP AND IGRPPROTOCOLS

DCE DTE10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10 n/w E0 S0 S0 E0 30 n/w

HOR BOR

RIP

R1(config)#routerRIP * R2(config)#routerRIP

R1(config-router)#network 10.0.0.0 R2(config-router)#network 20.0.0.0


IGRP

R1(config)#routerIGRP 123 ** R2(config)#routerIGRP 123



* In RIP, we specify only those networks that belong to us. RIP sends routing table updates to

its neighbors for every 30secs. RIP uses hop count as a unit of metric. The administrative distance

of RIP is 120

** IGRP uses autonomous number system. Here, only the networks that come under the same

autonomous system number will communicate with each other. Autonomous number is provided

by ISP. (By default, networks in different Autonomous system will not communicate, for different

Autonomous systems to communicate redistribution should be done - CCNP concept).

IGRP sends updates for every 90secs and uses bandwidth and delay as unit of metric. IGRP has

an administrative distance of 100

R1 R2


15/84

Lab manual

Commands

1 . Router#debug ip rip

It shows the updates sent to the neighbor routers for every 30 sec.

2. Router#Clear ip route *

This allows the routing table to switch to the new updates by clearing the old entries.

3 . Router#debug ip igrp transactions

Displays the routing table updates that is sent for every 90sec

4 . Router#Undebug all (u all)

To stop all debug commands those are active.

5 . Router#debug ip routing

Displays the dynamic changes made in the routing table

Time Intervals RIP IGRP

Update Interval 30 90

Hold-down timer 180 280

Invalid after 180 270

Flushed after 240 630


16/84

Lab manualOutputs

Router#debug ip rip

RIP protocol debugging is on

Router#

00:29:26: RIP: received v1 update from 20.0.0.1 on Serial0

00:29:26: 30.0.0.0 in 1 hops

00:29:30: RIP: sending v1 update to 255.255.255.255 via Ethernet0 (10.0.0.1)

00:29:30: network 20.0.0.0, metric 1

00:29:30: network 30.0.0.0, metric 2

00:29:30: RIP: sending v1 update to 255.255.255.255 via Serial0 (20.0.0.2)

00:29:30: network 10.0.0.0, metric 1

00:29:55: RIP: received v1 update from 20.0.0.1 on Serial0

00:29:55: 30.0.0.0 in 1 hops

Router#debug ip igrp transactions

IGRP protocol debugging is on

Router#

00:26:16: IGRP: sending update to 255.255.255.255 via Ethernet0 (10.0.0.1)

00:26:16: network 20.0.0.0, metric=8476

00:26:16: network 30.0.0.0, metric=8576

00:26:16: IGRP: sending update to 255.255.255.255 via Serial0 (20.0.0.2)

00:26:16: network 10.0.0.0, metric=110000:26:32: IGRP: received update from 20.0.0.1 on Serial0

00:26:32: network 30.0.0.0, metric 8576 (neighbor 1100)

Router#debug ip igrp events

IGRP event debugging is on

Router#

00:22:47: IGRP: received update from 20.0.0.1 on Serial0

00:22:47: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes.

00:22:47: IGRP: Total routes in update: 1

00:23:40: IGRP: sending update to 255.255.255.255 via Ethernet0 (10.0.0.1)



00:23:40: IGRP: sending update to 255.255.255.255 via Serial0 (20.0.0.2)




17/84

Lab manual

Router#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is not set

C 20.0.0.0/8 is directly connected, Serial0

C 10.0.0.0/8 is directly connected, Ethernet0

R 30.0.0.0/8 [120/1] via 20.0.0.1, 00:00:06, Serial0

E:\ftp 30.0.0.10connected to 30.0.0.10

220 mohan Microsoft FTP service .

user :anonymous331 Anonymous access allowed, send identity as password.

Password:

230 Anonymous user logged in

ftp> dir200 PORT command successful.

150 Opening ASCII mode data connection for /bin/ls.

09-17-07 07:41PM 26 Frame.txt

09-17-07 07:41PM 9 Igrp.txt09-17-07 07:41PM 32 Isdn.txt

09-17-07 07:40PM 10 Rip.txt

226 Transfer complete.

ftp:247 bytes received in 0.00seconds 284000.00kbytes/sec.

ftp>get frame.txt

200 PORT command successful.

226 Transfer complete.

ftp:28 bytes received in 0.00seconds 26000.00kbytes/sec.

ftp>bye


18/84

Lab manual

Questions

1. Difference between Static Routing & Dynamic Routing?

o In static routing, we are manually adding the destination network to our Routing table.o In Dynamic Routing, the protocols build the routing table automatically.

2. Difference between RIP and IGRP?

Interior Gateway Routing Protocol Routing Information Protocol

Uses autonomous number system. Does not use autonomous number system.

Works only on Cisco routers. Works on multi-vendor routers.

Sends updates for every 90secs. Sends updates for every 30secs.

Bandwidth, delay and distance as a unit of

metric.

Hop count as a unit of metric.

Administrative distance is 100 Administrative distance is 120

Has a maximum hop count of 100 Has a maximum hop count of 16

.

Time Intervals RIP IGRP

Update Interval 30 90

Hold-down timer 180 280

Invalid after 180 270

Flushed after 240 630


19/84

Lab manual

3 . What is Routing loop and when it occurs?

Distance-vector routing protocols sends routing table updates at regular intervals to keep

track of any changes in the Internetwork. Routing loops can occur when a network outage happensand no router is updated with the change in routing table.

Ra Rb Rc Re

n/w 3 n/w 4 n/w 5

Rd

o Assume that the first update has been received by every router and now they are in the dueof 29sec.o Now, the interface to Network 5 is down and also all routers know about Network 5.

Then Re prompts Rc to stop routing to Network 5 through it. But Ra, Rb andRd dont

know about Network 5 yet, so they keep sending the updates.

o Rc will be sending its update and cause Rb to stop routing to Network 5, but Ra andRdare not updated. To them, it appears that Network 5 is still available through Rb.

o Ra will continue to send its updates for every 30secs and unfortunately Rb and Rdreceives a message that Network 5 can be reached from Ra. So Rb and Rd sends theinformation that Network 5 is available.

o Any packet destined forNetwork 5 will go from Ra to Rb and then back to Ra. This leadsto a routing loop.

3. Methods to avoid Routing loop?

Maximum hop count:

When the routing loop occurs, the hop count increases indefinitely each time a packetpasses through a router. To resolve thismaximum hop count was defined. RIP permits hop count

up to 15, so anything that requires 16th hop will be considered as unreachable.

Split horizon:

Split horizon defines that the routing information cannot be sent back in the direction from

which it was received i.e., the routing protocol determines which interface a network route was

learned on and it wont advertise the route back to that same interface.


20/84

Lab manual

Route poisoning:

This helps to avoid routing loops in a meshed structure even if split horizon works out. E.g.

when Network 5 goes down, Re initiates route poisoning by advertising Network 5 as 16 hops orunreachable, this poisoning of the route to Network 5 keeps Rc from being susceptible to

incorrect updates about the route to Network 5. When Rc receives aroute poisoningfrom Re; it

sends an update, calledPoison reverseback to Re. This ensures all routes on the segment have

received the poisoned route information.

4. Define Hold down timer

o This sets the amount of time for which the routing information is suppressed. Routes willenter into the hold down state, when an update packet is received indicating the route as

unreachable. This continues, either till it receives an update packet with a better metric or

till the hold down timer is expired. By default Hold down timer is for 180 seconds.

5. You type debug ip rip on your router console and see that 172.16.10.0 is being

advertised to you with a metric of 16. What does this mean?

o The route is inaccessible.

6. What command is used to stop RIP routing updates from exiting out an interface but still

receive RIP route updates?

o Router(config-router)#passive-interface s0

7. A network that is advertised by both RIP and IGRP appears in the routing table flagged

as an IGRP route. Why is the RIP route to this network not used in the routing table?

o IGRP has a lower administrative distance

8. Which parameters does IGRP use to find out the best path to a remote network?

o Bandwidth and Delay.

9. Which command displays RIP routing updates?

o Router#debug ip rip


21/84

Lab manual

TELNET

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10 n/w 20 n/w 30 n/w

Make sure you are able to ping the destination network before you configure WANProtocols

R1(config)#line vty 0 4 R2(config)#line vty 0 4

R1(config-line)#password xxx R2(config-line)#password xxx

R1(config-line)#Login R2(config-line)#Login

R1(config)#enable password xxx R2(config)#enable password xxx

If vty password is not configured in R2R1#telnet 20.0.0.2

Password required, but none set

Connection to 20.0.0.2 is closed

After password is configured on R2, try to telnet R2(20.0.0.2)R1>telnet 20.0.0.2

User access verification

Password:

If password is not enabled for the privileged modeR2>enable

%No password set

If the password is setR2>enable

Password:R2#

R2>exitR1# ----------- Will disconnect the session.

R2>(Press) ctrl + shift + 6 and xR1# ----------- Will suspend the session.

R1 R2


22/84

Lab manualCommands

1. R1#sh sessions - To display the sessions opened by a particular user.2. R1#(enter)(enter) - To move to the lastly opened session3. R1#sh users - To display the users logged on4. R1#clear line 3 - To disconnect a user

[Confirm]

R1#

5. R1#sh cdp - Works only on directly connected Cisco routersCDP runs every 60 sec.

6. Hold time 180 sec.7. R1#sh cdp neighbors

R1#sh cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

Router Ser 0 143 R 2500 Ser 0

8. R1#show cdp neighbors detail-------------------------

Device ID: Router

Entry address(es):

IP address: 20.0.0.2

Platform: cisco 2500, Capabilities: Router

Interface: Serial0, Port ID (outgoing port): Serial0

Holdtime : 122 sec

Version :

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(13), RELEASE SOFTWARE

(fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2005 by cisco Systems, Inc.

Compiled Thu 10-Feb-05 11:49 by ssearch

advertisement version: 2

9. R1(config)#ip host 20.0.0.2 Creates Host Table.


23/84

Lab manualOutputs

Router#sh sessions

Conn Host Address Byte Idle Conn Name1 20.0.0.1 20.0.0.1 0 0 20.0.0.1

* 2 20.0.0.1 20.0.0.1 0 0

Router#sh users

Line User Host(s) Idle Location

* 0 con 0 20.0.0.1 00:06:03

20.0.0.1 00:05:42

2 vty 0 idle 00:07:45 20.0.0.1


24/84

Lab manualSECURITy DEvICE MANAGER (SDM) GUI

Security Device Manager (SDM) is a web-based device-management tool for Cisco

routers that can simplify router deployments by allowing us to manage and troubleshoot complex

network and connectivity issues and also supports a wide range of Cisco IOS Software releases toset up advanced configurations. It is used to configure a router through a HTTP service. To do

this make sure your router is configured with atleast one ip address on a LAN interface and

connects a host to the router.

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

Router>en

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#int f0/0Router(config-if)#ip address 1.1.1.1 255.255.255.0

Router(config-if)#no shut

Router(config-if)#do ping 1.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:

!!!!!

From here, you just open a browser & type http://1.1.1.1, SDM gets loaded and open a window.

Clicking the Configure button at the top of the page, choose the type of interface we want to

configure and then click the Create New Connection button at the bottom of the page (fig.1a). This

opens the LAN or WAN wizard, depending on which interface we chose to configure. By clicking

the Edit Interface/Connection tab, you get to see your interface status. (fig.1b).


25/84

Lab manual

Fig.1a

Fig.1b

You can double-click to edit that particular interface. Click on the Additional Tasks Button at thebottom left portion and then select Router properties icon. Here, you can set the hostname, MOTD

banner, and enable secret password.

You can also create a DHCP pool on your router. Click on the DHCP folder, then the DHCP pool

icon and then click Add button.


26/84

Lab manualQuestions

1. Difference between exit and using ctrl+shift+6 x?

Using exit command will disconnect the current session Using ctrl+shift +6 x command we can suspend a session without disconnecting that

session

2. Differentiate between show sessions and show users?

Show sessions will show the sessions we opened by telnet ting to the correspondingDestinations.

Show users will show the sessions opened by other destinations to us.

3. What are two characteristics of Telnet? (Choose two.)

It sends data in clear text format. It is no longer supported on Cisco network devices. It is more secure than SSH. It requires an enterprise license in order to be implemented. It requires that destination device be configured to support Telnet connections.

A and E4. What happens if we try to open a 6th session to a destination?

If 6th session is opened an error message is displayed.R1#telnet

Trying Telnet < destination IP address >

% connection refused by remote host.

5. What are two reasons a network administrator would use CDP? (Choose two.)

to verify the type of cable interconnecting two devices to determine the status of network services on a remote device to obtain VLAN information from directly connected switches to verify Layer 2 connectivity between two devices when Layer 3 fails to obtain the IP address of a connected device in order to telnet to the device to determine the status of the routing protocols between directly connected routers D and E


27/84

Lab manual

ACCESS CONTROL LISTS (ACL)

In Out

E0 S0 S0 E0

Out In

LAN1 LAN230.0.0.0 10.0.0.0

An access list is a list of conditions that classify the packets (or) the packet definition).Unauthorized access can be blocked by using access list. These lists can be used to

control the traffic passing through the router. Following are different types of access lists.

Standard ACL -Access-list No.1-99Action, ACL number, Source IP, SWCM (Source Wild Card Mask) are the parameters to

be considered while configuring standard ACL which considers only the source address when rules

are defined and to be checked.

Syntax:

R1(config)#Access-list

R1(config)#Access-list 5 deny 30.0.0.10 0.0.0.0R1(config)#Access-list 5 permit 30.0.0.15 0.0.0.0 - Here it considers the source address only

Once you have defined the access-list, binding should be done at the interfacerequired (E0 or S0).

For an interface at any time there are maximum of two binding (in and out). R1(config)#int e 0 / s0

R1(config-if)#ip Access-group 5 in/out

For binding we consider two directions: In & Out. This specifies the direction in which thedata packets are moving with respect to the Router.

Extended ACL - Access-list No. 100-199Action, ACL number, Source IP, SWCM (Source Wild Card Mask), Destination IP, DWCM,

Protocol, interface and the destination port number are the parameters considered while

configuring Extended ACL.

R1 R2


28/84

Lab manualSyntax:

R1(config)#Access-listeq

Port no - can be replaced by the port names. Source IP From IP address. Destination IP To IP address. Eq equivalent to. Action permit or deny.

R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 80

R1(config)#Access-list 101 permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 23

R1(config)#Access-list 101 deny ICMP any any

Syntax:

R1(config)#Access-listeq

log

R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq ftp log

Log - gives information about the port no of source, number of packets send, number ofmatches made etc.,

NAMED ACCESS LIST

StandardR1(config)#IP Access-list standard

R1(config)#IP access-list standard moon

R1(config-std-nacl)#

R1(config-std-nacl)#deny 30.0.0.10 0.0.0.0

R1(config-std-nacl)# permit 30.0.0.15 0.0.0.0

ExtendedR1(config)#IP Access-list Extended R1(config)#ip access-list extended sun

R1(config-ext-nacl)#eq

R1(config-ext-nacl)#deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq www

R1(config-ext-nacl)#permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq telnet

R1(config-ext-nacl)#deny ICMP any any

Command


29/84

Lab manual

1 . Show access-listsThis displays all the access lists created.

Output

Router#sh access-lists

Extended access-list 123

10 deny tcp host 10.0.0.10 host 30.0.0.10 eq telnet

Questions

1 . Different types of Access lists?

o Standard Access Lists - Standard access list considers only the source address.Deny/Permit actions are applied on the source address. Once the access list is defined,

binding can be done at any one of the interface (Ethernet or serial).

o Extended Access Lists - This considers source address, Destination address, protocol,destination ports etc .In Extended access list we can specify the applications that are to be

permitted or denied from the source to destination.

o Named Access Lists - As the name suggests, we can define an access list using aname instead of number wherein we can modify (or delete) the list by individual

conditions which is not possible in the numbered lists.

2 . Difference between numbered access lists and named access lists?

o In numbered access lists, if we try to delete an individual statement from the access list,the whole list will be deleted. In named access lists, we can edit the list by individual

statement.

3 . what are the benefits provided by access control lists (ACLs)?

o ACL helps to define the packet parameterso ACLs classify and organize network traffico ACLs provide IP route filtering

4 . Which command is required to apply an access list on a virtual terminal line of a

router?

o Router(config-line)# access-class 10 in

5 . Which single access list statement will combine all four of these statements into asingle statements that will have exactly the same effect?


30/84

Lab manual

access-list 15 permit 172.29.16.0 0.0.0.255




o access-list 10 permit 172.29.16.0 0.0.3.255

6 . If you want to deny all Telnet connections to the network 192.168.10.0, which

Command will you use?

o access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 237 . What are the possible ways to refer to a host 172.16.30.55 in an IP access list?

o 172.16.30.55 0.0.0.0o host 172.16.30.55

8 . Which access lists will allow only HTTP traffic into network 196.15.7.0?

o access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www9. Which command connect access list 110 inbound to interface ethernet0?

o Router(config)#interface ethernet 0o Router(config-if)#ip access-group 110 in

NETWORK ADDRESS TRANSLATION (NAT)


31/84

Lab manual

20.0.0.2

Private10.0.0.10 Public

30.0.0.20

Inside local Inside global

R1(config)#Ip route 0.0.0.0 0.0.0.0 S0 -------------- Default Network

R1(config)#access-list 15 permit 10.0.0.0 0.255.255.255 -------- Defining the range of hosts

R1(config)#int e 0

R1(config-if)#ip NAT insideR1(config)#int s 0

R1(config-if)#ip NAT outside

1. Dynamic NAT configuringR1(config)#IP NAT inside source list 15 int S0 overload *

2. Pool NATR1(config)#IP NAT pool MOHAN 20.0.0.30 20.0.0.35 netmask 255.0.0.0

R1(config)#IP NAT inside source list 15 pool MOHAN overload **

3. Static NATR1(config)#IP NAT inside source static 10.0.0.10 20.0.0.5 ***

* Router translates source addresses reaching inside (say e0) if it matches the list, to the same

public address at serial interface.

** Router translates source addresses reaching inside (say e0) if it matches the list, from the range

of addresses mentioned in the pool.

*** When a packet comes from 10.0.0.10 through inside source, then source is always translated

to only one address (20.0.0.5) and vice versa.

Commands

R1


32/84

Lab manual

1. Router#debug ip nat ------------- To debug NAT2. Router#sh ip nat translations ----------- To display translations( Displays Inside

local, Inside Global, Outside local and Outside Global )

3. R1#clear ip nat translations * ----------- To clear translations

OUTPUTS

Router#debug ip nat

IP NAT debugging is onRouter#

01:10:59: NAT*: s=10.0.0.10->20.0.0.5, d=30.0.0.1 [205]

01:10:59: NAT*: s=30.0.0.1, d=20.0.0.5->10.0.0.10 [205]

01:11:00: NAT*: s=10.0.0.10->20.0.0.5, d=30.0.0.1 [206]

01:11:00: NAT*: s=30.0.0.1, d=20.0.0.5->10.0.0.10 [206]

Router#sh ip nat translations

Pro Inside global Inside local Outside local Outside globalICMP 20.0.0.5 10.0.0.10 --- ---

Questions


33/84


34/84

Lab manualallow many users to connect to the global Internet?

NAT Static

Dynamic PAT Overloading

E8. Which of the following are disadvantages of using NAT? (Choose three.)

Translation introduces switching path delays. Conserves legally registered addresses. Causes loss of end-to-end IP traceability. Increases flexibility when connecting to the Internet. Certain applications will not function with NAT enabled. Reduces address overlap occurrence.

A,C and E

OSPF & EIGRP


35/84

Lab manual

10.0.0.0 10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1 30.0.0.0

OSPF

Router(config)#router OSPF ------- [Process-id 1 to 65535]

Router(config-router)#network area

R1(config)#router OSPF 15

R1(config-router)#network 10.0.0.0 0.255.255.255 area 0


R2(config)#router OSPF 12



Between two OSPF routers the process-ids need not be the same

EIGRP

R1(config)#router EIGRP ---------- [autonomous-no 1 to 65535]

R1(config-router)#network

R1(config)#router EIGRP 123

R1(config-router)#network 10.0.0.0


R2(config)#router EIGRP 123



The autonomous system numbers should be the same while communicating betweenEIGRPs

In OSPF, area should be same.

Loop back interface

R2R1


36/84

Lab manualIts a logical interface i.e., not a real router interface. When the Router ID of a router-

interface with the highest address, goes up and down, re-election for the new DR will not get

completed. Loop back interface resolves this problem, as it never goes down & router id never

changes.

Types of network using OSPF

Broadcast (multi-access) networks provide a broadcast ability in which every single

broadcast is delivered to all nodes on the network. This can be avoided in OSPF by electing a DR

and BDR for each broadcast multi-access networks.

LSA LSA

LSA

Non-broadcast multi-access network allows for multi-access, but have no broadcast

ability. So, NBMA networks require special OSPF configuration to function properly and neighbor

relationships must be defined.

Here,

Information of Ra is not sent to Rc

Information of Rc is not sent to Ra

But Rb knows about Ra and Rc

Point-to-point refers to a type of network topology consisting of a direct connection

between two routers that provides a single communication path. This type of configuration

eliminates the need for DRs or BDRs, but neighbors are discovered automatically.

Commands

Rb

Ra Rc

Ra Rb


37/84

Lab manual

OSPF

Router#sh ip ospf interface e 0 Router#sh ip ospf int f 0 Router#sh ip ospf int s 0 Router#sh ip ospf neighbor shows neighbor router-id. Router#sh ip protocols

EIGRP

Router#sh ip eigrp neighbors Router#sh ip eigrp topology Router#sh ip eigrp traffic

OUTPUTS


38/84

Lab manualRouter#debug ip ospf events

OSPF events debugging is on

Router#

OSPF: Rcv hello from 100.0.0.1 area 0 from Serial0 20.0.0.2

OSPF: End of hello processingOSPF: Rcv hello from 100.0.0.1 area 0 from Serial0 20.0.0.2

OSPF: End of hello processing

OSPF: Rcv hello from 100.0.0.1 area 0 from Serial0 20.0.0.2

OSPF: End of hello processing

Router#sh ip ospf int e0Ethernet0 is up, line protocol is up

Internet Address 30.0.0.1/8, Area 0

Process ID 5, Router ID 30.0.0.1, Network Type BROADCAST, Cost: 10

Transmit Delay is 1 sec, State DR, Priority 1Designated Router (ID) 30.0.0.1, Interface address 30.0.0.1

No backup designated router on this network

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Neighbor Count is 0, Adjacent neighbor count is 0

Suppress hello for 0 neighbor(s)

Router#sh ip ospf int s0Serial0 is up, line protocol is up

Internet Address 20.0.0.1/8, Area 0

Process ID 5, Router ID 30.0.0.1, Network Type POINT_TO_POINT, Cost: 64Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 100.0.0.1

Suppress hello for 0 neighbor(s)

Router#sh ip eigrp topology

IP-EIGRP Topology Table for process 5

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,r - Reply status

P 20.0.0.0/8, 1 successors, FD is 2169856

via Connected, Serial0


via Connected, Ethernet0


via 20.0.0.2 (2195456/281600), Serial0

Questions


39/84

Lab manual1. Differentiate between Distance vector and Link state Protocol?

Sl.

No

Distance vector Link state

1 Considers only distance. Bandwidth, delay, load, Reliability and MTU.

2 Sends the routing table. Sends the state of the link.

3 Learns about the adjacent routers. Learns the entire topology.

2. Differentiate between OSPF and EIGRP?

Sl.

No OSPF EIGRP

1 Link state. Hybrid(DV + LS).

2 Open protocol (multi-vendor). Cisco Proprietary Protocol.

3

Supports only IP protocol.

Supports multiple protocols like

IP, IPX, Apple Talk etc.,

4 Cost = 108

/ Bandwidth. Cost is calculated based on theBandwidth, Delay etc.,

5 Link State Advertisement (LSA) is

made. (State of Link is broadcasted).

Routing Table is sent.

6 For every 10 sec a Hello packet is sent. For every 5 sec a Hello packet is sent.

7 For every 30 min LSA is broadcasted. Broadcast is sent only when there is a

change in the Routing table.

8 When the Link goes down OSPF needs

to run the SPF algorithm again.

When the link goes down EIGRP

proceeds with the Next Best Path

(Feasible Successor).

9 Area is used for administrative

convenience of a large network

Autonomous System is used for

administrative convenience of a large

network

10 Uses Dijsktra algorithm to find the best

path (Shortest path).

Uses DUAL (Diffusing Update

Algorithm) is used to find the best path.

Backbone Router Switch

3. How OSPF works out? ABR


40/84

Lab manual

ASBR Internal Router AS 100

AS 200

ABR Area Border Router.ASBR Autonomous System Border Router.AS Autonomous System. OSPF is designed to have a hierarchical structure as large networks are a bit difficult to

manage. This allows to decrease routing overhead and to confine n/w instability to single

area of n/w.

OSPF must have an area 0 (backbone area) and all routers should connect to this area. Butrouters (i.e., ABRs) that connect other areas to backbone area should have at least one

interface connecting to area 0.

4. Show commands that will display the state of the OSPF DR/BDR election process?

Router# show ip ospf interface

ABR

Area 2

Area 1

Area 1

ABRArea 0

Area 3 Area 2

Area 1


41/84

Lab manual

5. Which command will display all the EIGRP feasible successor routes known to a router?

Router# show ip eigrp topology

6. When designing OSPF networks; what is the purpose of using a hierarchical design?

To speed up convergence To confine network instability to single areas of the network To reduce routing overhead

7. If routers in a single area are configured with the same priority value, what value does a

router use for the OSPF Router ID?

The highest IP address of any physical interface

8. Which one of the following EIGRP commands can check the IP addresses of the

adjacent neighbors?

R1#show ip eigrp neighbors

9 . Which commands will place network 10.2.3.0/24 into area 0?

Router(config)# router ospf 10Router (config_router) #network 10.2.3.0 0.0.0.255 area 0

10. With which network type will OSPF establish router adjacencies but not perform the

DR/BDR election process?

Point-to-point

11. Which is true regarding EIGRP successor routes?

A successor route may be backed up by a feasible successor route. A successor route is used by EIGRP to forward traffic to a destination.

o A

12. A network administrator typed the following into his router:


42/84

Lab manualRouter(config)# router ospf 1

Router(config-router)#network 10.0.0.0 255.0.0.0 area 0

But still he cant see any routes in the routing table. What configuration error did the

administrator make?

The wildcard mask is incorrect. The wildcard should have been 0.255.255.255.

13 . Which EIGRP information is held in RAM and maintained through the use of

Hello and update packets?

Neighbor table Topology table

o A

ROUTING INFORMATION PROTOCOL vERSION 2


43/84

Lab manual10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10.0.0.0 30.0.0.0E0 S0 S0 E0

R1(config)#router RIP R2(config)#router RIP

R1(config-router)#version 2 R2(config-router)#version 2



Here the command version 2 is added to the RIP protocol to change it to RIPv2.

Authenticating Packets using RIPv2

R1(config)#Key chainABC // Key chain

R1(config-keychain)#key 2 // Key Identifier

R1(config-keychain-key)#key-string 123 // Key-string Line

R2(config)#Key chainXYZ

R2(config-keychain)#key 2

R2(config-keychain-key)#key-string 123

The Key identifier and the Key-string should be same on the both end routers.

R1(config)#int s0

R1(config-if)#ip rip authentication key-chainABC

R1(config-if)#ip rip authentication mode text / md5

R2(config)#int s0

R2(config-if)#ip rip authentication key-chainXYZ

R2(config-if)#ip rip authentication mode text / md5

Text andmd5 are the two authentication methods used in RIPv2. By default RIPv2

can send & receive only version 2 updates. RIPv2 also allows sending and receiving

version 1 updates on any of the interface.

R1(config)#int s0

R1(config-if)#ip rip send / receive version 1 2

R2(config)#int s0

R2(config-if)#ip rip send / receive version 1 2

RIP version 2 has all its characteristics same as RIPv1 except some changes.

R1 R2


44/84


45/84

Lab manual

Router#debug ip rip


Router#

RIP: sending v2 update to 224.0.0.9 via Ethernet0/0 (10.0.0.1)RIP: build update entries

20.0.0.0/8 via 0.0.0.0, metric 1, tag 0

30.0.0.0/8 via 0.0.0.0, metric 2, tag 0

RIP: sending v2 update to 224.0.0.9 via Serial0/1 (20.0.0.1)

RIP: build update entries

10.0.0.0/8 via 0.0.0.0, metric 1, tag 0

RIP: received v2 update from 20.0.0.2 on Serial0/1

30.0.0.0/8 via 0.0.0.0 in 1 hops

RIPv2 on one router & the other end is configured with RIPv1Router#debug ip rip


Router#

RIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)


30.0.0.0/8 via 0.0.0.0, metric 1, tag 0

RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)


10.0.0.0/8 via 0.0.0.0, metric 2, tag 0

20.0.0.0/8 via 0.0.0.0, metric 1, tag 0RIP: ignored v1 packet from 20.0.0.1 (illegal version)

Using debug command on the other end.Router#debug ip rip


Router#

RIP: sending v1 update to 255.255.255.255 via Ethernet0/0(30.0.0.1)


network 10.0.0.0 metric 2


RIP: sending v1 update to 255.255.255.255 via Serial0/1 (20.0.0.2)



RIP: received v2 update from 20.0.0.1 on Serial0/1

10.0.0.0/8 via 0.0.0.0 in 1 hops

Router#show ip protocolsRouting Protocol is "rip"Sending updates every 30 seconds, next due in 21 seconds


46/84

Lab manualInvalid after 180 seconds, hold down 180, flushed after 240

Redistributing: rip

Default version control: send version 2, receive version 2

Interface Send Recv Triggered RIP Key-chain

Ethernet0/0 2 2Serial0/1 2 2

Routing for Networks:

20.0.0.0

30.0.0.0

Routing Information Sources:

Gateway Distance Last Update

20.0.0.1 120 00:00:03

Distance: (default is 120)

[ By default RIPv2 can send & receive only version 2 updates ]

Authentication modes istext on both routersRouter#debug ip rip


Router#



10.0.0.0/8 via 0.0.0.0, metric 2, tag 0

20.0.0.0/8 via 0.0.0.0, metric 1, tag 0

RIP: received packet with text authentication abc

RIP: received v2 update from 20.0.0.1 on Serial0

10.0.0.0/8 via 0.0.0.0 in 1 hopsRIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)


30.0.0.0/8 via 0.0.0.0, metric 1, tag 0

md5 is the authentication mode on both routersRouter#debug ip rip


Router#



30.0.0.0/8 via 0.0.0.0, metric 1, tag 0



10.0.0.0/8 via 0.0.0.0, metric 2, tag 0

20.0.0.0/8 via 0.0.0.0, metric 1, tag 0

RIP: received packet withMD5 authentication

RIP: received v2 update from 20.0.0.1 on Serial010.0.0.0/8 via 0.0.0.0 in 1 hops


47/84

Lab manual

Different Authentication modes on both ends i.e., md5authentication on one end &text on the other end.

Router#debug ip ripRIP protocol debugging is on

Router#

RIP: ignored v2 packet from 20.0.0.1 (invalid authentication)



20.0.0.0/8 via 0.0.0.0, metric 1, tag 0



30.0.0.0/8 via 0.0.0.0, metric 1, tag 0

Questions

1. Which three statements are correct about RIPv2?


48/84

Lab manual It has the same maximum hop count as version 1 It uses broadcasts for its routing updates It is a classless routing Protocol It has a lower administrative distance than RIPv1 It supports authentication

o It has the same maximum hop count as version 1o It is a classless routing Protocolo It supports authentication

2. Which statement is true regarding classless routing protocols? (Choose two.)

The use of discontinuous networks is not allowed. The use of variable length subnet masks is permitted. RIPv1 is a classless routing protocol. IGRP supports classless routing within the same autonomous system. RIPv2 supports classless routing.

o The use of variable length subnet masks is permittedo RIPv2 supports classless routing.

3. RIPv2 uses ---- to send the routing table updates

Broadcast Multicast Unicast

o Multicast

4. The network shown in the exhibit is running the RIPv2 routing protocol. The

fastEthernet0/0 interface on R1 goes down. In which two ways will the routers in this

network respond to this change? (Choose two.)

A. All routers will reference their topology database to determine if any backup routes

to the 192.168.1.0 network are known.

B. Routers R2 and R3 mark the route as inaccessible and will not accept any further


49/84

Lab manualrouting updates from R1 until their hold down timers expire.

C. Because of the split-horizon rule, router R2 will be prevented from sending

erroneous information to R1 about connectivity to the 192.168.1.0 network.

D. When router R2 learns from R1 that the link to the 192.168.1.0 network has been

lost, R2 will respond by sending a route back to R1 with an infinite metric to the

192.168.1.0 network.

E. R1 will send LSAs to R2 and R3 informing them of this change, and then all

routers will send periodic updates at an increased rate

o C and D5. What does the below output depicts?

Router#debug ip rip


Router#



30.0.0.0/8 via 0.0.0.0, metric 1, tag 0



10.0.0.0/8 via 0.0.0.0, metric 2, tag 0

20.0.0.0/8 via 0.0.0.0, metric 1, tag 0

RIP: ignored v1 packet from 20.0.0.1 (illegal version)

o The above output depicts that the other end router is using RIPv1 and the routingprotocol used on this router is RIPv2. As RIPv2 cannot receive version 1 by default, it is

ignoring version1 packets sent by the router that is configured with RIPv1

FRAME RELAy


50/84

Lab manualX X

HO hor bor HO

Frame-relay switch

Y Y

Frame-relay is an example of a Packet Switched Network. This network enablesend-stations to dynamically share the existing connection

Frame relay connections are often given a Committed Information Rate (CIR) and an allowanceofburstablebandwidth known as the Extended Information Rate (EIR). The provider guarantees

that the connection will always support the CIR rate, and sometimes the EIR rate. Frames that are

sent in excess of the CIR are marked as "discard eligible" (DE) which means they can be dropped

when congestion occurs within the frame relay network. Frames sent in excess of the EIR are

dropped immediately.

Congestions in the network are reported by

1. FECN=Forward Explicit Congestion Notification bit2. BECN=Backward Explicit Congestion Notification bit3. DE=Discard Eligibility bit provides the network with a signal to determine which

frames to be discarded, when there is a congestion on the line. The Frame-relay

switch will discard frames with a DE value of 1 before discarding other frames.

R(config)#int s 0

R(config)#encapsulation frame-relay

//Defining the wan protocol

Once Encapsulation Frame-relay is given, serial interface requests the Frame-relay switch for

the LMI type it uses and accordingly it changes. Then a DLCI is allocated to the link by the

Frame Relay Switch. Then inverse arp maps destination ip address to the links DLCI No.

.

Frame Relay mapping
http://en.wikipedia.org/wiki/Burstablehttp://en.wikipedia.org/wiki/Burstable


51/84

Lab manualR3

S0 s1

100 200

20.0.0.1 20.0.0.2

R1 R2

R(config)#int S 0

R(config-if)#frame-relay map ip 20.0.0.2 100 broadcast

Frame-relay mapping can be used in partially meshed topology or Hub & Spoke. If R1

wants to communicate with R2, which is not directly connected, we map R1 to R2 through thesource DLCI number i.e, 100.

Point-to-point (Sub-interface)

R3

Frame Switch

100 200

R1 R2

We can have multiple virtual circuits on a single serial interface, treating each and every

single virtual circuit as a separate interface. This is achieved by creating sub interfacesin aFrame

Relay network to avoid split horizon issues from preventing routing updates. We can configure

separate sub interfaces for each PVC with a unique DLCI and subnet assigned to the sub interface.

. R3(config)#int S 0

R3(config-if)#no ip addressR3(config-if)#exit

R3(config)#int S 0.5 point-to-point

// logically dividing the physical interface

R3(config-subif)#ip address 20.0.0.1 255.0.0.0

// Assigning the IP address to the sub-interface

R3(config-subif)#frame-relay interface-DLCI 100

Lab Setup :


52/84

Lab manual

S1 S0

DCE DCE

20 .0.0.1 20.0.0.2DTE S0 S0 DTE

E0 E0

HOR BOR

Step : 1

Configure Frame-Relay Switch

FRSW (config)#Frame-relay switching

Frsw(config)#int S 0

Frsw(config-if)#encapsulation frame-relay *

Frsw(config-if)#frame-relay intf-type dce **

Frsw(config-if)#frame-relay route 100 int S 1 200 ***

Frsw(config-if)#clock rate 64000

Frsw(config-if)#no shutdown

Frsw(config)#int S 1

Frsw(config-if)#encapsulation frame-relay

Frsw(config-if)#frame-relay intf-type dceFrsw(config-if)#frame-relay route 200 int S 0 100

Frsw(config-if)#clock rate 64000

Frsw(config-if)#no shutdown

* FRSW (config-if)#encapsulation frame-relay ietf ( for non Cisco routers)

** By default Routers serial interface is DTE.

*** Routing the packets from S0 (DLCI=100) to S1 (DLCI no=200)

Step : 2

Configuring Head Office & Branch Office Routers

Configure HOR & BOR using routing protocols. Then

HOR(config)#int s0 BOR(config)#int s0

HOR(config-if)#encapsulation frame-relay BOR(config-if)#encapsulation frame-relay

Step : 3

Frame switch


53/84

Lab manualHOR#sh frame-relay map

Serial0 (up): ip 20.0.0.2 dlci 100(0xC8,0x3080), dynamic,

broadcast,, status defined, active

BOR#sh frame-relay mapSerial0 (up): ip 20.0.0.1 dlci 200(0xC8,0x3080), dynamic,


Step : 4

Statically mapping - IP address to DLCI number (frame-mapping)

HOR(config)#int s0 BOR(config)#int s0HOR(config-if)#no frame-relay inverse-arp BOR(config-if)#no frame-relay inverse-arp

HOR(config-if)# ^z BOR(config-if)# ^z

HOR#clear frame-relay-inarp BOR#clear frame-relay-inarp

This will remove the dynamic address resolution done by Frame Relay SwitchHOR(config)#int s0

HOR(config-if)#frame-relay map ip 20.0.0.2 100 broadcast *

BOR(config)#int s0

BOR(config-if)#frame-relay map ip 20.0.0.1 200 broadcast

* Here we are mapping Branch office IP address to the Head office DLCI number manually. If

dynamic routing protocols are used, we use the keywordbroadcast.

Step : 5

HOR#sh frame-relay map

Serial0 (up): ip 20.0.0.2 dlci 100(0xC8,0x3080), Static,


BOR#sh frame-relay map

Serial0 (up): ip 20.0.0.1 dlci 200(0xC8,0x3080), Static,


Step : 6

Creating Sub-interface


54/84

Lab manual

HOR(config)#int s0

HOR(config-if)#no ip address

HOR(config-if)#exitHOR(config)#int s0.100 point-to-point

HOR(config-subif)#ip address 20.0.0.1 255.0.0.0

HOR(config-subif)#frame-relay interface-dlci 100

BOR(config)#int s0

BOR(config-if)#no ip address

BOR(config-if)#exit

BOR(config)#int s0.200 point-to-point

BOR(config-subif)#ip address 20.0.0.2 255.0.0.0

BOR(config-subif)#frame-relay interface-dlci 200

Commands

Router#sh frame-relay LMITo show frame-relay LMI type (CISCO, ANSI, Q933a)

Router#sh frame-relay PVCTo show frame-relay PVC

(Shows the FECN, BECN, DE, etc bits in the frame )

Router#sh frame-relay mapTo show frame-relay mapping (Shows the DLCI number assigned)

Outputs

Router#sh frame-relay map



Router#sh frame-relay lmi

LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO

Invalid Unnumbered info 0 Invalid Prot Disc 0

Invalid dummy Call Ref 0 Invalid Msg Type 0

Invalid Information ID 0 Invalid Report IE Len 0

Num Status Enq. Sent 13 Num Status msgs Rcvd 9

Router#sh frame-relay pvc

PVC Statistics for interface Serial0 (Frame Relay DTE)


55/84

Lab manualActive Inactive Deleted Static

Local 1 0 0 0

Switched 0 0 0 0

Unused 0 0 0 0

DLCI = 200, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0

input pkts 13 output pkts 12 in bytes 1104

out bytes 1090 dropped pkts 1 in FECN pkts 0

in BECN pkts 0 out FECN pkts 0 out BECN pkts 0

in DE pkts 0 out DE pkts 0

out bcast pkts 7 out bcast bytes 570

pvc create time 00:02:21, last time pvc status changed 00:02:01

Questions

1 . What is frame-relay?


56/84

Lab manual

o Frame-relay is an example of a Packet Switched Network. This network enables end-stations to dynamically use the available bandwidth and share the connection. Frame relay

connections are often given a Committed Information Rate (CIR) and an allowance ofburst ablebandwidth known as the Extended Information Rate (EIR). Frames that are sent

in excess of the CIR are marked as discard eligible(DE) which means they can be dropped

when congestion occur in the network

2 . What is Link Management Interface (LMI)?

o LMI manages the link between frame switch and the router WAN port. Once the line isencapsulated to frame-relay, it requests frame switch which LMI it is using and accordingly

WAN port also changes.

3 . Difference between Inverse ARP, ARP & RARP

o Inverse ARP helps to map destination IP address to local DLCI number at the frame Switcho ARP helps to get the MAC address from the corresponding IP address.o RARP helps to get the IP address from the corresponding MAC address

4 . What is DLCI (Data Link Connection Identifier)?

o The DLCI serves to identify the virtual connection so that the receiving end knows whichinformation connection a frame belongs to.(Range=16 to 1007). This helps in Layer 2

identification.

5 . You are troubleshooting a frame relay connection and wish to view the LMI traffic status.

Which command should you issue?

o Show frame-relay lmi6 . When setting up Frame Relay for point-to-point subinterface, what should not

be configured?

o An IP address on the physical interface.

7 . You need to configure a router for a Frame Relay connection to a non-Cisco

router. Which command will prepare the WAN interface of the router for thisconnection?
http://en.wikipedia.org/wiki/Burstablehttp://en.wikipedia.org/wiki/Burstable


57/84

Lab manual

o Router(config-if)#encapsulation frame-relay ietf

8 . How should a router that is being used in a Frame Relay network be configured toavoid split horizon issues from preventing routing updates?

o Configure a separate subinterface for each PVC with a unique DLCI and subnetassigned to the subinterface.

9 . What does the term dynamic in the below output refers to :

Router#sh frame-relay map



o The mapping between DLCI 100 and the end station IP address 20.0.0.2 was learnedthrough Inverse ARP

10. In Frame Relay; what is the purpose of Inverse ARP?

o It is used to map a known DLCI to an IP address

11. By looking at the graphic below, what functions does the Frame Relay DLCI provide

with respect to Router A?

DLCI 100 DLCI 200

Router A RouterB

o Router A would use DLCI 100 to get to the RouterB networks. RouterB would use DLCI200 to get to the Router A networks.

12 . What does the STATUS=ACTIVE refers to in the output of the show frame-relay

pvc command?


58/84

Lab manualRouter#sh frame-relay pvc

pvc statistics for interface serial0 (frame relay dte)

dlci = 200, dlci usage = local, pvc status = active

o Active state - Indicates that the connection is active and that routers can exchange data.This is the state of an operational Permanent virtual Connection

13 . A default Frame Relay WAN is classified as what type of physical network?

o Non-broadcast multi-access

SWITCHING


59/84

Lab manual

Trunk Port

Trunk Link

Switches

Hosts Access Link

Would you like to start initial configuration [yes/no]: no

Press return to get started

Switch>enable

Switch#configure terminalSwitch (config) #int vlan 1

* By default all ports are in the VLAN1

Switch (config-if) #ip address 10.0.0.5 255.0.0.0

Switch (config-if) #no shutdown

Switch (config-if) #exit

Switch (config) #ip default gateway 10.0.0.1

Configuring different VLANs

Switch (config) #vlan 2 // Creating the vlanSwitch (config-vlan) #name finance

Switch (config-vlan) #exit

Switch (config) #vlan 3

Switch (config-vlan) #name production

Switch (config-vlan) #exit

[VLAN-no ranges from 2 to 1001] [VLAN name (xxx) is optional]

Allocating the ports to the VLANs

Switch(config)#int f 0/1

Switch(config-if)#switchport access vlan 3 // allocating ports to vlan

Switch(config-if)#exit

Switch(config)#int f 0/2

Switch(config-if)#switchport access vlan 2


Configuring the trunk Port

** Switch(config)#int f 0/24


60/84

Lab manualSwitch(config-if)#switchport mode trunk // creating the trunk port


By default, trunk port of the switch is in VLAN1. So this port should be configured as trunkport to carry all Vlan information.

Domain Name

Switch(config)#VTP domain

Switch(config-if)#VTP domain MOHAN

All the switches should be in the same domain

Switchs operating mode

Switch(config)#VTP server/client/transparent

Commands


61/84

Lab manual1. Switch#sh MAC-address-table

Displays the MAC address of the device and the corresponding port nos. to which

the devices are connected.

2. Switch#sh vlanDisplays the vlan information including port nos. that are in use, existing vlans &

which port belongs to which vlan.

3. Switch#sh VTP statusDisplays configuration register, operating mode, domain name, etc..,

4. Switch#sh spanning-treeDisplays priority, Root ID, Bridge ID, Mac address, Root Bridge

OUTPUTS

Switch#sh vlan


62/84

Lab manual

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,

Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/18, Fa0/19, Fa0/20

Fa0/21, Fa0/22, Fa0/23, Fa0/24

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

SwX#sh vtp status

Switch#sh spanning-tree

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 32769

Address 0014.a845.7280

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0014.a845.7280

Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/4 Desg FWD 100 128.4 Shr

Fa0/17 Desg FWD 100 128.17 Shr

INTERvLAN ROUTING


63/84

Lab manual By default, only hosts that are within the same VLAN can communicate. To allow inter-VLAN

communication, we need a router or a layer 3 switch.

Intervlan switching using two fast Ethernet interfaces of the RouterRouter

f 0/0 f 0/1

f 0/4 f 0/9PC 1 PC 2

f 0/3 f 0/8

IP address: 10.1.0.10 IP address: 10.2.0.10SNM : 255.255.0.0 SNM : 255.255.0.0DG : 10.1.0.1 DG : 10.2.0.1

Vlan 2 Vlan 3

Configu r ing Sw itchSwitch(config)#vlan 2 Switch(config)#vlan 3

Switch(config-vlan)#name Fin Switch(config-vlan)#name mktg

Allocating Ports

Switch(config)#int f0/3 Switch(config)#int f0/8

Switch(config-if)#switchport access vl 2 Switch(config-if)#switchport access vl 3



Configuring Router

Router(config)#int f0/0Router (config-if)#ip add 10.1.0.1 255.255.0.0

Router (config-if)#no shutdown

Router(config)#int f0/1

Router (config-if)#ip add 10.2.0.1 255.255.0.0


Intervlan communication using single fast Ethernet interface of the Router is achieved bycreating sub interfaces.

Switch


64/84

Lab manualRouter

f 0/0

f 0/5

PC 1 f 0/3 f 0/8 PC 2

IP address: 10.1.0.10 IP address: 10.2.0.10

SNM : 255.255.0.0 SNM : 255.255.0.0

DG : 10.1.0.1 DG : 10.2.0.1

Vlan 2 Vlan 3

Configuring Switch

Switch(config)#vlan 2 Switch(config)#vlan 3

Switch(config-vlan)#name Fin Switch(config-vlan)#name mktg

Allocating Ports



Switch(config)#int f0/5

Switch(config-if)#switchport mode trunk

Configuring Router

Router(config)#int f0/0

Router (config-if)#no ip address


Router (config-if)#exit

Router(config)#int f0/0 .1

Router(config-subif)#encapsulation dot1q Router(config-subif)#encapsulation dot1q 2

Router(config-subif)#ip add 10.1.0.1 255.255.0.0

Router(config)#int f0/0 .2

Router(config-subif)#encapsulation dot1q

Router(config-subif)#encapsulation dot1q 3

Router(config-subif)#ip add 10.2.0.1 255.255.0.0

Questions


65/84

Lab manual

1. Difference between Switch and Hub?

Switch Hub

Switch is a layer-2 component Hub is a layer-1 component Switch learn MAC address Hub doesnt learn MAC address Has one Broadcast Domain Has one Broadcast domain Has multiple collision domain Has only one collision domain

2 . Different forwarding trends in switch?

o Store & forward-- stores the frame, checks for the errors and forwards only the errorfree frames.

o Cut-through Noerror checking; just receives and forwards the frames.o Fragment free is also called as Modified Cut-through. The minimum ip packet size

is of 64 bytes. The 1st 64 bytes of frame is checked for errors, where this 64 bytes

include the frame header, Destination MAC add (DMAC), Source MAC add (SMAC)

and some data. So, if these 64 bytes seem to be a good frame set then it is forwarded or

else it dumps the packets.

3 . Facts of Vlans

o Vlan is created to avoid unnecessary broadcastso Vlans are created without changing the physical set upo By default each switch is in vlan 1o Only systems in same vlan will communicateo For inter-vlan communication we need Router/Layer 3 Switcho VLAN setup is controlled by VTP(VLAN Trunk Protocol)

4 . Difference between Access link and Trunk link?

o Systems are connected to the switch through the access link and the switches areconnected each other through the trunk links.

5 . Different Operating modes in switch?


66/84

Lab manual

o Server By default, all switches are in Server mode.Vlans can configured in created inthis mode.

oClients No changes can be made in client mode.

o Transparent will not take any condition; it just forwards the conditions to the otherswitches.

6. Why spanning-tree Protocol is used?

o Spanning-tree Protocol is been run to avoid the routing loops in a switched network. Itelects the Root Bridge and the Non-Root Bridge with the help of bpdu. The one with the

lesser bpdu will be elected as the Root Bridge. Root Bridge will be having every port in

forwarding mode of a frame on interface.

7 . What does a switch do when it receives a frame on interface and destination address is

unknown?

o It floods the network with the frame looking for the device8 . How to manually elect a switch as root bridge?

o We could manually elect a switch as root bridge by changing the priority asSwitch(config)#spanning-tree vlan1 priority

8 . Different Spanning-tree port states?

o Blocking: It wont forward frames, prevent looping and by defaults all ports are blocked.o Listening: Listens no loop has formed on N/W before passing frame.o Learning: Listens and learns all paths in the N/W and updates MAC table.o Forwarding: Sends and receives frames.o Disabled: Does not participate in forwarding frame.

9 . What are the different functions of Switch?

o Address Learning: Learns the source hardware/Mac address of each frame received andstores it in MAC address table.

o Forwarding/Filtering Decision: When received a frame on an interface, switch looks thedestination hardware address and finds the exit interface in the MAC table.

o Loop Avoidance: When more connection are made on switch for redundancy, BC loopsoccur. Spanning-tree Protocol is used to stop BC loops.

10 . What is the result of segmenting a network with a switch?


67/84

Lab manual

o It increases the number of collision domains and will be smaller collision domains 11 . What will occur if two Cisco LAN switches are connected with a single crossover cable?

o The switch port link lights will be green, indicating normal operation.12 . What are the three distinct functions of layer 2 switching that increase available

bandwidth on the network?

Address learningForwarding and filteringLoop avoidance

o A13 . What technology is used by Catalyst switches to resolve topology loops and ensure that

data flows properly through a single network path?

o Spanning Tree Protocol (STP )14 . Your core switch needs to be set as the root bridge of your network. What will make our

core switch the root bridge?

o Setting the bridge priority to less than 32,76815 . What purpose in a switched LAN does STP perform?

o Prevent switching loops in a network with redundant switched paths.16 . Which LAN switch type waits for the collision window to pass before looking up the

destination hardware address in the MAC filter table and forwarding the frame?

o Fragment Free looks at the first 64 bytes of a frame to make sure a collision does notoccur. It is sometimes referred to as modified cut-through.

17 . When a new trunk link is configured on an IOS-based switch, which VLANs are allowed

over the link?

o By default, all Vlans are allowed on the trunk.

18 . What VTP mode allows you to change VLAN information on the switch?

o Server

19 . These two switches are not sharing VLAN information. From the output below,


68/84

Lab manualwhat is the reason. why these switches are not sharing VTP messages?

SwitchA#sh vtp status

VTP Version : 2

Configuration Revision : 0Maximum VLANs supported locally : 64

Number of existing VLANs : 7

VTP Operating Mode : Server

VTP Domain Name : RouterSim

VTP Pruning Mode : Disabled

SwitchB#sh vtp status

VTP Version : 2

Configuration Revision : 1

Maximum VLANs supported locally : 64

Number of existing VLANs : 7VTP Operating Mode : Server

VTP Domain Name : GlobalNet

VTP Pruning Mode : Disabled

o The VTP domain names are not configured correctly.

20 . What is the benefit of creating Vlans?

o They allow logical grouping of users by function.o They can enhance network security.o They increase the number of broadcast domains while decreasing the size of the

Broadcast domains.

A

21 . How many broadcast domain exist in the exhibited topology?

o Three

vIRTUAL PRIvATE NETWORK (vPN)


69/84

Lab manual

A virtual private network (VPN) allows the creation of private networks across the

Internet. VPNs are used daily to give remote users and disjointed networks connectivity over a

public medium like the Internet instead of using more expensive permanent means.

Virtual private network is a method of encrypting point-to-point logical connections across a

public network, such as the Internet. This allows secure communications across a public network.

Questions
http://computer.howstuffworks.com/enlarge-image.htm?terms=vpn+-phantom&page=0


70/84

Lab manual1. What are the two security appliances that can be installed in a network? (choose 2)

A. ATM (Asynchronous Transfer Mode)B. IDS (Intrusion Detection System)C.

IOS (Internetwork Operating System)D. IOX

E. IPS (Intrusion Prevention System)F. SDM (Security Device Manager)o B and E

2. What are the 3 typical categories of VPNs?

Remote access VPNs

Site-to-site VPNs

Extranet VPNs

Remote access VPNs allow remote users like telecommuters to securely access the corporatenetwork wherever and whenever they need to.

Site-to-site VPNs or intranet VPNs, allow a company to connect its remote sites to thecorporate backbone securely over a public medium like the Internet instead of requiring more

expensive WAN connections like Frame Relay.

Extranet VPNs allow an organizations suppliers, partners, and customers to be connectedto the corporate network in a limited way for business-to-business (B2B) communications.

3. To provide security in your VPN tunnel, what protocol suite would you use?

o IPSecIPSec is an industry-wide standard suite of protocols and algorithms that allows for secure

data transmission over an IP-based network that functions at the layer 3 Network layer of the OSI

model.

4. Which of the following describes the creation of private networks across the Internet,

enabling privacy and tunneling of non-TCP/IP protocols?

A. HDLC

B. Cable

C. VPN

D. IPSec

E. xDSL

o CINTERNET PROTOCOL vERSION 6 (IPv6)


71/84

Lab manual

Ipv4 is a 32 bit addressing scheme, whereas IPv6 is a 128 bit hexa decimal addressing

scheme, represented in 8 combinations of 4 hexa decimal numbers each separated by a colon.

Hence IPV6 is called a 16-bit Hexadecimal Colon-delimited Block.

Representation:

An IPV6 address is represented as shown below:

2003:1234:ABCD:0001:5678:DCBA:4321:EFGH

Global Interface IDUnicast

Subnet

Global Prefix

1. Global Unicast recognizes the particular Region or Zone. It is a publicly routable address.

2. Global Prefix is provided by ISP, its of 48 bits.

3. Subnet tells you to which particular organization it belongs.

4. Interface id is of 64 bits, where the 48 bit MAC address is padded with FFFE which is of 16

bits and is placed exactly in the middle of the MAC address to make it a 64 bit interface id.

Ex: 2000:12ab:34cd:00ef:1234:4295:0000:00cd

In the above expression 00ef can be represented as ef and the continuous zeros can bereplaced by double colons( :: ).It can be re-written as

2000:12ab:34cd:ef:1234:4295::cd

Ex : 2000:0000:0000:00ef:1234:kf34:eef0:cd4e

=>

2000::ef: 1234:kf34:eef0:cd4e

Ex : 2001:0000:0000:0012:0000:0000:1234:56ab

And you cantdo this:


72/84

Lab manual2001::12::1234:56ab

Instead, the best way you can do is

2001::12:0:0:1234:56ab

Difference between IPv4 & IPv6:

0:0:0:0:0:0:0:0This is the equivalent of IPv4s 0.0.0.0

0:0:0:0:0:0:0:1

The equivalent of 127.0.0.1 in IPv4

2000::/3The global Unicast address range.

FC00::/7The unique local Unicast range.

FE80::/10The link-local Unicast range.

FF00::/8The multicast range.

3FFF:FFFF::/32Reserved for examples and documentation.

2001:0DB8::/32Also reserved for examples and documentation.

Extended Uniform Identification (eui-64):

You can specify the entire 128-bit global IPv6 address or you can use the eui-64 option.The eui-64 format allows the device to use its MAC address and pad it to make the interface ID.

Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64

The Globe is divided into 5 Zones and each zone will be assigned a number range to identify them.

Here the /64 represents the identification of the Zone and the IP of the company in that zone.Eui-

64 will pad an extra FFFE to the MAC address exactly to its center.

E.g. MAC address 0060.d673.1987 after padding would look like 0260.d6ff.fe73.1987


73/84

Lab manualIn the above e.g.

0 0 6 0 D 6 7 3 1 9 8 7

0000 0000

7th

bit is 0 then the address is locally unique.

0 2 6 0 D 6 F F F E 7 3 1 9 8 7

0000 0010

After padding the 7th

bit changes to 1, now the address is Link local address. It is globally unique

address.

This padding process is called as EUI-64 i.e. Extended Uniform Identifier. EUI-64 is an IEEE

standard that is given to the MAC address of any particular system where every systems MAC

address will be automatically assigned. MAC address is the part of IPV6 address which makes it a

unique address.

LAB


74/84

Lab manualDTE DCE

E0 S0 S0 E0

R1 R2

R1(config)#ipv6 unicast-routing // By default ipv6 is disabled

R1(config)#int e0

R1(config-if)#ipv6 add 2004:abcd:1234:0001::/64 eui-64

R1(config-if)#ipv6 rip 1 enable

R1(config-if)#no shutdown

R1(config)#int s0


R1(config-if)#ipv6 rip 1 enable


R2(config)#ipv6 unicast-routing

R2(config)#int e0


R2(config-if)# ipv6 rip 1 enable


R2(config)#int s0



R2(config-if)# ipv6 rip 1 enable

R2(config-if)#clock rate 64000

Outputs


75/84

Lab manual

R2#sh ipv6 int brief

Ethernet0 [up/up]

FE80::210:7BFF:FE7F:B8EA2003:ABCD:1234:1:210:7BFF:FE7F:B8EA

Serial0 [up/up]

FE80::210:7BFF:FE7F:B8EA

2005:ABCD:1234:2:210:7BFF:FE7F:B8EA

Serial1 [administratively down/down]

For each interface IPv6 will create a Link local & Global Unicast address.

Global unicast addressesThese are publicly routable addresses, and theyre the same as they are in IPv4.

Link-local addressesThese are like the private addresses in IPv4, that means theyre not routable on a public

network.

R2#sh ipv6 int e0


IPv6 is enabled, link-local address is FE80::210:7BFF:FE7F:B8EA

Global unicast address(es):2003:ABCD:1234:1:210:7BFF:FE7F:B8EA, subnet is 2003:ABCD:1234:1::/64

Joined group address(es):FF02::1

FF02::2

FF02::1:FF7F:B8EA

MTU is 1500 bytes

R2#sh ipv6 int s0


IPv6 is enabled, link-local address is FE80::210:7BFF:FE7F:B8EA

Global unicast address(es):

2005:ABCD:1234:2:210:7BFF:FE7F:B8EA, subnet is 2005:ABCD:1234:2::/64Joined group address(es):

FF02::1

FF02::2

FF02::1:FF17:2

FF02::1:FF7F:B8EA

MTU is 1500 bytes

R2#sh ipv6 route ( without configuring RIP )IPv6 Routing Table - 6 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP


76/84

Lab manualC 2003:ABCD:1234:1::/64 [0/0]

via ::, Ethernet0

L 2003:ABCD:1234:1:210:7BFF:FE7F:B8EA/128 [0/0]

via ::, Ethernet0

C 2005:ABCD:1234:2::/64 [0/0]via ::, Serial0

L 2005:ABCD:1234:2:210:7BFF:FE7F:B8EA/128 [0/0]

via ::, Serial0

L FE80::/10 [0/0]

via ::, Null0

L FF00::/8 [0/0]

via ::, Null0

R2#sh ipv6 route (configuring RIP )IPv6 Routing Table - 6 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

U - Per-user Static route

I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

C 2003:ABCD:1234:1::/64 [0/0]

via ::, Ethernet0

L 2003:ABCD:1234:1:210:7BFF:FE7F:B8EA/128 [0/0]

via ::, Ethernet0

R 2004:abcd:1234:1::/64 [120/2]

Via FE80::200:CFF:FE91:811E, serial 0

C 2005:ABCD:1234:2::/64 [0/0]via ::, Serial0

L 2005:ABCD:1234:2:210:7BFF:FE7

Lab m Annual

Documents

Transcript of Lab m Annual