ccna practical guide 2st edition by vdl

8/3/2019 CCNA Practical Guide 2st Edition by VDL

1/73


2/73

CCNAPracticalGuide-1st Edition

Introduction

ThisbookisdedicatedtoallStudentswhoneedapracticalenviromentforccna.Iincludeinthisbookallbasicandadvancedpracticemodeswithbriefscenario.Ithinkitisagreatejourneyforyoutoreadandanalyzethisbook.

AsyouknoweverysuccessneedmoreandmoreknowledgeAswellascompletecommandinpractical.SothisisthebestwayTomakeyourself afullyconfidentnetworkengineer.

ThankstoMyallfriendsthathelpmeandencaragemeforthisbook.Allsugestionsareinvitedtomakethisbookbetterthenthebest.Youcanmailyour

[email protected] site :- http://komalcomedu.webs.com

Vinod D. Lande

Mo.8983498861
mailto:[email protected]:[email protected]:[email protected]:[email protected]


3/73

INDEX

S.No. Topic PageNo. Remark1 IntroductionofWAN,WANdevices 52 Topology,TypesofdatasignalsandEthernetNICandEthernet

cables6

3 CSMA/CDprotocol,Cables 74 InternetProtocol 135 OSIrefrencemodel 146 DOD-Model 157 Collision&Broadcastdomain 168 Protocols 169 IPversion-4 1710 MACaddress 1811 VLSM,CIDR 1812 Subnetting 18

13 Supernetting 1914 IPversion-6 2015 CiscoHerarchicalModel 2216 Router 2317 RoutingProtocols 2318 BasicConf.(Banner,Hostname&LoopbackAddr.Setting) 2519 Passwordprotection&PasswordRecovery 2520 BackupofRouterIOS 2621 CDP 2722 IPsettingonrouter 2723 DHCPConfiguration 2824 DNSConfiguration 29


4/73

25 Typesofrouting 3026 Defaultrouting 3127 Staticrouting 3228 RIProuting 3329 RIPversion-2 3430 OSPFrouting 3531 IGRProuting 3932 EIGRProuting 4033 Hostnamepinging(router) 4134 WANProtocols(PPP,HDLC&Frame-relay) 4235 ISDNConnection 4436 FrameRelay 4837 AccessControlllist 5138 PointtoPointprotocolAuthentication 5339 VLAN&VTP 5540 NATTranslation 6041 NATOverload 6942 SpanningTreeProtocol* 7143 SomeQuestions 74

LetsStart=====>>>


5/73

Que.*WhichCompanyisresponsibleforIPaddressReservation?Ans. TheInternetAssignedNumbersAuthority(IANA)hasreservedthe

IPaddressspaceinprivateand publicip-addresses.Notesby-Vinod D. Lande Mo. 8983498861

IntroductionofWANThisisanetworkwithoutlimit.AWideareanetworkisalargesttypeofn/wthatspraidoutall

overworld.PublicipaddressesareusedinWAN.Thisn/wisprovidedbyISP.

(1.)WANSwitches WAN-Devices(2.)WANModems:- CSU/DSUmodemCSU/DSU(ChannelServiceUnit/DigitalService Unit)Modem isadigital interface

devicethatadaptthephysicalinterfaceonaDTE(DataTerminalEquipment)devicetotheInterfaceofDCE(DataCircuitTerminatingEquipment)deviceinaswitchcariern/w.ItalsoprovideSignalTimingforcommunication.

(3.)ISD

NTerm

inalAdapter:-isusedtoconnectISDNconnectiontootherinterfaceslikeserial.(4.)HSSI(HighSpeedSerialInterface):-isaDTE/DCEinterface.Theflexibilityof

HSSIclock&datasignalprotocolmakesuser/venderbandwidthallocationpossible.TheDCEcontrolstheclockbychangingit'sspeedorbydeletingitsclockpuls.

(5.)TerminalEquipment:-(TheRouters)Thesedeviceshastwotypes-Type-1:-Thesedevice

candirectlyconnecttoISDNn/w.Type-2:-Thesedevicecan'tsupportISDNn/wandconnetswithTAtoconnectISDNn/w.

(6.)N/WTerminator:-AsmallconnectionboxthatattachedtoISDNBRIport.(7.)N/W Terminator-2:-Adevicethatprovidesswitchingserviceforinternaln/w.Thistype

ofinterfaceistypicallyusedwithPRI.


6/73

TOPOLOGYATopologydefines,howthedevicesareconnected.(1.)PointtoPointTopology:-hasasingleconnectionbetweentwodevices.(2.)BusTopology:-usesasingleconnectionorwiretoconnectalldevices.(3.)

StarTopology:-

has

acentrel

device

with

many

point

to

point

connections.

(4.)RingTopology:-AlldevicesconnectsinRingmethod.(5.)MeshTopology:-Ithastwotypes-

{1}FullMesh:-Everydeviceconnectswitheverydevice.{2}PartialMesh:-MakesbyafaultthatgeneratesinFullMesh.

(6.)HybridTopology:-Amixtureoftwoormoretopologies.TypesofNetworkDataSignals

{1}Unicast

Signals:-

Signal

that

goes

to

only

one

device.

{2}MulticastSignal:-Signalthatgoestogroupofdevices.[3]BroadcastSignals:-SignalthatgoestoallN/Wdevices.

EthernetLanCardHalf&FullDuplexEthernet:-HalfduplexEth.Usesonlyonewirepairwithadigitalsignal

runninginbothdirectionsonwire.Thistypeofeth.Usualygiveonly3to4MBpsspeed.ButFullduplexethernetuses2pairsofwiresinapointtopointconnection.Ithasnocollision.IfaHubisattachedtoaswitch,ItmustoperateinHalfduplexmode.Becausetheend.stationmustbeabletodetectcollision.

Fullduplexethcanbeusedinthreesituations-(1)Withaconnectionfromswitchtohost.(2)Withaconnectionfromswitchtoswitch.(3)Withaconnectionfromhosttohostusingcrossovercable.

EthernetCables:-Vocabulary:-(1)10BaseX=Here10=10Mbps(Signaltransmissionspeed.

Base=BaseBand.X=value{Ex.2here2=200metrerangeofdataflow}T=TwistedpairF=fibreL=link


7/73

TypesofCables:-(1)10baseTX(2)1000baseTX(3)1000baseSX:-TheimplimentationofGigabitethrunningovermultimodefibreopticalcable

&usingshortwavelengthlaser.(4)1000baseLX:-ImplimentationofGigabitethoversingle&multi-modefibre,usinglong

wavelengthlaser.(5)1000baseCX:-ImplimentationofGigabitethoverbalanced150ohmcuppercabling&uses9

pinhighspeedSerialdataconnector(HSSDC).(6)10GbaseSR:-2to300metredataflowcapacity.(7)10GbaseLR:-2metreto10Km.(8)10GbaseER:-Implimentationof10Gigabiteth,runnungoversinglemodefibre.Transmission

distanceis2metreto40Km.

CSMA/CDProtocolCariersencemultipleaccess/CollisiondetectionprotocolisusedbyNICasamachanismtosend

informationsinasharedEnviroment.Itworkstodetectcollisionandhelptostopcollision.HowItWorks?:-

(1.)Itlistiontothen/wthattherearenotanyotherstationdatatransmitting.WhenitfindIFG(Interframegap)thanittransmitthedata.

(2.)n/wiscontinuouslymonitoredforIFG.(3.)When2ormorestationsarelistioningatthesametime,itdetectscollision.(4.)Transmissionstoppedimmediately,ifitfindscollision.

Cables

CoaxialCable:-Coaxialcable,orcoax,isanelectricalcablewithaninnerconductorsurroundedbyatubularinsulatinglayertypicallyofaflexiblematerialwithahighdielectricconstant,allofwhicharesurroundedbyaconductivelayercalledtheshield(typicallyoffinewovenwireforflexibility,orofathinmetallicfoil),andfinallycoveredwithathininsulatinglayerontheoutside.Coaxialcable

is

used

as

atransmission

line

for

radio

frequency

signals,

in

applications

such

as

connectingradiotransmittersandreceiverswiththeirantennas,computernetwork(Internet)connections,anddistributingcabletelevisionsignals.

Coaxialcablediffersfromothercablebecauseitisdesignedtocarryradiofrequencycurrent.Thishasafrequencymuchhigherthanthe50or60Hzusedinmains(electricpower)cables,reversingdirectionmillionstobillionsoftimespersecond.


8/73

TwistedpairCable:-Thiscablehas4twistedpairs.Ithastwotypes-

{1.)STP:-Thiscablehasacoatingoveritsallwiresthatpreventelectro-magnetic-field.Sothiscableprovidefasterperformance.

{2.}UTP:-Thiscableisopensealdedmeansitconfictswithitsouterelectro-magneticfield.TypesofUTPCables:-

(1.)Cat1:-Twotwistedpairs.Usedinoldtelephoneservices.(2.)Cat2:-Fourtwistedpairs.Suitableforupto4Mbpsspeedwith10MHzfrequency.(3.)Cat3:-Fourtwistedpairs.10Mbpswith16MHzfrequency.(Sincemid1980)(4.)Cat4:-Fourtwistedpairs,16Mbpswith100MHz.(5.)Cat5:-Fourtwistedpairs,100Mbpswith100MHz.(6.)Cat5e:-Fourtwistedpairs,100Mbpswith100MHz.CapableofhandlingthedisturbanceoneachpairwhichisneededforGigabiteth.(7.)Cat6:- Fourtwistedpairs,250MHz.


9/73

Therearetwotypesofcablesacordingtoitsconfiguration.(1)StraightThroughcable

Colors

Colors

(2)CrossOvercable

Colors


10/73

{Codingofcolors:- g=white-green, G=green, o=white-orange, O=orange,b=white-blue, B=blue, br=white-brown, Br=brown}

Pins

{Note:-Straight-thruCableisusedtoconnectdifferetndeviceslikepctohubCross-overcableisusedtoconnectsamedeviceslikeswitchtoswitchButIfwewanttoconnectmodemtopcthenwewillusecross-overcable}

Colourcoding:-T-568A T-568B

1. Green/White 1.Orange/White2. Green 2.Orange3.

Orange/White

3.

Green/White

4. Blue 4.Blue5. Blue/White 5.Blue/White6. Orange 6.Green7. Brown/White 7.Brown/White8. Brown 8.Brown

Fibre-opticCableThismedia isused inwirelessnetworking.Opticalfiber is usedbymany telecommunications

companies totransmittelephonesignals,Internetcommunication,andcabletelevisionsignals.Due tomuchlowerattenuationandinterference,opticalfiberhaslargeadvantagesoverexistingcopperwireinlong-distanceandhigh-demandapplications.

Modernfiber-opticcommunicationsystemsgenerallyincludeanopticaltransmittertoconvertanelectricalsignalintoanopticalsignaltosendintotheopticalfiber,acablecontainingbundlesofmultipleopticalfibersthatisroutedthroughundergroundconduitsandbuildings,multiplekindsofamplifiers,andanopticalreceivertorecoverthesignalasanelectricalsignal.Theinformationtransmittedistypicallydigitalinformationgeneratedbycomputers,telephonesystems,andcabletelevisioncompanies.


11/73


12/73

distanceunrepeateredtransmissionuptoaround50km.(2)Thesmalldiameter(10m)ofthecorenecessitatestheuseofexpensivelaserdiodesto

enableefficientlightcouplingandpasssufficientlightintothefibre.(3)Theperformanceofsingle-modefibreissogoodthatitistheonlytypeoffibreusedfor

longdistancelinks.

Multi-Modefiber-opticcablehasalittlebitbiggerdiameter,withacommondiametersinthe50-to-100micronrangeforthelightcarrycomponent(intheUSthemostcommonsizeis62.5um).Multimodefibergivesyouhighbandwidthathighspeeds(10to100MBS-Gigabitto275mto2km)overmediumdistances.

Multi-modefibrehasthefollowingcharacteristics:-(1)Thefibrecancapturelightfromthelightsourceandpasslighttothereceiverwithhigh

efficiency,so

can

be

used

with

low-cost

light

emitting

diodes

(LEDs).(2)Low-costcomesatacost!Multi-modemodaldispersionseverelylimitstheusable

bandwidth.

(3)Multi-modefibressufferfromhigherlossesthansinglemodefibres.Forexample,Mercury'sMultimodefibreisspecifiedat0.8dB/kmatawavelengthof1310nm.


13/73

(1)Loosetubecable.(2)TightBufferedcable.

BASICCABLEDESIGNOFFiberOptic

Inaloose-tubecabledesign,Agelfillingcompoundimpedeswaterpenetration.Withtight-bufferedcabledesigns,thebufferingmaterialisindirectcontactwiththefiber.Thisdesignissuitedfor"jumpercables"whichconnectoutsideplantcablestoterminalequipment

Internet-ProtocolIPworkstoprovidelogicaladdressing(IP-Address).Itisresponsiblefornetworkhost

communication.Itisagroupofprotocolsthatenablecommunicationbetweencomputers.IPprotocolincludes:-

(1.)TCP (Transmissioncontrolprotocol):-Thisprotocolworkstotransmitthedataandprovideusaconfermationmessegethatthedatahasbeensentornot.ThismessegeiscalledAchnowledgementandgeneratedwiththehelpofICMPorIGMP.

(2.)UDP(Userdatagramprotocol):-ThisprotocolalsoworktotransmitthedatabutitneverprovideanyAcknowledgement.Ittramitthedatainsmallpackets,SoitisfasterthenTCP.

(3.)ICMP(Internetconnectionmessageprotocol):-Thisprotocolworkstogeneratemesseges.Itgenerateonemessegeforonesystem.

(4.)IGMP(Internetgroupmanageprotocol):-Itworkstogenerategroupmesseges.


14/73

TherearefourmajordifferencesbetweenUDPandTCP:1.TCPcanestablishesaConnectionandUDPcannot.2.TCPprovidesastreamofunlimitedlength,UDPsendssmallpackets.3.TCPguranteesthataslongasyouhaveaconnectiondatasentwillarriveatthedestination,UDP

providesnotguaranteedelivery.4.UDPisfasterforsendingsmallamountsofdatasincenoconnectionsetupisrequired,

thedatacanbesentinlesstimethenittakesforTCPtoestablishaconnection.OSIRefrenceModel

TheOSI(OpenSystemInterconnection)wasgivenbyISO(InternationalOrganizationforStandardization)in1970. Itprovidesaframeworkforcreatingandimplementingnetworking standards,devices,andinternetworkingschemes.

TheOSImodelhas7layerstodescribethenetworkdatatransmissionandscemes.7 Application

La er

ProvidesUserInterface,ProvidesServices

DataofPDU DATA6

PresentationLayer

Representdata,HandleProcessingi.e.encryption,compretion

DataofPDU(PacketdataUnit)

DATA

5 SessionLayer KeepdataSeprateofdifferent applicationsDefinethesession.

DataofPDU DATA

4 TransportLayer

ProvideReliable&UnreliableDeliverywithendtoendconnection

Data+TCP/UDP SEGMENT

3 NetworkLayer ProvideslogicaladdressingwithRouting

Data+TCP/UDP

+IPPACKET Router

2 Data-linkLayer

ProvideaccesstomediausingMACwithFrames

Data+TCP/UDP

+IP+MacFRAME Switch,

Bridge1 PhysicalLayer Movesdatabetween

devices,Usesphysicaltopology

Datainbits Bits Hub,Repeater


15/73

TransportLayer:-Features:-

(1)Flowcontroll:-Itpreventsasendinghostononesideoftheconnectionfromoverflowingthebuffersinthereceivinghostaneventthatcanresultinlostdata.involvedensurethefollowingwillbeachieved:

1.Thesegmentsdeliveredareacknowledgedbacktothesenderupontheirreception.2.Anysegmentsnotacknowledgedareretransmitted.3.Segmentsaresequencedbackintotheirproperorderuponarrivalattheirdestination.4.Amanageabledataflowismaintainedinordertoavoidcongestion,overloading,and

dataloss.(2)Windowing:-Thequantityofdatasegmentsthatthetransmittingmachineisallowedtosend

withoutreceivinganacknowlagementiscalledasawindowandtheprocesswhichsendawindowiscalled

windowing.

Data-linkLayer:-TheIEEEethdatalinklayerhastwosublayers.(1)Media accesscontrol(MAC)802.3:-Definesthathowpacketsareplacedonthemedia

(firstcome,firstserved),linedisciplinerrornotification,orderdeliveryof frames&optimalflowcontrollcanalsobeusedatthissublayer.Physicaladdressing(MAC)isdefinedhere.

(2)Logicallinkcontroll(LLC)802.2:-Respondingforidentificationn/wlayerprotocols&thenencapsulatingthem.Ittellsthedata-linklayer,whattodowithapacketonceaframeisreceived.(Whenthepacketisdestiniedfor).

EthernetatData-linklayer:-isrespondingforethaddressing&alsoresponsibleforframingpackets,receivedfromthen/wlayerandpreparingfortransmission.Thereare4differenttypesofethframesavailable-

(1)ethernet_2 (2)IEEE802.3 (3)IEEE802.2 (4)SNAPDODModel

ThismodelwasgivenbyDepartmentofDefence.Ithasfourlayers.(1)Application/Processlayer:-makesbyapplication,presentation&sessionlayerofosi

model.

(2)HosttoHostlayer:-Transportlayerofosimodel.(3)Internetworklayer:-Networklayerofosimodel.(4)N/wInterfaceLayer:-Data-link&Physicallayerofosimodel.


16/73

CollisionandBroadcastDomainInaWANthedataflowswidely&createscollisionmanytimes.Assamethinkthedatagoesto

manyhoststosearchhisdestination&createabroadcast.Collision&BroadcastdomainsarecreatedbyWANdevices.{1}HUB:-Ahubbroadcastthedatatohiseveryporttoreachdestination.Italsocreatecollision.

SoHubisSinglecollisionSinglebroadcastdomain.Thisdeviceisunabletobreakbroadcast.{2}Switch/Bridge:-Switchcreatesonebroadcast(Itcan'tbreakbroadcastong.).Ithasit'sown

MAC-tabletoidentifydestination,Soitstopcolision&managedataflow.That'swhyitisMulti-collosionSinglebroadcastdomain.

{3}Router:-Arouterisabletobreakebroadcasting.ItisaMulti-collisionMulti-broadcastdomain.

Process/Applicationlayerprotocols:-Protocols

(1)Telnet:-Itallowsauseronaremoteclientmachine.(2)SMTP:-{Simplemailtransferprotocol}isusedtosendmails.(3)POP:-{PostofficeProtocol}isusedtoreceivemails.(4)

FTP

:-

{File

transfer

protocol}.

It

allows

to

upload

&

download

files

in

an/w.

(5)TFTP:-{TrivialFTP}sendmuchsmallerblockofdata.SoitisfasterthanFTP&thereisnoauthenticationlikeFTP.

(6)SNMP:-{Simplen/wmanagementprotocol}.Itcollects&manipulatesvaluablen/winformations.

(7)NFS:-{N/wfilesystem}(8)X-Windows:-definesaprotocolforwritingclient/Serverapplications,basedonGUI.(9)LDP:- {LinePrinterdaemon}.Thisprotocolisdesinedforprintersharing.(10)DNSProtocolRARP(11)DHCP/Bootp:-{Dynamichostconfigurationprotocol}.

HosttoHost/Transportlayerprotocol:-(1)TCP:-Transmissioncontrolprotocol.(2)UDP:-Userdatagramprotocol.


17/73

Internetworklayerprotocol:-(1)IP:-{Internetprotocol}isresponsiblefordeterminingthesource&destinationIP-address

ofeverypacket.(2)DNSprotocolARP:-{AddressResolutionProtocol}.(3)ICMP:-{Internetcontrolmessageprotocol}.(4)IGMP:-{Internetgroupmessageprotocol}isusedtosupportmulticasting.

32bitsaddressTotal4octates,Everyoctatehas8bits.Totel5Classesaredefinedforthisversion.

IPversion-4

ClassA:-1to126 (Firstoctatevalue)ClassB:-128to191 ( )Class C:-192to223 ( )ClassD:-224to239 ( ):-isreservedforBroadcasting&MulticastingaddressingbyISP.Class E:-240to254 ( ):-isreservedbysomeresearchorganisationsforexperimentalpurpose.LoopbackAddress:-127.0.0.1BroadcastAddress:-a.b.c.255N/wID:- a.b.c.0

TherearetwodifferentrangesprovidedbyISP'sforuses:-(1)PublicIPrange:-TherangeisreservbyISP(2)Privateiprange:-TherangeopenedforGeneraluse.

PrivateIPRange:-ClassA:-10.0.0.0 to 10.255.255.255.0


18/73

ClassB:-172.16.0.0 to 172.31.255.255ClassC:-192.168.0.0 to 192.168.255.255

SubnetMask:-Thesubnetmaskvalueshowstheonnetworkbitsinournetwork.Thehostbitsarenotrepresentedbysubnet.

Wildcard:-Thewildcardvalueshowtheno.ofallowedhostsinanetwork.Like-ifawildcardvalueis0.0.0.32for192.168.1.0n/wthenitwillcommunicateonly32hostsinthisn/wfrom192.168.1.1to192.168.1.32

Total6blocksPerblock8bits.

MACAddress

Block/Octateno.1,2&3aredefinedbyIEEE{Instituteofelectrical&electronicsengineers}Octateno.4,5&6aredefinedbythevender.Thisistotal48bitsaddress.TheaddressisgiveninHexadesimallanguageEx.:-

12:03:E0:FC:7B:72Note:- IANA(InternationalAssignedNumberAuthority)isresponsiblefortheglobalcoordinationoftheDNS-root,IP-addressing&otherinternationalprotocolresources.

VLSM(VariablelengthSubnetmask)ItisasteppingstonefromsubnettingtoCIDR(ClasslessInter-DomainRouting).

CIDR

WiththeadventofCIDR,theoriginalclass-basedschemehasbeenalmostcompletelydiscarded.SubnettingisusedtodevideCIDR-blocks.

Subnetting

No.ofbits ClassA(/8-/15) ClassB(/16-/23) ClassC(/24-/31)0(Default) 255.0.0.0 255.255.0.0 255.255.255.0


19/73

1 255.128.0.0 255.255.128.0 255.255.255.1282 255.192.0.0 255.255.192.0 255.255.255.1923 255.224.0.0 255.255.224.0 255.255.255.2244 255.240.0.0 255.255.240.0 255.255.255.2405 255.248.0.0 255.255.248.0 255.255.255.2486 255.252.0.0 255.255.252.0 255.255.255.2527 255.254.0.0 255.255.254.0 255.255.255.254

(UnusedSubnet)8(Default+8) 255.255.0.0 255.255.255.0 255.255.255.255

(BroadcastAddress)

Counting:-

(1)TotalSubnets=2n 2 {Heren=onbits}(2)ValidSubnets=2n(3) ValidHosts=2y -2 {Herey=offbits}(4) ValidNetworks=2n(5) NetworkId's=?

Supernetting

CIDRvalue SupernetMask No.ofClass-Cn/w No.ofHosts14 255.252.0.0 102415 255.254.0.0 51216 255.255.0.0 25617 255.255.128.0 12818 255.255.192.0 6419 255.255.224.0 3220 255.255.240.0 1621 255.255.248.0 822 255.255.252.0 423 255.255.254.0 224 255.255.255.0 1


20/73

25 255.255.255.128 1\226 255.255.255.192 1\427 255.255.255.224 1\828 255.255.255.240 1\1629 255.255.255.248 1\3230 255.255.255.252 1\64

Howtocalculate?Que.WehaveThreen/ws192.168.1.0,192.168.2.0,192.168.5.0 Whatwill

thenewSupernetforthesen/ws?Ans.n/w-1=>192.168.1.0= 11000000.10101000.00000001.00000000

n/w-2=>192.168.2.0= 11000000.10101000.00000010.00000000n/w-3=>192.168.5.0= 11000000.10101000.00000101.00000000

Sonewn/wbitsare:- 11111111 . 11111111.11111 000.00000000Samematchedbits Unmatchedbits

SonewSupernetis= 255.255.248.0

Total128bitsversionTotalhexa-blocks=081Hexa-block=16bits

IPversion-6

Desimal Hexadesimal Binary(4bits)0 0 00001 1 00012 2 00103 3 00114 4 01005 5 01016 6 01107 7 01118 8 1000


21/73

9 9 100110 A 101011 B 101112 C 110013 D 110114 E 111015 F 1111

Internetprotocolversion6(IPv6)istheNextGenerationInternetLayerProtocolforpacketswitchedinternetworks&internet.

InDec.1998,TheIETF(InternationalEngineeringTaskForce)desinedIPv6asthesuccessortoIPv4.

IPv4 providesanaddressingcapabilityofabout4bilionaddresses=232

.ThemostimportantfeatureofIPv6isamuchlargeraddressspacethanIPv4.Ipv6-addressspace

supports2128 =3.4*1038 addressing.Ipv6addressesarenormallywrittenaseightgroupsoffourHexadesimaldigits,whereeach

groupisseparatedbycolon.i.e. 2001:0db8:85a3:0000:0000:8a2e:0000:7334or 2001:0db8:85a3::8a2e:0:7334or 2001:db8:85a3::8a2e:0:7334

Note:-Wecanuse::onlyonetimeinanaddress.Ipv6-CIDRAddress:-

2001:db8:1234:85a3:0000:0000:8a2e:7334/48meansthat-

Herefirst48bitsareFixforn/w(fromleft)&theotherbitsareforhosts.2001:db8:1234:0:0:0:0:0

n/w-bits hostbitsThefullvalueforanyblockisFFFFEx.:- FE80:0000:0000:CC00:A0C4:ABCD:1234:9B4D/64Here- --:C4:AB:34:9B:4DisMACofNICHowtoconvertIPv4-addressintoIPv6-address?

Ex.:-IPv4address=192.168.1.2


22/73

Desimal=192 . 168 . 1 . 2Binary = 11000000 . 1010 1000 . 0000 0001 . 0000 0010Hexvalue= C 0 . A 8 . 0 1 . 0 2

Solast

2blocks

of

IPv6

are

=

C0A8

:0102

SoThenewIPv6Addressis=::ffff:C0A8:0102or=0:0:0:0:0:ffff:C0A8:102

FixAddressesinIPversion6:-1. loopbackaddress= :: 12. Reserveforlocalunicast=ff80::/103. ReserveforGlobalunicast=2000:/34. Multicastaddressrange=ff00:/8

CISCOHERARCHICALMODEL

Corelayer

Distributionlayer

SwitchSwitch Switch

Switch

Accesslayer


23/73

(1)Corelayer:-Itprovidesoptimaltransportbetweensites.(2)Distributionlayer:-Itprovidespolicybasedconnectivity.AlsocalledasWorkgroup

layer.Thisisacommunicationpointbetweenaccessandcorelayer.Itplacetoimplementn/w-policies,accesslist,routingetc.

(3)Access layer:-Itprovidesuseraccesstonetwork.Italsocalledn/w-layer.

RouterMemory:-Router

(1)DynamicMemory(Ram):-Mainstoragememory.Calledasworkingstoragememory.Itcontainstherunningdynamicconfigurationinformation.(2)NonvolatileMemory(Rom):-Itcontainsabackupcopyofconfiguration.(3)FlashMemory:-ItcontainsacopyofCISCO-IOSsoftware.

RouterPorts&CableConnections:-(1)ETh./Fast-eth.Port:-ConnectstoLANviaUTP/STPcable.(2)Aux(Auxillary)port:-Connectstomodemforremoteconfigurationviatelnet.(RJ45connectorport)(3)ConsolePort:-ConnectstoPcforlocalconfigurationviaConsole/Rolledcable.(4)SerialPort:-ConnectstoanotherrouterviaV.35/Back-bonecable.(60pinsport)(5)BRIandPRIPort:-ConnectstoISDN/Leaseline.(Basic/Primaryrateinterface)

RoutingProtocols:-(1)DistanceVectorProtocol:-Thisprotocolusethedistancetoaremoten/w,tofindthe

bestpath.Eachtimeapacketgoesthrougharouter,calledHOPEmeansthedatapacketsthatflowsfromarouterportinatimeiscalledashope.Theroutewiththeleastnumberofhopstothenetworkisdeterminedtobethebestroute.Ex:-RIP&IGRP{Routinginformationprotocol/Interiorgatewayroutingprotocol}


24/73

(2)LinkStateProtocol:-AlsocalledasShortestpathfirstprotocol.Thisprotocolusethreestepsforworking-

1. Trackdirectlyattachedneighbours.2. Determinestheentriesofn/wtopology.3. UsedRoutingTable.

Ex-OSPF{Openshortestpathfirst}(3)HybridProtocol:-Usesaspectsofdistancevectorandlinkstate.Ex-EIGRP{Enhanced

Interiorgatewayroutingprotocol}RouterModes:-

1.Router>enable


25/73

10.Router#showflash:


26/73

R#loginreset

Step-3NowrestarttheRouterandgotoRommonmodeagain.>confregdefault>reset

Step-4NowRouterwillopeninRommonmode.>boot

Vinod D.Lande

RouterBackupStep-1Installtftpserverinlocalpcandopenit,SetIPonrouterandcheckcommunicationbetween

routerandpcviaping.Step-2

Router#showflash: {checkIOSname}Router#copyflash: tftp:

{Giveiosfilename


27/73

#configuretermnal


28/73


29/73

DNSonRouter

FirststepistoenabletheDNSserviceontherouter.R1#configureterminalR1(config)#ipdnsserverNext,weneedtoconfiguretherouterwithapublicnameserverR1(config)#ipname-server4.2.2.5R1(config)#ipname-server4.2.2.6TheCiscoIOSwillallowyoutoenterupto6differentnameservers(essentiallyDNSservers).UsuallyyouwoulduseyourISP'sDNSservertoensureyouhavequickresponses,thenplaceafewfreepublicDNSserverssuchastheonesabove.Thiswillensurethatyou'llgetaDNSresponsefromeitheryourISPorpublicDNSservers.NextstepistoconfigureyourDNSserverwiththehostnamesofyourlocalnetworkR1(config)#iphostalan192.168.1.10 R1(config)#iphostjohn192.168.1.11R1(config)#iphostwayne192.168.1.12R1#pingwayne


30/73

RoutingWecanconfigurethefollowingtypeofrouting:-

{1}DefaultRouting:-Thisroutingdoesnotneedtoconfigureanynetworktocommunicatewith.Wewillgivezerovalueforanynetworkinthisrouting

{2}StaticRouting:-Wehavetodefinemanualnetworkpathtocommunicateournetworksinthistypeofrouting.

{3}DynamicRouting:-Thisroutingusessomeprotocolsfornetworkcommunication. Ithasthefollowingtypes-

(1)RIP(Routing Informationprotocol):-{DistanceVector}RoutingInformationProtocol(RIP)isatruedistance-vectorrouting protocol.Itsendsthecompleteroutingtableouttoallactiveinterfacesevery30seconds.RIPonlyuseshopcounttodeterminethebestwaytoaremotenetwork,butithasamaximumallowablehopcountof15,meaningthat16isdeemedunreachable.RIPworkswellinsmallnetworks,butitisinefficientonlargenetworkswithslowWANlinks.

(2)Ripversion 2(RIP-2):-RIPversion1usesonlyclassfulrouting,whichmeansthatalldevicesinthenetworkmustusethesamesubnetmask.ThisisbecauseRIPversion1doesnotsendupdateswithsubnetmaskinformationinrow.RIPversion2provideswhatiscalledprefixroutinganddoessendsubnetmaskinformationwiththerouteupdates.Thisiscalledclasslessrouting.

(3)IGRP (InteriorGatewayRouting Protocol) {Hybrid}:-ThecommandusedtoconfigureIGRPisthesameastheoneusedtoconfigureRIProutingwithoneimportantdifference:youuseanautonomoussystem(AS)number.AllrouterswithinanautonomoussystemmustusethesameASnumber,ortheywillnotcommunicatewithroutinginformation.Thisnumberadvertisesonlytoroutersyouwanttoshareroutinginformationwith.

(4) EIGRP(EnhancedIGRP){LinkState}:-Arouter runningEIGRpstoresallit'sneighboursroutingtablessothatitcanquicklyadapttoalternaterouters.Ifnoappropriaterouteexists,EIGRPqueriesit'sneighbourstodiscoveranalternateroute.Thesequeriespropagateuntilanalternaterouteisfound.


31/73

(5)OSPFOpenShortestPathFirst){LinkState}:-ThisprotocolusedwithinlargerautonomoussystemnetworksinpreferencetotheRIP.

DefaultRouting:-

Router1:-Router(config)#iproute0.0.0.0 0.0.0.0 10.0.0.2Router(config)#end

Router#showrunning-config

Router2:-Router(config)#iproute0.0.0.0 0.0.0.0 10.0.0.1Router(config)#endRouter#showrunning-configEND*


32/73

StaticRouting:-

Route:-Router1Router(config)#iproute192.168.2.0255.255.255.010.0.0.2Router(config)#iproute192.168.3.0255.255.255.010.0.0.2Router(config)#iproute11.0.0.0255.0.0.010.0.0.2Router(config)#end


Route:-Router2Router(config)#iproute192.168.1.0255.255.255.010.0.0.1Router(config)#iproute192.168.3.0255.255.255.011.0.0.2Router(config)#end


Route:-Router3Router(config)#iproute192.168.2.0255.255.255.011.0.0.1Router(config)#iproute192.168.1.0255.255.255.011.0.0.1


33/73

Router(config)#iproute10.0.0.0255.0.0.011.0.0.1Router(config)#endRouter#showrunning-configEND*

RIP(RoutingInformationProtocol)Routing{Dynamic}

Route:-Router1Router(config)#routerripRouter(config-router)#network10.0.0.0Router(config-router)#network192.168.1.0Router(config-router)#end


Route:-Router2Router(config)#routerrip


34/73

Router(config-router)#network192.168.2.0Router(config-router)#network10.0.0.0Router(config-router)#network11.0.0.0Router(config-router)#end


Route:-Router3Router(config)#routerripRouter(config-router)#network192.168.3.0Router(config-router)#network11.0.0.0Router(config-router)#end

Router#showrunning-configEND*

{Note:-IfwewanttosetRipvirsion-2Routingthenwewillgiveonlyonecmdextraatthefollowingterminal-Router(config-router)#version2}END*


35/73

OSPF(Open shortestpathfirst)Routing{Dynamic}

Router1:-erial0=10.0.0.1[Backbonerouter/BBR]erial1=11.0.0.1

tEhernet=192.168.1.1:-

erial0=10.0.0.2[Autonomousboarderrouter/ABR]erial1=12.0.0.1

erial2=13.0.0.1

tEhernet=192.168.2.1

S

S

Router2S

S

S


36/73

Router3:-

Serial0=11.0.0.2[ABR]Serial1=14.0.0.1

Serial2=15.0.0.1

Ethernet=192.168.3.1

Router4:-

Serial0=12.0.0.2[Autonomoussystemboarderrouter/ASBR]Ethernet0=192.168.4.1

Router5:-Serial0=13.0.0.2[ASBR]Ethernet0=192.168.5.1

Router6:-

Serial0=14.0.0.2[ASBR]Ethernet0=192.168.6.1

Router7:-

Serial0=15.0.0.2[ASBR]Ethernet0=192.168.7.1

[Router-idforthisroutingis:-1to65,535ThisiscalledasAutonomousnumber)Note:-Theautonomousno.foran/wwillbesame. Note:-InthistypeofroutingwewilluseWildMaskattheplaceofSubnet.]


37/73

RoutingRouter1:-Router(config)#routerospf10Router(config-router)#network10.0.0.0 0.255.255.255area0Router(config-router)#network11.0.0.0 0.255.255.255area0Router(config-router)#network192.168.1.0 0.0.0.255 area0Router(config-router#end

Router#showrunning-configRoutingRouter2:-Router(config)#routerospf10Router(config-router)#network10.0.0.0 0.255.255.255area0Router(config-router)#network12.0.0.0 0.255.255.255area1Router(config-router)#network13.0.0.0 0.255.255.255area1Router(config-router)#network192.168.2.0 0.0.0.255 area0Router(config-router#end

Router#showrunning-configoutingRouter3:-Router(config)#routerospf10Router(config-router)#network11.0.0.0 0.255.255.255area0Router(config-router)#network14.0.0.0 0.255.255.255area2Router(config-router)#network15.0.0.0 0.255.255.255area2Router(config-router)#network192.168.3.0 0.0.0.255 area0Router(config-router#end


38/73

Router#showrunning-configRoutingRouter4:-Router(config)#routerospf10Router(config-router)#network12.0.0.0 0.255.255.255area1Router(config-router)#network192.168.4.0 0.0.0.255 area1Router(config-router#end



Router#showrunning-configRoutingRouter7:-Router(config)#routerospf10Router(config-router)#network15.0.0.0 0.255.255.255area2


39/73

Router(config-router)#network192.168.7.0 0.0.0.255 area 2Router(config-router#endRouter#showrunning-configEND*

IGRP(Interiargatewayroutingprotocol)Routing{Dynamic}

RoutingRouter1:-Router(config)#routerigrp20Router(config-router)#network10.0.0.0Router(config-router)#network192.168.1.0Router(config-router)#end


RoutingRouter2:-Router(config)#routerigrp20


40/73

Router(config-router)#network10.0.0.0Router(config-router)#network11.0.0.0Router(config-router)#network192.168.2.0Router(config-router)#end


RoutingRouter3:-Router(config)#routerigrp20Router(config-router)#network11.0.0.0Router(config-router)#network192.168.3.0Router(config-router)#endRouter#showrunning-configEND*

{Note:-IfwewanttosetEIGRP(E=Enhanced)Routingthenwewillgiveonlyoneextracommandatthefollowingterminal-

Router(config)#routereigrp20}END*


41/73

PingRouterFromHostname

ThisisnecessarytogivehostnametoeveryrouterforthisTask.Thecommandforsettinghostnameis-Router(config)#

hostname

name

Router1-

Jaipur(config)#iphostJaipur10.0.0.1Jaipur(config)#iphostKota10.0.0.2Jaipur(config)#iphostAjmer11.0.0.2

Jaipur(config)#end

Jaipur#showhostRouter2-

Kota(config)#iphostKota10.0.0.2Kota(config)#iphostKota11.0.0.1

Kota(config)#iphostJaipur10.0.0.1Kota(config)#iphostAjmer11.0.0.2Kota(config)#end

Kota#showhost


42/73

Router3-

Ajmer(config)#iphostAjmer11.0.0.2Ajmer(config)#iphostKota11.0.0.1Ajmer(config)#iphostJaipur10.0.0.1Ajmer(config)#endAjmer#showhostNowcheckit-Ajmer#pingAjmerAjmer#pingKotaAjmer#pingJaipurEND*

3WANProtocolsyoushouldknow:HDLC,PPP,andFrame-Relay

YourcompanyisconnectedtotheInternet,right?(everyonenodyourheadyes)SowhatWANprotocoldoyouusetoconnecttotheInternet?Chancesare,thatifyouhaveaT1leasedlinetotheInternetoraprivatenetworkbetweenlocations,youuseoneofthesethreeWANProtocols:HDLC,PPP,orFrame-relay.Letsexplorethedifferencesandsimilaritiesoftheseprotocols.WhatisHDLC?HDLCstandsforHigh-LevelDataLinkControlprotocol.LikethetwootherWANprotocolsmentionedinthisarticle,HDLCisaLayer2protocol(seeOSIModelformoreinformationonLayers).HDLCisasimpleprotocolusedtoconnectpointtopointserialdevices.Forexample,youhavepointtopointleasedlineconnectingtwolocations,intwodifferentcities.HDLCwouldbetheprotocolwiththeleastamountofconfigurationrequiredtoconnectthesetwolocations.HDLCwouldberunningovertheWAN,betweenthetwolocations.Eachrouterwouldbede-encapsulatingHDLCandturningdroppingitoffontheLAN.

HDLCperformserrorcorrection,justlikeEthernet.CiscosversionofHDLCisactuallyproprietarybecausetheyaddedaprotocoltypefield.Thus,CiscoHDLCcanonlyworkwithotherCiscodevices.


43/73

HDLCisactuallythedefaultprotocolonallCiscoserialinterfaces.Ifyoudoashowrunning-configonaCiscorouter,yourserialinterfaces(bydefault)wonthaveanyencapsulation.ThisisbecausetheyareconfiguredtothedefaultofHDLC.Ifyoudoashowinterfaceserial0/0,youllseethatyouarerunningHDLC.

WhatisPPP?YoumayhaveheardofthePointtoPointProtocol(PPP)becauseitisusedformosteverydialupconnectiontotheInternet.PPPisbasedonHDLCandisverysimilar.Bothworkwelltoconnectpointtopointleasedlines.ThedifferencesbetweenPPPandHDLCare:

PPPisnotproprietarywhenusedonaCiscorouterPPPhasseveralsub-protocolsthatmakeitfunction.PPPisfeature-richwithdialupnetworkingfeatures

BecausePPPhassomanydial-upnetworkingfeatures,ithasbecomethemostpopulardialupnetworkingprotocolinusetoday.Herearesomeofthedial-upnetworkingfeaturesitoffers:

Linkqualitymanagementmonitorsthequalityofthedial-uplinkandhowmanyerrorshavebeentaken.Itcanbringthelinkdownifthelinkisreceivingtoomanyerrors.MultilinkcanbringupmultiplePPPdialuplinksandbondthemtogethertofunctionasone.AuthenticationissupportedwithPAPandCHAP.Theseprotocolstakeyourusernameand

passwordtoensurethatyouareallowedaccesstothenetworkyouaredialinginto.TochangefromHDLCtoPPP,onaCiscorouter,usetheencapsulationpppcommandonwanport,likethis:

Router(config-if)#encapsulationppp

WhatisFrame-Relay?FrameRelayisaLayer2protocolandcommonlyknownasaservicefromcarriers.Forexample,peoplewillsayIorderedaframe-relaycircuit.Framerelaycreatesaprivatenetworkthroughacarriersnetwork.

This

is

done

with

permanent

virtual

circuits

(PVC).

A

PVC

is

aconnection

from

one

site,

to

anothersite,throughthecarriersnetwork.Thisisreallyjustaconfigurationentrythatacarriermakesontheirframerelayswitches.Obtainingaframe-relaycircuitisdonebyorderingaT1orfractionalT1fromthecarrier.Ontopofthat,youorderaframe-relayport,matchingthesizeofthecircuityouordered.Finally,youorderaPVCthatconnectsyourframerelayporttoanotherofyourportsinsidethenetwork.Thebenefitstoframe-relayare:


44/73

Abilitytohaveasinglecircuitthatconnectstotheframerelaycloudandgainaccesstoallothersites(aslongasyouhavePVCs).Asthenumberoflocationsgrow,youwouldsavemoreandmoremoneybecauseyoudontneedasmanycircuitsasyouwouldifyouweretryingtofully-meshyournetworkwithpointtopointleasedlines.

ImproveddisasterrecoverybecauseallyouhavetodoistoorderasinglecircuittothecloudandPVCstogainaccesstoallremotesites.

ByusingthePVCs,youcandesignyourWANhoweveryouwant.Meaning,youdefinewhatsiteshavedirectconnectionstoothersitesandyouonlypaythesmallmonthlyPVCfeeforeachconnection.

Someothertermsyoushouldknow,concerningframerelayare: LMI=localmanagementinterface.LMIisthemanagementprotocolofframerelay.LMIissent

betweentheframerelayswitchesandrouterstocommunicatewhatDLCIsareavailableandifthereiscongestioninthenetwork.

DLCI=datalinkconnectionidentifier.ThisisanumberusedtoidentifyeachPVCintheframerelaynetwork.

CIR=committedinformationrate.Thisistheamountbandwidthyoupaytoguaranteeyouwillreceive,oneachPVC.GenerallyyouhavemuchlessCIRthanyouhaveportspeed.Youcan,ofcourse,burstaboveyourCIRtoyourportspeedbutthattrafficismarkedDE.

DE=discardeligible.TrafficmarkedDE(thatwasaboveyourCIR)CANbediscardedbytheframe-relaynetworkifthereiscongestion.

FECN

&

BECN

=

forward

explicit

congestion

notification

&

backward

explicit

congestion

notification.ThesearebitssetinsideLMIpacketstoalerttheframe-relaydevicesthatthereiscongestioninthenetwork.

ISDN-Theory

ISDNisacircuitswitchedservice.Itusedasalowcostalternativetoframe-relay.ISDNserviceisofferedattwolavels:-

(1)BRI(Basicrateinterface)=Typicallyusedinsmalloffices.(2)PRI(Primaryrateinterface)=Usedinlargerenvironmentsbecauseitprovideshigh

bandwidth.


45/73

BRI =2*B-channels+1*D-channel=2*64+16kbps =144kbpsspeed

T-1PRI=23*B-channel+1*D-channel=23*64+64kbps =1.544mbps

T-2PRI=30*B-channel+1*D-channel=30*64+64 =2.048mbps

=>ISDN-components:-

(1)TA(Terminaladapter)=devicethatallowsnon-isdndevicetooperateonanISDNn/w.ConnectserialinterfacewithISDN.(2)TE-1(Terminalequipment)/Router=devicethatcanconnectdirectlytoanISDNn/w. IthasBRIorPRIporttoconnectwithISDN.(3)TE-2/Router=devicethatcanntsupporttoISDNn/w.ThisdeviceconnectswithTAtoconnectISDNn/w.IthasnoBRIorPRIport.(4)NT-1(n/wtermination)=AsmallconnectionboxthatisattachedtoISDN-BRIlines.

(5)NT-2=Adevicethatprovidesswitchingservicefortheinterneln/w.ThistypeofinterfaceistypicallyusedwithISDN-PRIlines.


46/73

Router-1:-Router>enRouter#configureterminal

ISDN-Configuration

Router(config)#isdnswitch-typebasic-niRouter(config)#dialer-list 1protocolippermitRouter(config)#interfacebri0/0Router(config-if)#ipaddress10.1.1.1255.0.0.0Router(config-if)#noshutdownRouter(config-if)#dialer-group 1Router(config-if)#isdnspid1 32177820010100Router(config-if)#dialer string 7782001


47/73

Router(config-if)#endRouter#showisdnstatusGlobalISDNSwitchtype=basic-niISDNBRI0interfacedsl0,interfaceISDNSwitchtype=basic-niRouter 2:-Router>enRouter#conf tRouter(config)#hostname r2r2(config)#isdnswitch-typebasic-nir2(config)#dialer-list1protocolippermitr2(config)#interfacebri0/0r2(config-if)#ipaddress10.1.1.2 255.0.0.0r2(config-if)#noshutdownr2(config-if)#dialer-group1r2(config-if)#isdnspid1 32177820020100r2(config-if)#dialerstring 7782002r2(config-if)#end****************Afterconfiguringbothrouters,checkstatus**********************Router#showisdnstatusGlobalISDNSwitchtype=basic-ni


48/73

ISDNBRI0interfacedsl0,interfaceISDNSwitchtype=basic-niLayer1Status:ACTIVE

Router#ping 10.1.1.2Sending5,100-byteICMPEchosto10.1.1.2,timeoutis2seconds:!!!!!

Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4msRouter1#showisdnactiveISDNACTIVECALLSCallCallingCalledRemoteSecondsSecondsSecondsCharges--------------------------------------------------------------------------------Out17820022617900In17820012215722

FrameRelay(Theory)Frame-relayisahighperformanceWAN-protocolthatoperatesatthePhysical&Data-linklayer.Virtualcircuitsinframe-relayprovidesabi-directionalcommunicationpathfromoneDTEdevice

toanotherandareuniqueidentifiedbyData-linkconnectionIdentifier*(DLCI)Thetechnologyusedinframe-relayallowsittomultiplexseveraldataflows,overthesame

physicalmedia.TheLMI(LocalManagementInterface)isoffersanumberoffeatureformanagingcomplex

inter-network.LMIwasdevelopedin1990byfour-companiesknownasGangoffour(CISCO+StrataCom+NorthernTelecom+DEC).


49/73

LMIuseskeepalivepackets(sendevery10secondbydefault)toverifytheframe-relaylink.EachvirtualcircuitrepresentedbyitsDLCInumber,canhaveoneofthreeconnectionstatus:-{A}ACTIVE-Connectionisworking&routerscanuseittoexchangedata.{B}INACTIVE-Connectionfromlocalroutertoswitchisworking,Butconnectiontothe

remoterouterisnotavailable.{C}DELETE-NoLMIinformationisbeingreceivedfromframe-relayswitch.

LMI-Type

(1)CISCO(2)ANSI(3)Q933A

TheITU-T(Q.933A)issuppliedbyISP,thatservesasaconnectiontothepublicdatan/w(PDN)DTEisknownasCPE(customerpremiseequipment).IfyouconnectyourCisco-routertoaframe-relayswitch(ProvidedbyPhonecompany),The

CiscorouteristheCPE(DTE)&Theframe-relayswitchisDCE.

Frame-RelayConfiguration

FullForms:-{LMI=LocalmanagementInterface DLCI=Data-linkconnectionidentifier


50/73

PVC=Permanentvirtualcircuit SVC=Switchedvirtualcircuit}Router1:-Router>en

Router#configure tRouter(config)#hostnameRouter1Router1(config)#ints0/0Router1(config-if)#encapsulationframe-relayRouter1(config-subif)#ip address150.1.1.1 255.255.0.0Router1(config-subif)#frame-relay interface-dlci 100Router1(config-subif)#noshutdownRouter1(config-subif)#endRouter1#shframe-relay pvc

PVCStatistics

for

interface

Serial0/0.1

(Frame

Relay

DTE)

DLCI=100,DLCIUSAGE=LOCAL,PVCSTATUS=ACTIVE,INTERFACE=Serial0/0.1pvccreatetime00:32:04,lasttimepvcstatuschanged00:32:05

Router2:-Router>enRouter#configuretRouter(config)#hostnameRouter2Router2(config)#ints0/0


51/73

Router2(config-if)#encapsulation frame-relayRouter2(config-subif)#ipaddress 150.1.1.2 255.255.0.0Router2(config-subif)#frame-relayinterface-dlci 200Router2(config-subif)#noshutRouter2(config-subif)#endRouter1#shframe-relaypvc

ACL(Accesscontrolllist)1. StanderedAccess-list(Roule=1to99IP-address)2. ExtendedAccess-list(Route=100to199IP/TCP/UDPinformation)

Allow/DenypermissionsbyStanderedACL- ThisACLblockIpaddressorN/w.TEST-1.Deny192.168.2.2foralln/wRouter(config)#accesslist1denyhost192.168.2.2


52/73

#access-listpermitany#int eth0/0

Router(config-if)#ipaccess-group 1 in#exit

router(config)#interfaceserial0/0#ipaccess-group1out#end

TEST-2.Deny192.168.1.0foralln/w.Router(config)#access-list2deny192.168.1.0 0.0.0.255

#access-list2permitany#inteth0/0

Router(config-if)#ipaccessgroup2in#exit


Allow/DenypermissionsbyExtendedACL- WiththehelpofthisACLwecanrestrictanIpaddressorn/wprotocol,portorservicetoothern/w.Note:-TheIpincludesICMP,TCPandUDP.TEST-1.Restrict192.168.1.3telnetfor192.168.2.3Router(config)#access-list101denyip192.168.1.3 0.0.0.0 192.168.2.3 0.0.0.0eq23

#access-list101permitanyany


53/73

#inteth0/0Router(config-if)#ipaccess-group101in

#exitrouter(config)#interfaceserial0/0

#ipaccess-group101out#end

TEST-2.Restrict192.168.1.3http for192.168.2.0n/wRouter(config)#access-list102denyip192.169.1.3 0.0.0.0 192.168.2.0 0.0.0.255 eq80

#access-list102permitipanyany#inteth0/0

Router(config-if)#ipaccess-group102in#exit


END*

PointtoPointprotocol(PPP)PAP(PasswordAuthenticationprotocol){oldversion}CHAP(Challenge-handshakeAuthenticationprotocol){newversion}PAP:-Itprovideasimplemethodforremotenodetoestablishitsidentityusingatwoway

handshake.AfterthePPPlinkestablishmentphase,ausername/passwordpairisrepeatedlysendbytheremotehostuntiltheauthanticationisacknowlaged.


54/73

Ifthelocalhostrejecttheusername/password,theconnectionisterminated.{Passwordsaresentacrossthelinkinplanetext.}

CHAP:-Itisusedtoperiodicalyverifytheidentityoftheremotenodeusinga3wayhandshake.

(1)After

the

PPP

link

establishment

phase,

the

host

send

achallenge

message

to

the

remote

node.

(2)Theremotenoderespondswithavalue,calculatedusingaonewayhashfunction(typicallyMD5)

(3)Thehostcheckstheresponseagainstit'sowncalculationoftheexpectedhashvalue.Ifthevaluematch,theauthenticationisacknowlaged,otherwisetheconnectionisterminated.WhenusingCHAPorPAPauthentication,eachrouteridentifiesitselfbyaname/password.This

identificationprocesspreventsarouterfromplacingunauthorizeaccess.

PAP-Authentication:-

RouterA-

Jaipur(config)#interfaceserial0Jaipur(config-if)#encapsulationppp Jaipur(config-if)#pppauthenticationpapJaipur(config-if)#exitJaipur(config)#usernameKotapasswordabc


55/73

Jaipur(config)#end

Router2-

Kota(config)#interfaceserial0Kota(config-if)#encapsulationpppKota(config-if)#pppauthenticationpapKota(config-if)#exit

Kota(config)#usernameJaipurpasswordabcKota(config)#end

CHAP-Authentication:-

ThisissameconfigurationlikePAP,onlyonechangewilltakeeffect&thatis-Router(config-if)#pppauthenticationchap

VLAN+VTP(Vertualtransferprotocol)CONFIGURATIONinCISCOSWITCHESVTPSwitchDiagram:-


56/73

Note:- (1)IfyouwanttoconfigureonlyVLANonasingleswitchthenfollowStep-2&Step-4onYour

Switch.

(2)IfyouwanttoConfigureVLANtransferbyVTPthenFollowAllsteps.

VTPConfiguration

VTP-Serverconfiguration:-

{Step-1.}VTP-ServerCreation(OnVTPServer):-Switch>

Switch>enable

Switch#vlandatabaseSwitch(vlan)#vtpserverSwitch(vlan)#vtpdomaingroup1ChangingVTPdomainfromNULLtogroup1Switch(vlan)

#exitAPPLY

completed.Exiting....

(Vlancreationstart)


57/73

{Step-2}VLANCreation(OnVTPServer):-Switch#vlandatabaseSwitch(vlan)#vlan2

VLAN2added:Name:VLAN0002

Switch(vlan)#vlan2namemarketingSwitch(vlan)#vlan3VLAN3added:

Name:VLAN0003

Switch(vlan)#vlan3namemanagementSwitch(vlan)#exitAPPLYcompleted.Exiting....

Switch#vlandatabaseSwitch(vlan)#vlan2marketingSwitch(vlan)#vlan3managementSwitch(vlan)#exitAPPLYcompleted.Exiting....

Switch#configureterminalEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Switch(config)#interfaceFastEthernet0/12Switch(config-if)#switchportmodetrunk


58/73

Switch(config-if)#end

Switch#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Switch(config)#end

(Domainnameseting)Switch#showvlanOr

Switch#showvlanmembership{Step-3}VTPonSwitch2(VTP-Client):-VTP-Clientconfiguration:-Switch>Switch>enableSwitch#vlandatabaseSwitch(vlan)#vtpclientSwitch(vlan)#vtpdomaingroup1ChangingVTPdomainfromNULLtogroup1Switch(vlan)#end

Switch#configureterminal

Enterconfigurationcommands,oneperline.EndwithCNTL/Z.Switch(config)#interfaceFastEthernet0/12Switch(config-if)#switchportmodetrunk


59/73

Switch(config-if)#end

Switch#showvlanVLANNameStatusPorts------------------------------------ ----------------------------------------1defaultactiveFa0/1,Fa0/2,Fa0/3,Fa0/4Fa0/5,Fa0/6,Fa0/7,Fa0/8Fa0/9,Fa0/10,Fa0/11,Fa0/122marketingactive

3managementactive1002fddi-defaultactive1003token-ring-defaultactive1004fddinet-defaultactive1005trnet-defaultactive

Clientportsetting:-{Step-4}PortAddingOnVLAN(OnVTPClients):-Switch#configureterminalEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Switch(config)#interfacerangeFastEthernet0/1FastEthernet0/3Switch(config-if)#switchportaccessvlan2Switch(config-if)#exit

Switch(config)#interfacerangeFastEthernet0/4FastEthernet0/8


60/73

Switch(config-if)#switchportaccessvlan3Switch(config-if)#exit

Switch#showvlanVLANNameStatusPorts------------------------------------ ----------------------------------------1defaultactiveFa0/5,Fa0/6,Fa0/7,Fa0/8Fa0/9,Fa0/10,Fa0/11,Fa0/122marketingactiveFa0/1,Fa0/23managementactiveFa0/3,Fa0/4END*

NATTranslatinNetworkAddressTranslation(NAT)Concepts

TheNATconceptissimple:itallowsasingledevicetoactasanInternetgatewayforinternalLANclientsbytran

slating

the

client

s

'internal

network

IP

Addre

ssesinto

the

IP

Addre

sson

the

NAT-enabled

gateway

device.

NATistransparenttoyournetwork,meaningallinternalnetworkdevicesarenotrequiredtobereconfiguredinordertoaccesstheInternet.Allthat'srequiredistoletyournetworkdevicesknowthattheNATdeviceisthedefaultgatewaytotheInternet.


61/73

Asyoucansee,wehaveasimplenetworkof4hosts(computers)andonerouterthatconnectsthisnetworktotheInternet.AllhostsinournetworkhaveaprivateClassCIPAddress,includingtherouter'sprivateinterface(192.168.0.1),whilethepublicinterfacethat'sconnectedtotheInternethasarealIPAddress(203.31.220.134).

HowNATworks:-

Inthisillustration,aworkstationfromournetworkhasgeneratedapacketwithadestinationIPAddress135.250.24.10.Logically,thispacketisfirstsenttothegateway,whichperformsNATonthispacketandthensendsittotheInternettofinallymakeitswaytothedestinedhost.

Lookingmorecloselyatthegateway(router)duringtheinitialNAToperation,theoriginalpacket'sSourceIPischangedfrom192.168.0.12tothatoftherouter'spublicinterface,whichis203.31.220.134,thentherouterstoresthisinformationinaspecialaddresswithinitsmemory(alsocalledNATTable-explainednext),sowhentheexpectedreplyarrivesitwillknowtowhichworkstationwithinitsnetworkitneedstoforwardit.

VINOD D. LANDE

StaticNetworkAddressTranslationStaticNAT(alsocalledinboundmapping)isthefirstmodewe'regoingtotalkaboutandalsohappenstobethe

mostuncommonbetweensmallernetworks.


62/73

ButwherewouldStaticNATbeused?Everyone 'sneedsaredifferentandwiththisinmindStaticNATcouldbethesolutionformanycompaniesthat

requireahostontheirinternalnetworktobevisibleandaccessiblefromtheInternet.Let'stakeacloselookatafewexamplesofplaceswhereStaticNATcouldbeused.

ImplementationofStaticNATExample


63/73

Inthiscase,StaticNAT,withasetofcomplexfilterstomakesureonlyauthorisedIPAddressesgetthrough,woulddothejobjustfine.

Also,ifyouwantedasimilarsetupforthepurposeofusingonlyoneservice,e.ghttp,thenyou'rebetteroffusingadifferentNATmodesimplybecauseitoffersbettersecurityandismorerestrictive.

LetmeremindyouthatStaticNATrequiresonepublicIPAddressforeachmappingtoaprivateIPAddress.Thismeansthatyou'renotabletomapapublicIPAddresstomorethanoneprivateIPAddress.

DynamicNetworkAddressTranslationThewayDynamicNATdifferentiatesfromStaticNATisthatwhereStaticNATprovidesaone-to-oneinternalto

publicstaticIPmapping,DynamicNATdoesthesamebutwithoutmakingthemappingtothepublicIPstaticandusuallyusesagroupofavailablepublicIPs.

Thediagramaboveisourexamplenetworkandshowsourrouter,whichisconfiguredtoperformDynamicNATforthenetwork.Werequested4publicIPsfromourISP(203.31.218.210to203.31.218.213),whichwillbedynamicallymappedbyourroutertoourinternalhosts.Inthisparticularsessionourworkstation,withIPAddress192.168.0.1,sendsarequesttotheInternetandisassignedthepublicIPaddress203.31.218.210.Thismappingbetweentheworkstation'sprivateandpublicIPAddresswillremainuntilthesessionfinishes.


64/73


65/73

SourcePortNumbers,therouterusesthesetokeeptrackofwhichpacketbelongstoeachhost.

ThepacketWorkstation1generatedarrivesattherouter'sprivateinterfacewhichhasIPAddress192.168.0.1.Therouteraccepts thepacketandprocessesit.Once insidetherouter,thepacket'sSourceIPAddress,Destination IPAddress,SourcePortandDestinationPortareexaminedandtherouterdecidesthatthisisavalidpacketsoitshouldbeforwardedtotheInternet.


66/73

ConfiguringStaticNATOnACiscoRouter

ConfigureDynamicNATStep-1 Setipaddressesonperport.Step-2:-Setthefastethernet0/0interfaceastheinsideinterface:R1#configureterminalR1(config)#interfacefastethernet0/0R1(config-if)#ipnatinsideNextstepistosettheserialinterfaceS0/0astheoutsideinterface:R1(config-if)#interfaceserial0/0R1(config-if)#ipnatoutsideR1(config-if)#exit

R1(config)#ipnatinsidesourcestatic192.168.0.7 200.2.2.2R1(config)#ipnatinsidesourcestatic192.168.0.8 200.2.2.3R1(config)#endR1(config)#show ipnattranslations


67/73

ConfiguringDynamicNATOnACiscoRouterThediagrambelowrepresentsourexamplenetwork,whichconsistsofanumberofinternalclientstryingtoaccesstheInternetviaourrouter.TherouterisconnectedtotheISPviaitsserialinterface.Thecompany

has

been

assigned

the

following

Class

C

subnet:

200.2.2.0/29

(255.255.255.248).

This

translatestothefollowingusablePublicIPaddresses:200.2.2.1-200.2.2.6.

ConfigureDynamicNATDynamicNATconfigurationisaprettystraightforwardprocessandisalmostidenticaltoothertypesofNATconfigurations.ThefirststepinanyNATconfigurationistodefinetheinsideandoutsideinterfaces.ItisimperativethatwedefinetheseinterfacesfortheDynamicNATservicetofunction. Setthefastethernet0/0interfaceastheinsideinterface:R1#configureterminalR1(config)#interfacefastethernet0/0R1(config-if)#ipnatinsideNextstepistosettheserialinterfaceS0/0astheoutsideinterface:R1(config-if)#interfaceserial0/0R1(config-if)#ipnatoutsideR1(config-if)#exit

NextstepistocreateourpoolofPublicIPaddressesthatwillbehandedoutbytheroutertoourinternalhoststryingtoconnecttotheInternet.EachtimeahostsendsapacketdestinedfortheInternet,therouterwillautomaticallyallocateoneofthePublicIPaddressesforthelengthofthatsession.Whenthesessionisover,theNATentrywilltimeoutandthePublicIPaddressisreleased,makingit


68/73

availableonceagaintotheDynamicNATpool.LetusdefinetheNATPool:R1(config)#ipnatpoolPublic-IPS200.2.2.2200.2.2.5prefix-length29WenowneedtocreateanAccessControlList(ACL)thatwillincludelocal(private)hostsornetwork(s),dependingonhowlargetheinternalnetworkis.ThisACLwillbeappliedtotheNATpoolnamed'Public-IPS',effectivelycontrollingthehoststhatwillbeassignedaPublicIPaddressandthereforeabletoaccesstheInternet.Youcanusestandardorextendedaccesslistsdependingonyourrequirements:R1(config)#ipnatinsidesourcelist100poolPublic-IPSR1(config)#access-list100permitip192.168.0.00.0.0.255anyTheabovecommandinstructstheroutertoallowthe192.168.0.0/24networktousetheNATPoolandprovideeachhostwithauniqueDynamicPublicIPaddress.NotethatCiscorouterstandardandextendedACLsalwaysusewildcards(0.0.0.255).VerifyingDynamicNAToperationByviewingtheDynamicNATtableyoucaneasilyverifythattheinternalhostsarecorrectlybeingassignedaDynamicIPaddressfromtheconfiguredpool:R1#showipnattranslationsPro..Insideglobal.......Insidelocal.......Outsidelocal.......Outsideglobal---..200.2.2.2..........192.168.0.6........---....................------..200.2.2.3...........192.168.0.8........---.................. .---Asshown,twointernalhosts(192.168.0.6&192.168.0.8)haveeachbeenassignedanexternalIPaddressfromthepoolwepreviouslycreated.Thesetranslationswilleventuallytimeoutifnoactivityispresentfromtheinternalhosts,however,ifyouneedtoforciblyclearthemthiscanbeeasilydonebyenteringthefollowingcommand:R1#clearipnattranslation*Assumingnorequesthasbeensentrightafterthecommandwasentered,theNATtranslationtableshouldbeempty:R1#showipnattranslationsProInsideglobal...........Insidelocal.....Outsidelocal.......Outsideglobal


69/73

Lastly,youcanobtainstatisticsontheDynamicNATservice.ThiswillhelpyoumonitortheusageofyourDynamicNATpoolandavailablepublicIPaddresses:R1#showipnatstatistics

Vinod D. Lande

ConfigureNATOverload-PAT(PortAddressTranslation)

ThefirststepinanyNATconfigurationistodefinetheinsideandoutsideinterfaces.ItisimperativethatwedefinethetheseinterfacesforNAToverloadtofunction. Setthefastethernet0/0interfaceastheinsideinterface:R1#configureterminalR1(config)#interfacefastethernet0/0R1(config-if)#ipnatinsideNextstepistosettheserialinterfaceS0/0astheoutsideinterface:R1(config-if)#interfaceserial0/0R1(config-if)#ipnatoutsideR1(config-if)#exitWenowneedtocreateanAccessControlList(ACL)thatwillincludelocal(private)hostsornetwork(s).ThisACLwilllateronbeappliedtotheNATservicecommand,effectivelycontrollingthehoststhatwillbeabletoaccesstheInternet.Youcanusestandardorextendedaccesslistsdependingonyourrequirements:


70/73

R1(config)#access-list100permitip192.168.0.00.0.0.255anyTheabovecommandinstructstheroutertoallowthe192.168.0.0/24networktoreachanydestination.NotethatCiscorouterstandardandextendedACLsalwaysusewildcards(0.0.0.255).Allthat'sleftnowistoenableNAToverloadandbindittotheoutsideinterfacepreviouslyselected:R1(config)#ipnatinsidesourcelist100interfaceserial0/0overloadFromthispointonward,therouterwillhappilycreateallthenecessarytranslationstoallowthe192.168.0.0/24networkaccesstotheInternet.VerifyingNATOverloadoperationViewingtheNATtranslationtablecansometimesrevealalotofimportantinformationonyournetwork'sactivity.Hereyou'llbeabletoidentifytrafficthat'snotsupposedtoberoutedtotheInternetortrafficthatseemssuspicious.AspacketsstarttraversingtherouteritwillgraduallybuildupitsNAT/PATtranslationtableasshownbelow:

R1#showipnattranslationsProInsideglobal...........Insidelocal.........Outsidelocal.......Outsideglobaludp200.2.2.1:53427.192.168.0.6:53427..74.200.84.4:53...74.200.84.4:53

Asshown,thefirst2translationsdirectedto74.200.84.4&195.170.0.1areDNSrequestsfrominternalhost192.168.0.6.ThethirdentryseemstobeanhttprequesttoawebserverwithIPaddress64.233.189.99.

Lookingatthefourthandfifthtranslationentry,youshouldidentifythemaspop3requeststoanexternalserver,possiblygeneratedbyanemailclient.Becausetheseentriesarealldynamicallycreated,theyaretemporaryandwillberemovedfromthetranslationtableaftersometime.Anotherpointyoumightwanttokeepinmindisthatwhenweuseprogramsthatcreatealotofconnectionse.gUtorrent,Limewire,etc.,youmightseesluggishperformancefromtherouterasittriestokeepupwithallconnections.HavingthousandsofconnectionsrunningthroughtheroutercanputsomeseriousstressontheCPU.Inthesecases,wemightneedtocleartheIPNATtablecompletelytofreeupresources.Thisiseasilydoneusingthefollowingcommand:


71/73

R1#clearipnattranslation*Assumingnorequesthasbeensentrightafterthecommandwasentered,theNATtranslationtableshouldbeempty:R1#showipnattranslationsProInsideglobal...........Insidelocal.....Outsidelocal.......OutsideglobalLastly,youcanobtainstatisticsontheoverloadNATservice.ThiswillshowyoutheamountofcurrenttranslationstrackedbyourNATtable,plusalotmore:R1#showipnatstatistics

STP(SpanningTreeProtocol)When2ormorelinksarepresentsinaswitchednetworksthenthemultiplepathcreatesthe

unlimitedframeloopsthatcausestheprobleminnetworkcommunicationandthegoesunusable.TheSTPworkstoblocksomeportssothatonlyoneactivepathexistbetweenanypairofLAN

Segment(CollisionDomain).SoframesdoesnotcauseloopswhichmakestheLANusable.Forexample,ifthreeswitchesareconnectedwitheachotherlikethis-

Switch-A Fa0/0 Fa0/5

Fa0/10 Fa0/15Switch-C

Switch-B

BlockedbySTP

InthisnetworkifSwitch-AsendadataframetoSwitch-CthenTheframegotoSwitch-Candthen

Switch-B

and

then

again

to

Switch-A

..

This

process

will

run

unlimitedly

and

cause

network

loop.

ButifSTPworksonitthenitwillBlockonepathofthisnetworkbyblockingdata

communicationviaoneportlikeSwitch-CtoSwitch-B.Thiswillstoploop.IftheactivepathbetweenSwitch-AtoSwitch-Cwillstopit'sworkingthentheSTPwillopenthe

blockedpathtillthentheoldpathactivates.HowSpanningTreeWorks

TheSTPalgorithmcreatesaspanningtreeofinterfacesthateitherforwardorblock.STPactuallyplacesinterfacesintoforwardingstate;bydefault,ifaninterfacehasnoreasontobe


72/73

inforwardingstate,itisplacedintoablockingstate.Inotherwords,STPsimplypickswhichinterfacesshouldforward.

So,howdoesSTPchoosewhethertoputaninterfaceintoforwardingstate?Well,itusesthreecriteria:

STPelectsarootbridge.Allinterfacesontherootbridgeareinforwardingstate.

Eachnonroot

bridge

considers

one

of

its

ports

to

have

the

least

administrative

cost

betweenitselfandtherootbridge.STPplacesthisleast-root-costinterface,calledthatbridgesrootport,intotheforwardingstate.

Manybridgescanattachtothesamesegment.ThesebridgesadvertiseBPDUsdeclaringtheiradministrativecosttotherootbridge.Thebridgewiththelowestsuchcostofallbridgesonthatsegmentiscalledthedesignatedbridge.Theinterfaceonthedesignatedbridgethatsendsthislowest-costBPDUisthedesignatedportonthatLANsegment,andthatportisplacedinaforwardingstate.

Allotherinterfacesareplacedinablockingstate.Table5-2summarizesthereasonswhyspanningtreeplacesaportinforwardingorblockingstate.

SpanningTree:ReasonsforForwardingorBlockingCharacterization SpanningTreeofPort State ExplanationAllrootbridgesports Forwarding Therootbridgeisalwaysthedesignatedbridge

onallconnectedsegments.Eachnonrootbridges Forwarding Therootportistheportreceivingthelowest-rootport costBPDUfromtheroot.EachLANsdesignated Forwarding Thebridgeforwardingthelowest-costBPDUport ontothesegmentisthedesignatedbridge.Allotherports Blocking Theportisnotusedforforwardingframes,nor

areanyframesreceivedontheseinterfacesconsideredforforwarding.

DeviceSpeed Cost10Gbps 21Gbps 4

100Mbps 1910Mbps 100

Whenthenetworkisupandnoproblemsareoccurring,theprocessworkslikethis:1 TherootsendsahelloBPDU,withacostof0,outallitsinterfaces.


73/73

2 TheneighboringbridgesforwardhelloBPDUsouttheirnonroot,designatedports,referringtotherootbutwiththeircostadded.

3 Step2isrepeatedbyeachbridgeinthenetworkasitreceivesthesehelloBPDUs.4 TherootrepeatsStep1everyhellotime.5 IfabridgedoesnotgetaHelloBPDUinhellotime,itcontinuesasnormal.Ifabridge

failsto

receive

aHello

BPDU

in

MaxAge

time,

the

bridge

reacts.

Que.-1WhatisRouting?SomeQuestions

Que.-2Whatisthedifferencebetweenstaticanddynamicrouting?Que.-3WritethefullformofOSIandISO?Que.-4WhatisTCP/IPmodel?DefinetheroleofOSImodel?Que.-5WhatisthedifferencebetweenPAPandCHAPprotocol?Que.-6WhatistheroleofCDP?Que.-7WhatisthefullformofRIP,IGRP,EIGRP,OSPFandV-lan?Describethese?Que.-8DefinethePPPprotocol?Que.-9WhatisSubnetting?Que.-10WhatisSuperneting?Que.-11Whatisaccesscontrolllist?Howitworks?Q 12 Wh t i th diff b t TCP & UDP ?

ccna practical guide 2st edition by vdl

Documents