ccn p route study guide

8/18/2019 Ccn p Route Study Guide

1/28

CCNP Route Study Guide

1.0 Network Principles:

1.1- Identify Cisco Express Forwarding concepts:

!"ree different types of pac#et forwarding processes:

$ Process Switc"ing: !"e router%s CP& is direct'y

in(o'(ed w"en it co)es to pac#et switc"ing decisions and can cause poor

perfor)ance. Configuration:

■ No IP route-cache

$ Fast Switc"ing: &ses a fast cac"e t"at is in t"e

router%s data p'ane and it contains infor)ation a*out "ow traffic fro)

different data f'ows s"ou'd *e forwarded. !"e first pac#et is usua''y

process switc"ed. !"is is a'so CP& intensi(e and configuration is as

fo''ows:

■ IP route-cache$ Cisco Express Forwarding: CEF is ena*'ed *y

defau't and t"e FI+ is used for t"e , forwarding infor)ation and t"eadacency ta*'e for ,/ infor)ation of next-"op IPs in t"e FI+.

Configuration:

0 Ena*'e g'o*a''y *y: IP cef

0 Ena*'e *y interface: IP route-cache

cef

0 isp'ay statistics *y: show ip cef,

show adjacency, and show interfaces X x/x.

1./ - Exp'ain genera' networ# c"a''enges:

&nicast f'ooding or asy))etric routing causes traffic to 'ea(e

t"roug" one pat" and return a different way. !"is cause un#nown unicast trafficfor t"e returning traffic.

2ut-of-order pac#ets are caused *y "a(ing )u'tip'e pat"s to a

destination networ# and can 'ead to !CP pac#ets arri(ing out of order. !CP so'(es

t"is *y eit"er re3uesting t"e retrans)ission of t"e pac#ets or *y se3uencing t"e).

1. - escri*e IP operations:

IC4P uses two pri)ary )essage types:

$ estination &nreac"a*'e: 5"en a pac#et arri(es at a

router and t"e router does not "a(e any #ind of route for it t"en t"e router

can send a destination unreac"a*'e )essage *ac# to t"e sender.

$ Redirect: !"is is used w"en a different pat" insteadof t"e origina' pat" 6t"in# P+R7 is used to reac" t"e destination t"roug" a

different next-"op IP address and t"e origina' next-"op router can te'' t"e

"ost a*out it wit" a redirect )essage.

IP(8 uses frag)entation to sp'it up t"e pac#et into s)a''er pieces

so t"ey can pass t"roug" a s)a''er 4!& si9e instead of t"e origina' defau't 1;;

*ytes.


2/28

IP(< does not use frag)entation and If it sees a pac#et 'arger t"an

t"eir 4!& t"ey wi'' drop t"e pac#et.

!i)e to 'i(e 6!!,7 is used for "ow 'ong a pac#et can ='i(e> on a

networ#. efau't is ;.

1.8 - Exp'ain !CP operations:

● IPv4 and v6 both use a the default MTU size of 1500 bytes.● MSS or a!iu se"ent size refers to the aount of data in the

se"ent.● #aten$y is tie re%uired to travel fro its sour$e to its destination.● T&P $ouni$ation uses 'indo'in" 'hi$h eans that one or ore

se"ents are sent at one tie and a re$eiver $an a$(no'led"e the re$ei)t of all the

se"ents in one 'indo'.● The band'idth*delay )rodu$t is a easureent of a a!iu

nuber of bits that $an be on a net'or( se"ent at any one tie+ and is $al$ulated

by ulti)lyin" the se"ents band'idth ,bits )er se$ond- and the laten$y )a$(ets

e!)erien$e as they $ross the se"ent.● lobal Syn$hronization ha))ens if a router/s out)ut %ueue fills to

$a)a$ity and all the T&P flo's are dro))ed siultaneously and $ausin" all the T&P

flo's to slo'ly start. To solve this issue+ &IS& IS uses a feature $alled ei"hted

2ando 3arly ete$tion ,23- and it dro)s )a$(ets fro flo's based on the the

nuber of )a$(ets in %ueue or by the S ar(in"s in the )a$(et and it dro)s the

)a$(ets before the %ueue fills to $a)a$ity.

1. - escri*e &P operations:

&P star(ation occurs w"en t"ere is networ# congestion and &P

eats a'' t"e *andwidt" up and causes !CP to =star(e>. &P 'atency is reduced *ecause it is s)a''er and uses 'ess "eaders

t"an !CP and *ecause of t"is 'atency is 'ow.

1.< - Recogni9e proposed c"anges to t"e networ#: 5"en )a#ing c"anges and )igrating routing protoco's t"e

fo''owing s"ou'd *e considered:$ &sing ?: &se ? w"en )igrating or c"anging

fro) one routing protoco' to anot"er so t"at it can 'earn a'' t"e routes it

needs w"i'e sti'' using t"e current routing protoco'. 2nce it "as done so

t"en you can c"ange t"e ? to prefer t"e new routing protoco'@

$ &se Route Redistri*ution: w"en )igrating *etween

protoco's to 'ower down ti)e and to redistri*ute routes into t"e new

routing protoco' unti' you are ready to ro'' it out to t"e rest of t"e networ#.

Considerations for IP(< )igration:$ C"ec# IP(< co)pati*i'ity for e3uip)ent.

$ Run dua'-stac# routing.$ C"ec# ISP support for IP(


3/28

/.1 - Configure and Aerify PPP:

Point-to-Point protoco' is an encapsu'ation protoco' used on Seria'

'in#s. Configuring and (erifying PPP:

$ !o configure PPP a'' you need to do is go into

interface configuration )ode and use t"e encapsulation ppp co))and.$ Bou can a'so configure aut"entication using t"e ppp

authentication [PAP !"AP# co))and.

$ Bou can (erify PPP wit" t"e show interfaces

co))and.

PPPoE is used to configure PPP o(er Et"ernet.

PPPoE configuration:$ !o configure PPPoE on t"e c'ient side you need to

configure a dia'er poo' and t"e steps are as fo''ows:

■ Interface $ialer[%#■ $ialer pool [%#

■ &ncapsulation ppp

■ Ip address ne'otiated$ !"en you wi'' need to add t"e interface facing t"e

ISP to t"e dia'er poo' created:■ (o into the interface with the

interface x/x co))and ■ Add it to the dialer pool with the

pppoe-client dial-pool-nu)*er +■ No shut/No IP

■ Dial pooler number must match

the interace !ialer number abo"e. /./ - Exp'ain Fra)e Re'ay:

Fra)e Re'ay is a type of 5?N ser(ice t"at a''ows you to connect

two routers toget"er. It uses ,CI in t"e fra)e re'ay "eader of t"e fra)e to

identify@route pac#ets. !"ere are types of topo'ogies offered wit" Fra)e Re'ay

$ Point-to-Point: connects two routers toget"er.

$ 4u'tipoint: Connects )u'tip'e routers toget"er.$ Point-to-)u'tipoint: connects one router to )u'tip'e

ones.

Re)e)*er t"at for EIGRP sp'it "ori9on issues can occur w"enusing Fra)e Re'ay as t"e 5?N ser(ice.

#.0 Layer # Technologies:

.1- Identify configure and (erify IP(8 addressing and su*netting:

?ddress types:

$ nicast Address - +e'ongs to a sing'e de(ice.

Sending &nicast pac#ets occurs *etween on'y / "osts.


4/28

$ roadcast Address - Represents a group of de(ices

on a su*net. Pinging t"e *roadcast address pings a'' t"e de(ices wit"in t"at

su*net.$ ulticast Address - Represents a group of de(ices

for a specific function and is co))on'y used for routing protoco's.

$ 01 - Aaria*'e ,engt" Su*net 4as#ing 6A,S47a''ows you to furt"er di(ide su*nets to conser(e IP address.

?ddress Reso'ution Protoco' or ?RP a''ows you to find ot"er "ost

4?C addresses t"at is essentia' for pac#et switc"ing. DCP Re'ay is used *y a router so it can send@forward DCP

re3uests to a DCP ser(er.$ !"e IP De'per-?ddress co))and is used for DCP

Re'ay. ? DCP Ser(er is used for a''ocating IP addresses and ot"er

infor)ation suc" as G IP NS IP etc to "osts. !"e ser(er can *e a Router ,

Switc" or Stand-a'one PC and it uses t"e c'ient@ser(er )ode'. DCP4ode'@Process:

$ $"!P$isco2er : Dost uses t"e IP address of ;.;.;.;

and /./././ to searc" for a DCP Ser(er.

$ $"!P3ffer : DCP Ser(er responds to t"e "ost and

offers its ser(ices.

$ $"!P4e5uest : Dost re3uests an IP address.

$ $"!PAc6 : DCP Ser(er ac#now'edges t"e "osts

re3uests and offers it an IP address.

./ - Identify IP(< addressing and su*netting:

IP(< address types:$ &nicast addresses

$ 4u'ticast addresses

$ ?nycast addresses IP(< ?ddresses:

$ G'o*a' &nicast ?ddresses: /;;;::@

$ &ni3ue ,oca' ?ddresses: F;;::@$ ,in#-,oca' ?ddresses: FE;::@1;

$ &nspecified: ::@1/

$ ,oop*ac#: ::1@1/

$ 4u'ticast: FF::@

0 4u'ticast addresses to note: EIGRP: FF;/::?

2SPF: FF;/:: and

FF;/::<

?'' nodes on a 'in#:

FF;/::1

?'' routers on a 'in#:

FF;/::/


5/28

IP(< addressing and su*netting:

$ Eac" address is defined *y a prefix:

0 Ex: /;;1:?+C:?+C:?+C@


6/28

istance Aector routing protoco's uses router "ops to deter)ine t"e

*est pat" to a su*net. Exa)p'es of istance Aector routing protoco's:

$ RIPng

$ RIP$ RIP(/

,in# State routing protoco's *ui'd a topo'ogy of t"e networ# int"eir data*ases. Exa)p'es of ,in# State routing protoco's:

$ 2SPF

$ IS-IS

Pat" Aector routing protoco's uses Pat" ?ttri*utes to deter)ine t"e

*est pat" 6route7 to a su*net. 2n'y one Pat" Aector routing protoco':

$ +GP ?d(anced istance Aector routing protoco's are a )ix of istance

Aector and ,in# State routing protoco's. Exa)p'e:$ EIGRP

.< - escri*e ad)inistrati(e distance:

?d)inistrati(e distance is used *y a router to see "ow trustfu' a

routing protoco' is and it uses t"is to deter)ine w"ic" routing protoco' to use. !"e

'ower t"e *etter

.H - !rou*'es"oot passi(e interfaces

Passi(e interfaces wi'' not send nor recei(e )essages for a

particu'ar routing protoco'.

$ !o s"ow passi(e interfaces use one or )ore of t"e

fo''owing co))ands:

■ 1how ip protocols

■ 1how ip interface x/x■ 1how run

. - Configure and (erify ARF 'ite:

ARF or (irtua' routing and forwarding a''ow you to "ost )u'tip'e

(irtua' routers on one router.

ARF a''ows t"e seg)entation of traffic and it is co))on'y used in

Ser(ice Pro(ider networ#s. Configuration and (erification:

$ Create t"e ARF networ# using ip 2rf [na)e#

$ Ena*'e ARF on an interface using ip 2rf [na)e#

forwardin' $ !o (erify use t"e fo''owing co))ands:

■ 1how ip 2rf [na)e#

■ 1how ip route 2rf [na)e#

■ Pin' 2rf [Ip address#

. - Configure and (erify fi'tering wit" any protoco':

Configuration and (erification:


7/28

$ Configure an ?C, Prefix-'ist or a route-)ap.

$ istri*ute t"e 'ist wit" a routing protoco' or on an

interface:

0 istri*ute Jroute )apK Jac'K Jprefix

'istK JinLoutK

$ Aerification:0 S"ow ip route0 S"ow run

.1; - Configure and (erify redistri*ution *etween any routing protoco's or routing sources:

Route redistri*ution a''ows you to redistri*ute routes fro) one

routing protoco' into anot"er.

If you "a(e one routing source t"an route redistri*ution is pretty

si)p'e *ut w"en you "a(e )u'tip'e routing sources t"an routing 'oops can occur.

!o stop t"ese routing 'oops you can do eit"er of t"e fo''owing:$ Per-Route ?d)inistrati(e istance settings.

$ Fi'tering routes *ased on Prefix ,engt".$ Route !ags.

Redistri*uting routes into 2SPF:

$ If ta#ing fro) +GP t"en use a defau't )etric of 1.

$ 5"en ta#ing fro) ot"er 2SPF processes t"en use

t"e source route )etric.

$ 5"en ta#ing fro) ot"er routing protoco's t"en uses

a )etric of /;.

$ Redistri*utes routes for c'assfu' networ#s un'ess t"e

su*nets co))and is used.

$ eter)ining routes for !ype / Externa' routes 6E/7

6Intra-?rea7M

0 Find t"e ad(ertising ?S+Rs 'isted in

t"e type ,S?6s7.

0 Ca'cu'ate 'owest-cost route to reac"

any of t"e ?S+Rs *ased on Intra-?rea ,S+.

0 &se outgoing interface and next "op

*ased on t"e *est route ca'cu'ated.

$ eter)ining routes for !ype / Externa' routes 6E/7

6Inter-?rea7:

0 Ca'cu'ate cost to ?+R *ased on !ype

1 and / ,S?s.0 ?dd cost fro) ?+R to ?S+R as

'isted in t"e !ype 8 ,S?.

$ eter)ining routes for !ype 1 Externa' routes 6E17

6Intra-?rea7:

0 ?dd interna' ospf cost to t"e externa'

)etric in t"e !ype ,S?.


8/28

$ eter)ining routes for !ype 1 Externa' route 6E17

6Inter-?rea7:

0 !a#e t"e *est Intra-?rea cost to reac"

t"e ?+R.

0 Cost fro) ?+R to ?S+R in t"e type

8 ,S?.0 Externa' cost for t"e route in t"e type

,S?.

$ 2SPF prefers E1 o(er E/ routes.

$ Configuration:

0 Redistri*ute JProtoco'K JProcess

nu)*er L ?S nu)*erK J4etric-type type (a'ueK J4atc" interna' L

externa' 1 L externa' /L nssa-externa'OK J!ag tag (a'ueOK J route-

)ap )ap-tagK Jsu*netsK

0 Aerify *y 'oo#ing at t"e routing

ta*'e. Redistri*ution into EIGRP:

$ Routes needs to "a(e defau't )etrics set *efore it

can *e redistri*uted into EIGRP 6Except for going EIGRP to EIGRP7.

$ efau't )etrics can *e set 1 of ways:0 Setting t"e defau't for t"e

redistri*ute co))and: &se t"e default-)etric [; $elay

4elia*ility load )tu#, *ut t"e 'ast are ignored *y defau't for

)etric ca'cu'ation sti'' t"ey need to *e set for t"e co))and to

wor#.0 Setting t"e )etrics to app'y to a''

routes: etric [; $elay 4elia*ility load


9/28

0 ?+R: area % ran'e [IP add# [)as6#

[cost#

0 ?S+R: su))ary-address [IP add#

[prefix-)as6# Configuration for EIGRP:

$ Configure on t"e router wit" t"e addresses. &se t"isco))and under interface configuration )ode:

■ Ip su))ary address ei'rp [A1N# [IP

add# [as6/prefix#

Configuration for RIP:

$ RIP(1 on'y supports auto su))ari9ation at t"e

c'assfu' *oundaries.$ RIP(/ a''ows it: Configure on t"e router wit" t"e

addresses. &se t"is co))and under interface configuration )ode:

■ Ip su))ary address rip [IP add#

[as6/Prefix# Configuration for +GP:

$ &se t"e a''re'ate-address co))and or auto

su))ari9ation. Aerify t"at t"e su))ari9ation went t"roug" in t"e routing ta*'e.

.1/ - Configure and (erify po'icy-*ased routing:

P+R a''ows you to contro' w"ic" pat" t"e router uses for a

particu'ar su*net.

Configuration:$ Create an ?C,.

$ 4ap t"at ?C, to a route per)itting it and )a#e

sure to inc'ude a state)ent in t"e route )ap deter)ining t"e next-"op IP

address wit" t"e set ip next-hop [IP address#.$ 4ap t"e route-)ap to an interface using t"e ip

policy route-)ap [na)e#.

.1 Identify su*opti)a' routing:

Su*opti)a' routing occurs w"en a pac#et ta#es a worse route to a

destination instead of ta#ing a *etter@s"orter route.

!"is usua''y occurs wit" route redistri*ution and can *e "and'ed

ways:$ Per-Route ?d)inistrati(e istance settings.

$ Fi'tering routes *ased on Prefix ,engt".

$ Route !ags.

.18 - Exp'ain R2&!E )aps:

Route )aps a''ow us to )ap ?C,s and Prefixes to it and a''ow

specia' functions suc" as:


10/28

$ Setting t"e next-"op IP

$ Configuring tags

$ 4etrics

.1 - Configure and (erify 'oop pre(ention )ec"anis)s:

Route tagging a''ows you to create a tag so w"en a route recei(es a

route wit" t"e tag t"en t"ey can ignore t"at route and pre(ents t"e 'oop. Sp'it-"ori9on a''ows EIGRP to recei(e updates for a prefix on one

interface and It does not send t"ose updates *ac# out t"at sa)e interface.

Route poisoning pre(ents a networ# fro) sending pac#ets to a

destination t"at "as *eco)e in(a'id. A protoco's especia''y RIP does t"is wit"

infinite routes.

.1< - Configure and (erify RIP(/:

RIP (ersion / c"aracteristics:

$ ?''ows A,S4

$ ?''ows C'ass'ess addressing.$ &ses )u'ticast address of //8.;.;. w"i'e RIP(1

uses *roadcasts.$ 4ax "op count is 1 and 1< is considered infinite.

Configuration:

7 4outer 4ip7 ersion [+=#

7 Networ6 a.*.c.d

Aerification:7 1how IP protocols

7 1how IP 4oute

.1H - escri*e RIPng: RIPng or RIP next generation is RIP for IPA unicast-routin'

7 Ip*> router rip [na)e#

7 3ptional:0 &se t"e ip2> ena*le co))and for t"e

interface to deri(e its own 'in#-'oca' address.$ Ena*'e RIPng on an interface wit" t"e IP2> rip

[na)e# ena*le co))and.

Aerification

7 1how ip2> interfaces

7 1how ip2> protocols

.1 - escri*e EIGRP pac#et types:

EIGRP uses pac#et types to do its wor#:

$ De''o: &sed for creating and )aintaining neig"*or

adacency.


11/28

$ ?c#: &sed *etween routers to ac#now'edge to one

anot"er t"at t"ey "a(e recei(ed t"e update )essage.

$ &pdate: &sed for topo'ogy exc"ange and inc'udes

t"e fo''owing: Prefix Prefix 'engt" 4etric co)ponents suc" as de'ay and

*andwidt" and non)etric ite)s suc" as 4!& and "op count.

$ uery: &ses 3uery )essages to find an a'ternateroute to a su*net if no Feasi*'e successor exists.

$ Rep'y: Rep'y )essages are used for 3uery responses

t"at te'' t"e router t"at it #nows of a 'oop-free a'ternate route for t"e fai'ed

su*net it 3ueried for 6!"e router w"o gets a rep'y )essage uses ?c#

)essages to rep'y t"at it got it7.

.1 - Configure and (erify EIGRP neig"*or re'ations"ip and aut"entication

Bou can (erify EIGRP neig"*or re'ations"ips wit" t"e fo''owing

co))ands:

7 1how ip ei'rp nei'h*or [detail#

7 1how ip protocols EIGRP aut"entication configuration and (erification:

$ Supports on'y 4

$ Create a #ey c"ain.$ Ena*'e 4 interface on interface wit" ip

authentication )ode ei'rp [asn# $?$ Refer to t"e #ey c"ain wit" ip authentication 6ey-

chain ei'rp [asn# [6eychain na)e# and (erify wit" show 6ey chain EIGRP(< aut"entication configuration and (erification:

$ Supports 4

$ Configuration and Aerification:

0 Create #ey c"ain0 &se ip2> authentication )ode ei'rp

[asn# )d? co))and.

0 Refer to #ey c"ain wit" ip2>

authentication 6ey-chain ei'rp [asn# [6ey-chain na)e#■ Aerification: 1how interfaces to

2erify and show 6ey chains or show run

Na)ed EIGRP aut"entication configuration and (erification:

$ Supports 4 and SD?

$ Configuration and Aerification:

0 Create #ey c"ain0 Ena*'e aut"entication wit"

authentication )ode [)d? sha# co))and.

0 Refer to t"e #eyc"ain wit"

authentication 6ey chain [6ey chain na)e.

./; - Configure and (erify EIGRP stu*s:


12/28

EIGRP stu* routing does not forward traffic *etween / re)ote

EIGRP su*nets.

$ !"is can cause t"e going acti(e 6&?,7 process to

con(erge 3uic#er and it can "e'p pre(ent 'ong "ar)fu' routes.

$ 4anua' su))ari9ation can decrease con(ergence

ti)e of t"e going acti(e 6&?,7 process *ecause: If a router recei(es a3uery for a su*net t"at it does not "a(e an exact route too *ut "as a

su))ary route t"at inc'udes it t"en it can rep'y to t"at 3uery wit"out

sending t"e 3uery )essage on to its neig"*ors.

Configuration and Aerification:

$ &i'rp stu* [connected recei2e-only static

redistri*ute# ena*'es t"e router as a stu* router.

$ !"e show ip ei'rp nei'h*or detail wi'' 'ist t"e stu*

router6s7.

./1 - Configure and (erify EIGRP 'oad *a'ancing:

!wo types of EIGRP 'oad *a'ancing 6'oad s"aring7 are a(ai'a*'e:$ E3ua'

$ &ne3ua'

E3ua' 'oad *a'ancing pat"s s"ow in t"e routing ta*'e *ecause t"e

su*net wi'' "a(e )ore t"an one route to a su*net.

$ !"e a)ount of e3ua' 'oad *a'ancing pat"s can *e set

*y )axi)u)-paths and t"e defau't is 8.

&ne3ua' 'oad *a'ancing configuration:$ &ses t"e 2ariance co))and and it wi'' ti)es t"e

Feasi*'e istance )etric *y t"e (a'ue specified. ?ny route t"at "as a F

'ess t"an or e3ua' to t"e actua' Feasi*'e istance wi'' *e added to t"erouting ta*'e.

.// - escri*e and opti)i9e EIGRP )etrics:

EIGRP *y defau't uses cu)u'ati(e de'ay and 'owest *andwidt" for

)etrics to deter)ine routes. It can use 'oad and re'ia*i'ity *ut can%t use 4!& si9e

as a )etric.

$ Bou can 'ogica''y 6not actua''y7 c"ange t"e de'ay

and speed of t"e 'in# wit" t"e $elay and andwidth 6#*ps7 co))ands.$ efau't (a'ues of 'in#s for de'ay and *andwidt":

0 Seria' Q 188 #*ps and /;;;;

)icroseconds. 0 GigE Q 1;;;;;; #*ps and 1;

)icroseconds.

0 FastE Q 1;;;;; #*ps and 1;;

)icroseconds

0 Et"ernet Q 1;;;; #*ps and 1;;;

)icroseconds

./ - Configure and (erify EIGRP for IP(


13/28

Configuration is *asica''y t"e sa)e IP(8 6Except you need to

ena*'e IP(< on t"e interface7 *ut coup'e of notes:

$ Bou )ust ena*'e IP(< routing

$ Bou )ust configure an EIGRP router-id 6If no IPA8

addresses7.

$ Bou s"ou'd use t"e Ip2> ena*le to 'et t"e routerderi(e its own 'in#-'oca' address.

./8 - escri*e 2SPF pac#et types:

2SPF Pac#et !ypes:$ $ello: &sed to disco(er@)aintain neig"*ors and to

confir) If two routers can *eco)e neig"*ors.$ Database Description %D&D or DD': Exc"anges

*rief (ersions of eac" ,S? types.. !"is "appens on initia' topo'ogy

exc"ange and 'ets a router #now t"e 'ist of ,S?s its neig"*or #nows.

$ Link()tate *e+uest %L)*': ? pac#et t"at 'ists t"e

,SIs of ,S?s t"at t"e sender of t"e ,SR wou'd 'i#e t"e recei(er of t"e,SR to supp'y for data*ase exc"ange.

$ Link()tate ,p!ate %L),': ? pac#et t"at contains

fu''y detai'ed ,S?s and is sent in response to a ,SR.

$ Link()tate -cknowle!gement %L)-ck': Sent to a

neig"*or to confir) t"at it got its ,S&.

2SPF Neig"*or States:

Down: No "e''os "a(e *een recei(ed.

-ttempt:&sed w"en a neig"*or is defined wit" t"e

neig"*or co))and.

/nit: De''os "a(e *een recei(ed *ut neig"*or

(erification was not passed. !"is re)ains per)anent w"en De''o

para)eters do not )atc".

$ 2(ay: De''os recei(ed neig"*or (erification

c"ec#s passed.

$ )tart: Negotiating se3uence nu)*ers and

uses a )aster@s'a(e 'ogic for pac#ets.

change: Finis"ed negotiating process

particu'ars and "a(e *egan exc"anging pac#ets.

Loa!ing: ?'' pac#ets "a(e *een exc"anged

routers current'y sending ,SR ,S& and ,S?c# to exc"ange fu'' ,S?s.

3ull: Neig"*ors fu''y adacent t"ey *e'ie(e t"at

t"eir ,S+s are a'' identica' and routing ta*'e ca'cu'ations or

reca'cu'ations *egin.

./ Configure and (erify 2SPF neig"*or re'ations"ip and aut"entication:

2SPF re3uire)ents to *eco)e neig"*ors:

$ 4ust *e in sa)e ?rea.

$ 4ust *e in sa)e su*net.


14/28

$ 4ust pass a'' aut"entication c"ec#s.

$ 4ust "a(e t"e sa)e "e''o and dead ti)ers.

$ 4ust not *e a passi(e interface.$ Route Is cannot *e t"e sa)e.

$ 4!& si9e )ust *e t"e sa)e in order to exc"ange

topo'ogy infor)ation. Configuration and Aerification:

$ Bou can configure static neig"*ors wit" t"e

nei'h*or co))and or you can use t"e networ# JIP@5C )as#K and )a#e

sure a'' re3uire)ents )atc" to *eco)e neig"*ors.

$ Aerification of neig"*ors can *e seen wit" t"e show

ip ospf nei'h*or [4outer-I$# co))and and wit" t"e show ip protocols

co))and. 2SPF aut"entication:

$ 2SPF aut"entication types:0 !ype ;: No ?ut"entication

0 !ype 1: Pro(ides p'ain text

aut"entication

0 !ype /: Pro(ides Das"ing

?ut"entication

$ 2SPF(/ p'ain-text aut"entication:

0 Configuration: Ena*'e P!? per

interface or area:

7 Ip ospf authentication

7 Area %

authentication Set a #ey:

7 Ip ospf

authentication-6ey [na)e#$ !"e

)ax #ey 'engt" is .

0 Aerification: &se t"e show ip

interface or show ip ospf interface co))and for

(erification.

$ 2SPF(/ 4 ?ut"entication:

0 oes not a''ow ti)e *ased #eys.

0 4ax #ey 'engt" is


15/28

- Ena*'e 4 per

area or interface:7 Ip

authentication )essa'e-di'est

7 Area %

authentication )essa'e-di'est

Configure #eys per

interface:7 Ip ospf

)essa'e-di'est-6ey [id# )d? [na)e# Aerification:

7 1how

ip interfaces or show ip ospf interfaces.$ 2SPF( ?ut"entication:

0 2SPF( "as no aut"entication

"eaders so IPsec is needed for aut"entication.0 IPsec uses ?ut"entication "eader

6?D7 for aut"entication *ut t"e Encapsu'ating security pay'oad

pro(ides aut"entication and encryption.

0 Configuration:

Ena*'e ?D or ESP:

7 Ip2>

ospf authentication ena*'es ?D.

7 Ip2>ospf encryption ena*'es ESP.

Configure per

interface or area:7 Ip2>

ospf authentication ipsec spi =?> sha+

7 Area %

authentication ipsec spi =?> sha+

./< - Configure and (erify networ# types area types and router types

2SPF networ# types:

$ Point-to-point:0 E'ects a R on'y if a neig"*or is

defined wit" t"e nei'h*or co))and.

0 efau't De''o ti)er is 1;.


16/28

0 yna)ica''y disco(ers neig"*ors

and no )ore t"an / routers in(o'(ed.0 efine t"e networ# on t"e interface

wit" t"e ip ospf networ6 [point-to-point, *roadcast, etc# co))and.

0 !"e a*o(e is a'so defau't on FR

point-to-point connections.

$ 4u'tipoint:

0 !wo types of )u'tipoint networ#s: Point-to-4u'tipoint:

$ ?''ows

dyna)ic disco(ery of neig"*ors.$ oes

not use a R.$ efau't

"e''o is ;. Point-to-4u'tipoint

N+4?:

$ oes

not use a R.$ efau't

"e''os is ;.

$ No

dyna)ic disco(ery of neig"*ors.

$ +roadcast: 0 Connects )u'tip'e routers to a

switc" so if one pac#et gets sent out it goes to a'' routers.

0 &ses a R.0 efau't "e''o is 1; seconds.

0 yna)ica''y disco(ers neig"*ors.

$ Non+roadcast:

0 !"ese wou'd *e Fra)e Re'ay

networ#s.

0 &ses a R.

0 oes not dyna)ica''y disco(er

neig"*ors.

0 efau't De''o is ; seconds. ,S? !ypes:

$ !ype 1:

0 *nown as router ,S?s.

0 Eac" router creates one and f'oods it

t"roug"out t"e sa)e area.


17/28

0 ?n ?+R wi'' create one for eac"

area.0 ? type 1 ,S? contains t"e fo''owing:

RI

?'' interface IP

addresses

Represents Stu*

Networ#s$ !ype /:

0 nown as a Networ# ,S?.

0 2n'y sent *y t"e R.0 2n'y one per transit networ#.

0 Represents t"e transit su*net and a''

router interfaces connected to t"at su*net.$ !ype :

0 nown as a Su))ary ,S?.0 Sent *y ?+Rs.

0 Contains infor)ation on "ow to

reac" su*nets t"at are in ot"er areas.

$ !ype 8:0 nown as an ?S+R Su))ary ,S?.

0 !e''s routers "ow to reac" t"e ?S+R.

0 Generated *y t"e ?+R.$ !ype :

0 nown as t"e ?S Externa' ,S?.

0 Created *y ?S+Rs.0 Represents and contains externa'

routes inected into 2SPF 6Route Redistri*ution7.

$ !ype H:

0 nowns as an NSS? Externa' ,S?.0 Created *y ?S+Rs inside an NSS?

area instead of a type .0 ?'so represents externa' routes

inected into 2SPF.

!ypes of 2SPF areas:

$ +ac#*one ?rea: Is a'ways area ; and a'' ot"er areas)ust connect to it.

$ Nor)a' ?rea: ?n area t"at is not a *ac#*one area or

any type of stu**y area.

$ !ransit ?rea: ?n area w"ere pac#ets tra(e' *etween

/ distant areas.


18/28

$ Stu* ?rea: Fi'ers on'y !ype ,S?s and does not

a''ow externa' routes..$ NSS?: Fi'ters on'y type ,S?s *ut a''ows

externa' routes 6!ype H ,S?s7.

$ !ota''y NSS?: Fi'ters *ot" type and ,S?s *ut

a''ows externa' routes 6!ype H ,S?s7.

$ !ota''y Stu**y ?reas: Fi'ters type and ,S?s and

does not a''ow externa' routes. !ypes of 2SPF routers:

$ Interna' router: ? router t"at on'y "as interfaces

connected to on'y one area.

$ +ac#*one router: ?ny router t"at "as at 'east one

interface connected tot"e *ac#*one area.$ ?rea +order router: ?ny router t"at "as one or )ore

interfaces connected to ot"er areas.

$ ?utono)ous Syste) +oundary router: ?ny router

t"at inects externa' routes into 2SPF.

Airtua' ,in#s:

$ &sed for connecting non-*ac#*one areas to t"e

*ac#*one area t"roug" a (irtua' 'in# and not t"roug" a direct connection.

./H - Configure and (erify 2SPF pat" preference

Ca'cu'ating 2SPF Intra-?rea routes:

$ Find a'' su*nets in t"e area *ased on type 1 and /

,S?s.$ Run SPF to find a'' pat"s to t"e su*net.

$ Ca'cu'ate 2SPF cost for a'' outgoing interfaces and

use t"e 'owest tota' cost route for eac" su*net as t"e *est router. Ca'cu'ating 2SPF Inter-?rea routes:

$ &ses t"e type ,S?s to ca'cu'ate routes to su*nets

in ot"er areas.$ Ca'cu'ate t"e intra-area cost to t"e ?+R.

$ ?dd t"e cost (a'ue fro) t"e ?+R to a different area

su*net to t"e 'oca' router cost to reac" t"e ?+R. Since ?+Rs ca'cu'ate Inter and Intra ?rea routes t"ey need to

#now w"ic" route is *est for t"e) wit"in )u'tip'e areas. !"ey do t"is *y

fo''owing t"ese ru'es:

$ ?n Intra-?rea router is a'ways *etter t"an an Inter-

?rea route.


19/28

$ If an ?+R recei(es a type ,S? in a non-*ac#*one

area It wi'' ignore t"at ,S? for its ca'cu'ations for routes. Re)e)*er t"at on'y type 1 and / ,S?s affect topo'ogy c"anges

and re3uire SPF ca'cu'ation.

Configuration and Aerification:$ C"ange t"e defau't reference *andwidt" w"ic" is

1;;;;; #*ps *y t"e auto-cost reference-*andwidth co))and. Re)e)*er

t"at cost is ca'cu'ated *y reference-*andwidt"6#*ps7@interface *andwidt"

6#*ps7.

$ Set t"e cost of t"e 'in# wit" ip ospf cost %.$ Aerify wit" t"e show ip ospf interface co))and.

./ Configure and (erify 2SPF operations:

Exc"ange wit"out a R:$ Neig"*ors exc"ange "e''os unti' t"ey reac" /-way

state.

$ ?fter a router "as recei(ed a "e''o and a''

para)eters )atc" t"e routers wi'' 'ist eac" ot"ers RIs as *eing seen in

t"e next "e''o pac#et.$ 2nce t"e routers see t"eir own RIs t"ey reac" t"e

/-way state.

$ 5"en it reac"es t"e /-way state t"ey deter)ine If

t"ey want to exc"ange ,S+ entries 65"en no R t"e answer is a'ways

yes7.$ 2nce *ot" routers say yes t"ey wi'':

0 isco(er ,S?s #nown to it neig"*or

*ut un#nown to itse'f.

0 isco(er ,S?s #nown to *ot"

routers *ut t"e neig"*or%s ,S? is )ore up-to-date.

0 ?s# a neig"*or for copy of a'' ,S?s

identified in t"e first t"e steps.

$ ,ast'y fu'' ,S?s are exc"anged. ?c#now'edges of

t"e ,S?s are confir)ed *y sending a ,S?c# )essage 6Exp'icit?c#now'edge7 or *y sending t"e sa)e ,S? t"at was recei(ed *ac# to t"e

ot"er router in a ,S& 4essage 6I)p'icit ?c#now'edge)ent7. Exc"ange wit" a R:

$ Non-R routers do not exc"ange t"eir data*ases

wit" neig"*ors on a su*net.$ Exc"ange wit" a R:


20/28

0 ?'' non-R routers 6or R2t"er7

perfor) data*ase exc"ange wit" t"e R routers )u'ticast address

at //8.;.;.


21/28

type 1 ,S? in IP(8 networ#s7M *ut it can a'so send infor)ation

a*out transit IP(< networ# seg)ents 6sa)e as a type / ,S? in IP(8

networ#s7.

Configuration:

$ Configure wit" t"e ip2> router ospf [%# co))and.$ ?dd t"e ospf( process to an IP(< interface wit"

t"e ip2> ospf % area % co))and.

Aerification:$ &se any of t"e fo''owing co))ands:

■ 1how ip2> protocols

■ 1how ip2> ospf interface *rief

.; - escri*e configure and (erify +GP peer re'ations"ips and aut"entication:

+GP does not re3uire neig"*ors to *e on t"e sa)e su*net or sa)e

'in# to *eco)e neig"*ors *ecause it uses a !CP connection 6Port 1H7 *etween

routers to pass +GP )essages.

+GP States:$ Id'e: +GP Process is down or awaiting next retry

atte)pt.

$ Connect: +GP process is waiting for !CP

connection to co)p'ete.

$ ?cti(e: !CP connection is co)p'eted *ut not +GP

)essages sent.$ 2pensent: !CP connections exists +GP open

)essage sent *ut waiting for t"e )atc"ing open )essage fro) its

neig"*ors.

$ 2penconfir): 2pen )essage sent and recei(ed

fro) ot"er router. Next step is to sent a +GP #eepa'i(e )essage to )a#e

sure a'' neig"*or para)eters )atc"M or a +GP notification )essage to

)a#e 'earn If t"ere is a )is)atc".$ Esta*'is"ed: ?'' neig"*or para)eters )atc"

re'ations"ip wor#s and peers can now exc"ange update )essages.

+GP 4essages:

$ 2pen: &sed to esta*'is" neig"*ors"ip exc"anges

*asic para)eters w"ic" inc'ude ?SN and aut"entication (a'ues.

$ eepa'i(e: Sent periodica''y to )aintain neig"*or

re'ations"ips. If no #eepa'i(e )essages in t"e negotiated "o'd ti)er t"en it

wi'' cause t"e re'ations"ip to go down.


22/28

$ &pdate: &sed to exc"ange P?s and t"e associated

prefix@'engt" t"at use t"ose attri*utes.$ Notification: &sed for finding out w"at para)eters

)is)atc".

Peer Groups:$ ?re used to send +GP )essages t"at wi'' go out to a

group of neig"*ors t"at are defined in t"e peer group configuration.

$ Configuration:0 See on page

address in the route )ap usin' the set ip2> next-hop [IP2>

address# co))and.

9 &na*le *'p with the

4outer *'p [asn# co))and 9 &nter address

confi'uration )ode for IP2@ with the address-fa)ily ip2@

co))and.9 1pecify the interfaces

that will participate in (P with the networ6 [ip address#

)as6 [su*net )as6# co))and.


23/28

9 &xit address

confi'uration )ode for IP2@ with the exit address-fa)ily

ip2@ co))and.

9 &nter IP2> address

confi'uration )ode with the address-fa)ily IP2>

co))and.

9 1pecify interfaces

with networ6 [ip2> address# [prefix-len'th# co))and.

9 Acti2ate the *'p

nei'h*or for the IP2> address with the nei'h*or [IP2@

address# acti2ate co))and.

9 Associate the router-

)ap with the nei'h*or usin' the nei'h*or [IP2@ address#

route-)ap [na)e# out co))and.

0 Configuration for routing IP(< o(er

IP( routin'.

9 &na*le *'p with the

router *'p % co))and.

9 $efine the IP2>

nei'h*or with the nei'h*or [IP2> address# re)ote-as

co))and.

9 &nter address fa)ily

)ode with the address-fa)ily IP2> co))and.

9 1pecify with

interfaces will participate with the networ6 [IP2> address#

[Prefix len'th# co))and.

9 Acti2ate the (P

nei'h*or with the nei'h*or [IP2> address# acti2ate

co))and.

$ ?utono)ous syste) nu)*ers:

0 ?SN ; is reser(ed.0 1 -


24/28

+GP uses pat" attri*utes as )etrics for c"oosing t"e *est routes.

!"e order goes as fo''ows:$ Next "op: If no route to reac" t"e nextT"op IP t"en

it cannot *e used.

$ 5eig"t 6not a P? Cisco proprietary7: !"e *igger t"e

*etter.

$ ,oca'TPref: !"e *igger t"e *etter.

$ ,oca''y inected routers: +etter t"an *ot" e+GP and

i+GP.

$ ?STPat" ,engt": !"e s)a''er t"e *etter.

$ 2rigin: Prefer I o(er E and E o(er U.$ 4E: !"e s)a''er t"e *etter.

$ Neig"*or type: e+GP o(er i+GP.

$ IGP 4etric to Next Dop: t"e s)a''er t"e *etter.$ If no route "as *een c"osen after going t"roug" a''

t"e P?s a*o(e t"e router wi'' ta#e t"ese steps to *rea# t"e tie:

0 2'dest 6'ongest-#nown7 e+GP route.0 ,owest neig"*or +GP RI

0 ,owest neig"*or IP address.

4.0 5PN Technologies:

8.1 - Configure and Aerify GRE:

Generic Routing Encapsu'ation 6GRE7 is used for creating site-to-

site APNs. Configuration steps for GRE are as fo''ows:

$ Configure a tunne' interface wit" t"e: interface

tunnel [%# co))and.$ 4a#e sure to put t"e tunne' interfaces on eac" side

of t"e tunne' on t"e sa)e su*net.

$ &se t"e


25/28

0 )GRE 62n'y configured on t"e "u*7

0 NDRP 6&ses t"e C'ient@Ser(er )ode'

to find next "op IP address7

0 IPsec$ 4APN "as one issue ca''ed route f'apping and to

reso'(e t"e issue cisco reco))ends t"at you c"ec# routing protoco'neig"*ors"ips *etween t"e routers.

8. - escri*e Easy Airtua' Networ#ing 6EAN7

EAN a''ows you to create (irtua' routers on one router for

seg)enting traffic fro) one networ# to anot"er 6ex: 5ire'ess Aoice ata etc7.

&n'i#e ARF EAN creates a Airtua' Networ# !run# 6ANE!7 t"at

wi'' carry t"e traffic for eac" (irtua' networ# and it can identify t"e different type

of traffic *y using a ANE! tag. !"is is on'y *etween eac" (irtua' router and you

can e(en use route rep'ication to a''ow routes *etween eac" (irtua' networ# to *e

#nown to one anot"er.

6.0 /nrastructure )er"ices: 5.1* es$ribe IS usin" lo$al database7

● 8ou $an $reate a lo$al database on a &is$o router usin" the

follo'in"7○ Aaa new-model ○ Aaa authentication login [group name] group

TACACS+ local ○ Create a username and password.

5.9 * es$ribe devi$e se$urity usin" IS 'ith T&&S: and 2IUS7

● ifferen$e bet'een T&&S: and 2IUS7; T&&S:7

< Uses T&P.< 3n$ry)ts the entire )a$(et.< &is$o Pro)rietary.< ffers basi$ a$$ountin" features and

se)arate servi$es for .; 2adius7

< Uses UP.< nly en$ry)ts the )ass'ord.< ffers robust a$$ountin" feature and

$obines authenti$ation and authorization fun$tions.< )en standard.

; &onfi"uration7■ TACACS/RA!"S-ser#er [Ser#er

$ame] ■ Address ip#%/ip#& [!'] ■ (e) [*e) password]

5.= * &onfi"ure and verify devi$e a$$ess $ontrol7

● The >T8 lines $an be se$ured 'ith a$$ess lists and 'ith an

server.● Mana"eent )lane se$urity deals 'ith the se$urity of the devi$e and

its ana"eent. 8ou $an do this 'ith s and servers.


26/28

● Pass'ord en$ry)tions7; Ty)e ? )ass'ord en$ry)tion @ser#ice-password

encr)ption] is the 'ea(est for of en$ry)tion and $an be easily $ra$(ed.; The secret $oand uses the SA*956 for

en$ry)tion )ass'ords and is very stron".

5.4 * &onfi"ure and verify router se$urity features

● IPv4 a$$ess lists $an no' be tie*based. &onfi"uration of tie*based

$$ess &ontrol #ists7○ Time-range [name] ○ 'eriodic [ ,T, , T, , , 0] 1eginning Time-

0nding Time○ Access-list [num2er] [permit,den)] [time-range

[name]] ● IPv6 Traffi$ Bilterin"7

; 8ou $an $reate s sae as IPv4 s+ but they

have = i)li$it instru$tions at the end of IPv6 S7■ 'ermit icmp an) an) nd-na■ 'ermit icmp an) an) nd-na< en) ip#& an) an)

● Uni$ast reverse )ath for'ardin" or u2PB is a se$urity e$hanis in

&is$o 2outers that )revent IP s)oofin" atta$(s by at$hin" that the sour$e address

is in the routin" table and is rea$hable.; u2PB has = odes7

< #oose ode7 ith loose ode+ a

router 'ill only verify that the sour$e IP address of a )a$(et is

rea$hable based on a routerCs BID.< Stri$t ode7 router $he$(s that the

sour$e IP is rea$hable and in the routerCs BID and it also a(es sure

that the )a$(et is arrivin" on the sae interfa$e the router 'ould use

to send the traffi$ ba$( to the IP address.< >2B ode7 sae as loose ode+ but

it $he$(s the >2B instan$esC routin" table.; &onfi"uration7

■ !p #eri3) unicast source reacha2le-#ia

[r4 5strict mode6 , an) 5loose mode6]

6.0 Infrastructure Services:

6.1 * &onfi"ure and verify devi$e ana"eent7

6.9 * &onfi"ure and verify SEMP7

6.= * &onfi"ure and verify lo""in"7

● #o""in" allo's you to tra$( any events that "o on in the router.● #o""in" levels7

; 0 F 3er"en$ies; 1 F lerts; 9 F &riti$al; = F 3rror ; 4 F arnin"s; 5 F Eotifi$ations; 6 F Inforational; ? F debu""in"

● &onfi"uration7


27/28

○ 7ogging [ host , monitor] ○ Show logging [ histor)]

6.4 * &onfi"ure and verify Eet'or( Tie Proto$ol ,ETP-7

6.5 * &onfi"ure and verify IPv4 and IPv6 A&P7

● A&P allo's you to autoati$ally assi"n IP addresses to host.● IPv4 A&P $onfi"uration7

○ !p dhcp pool [name]○ $etwor* 8.8.8.8 as* 8.8.8.8

● IPv6 A&P $onfi"uration7○ !p#& dhcp pool [name] ○ 9ou can con3igure/use stateless C': State3ul:

S7ACC: or 're3i4-delegation.

6.6 * &onfi"ure and verify IPv4 Eet'or( ddress Translation ,ET-7

● = Ty)es of ET7; Stati$ ET7 This allo's to a) one )ubli$ i) to one

)rivate i).; ynai$ ET7 This allo's you to use a )ool of )ubli$

i) address for Private IP to Publi$ IP translation.; Port ddress Translation7This allo's you to use one

)ubli$ IP for ulti)le )rivate IPs and this is a$$o)lished by usin" different

)ort nubers for ea$h )rivate IP translated.

6.? * es$ribe IPv6 ET7

● ET647; llo's IPv6 address to be translated into IPv4

addresses. This allo's $ouni$ation bet'een an IPv4 and IPv6 host.● EPTv67

; Eet'or( Prefi! Translation allo's and )erfors )refi!

translations for IPv6 ,Thin( of ET for IPv4+ Publi$ to Private and >i$e versa-.

6.G * es$ribe S# ar$hite$ture7

● Servi$e #evel "reeent or S#+ allo's you to easure the)erforan$e and the behavior of your net'or(.

● It $an be used 'ith the follo'in"7; I&MP for e$ho and Hitter ; 2TP for >oi); T&P $onne$tion; UP for e$ho and Hitter ; ES; A&P; ATTP; BTP

6. * &onfi"ure and verify IP S#7

● &onfi"uration and >erifi$ation7; &reate the IP S# o)eration 'ith ip sla ; $oand.; efine the ty)e of o)eration ty)e 'ith icmp-echo

[destination !' , ostname] source-ip [!' address , ostname] source

inter3ace [inter3ace]; efine a non default fre%uen$y+ if needed 'ith

3re


28/28

; S$hedule the tie for the S# o)eration to start 'ith

ip sla schedule ; li3e [3ore#er , seconds] [Start time hh=mm=ss] [onth da) ,

da) month]

6.10 * &onfi"ure and verify tra$(in" obHe$ts7

● 8ou $an tra$( S# o)erations to influen$e routin" and the

$onfi"urationJverifi$ation are as follo's7; Use the trac* ; ip sla ; [State , Reacha2ilit)]; &onfi"ure the delay If you 'ant 'ith dela) [ own

5seconds6 , "p 5seconds6]; &onfi"ure a stati$ route ip route 8.8.8.8 8.8.8.8

inter3ace trac* ;

6.11 * &onfi"ure and verify &is$o EetBlo'7

ccn p route study guide

Documents