CCNA project report

TABLE OF CONTENTS

1. About The Company…………………………………………………………………………………..2. OSI and TCP/IP Network Model…………………………………………………………………3. How to connect with Cisco devices in windows…………………………………………...4. Cisco devices hardware component and booting process…………………………….5. How to reset Router password…………………………………………………………………… 6. Packet Tracer installation ………………………………………………………………………….7. Cisco IOS Access Modes………………………………………………………………………………8. Administration of Cisco devices…………………………………………………………………………….9. Back up and Restore of Network Devices……………………………………………………10. How to update Cisco IOS………………………………………………………………………………………11. Switching…………………………………………………………………………………………………..12. Methods of Switching…………………………………………………………………………………………..13. Virtual LAN……………………………………………………………………………………………………………14. Configuration of Cisco 2960 Switch………………………………………………………………………15. Switch port security configuration………………………………………………………………16. Configure VLAN,VTP server ,STP,DTP…………………………………………………………17. Routing Static Dynamics (RIP OSPF EIGRP)……………………………………18. Basic router configurations…………………………………………………………………………19. static routing and Default Routing……………………………………………………………….20. Routing Information Protocol RIP………………………………………………………………...21. Enhanced Interior Gateway Routing Protocol (EIGRP)………………………………….22. OPEN SHORTEST PATH FIRST(OSPF)………………………………………………………….23. Access Control List…………………………..………………………………………………………….24. WAN protocols HDLC PPP Frame Relay…………………………………………………………………..25. Wireless Networking on Cisco Routers…………………………………………………………

1

2

ABOUT : Appin TechnologiesTorchbearer of Progressive Excellence

Appin Security Group is world’s 4th largest Critical Infrastructure Security Solutions Company, which under one roof is offering a host of technology based solutions to diverse segments of the market helping organizations to overcome their challenges with the optimum use of technology. From preventative maintenance to customized solutions, we put our experience to work to provide you with greater operating time.

Appin Security Group holds unique distinction of providing critical Information security consulting & network

security services to India’s all 4 major Airports, President’s house, Nuclear power plants, Commonwealth Games,

Delhi metro rail corporation, Mahanagar Telephone Nigam ,Indian Police service and Ministry of Defense including

army, navy and Airforce units. We are also a security solutions provider to over 1300 Websites that are audited

and monitored by Appin Security Group globally. We have served many global leaders such as like Microsoft,

Daikin, Actis, Intuit, Huawei and Shinsei in their critical security needs.

With physical presence in 73 cities, over 320 dedicated greenfield engagements and a dedicated team of 1250

security researchers, product developers, deployment and maintenance specialists ; we have been adjudged as the

4th largest company globally serving the critical infrastructure security solutions market.

Emerging threat to safety and security requires new ideas, new solutions and new technology. It’s not about hiring

more security guards. It’s about connecting knowledge. Appin Security Group creates smart solutions by linking the

intelligence from multiple systems. Overcoming technology boundaries creates a more robust, more flexible, and

more responsive solution. Appin Security Group has a robust portfolio of solutions specially designed for your

unique critical environment.

Greatness is a pursuit- a very honorable one. And leadership is a continually evolving science.It is the union of these two belief systems that has powered Appin to the top echelons of the pecking order in information technology.

The Appin Technology Lab, the custodian of your framework, is Informationage security and solutions company. It is your safety.net. The company offers a host of technology-based solutions to the various sectors of the market,enabling organizations to overcome their challenges with the optimum use of our expertise.

Detection,Verification and Resolution

The sure-shot way to stamp out the potential for damage and loss to your set-up is to diagnose, and then react to the unfolding of events sooner rather than later-preferably,much before there is a hint of it happening. We take pride in being pro-active! From preventive maintenance to customized solutions, we put our skill-set to work to ensure you have a greater operating time, through the delivery of a well thought-out process that provides you with the much-needed experience and exposure to the different elements of your business.

3

http://appinsecuritygroup.tumblr.com/

http://www.myspace.com/appingroup

http://appinsecuritygroup.posterous.com/

http://appinsecuritygroup.weebly.com/

http://appingroup.wordpress.com/

Carving a Niche

Appin's journey has been its destination. In our earnest endeavor to satisfy our patrons, we have left no stone unturned.We try to be worthy of our clients' trust, but more importantly, we faithfully deliver it.

The Appin Technology Lab holds the peerless merit of providing critical information security consulting & network security services to India's all 4 major Airports. Once we took off, there was no looking back!

We secure the President's House, Nuclear power plants,Commonwealth Games,Delhi Metro Rail Corporation,Mahanagar Telephone Nigam Ltd., Indian Police Service and the Ministry of Defense, including the Army, Navy and the Air force units.

We are also a security solutions provider to over 1300 websites that are audited and monitored by the Appin Technology Lab ,globally. We have served Microsoft,Daikin,Actis, Intuit, Huawei and Shinsei bank in their critical security needs.

Appin Technology Lab currently a network of 110+ training labs provides comprehensive training in Information Security and related technology areas including Embedded Robotics, Programming (Microsoft .NET, Java), Networks, Database and has been operating training centers across India, Africa, Asia, Eastern Europe, South America and Middle East. Appin also runs online training programs in North America, Western Europe and Australia. We are among top 5 IT professional training companies and the best in its category by the popular The Week magazine. As a next step, we recommend you to either fill the inquiry form and have a call back from our counselor and receive directions to the nearest center, or read more about our courses and select the one that best fits your need.

Gone are the days when a company was restricted to doing business only in their own backyards.A truly global presence comes through rules of engagement. Courtesy of our physical presence in 73 cities, over 320 dedicated Greenfield engagements and a steadfast army of 1250 security researchers,product developers,deployment and maintenance specialists, we have been adjudged as the company with a difference.The foundation rests in Appin's strong research orientation that enables it to constantly innovate in the area of technology design methodologies.

Stay Secure

There is always a profound fear of insecurity and unrelenting threats to an organizations stability and its security apparatus. But the nemesis is not undefeatable. Appin is committed to reinvigorate the security architecture of your business and make it more effective. We renew confidence.It requires new ideas, new solutions and new technology. Its not about hiring more security guards. Its about connecting knowledge. Appin creates smart solutions by linking the intelligence from multiple systems.Overcoming technological boundaries creates a more robust, more flexible and more responsive solution.

Human element

Its our vibrant entrepreneurial culture that makes it all click, with human values a central component of our business model.Because it symbolizes morality, honour and trustworthiness, great impetus is given to the principles of integrity. Satisfying a customer requires relentless attention to execution and we handle with care. We learn to

4

listen and listen to learn! It involves listening 80% of the time and speaking 20% of the time.It requires an appreciation for different people with different ideas.

We are group of dedicated,hardworking,ordinary people who have teamed together to accomplish extraordinary things.Like Elbert Hubbard once very succinctly phrased it,"One machine can do the work of fifty ordinary men.No machine can do the work of fifty one extraordinary man." And we are many such people.

5

OSI Reference Model

The OSI reference model is the primary model for network communications. The early development of LANs, MANs, and WANs was confused in many ways. The early 1980s saw great increases in the number and sizes of networks. As companies realized that they could save money and gain productivity by using networking technology, they added networks and expanded existing networks as rapidly as new network technologies and products were introduced.

In 1984, the International Organization for Standardization (ISO) developed the OSI Reference Model to describe how information is transferred from one networking component to another, from the point when a user enters information using a keyboard and mouse to when that information is converted to electrical or light signals transferred along a piece of wire (or radio waves transferred through the air).

ISO developed the seven-layer model to help vendors and network administrators gain a better understanding of how data is handled and transported between networking devices, as well as to provide a guideline for the implementation of new networking standards and technologies. To assist in this process, the OSI Reference Model separates the network communication process into seven simple layers.

Dividing the network into these seven layers provides these advantages:

Reduces complexity:

It breaks network communication into smaller, simpler parts. It divides the network communication process into smaller and simpler components, thus aiding component development, design, and troubleshooting.

Facilitates modular engineering:

It allows different types of network hardware and software to communicate with each other.

Interoperability between Vendors

It allows multiple-vendor development through standardization of network components. Defines the process for connecting two layers together, promoting interoperability between vendors It Allows vendors to compartmentalize their design efforts to fit a modular design, which eases implementations and simplifies troubleshooting

Ensures interoperable technology:

It prevents changes in one layer from affecting the other layers, allowing for quicker development.

Accelerates evolution:

It provides for effective updates and improvements to individual components without affecting other components or having to rewrite the entire protocol.

Simplifies teaching and learning:

It breaks network communication into smaller components to make learning easier. Provides a teaching tool to help network administrators understand the communication process used between networking components

6

The OSI Reference Model

7

The OSI reference model consists of seven layers: physical, data-link, network, transport, session, presentation, and application.

The OSI model layers usually do not correspond exactly to the protocol stack running on an actual system.

The data-link layer protocols often include physical layer specifications. The network and transport layer protocols work together to provide a cumulative

end-to-end communication service. The functions of the session, presentation, and application layers are often combined

into a single application layer protocol.

OSI Reference Model

Each OSI layer contains a set of functions performed by programs to enable data to travel from a source to a destination on a network. In our pervious Example I told you the advantage of OSI model.

advantage of OSI model

In this Example I will provide brief descriptions of each layer in the OSI reference model.

Application Layer

The application layer is the OSI layer that is closest to the user. This layer provides network services to the user's applications. It differs from the other layers in that it does not provide services to any other OSI layer, but only to applications outside the OSI reference model. Applications layer provide a platform to access the data of remote computer.

The application layer protocols that you should know are as follows:

SNMP (Simple Network Management Protocol)—Communicates status and allows control of networked devices.

TFTP (Trivial File Transfer Protocol)—Simple, lightweight file transfer. DNS (Domain Naming System)— Translates a website name (easy for people) to

an IP address (easy for computers). DHCP (Dynamic Host Configuration Protocol)— Assigns IP, mask, and DNS

server (plus a bunch of other stuff) to hosts. Telnet— Provides a remote terminal connection to manage devices to which you are

not close enough to use a console cable. HTTP (Hypertext Transfer Protocol)—Browses web pages. FTP (File Transfer Protocol)— Reliably sends/retrieves all file types. SMTP (Simple Mail Transfer Protocol)—Sends email. POP3 (Post Office Protocol v.3)—Retrieves email. NTP (Network Time Protocol)— Synchronizes networked device clocks.

presentation layer

The presentation layer is responsible for formatting data so that application-layer protocols (and then the users) can recognize and work with it. Presentation layer format the file extensions—such as .doc, .jpg, .txt, .avi, and so on. you realize that each of these file types is formatted for use by a particular type of application. The presentation layer taking the application layer data and marking it with the formatting codes so that it can be viewed reliably when accessed later. If necessary, the presentation layer might be able to translate between multiple data formats by using a common format.

8

The Session Layer

The session layer establishes, manages, and terminates sessions between two communicating hosts. It provides its services to the presentation layer. The session layer also synchronizes dialogue between the presentation layers of the two hosts and manages their data exchange. For example, web servers have many users, so many communication processes are open at a given time. Therefore, keeping track of which user communicates on which path is important.

Transport Layer

The transport layer is possibly the most important layer for exam study purposes. A lot is going on here, and it is heavily tested.

The transport layer's main jobs

It sets up and maintains a session connection between two devices. It can provide for the reliable or unreliable delivery of data across this connection. It multiplexes connections, allowing multiple applications to simultaneously send and receive data. When Implementing a reliable connection, sequence numbers and acknowledgments (ACKs) are used. Flow control (through the use of windowing or acknowledgements) Reliable connections (through the use of sequence numbers and Acknowledgement )

Transport layer use two protocols for sending data TCP and UDP.

TCPTCP is connection oriented protocols. Connection-oriented transmission is said to be reliable. Thinks TCP as registry AD facility available in Indian post office. For this level of service, you have to buy extra ticket and put a bunch of extra labels on it to track where it is going and where it has been. But, you get a receipt when it is delivered, you are guaranteed delivery, and you can keep track of whether your shipment got to its destination. All of this costs you more—but it is reliable!

UDPUDP is connection less protocols. Connection-less transmission is said to be unreliable. Now, don't get too wrapped up in the term "unreliable" this doesn't mean that the data isn't going to get there; it only means that it isn't guaranteed to get there. Think of your options when you are sending a postcard, put it in the mailbox, and chances are good that it will get where it's supposed to go—but there is no guarantee, and stuff does go missing once in a while. On the other hand, it's cheap.

Reliability

When reliability is necessary, it should cover these four items:

recognizing lost packets and having them re-sent recognizing packets that arrive out of order and reordering them detecting duplicate packets and dropping the extra ones Avoiding congestion

Connection Multiplexing/Application Mapping

9

Transport layer assigns a unique set of numbers for each connection. These numbers are called port or socket numbers. TCP, and UDP, provide a multiplexing function for a device: This allows multiple applications to simultaneously send and receive data.Imagine a server that performs a number of functions—for example email, web pages, FTP, and DNS. The server has a single IP address, but can perform all these different functions for all the hosts that want to connect to it. The transport layer (layer 4) uses port numbers to distinguish between different types of traffic that might be headed for the same IP address.

Port numbers are divided into ranges by the IANA. Following are the current port ranges:

Port number descriptions

0–1023 Well-Known—For common TCP/IP functions and applications

1024–49151 Registered—For applications built by companies

49152–65535 Dynamic/Private—For dynamic connections or unregistered applications

Common TCP and UDP Port Numbers

TCP UDP

FTP 20, 21 DNS 53

Telnet 23 DHCP 67,68

SMTP 25 TFTP 69

DNS 53 NTP 123

HTTP 80 SNMP 161

POP 110

NNTP 119

HTTPS 443

Network Layer

The network layer provides a logical topology and layer-3 addresses. Routers function at the network layer. This layer is responsible for three main functions:

10

Defines logical addresses used at layer-3 Finds paths, based on the network numbers of logical addresses, to reach destination devices Connects different data link types together, such as Ethernet, FDDI, Serial, and Token Ring

IP packetWhere the transport layer uses segments to transfer information between machines, the Internet layer uses datagram's. Datagram is just another word for packet.

The IP protocol is mainly responsible for these functions:

Connectionless data delivery: best effort delivery with no data recovery capabilities Hierarchical logical addressing to provide for highly scalable internetworks

IP addresses are broken into two components:

Network component Defines on what segment, in the network, a device is located Host component defines the specific device on a particular network segment

Two types of packets are used at the Network layer: data and route updates.

Data packetsUsed to transport user data through the internetwork. Protocols used to support data traffic are called routed protocols; examples of routed protocols are IP and IPv6.

Route update packetsUsed to update neighboring routers about the networks connected to all routers within the internetwork. Protocols that send route update packets are called routing protocols; examples of some common ones are RIP, RIPv2, EIGRP, and OSPF. Route update packets are used to help build and maintain routing tables on each router.

IP Classes

Class A addresses range from 1-126: 00000001-01111111. Class B addresses range from 128-191: 10000000-10111111. Class C addresses range from 192-223: 11000000-11011111. Class D addresses range from 224-239: 11100000-11101111. Class E addresses range from 240-254:

1. 0 is reserved and represents all IP addresses;2. 127 is a reserved address and is used for testing, like a loop back on an interface:3. 255 is a reserved address and is used for broadcasting purposes.

Public addresses are Class A, B, and C addresses that can be used to access devices in other public networks, such as the Internet. Public IP address assign authority The Internet Assigned Numbers Authority (IANA) is ultimately responsible for handing out and managing public addresses. Normally you get public addresses directly from your ISP, which, in turn, requests them from one of five upstream address registries:

American Registry for Internet Numbers (ARIN) Reseaux IP Europeans Network Coordination Center (RIPE NCC) Asia Pacific Registry for Internet Numbers (APNIC) Latin American and Caribbean Internet Address Registry (LACNIC)

11

African Network Information Centre (AfriNIC)

Private IP and ISP

Private ip address can be used to configure private network. You can use private ip to build your network without paying a single rupees. But one biggest problem with private ip is that with private you can not access the internet. This is the point where ISP comes from. ISP purchase a bulk of public ip address and provide them on rent. Whatever you pay to ISP for accessing internet is actually the charge of using public ip address.

Private ip address:- Not route able in public network

Class A: 10.0.0.0-10.255.255.255 (1 Class A network) Class B: 172.16.0.0-172.31.255.255 (16 Class B networks) Class C: 192.168.0.0-192.168.255.255 (256 Class C networks)

Protocol Description

IPIP of TCP/IP, featuring routable 32-bit addressing.

IPXThe equivalent of IP in Novell Netware.

ICMP Internet Connection Management Protocol. Incorporates Ping and Traceroute, which are layer 3 link-testing utilities.

OSPF, IGRP, EIGRP, RIP, ISIS

Dynamic routing protocols that learn about remote networks and the best paths to them from other routers running the same protocol.

ARP, RARP Address Resolution Protocol (and Reverse ARP). ARP learns what MAC address is associated with a given IP address. Reverse ARP learns an IP address given a MAC address.

Data link layer

Main functions of data link layer is

Defining the Media Access Control (MAC) or hardware addresses Defining the physical or hardware topology for connections Defining how the network layer protocol is encapsulated in the data link layer frame Providing both connectionless and connection-oriented services Defines hardware (MAC) addresses as well as the communication process that occurs within a media. The first six hexadecimal digits of a MAC address form the OUI. MAC addresses only need to be unique in a broadcast domain, You can have the same MAC address in different broadcast domains (virtual LANs).

There are two specifications of Ethernet frame Ethernet II and 802

802.2 use a SAP or SNAP field to differentiate between encapsulatedlayer-3 payloads.

12

With a SNAP frame, the SAP fields are set to 0xAA and the type field is used to indicate the layer-3 protocol. One of the issues of the original SAP field in the 802.2 SAP frame is that even though it is eight bits (one byte) in length, only the first six bits are used for identifying upper-layer protocols, which allows up to 64 protocols.

802.2 SNAP frame support of up to 65,536 protocols

Ethernet II's Version of Ethernet

Ethernet II does not have any sub layers, while IEEE 802.2/3 has two: LLC and MAC. Ethernet II has a type field instead of a length field (used in 802.3). IEEE 802.2 defines the type for IEEE

Ethernet

Physical Layer

The Physical layer communicates directly with the various types of actual communication media. Different kinds of media represent these bit values in different ways. Some use audio tones, while others utilize state transitions—changes in voltage from high to low and low to high. Specific protocols are needed for each type of media to explain the proper bit patterns to be used, how data is encoded into media signals, and the various qualities of the physical media’s attachment interface.

Cisco's three-layer hierarchical model

Core Layer

The core provides a high-speed layer-2 switching infrastructure and typically does not manipulate packet contents.

Distribution Layer

The distribution layer provides a boundary between the access and core layers. It contains routers and switches. Routers are used to provide the logical boundary--broadcasts are contained within the access layer and Filtering policies can be implemented to restrict traffic flows.

Access Layer

The access layer provides the user's initial access to the network, which is typically via switches or hubs.

TCP/IP protocol

The TCP/IP protocol stack has four layers. Note that although some of the layers in the TCP/IP protocol stack have the same names as layers in the OSI reference model, the layers have different functions in each model, as is described in the following list:

Application layer:

13

The application layer handles high-level protocols, including issues of representation, encoding, and dialog control. The TCP/IP model combines all application-related issues into one layer and ensures that this data is properly packaged for the next layer.

Transport layer:

The transport layer deals with QoS issues of reliability, flow control, and error correction. One of its protocols, TCP, provides for reliable network communications.

Internet layer:

The purpose of the Internet layer is to send source datagrams from any network on the internetwork and have them arrive at the destination, regardless of the path they took to get there.

Network access layer:

The name of this layer is broad and somewhat confusing. It is also called the host-to-network layer. It includes the LAN and WAN protocols and all the details in the OSI physical and data link layers.

How to connect with Cisco devices in windows

In this lab scenario I will demonstrate that how can you connect with a Cisco router. To connect physical Cisco device you need a console cable. Attach cable to com port on computer and other end to console port of Cisco devices.

14

Console Port

When you first obtain a new Cisco device, it won't be configured. That is to say, it will not do any of the customized functions you might need; it does not have any IP addresses, and it is generally not going to do what you paid for. Routers need basic configuration to function on a network. The console port is used for local management connections. This means that you must be able to physically reach the console port with a cable that is typically about six feet long. The console port looks exactly like an Ethernet port.

Once you have proper console cable follow this path

Now on computer click on stat button ==> program = = > accessories == > communications == > hyper terminal == > location information == > cancel == > Confirm cancel == > yes == > hyper terminal == > OK Connection Descriptions == > Vinita == > OK == > location information == > confirm cancel == > yes == > hyper terminal == > connect to == > OK == > Port Settings == > Do setting as Given Below and press OK.

15

If you still have problem in configuring hyper terminal or you do not have hyper terminal options in accessories you can use this tiny software. With this software you connect with any devices that support Telnet, SSH, Rlogin, console connections. This is ready to use software. Download it and execute it. Select Serial sub key from Session

main key and rest it will do automatically.

16

Device A Cable Device B

Router's serial portCisco serial DCE/DTE cables

Router's serial port

Router's Ethernet port Crossover Router's Ethernet port

Router's Ethernet port Straight-through Switch port

Router's Ethernet port Crossover Computer NIC

Console of router/switch Rollover Computer COM port

Switch port Crossover Switch port

Computer NIC Crossover Computer NIC

Computer NIC Straight-through Switch port

Naming Conventions for IOS Images

c1841-advipservicesk9-mz.124-6.T7.bin ( this name is used to expalation)

c1841The c1841 refers to the name of the platform on which the image will run. This is important because different router models have different processors, and an image compiled for one processor or router model will typically not run on a different model.

advipservicesk9The advipservicesk9 refers to the features included in this IOS version, commonly referred to as the feature set. In this example, the IOS is the advanced IP services and the k9 refers to the inclusion of encryption support.

mz or zThe mz or z means that the image is compressed and must be uncompressed before loading/running. If you see l (the letter l, not the number 1) here, this indicates where the IOS image is run from. The l indicates a relocatable image and that the image can be run from RAM. Remember that some images can run directly from flash, depending on the router model.

124-6.T7The 124-6.T7 indicates the software version number of the IOS. In this instance, the version is 12.4(6)T7. Images names with T indicate new features, and without the T the mainline (only bug fixes are made to it).

.binThe .bin at the end indicates that this is a binary image.

An IOS filename is broken down into four parts:

Platform Feature set Run location and compression Version

17

Memory Locations

Code Location

FImage runs in flash

M Image runs in Random Access Memory (RAM)

RImage runs in Read Only Memory (ROM)

LImage will be relocated at runtime

Compression Identifiers

Code Compression

ZImage is Zip compressed

XImage is Mzip compressed

WImage is Stac compressed

Connections

Cisco's networking products support two types of external connections:ports (referred to as lines) and interfaces.

Out-of-band management (which you do by console ports) does not affect the bandwidth flowing through your network, while in-band management(which is doen by interface) does

Console Port

Almost every Cisco product has a console port. This port is used to establish an out of- band connection in order to access the CLI to manage your Cisco device. Most console connections to Cisco devices require an RJ-45 rollover cable and an RJ-45-to-DB9 terminal adapter. The rollover cable pins are reversed on the two sides.

Com port setting

Speed 9600 bps

Data bits 8

Stop bits 1

18

Parity & Flow Control None

Cabling Devices

A straight-through cable is used for DTE-to-DCE connections.

A hub to a router, PC, or file server A switch to a router, PC, or file server

Crossover cables should by used when you connect a DTE to another DTE or a DCE to another DCE.

A hub to another hub A switch to another switch A hub to a switch A PC, router, or file server to another PC, router, or file server

Interface of Router

Console

The console port is used for local management connections. This means that you must be able to physically reach the console port with a cable. The console port looks exactly like an Ethernet port. It uses the same connector, but it has different wiring and is often identified with a light blue label "CONSOLE."

Aux Port

The AUX port is really just another console port that is intended for use with a modem, so you can remotely connect and administer the device by phoning it. However using aux port for configuration create some security issues, so

19

make sure that you get advice on addressing those before setting this up.

Ethernet Port

An Ethernet port (which might be a FastEthernet or even a GigabitEthernet port, depending on your router model) is intended to connect to the LAN. Some routers have more than one Ethernet or FastEthernet port; it really depends on what you need and of course what you purchase. The Ethernet port usually connects to the LAN switch with a straight-through cable.

20

Serial Port

A Cisco serial port is a proprietary design, a 60-pin D-sub. This connector can be configured for almost any kind of serial communication. You need a cable that has the Cisco connector on one end and the appropriate type of connector for the service you want to connect to on the other.

Cisco devices hardware component and booting process

ROM

ROM contains the necessary firmware to boot up your router and typically has the following four components:

POST (power-on self-test) Performs tests on the router's hardware components. Bootstrap program Brings the router up and determines how the IOS image and

configuration files will be found and loaded. ROM Monitor (ROMMON mode) A mini–operating system that allows you to

perform low-level testing and troubleshooting, the password recovery procedure, Mini-IOS A stripped-down version of the IOS that contains only IP code. This should

be used in emergency situations where the IOS image in flash can't be found and you want to boot up your router and load in another IOS image. This stripped-down IOS is referred to as RXBOOT mode.

RAM

RAM is like the memory in your PC. On a router, it (in most cases) contains the running IOS image; the active configuration file; any tables (including routing, ARP, CDP neighbor, and other tables); and internal buffers for temporarily storing information, such as interface input and output buffers. The IOS is responsible for managing memory. When you turn off your router, everything in RAM is erased.

Flash

Flash is a form of nonvolatile memory in that when you turn the router off, the information stored in flash is not lost. Routers store their IOS image in flash, but other information can also be stored here. Note that some lower-end Cisco routers actually run the IOS directly from flash (not RAM). Flash is slower than RAM, a fact that can create performance issues.

21

NVRAM

NVRAM is like flash in that its contents are not erased when you turn off your router. It is slightly different, though, in that it uses a battery to maintain the information when the Cisco device is turned off. Routers use NVRAM to store their configuration files. In newer versions of the IOS, you can store more than one configuration file here.

Router Boot up Process

A router typically goes through five steps when booting up:

The router loads and runs POST (located in ROM), testing its hardware components, including memory and interfaces.

The bootstrap program is loaded and executed. The bootstrap program finds and loads an IOS image: Possible locations: -

flash, a TFTP server, or the Mini-IOS in ROM. Once the IOS is loaded, the IOS attempts to find and load a configuration

file, stored in NVRAM After the configuration is loaded, you are presented with the CLI interface.

you are placed into is User EXEC mode.

Setup Mode

Cisco devices include a feature called Setup mode to help you make a basic initial configuration. Setup mode will run only if there is no configuration file in NVRAM—either because the router is brand-new, or because it has been erased. Setup mode will ask you a series of questions and apply the configuration to the device based on your answers. You can abort Setup mode by typing CTRL+C or by saying "no" either when asked if you want to enter the initial configuration dialog or when asked if you want to save the configuration at the end of the question.

Configuration register

The configuration register is a special register in the router that determines many of its boot up and running options, including how the router finds the IOS image and its configuration file. The configuration register is a four-character hexadecimal value that can be changed to manipulate how the router behaves at bootup. The default value is 0x2102. The characters "0x" indicate that the characters that follow are in hexadecimal. This makes it clear whether the value is "two thousand one hundred and two" or, as in this case, "two one zero two hexadecimal". The fourth character in the configuration register is known as the boot field. Changing the value for this character will have the following effects:

0x2100 = Always boot to ROMMON. 0x2101 = Always boot to RXBOOT. 0x2102 through 0x210F = Load the first valid IOS in flash; values of 2

through F for the fourth character specify other IOS image files in flash.

The third character in the configuration register can modify how the router loads the configuration file. The setting of 0x2142 causes the router to ignore the startup-config file in NVRAM (which is where the password is stored) and proceed without a configuration—as if the router were brand new or had its configuration erased.

22

How to reset Router password

The Password Recovery process is simple and takes less than five minutes depending on how fast your router boots

1. Connect to the console port, start your terminal application, and power cycle the router. When you see the boot process beginning, hit the Break sequence. (This is usually Ctrl+Page Break, but it might differ for different terminal applications.) Doing this interrupts the boot process and drops the router into ROMMON.

2. At the ROMMON prompt, enter the command confreg 0x2142 to set the configuration register to 0x2142.

3. Restart the router by power cycling it or by issuing the command reset.4. When the router reloads, the configuration register setting of 0x2142 instructs the

router to ignore the startup-config file in NVRAM. You will be asked if you want to go through Setup mode because the router thinks it has no startup-configuration file. Exit from Setup mode.

5. Press Return and enable command enable to go into privileged EXEC command mode. No password is required because the startup config file was not loaded.

6. Load the configuration manually by entering copy startup-config running-config.7. Go into the Global Configuration mode using the command configure terminal and

change the password with the command enable password password or enable secret password.

8. Save the new password by entering copy running-config startup-config.9. Go to the global config prompt, and change the configuration register back to the

default setting with the command config-register 0x2102. Exit back to the privileged exec prompt.

10. Reboot the router using the reload command. You will be asked to save your changes; you can do so if you have made additional configuration changes.

Reset password on 1841

System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.Self decompressing the image :################monitor: command "boot" aborted due to user interruptrommon 1 > confreg 0x2142rommon 2 > resetSystem Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.Self decompressing the image :############################################################### [OK]

Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Wed 18-Jul-07 04:52 by pt_teamImage text-base: 0x60080608, data-base: 0x6270CD50

Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.Processor board ID FTX0947Z18EM860 processor: part number 0, mask 49

23

2 FastEthernet/IEEE 802.3 interface(s)191K bytes of NVRAM.31360K bytes of ATA CompactFlash (Read/Write)Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Wed 18-Jul-07 04:52 by pt_team

--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: no

Press RETURN to get started!Router>enableRouter#copy startup-config running-configDestination filename [running-config]?428 bytes copied in 0.416 secs (1028 bytes/sec)Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#enable password vinitaRouter(config)#enable secret vinitaRouter(config)#config-register 0x2102Router(config)#exitRouter#copy running-config startup-configDestination filename [startup-config]?Building configuration...[OK]Router#reloadProceed with reload? [confirm]

Packet Tracer

Packet tracer is tiny software developed by Cisco System. With packet tracer you can do entire practical of Cisco Routers and switches . Beside packet tracer there are lot of simulator software are available on internet. But most of

24

them will cost you around 150$. In this Example from our free CCNA study guide series we will guide you that how can you install packet tracer.

Packet Tracer offers a broad range of opportunities for instructors to demonstrate networking concepts. Although Packet Tracer is not a substitute for real equipment, it allows students to practice using a model of the Cisco Internet work Operating System (IOS) command line interface and provides visual, drag-and-drop problem solving using virtual networking devices. This hands-on capability is a fundamental component of learning how to config¬ure routers and switches from the command line. Students can see how to configure and connect networking hardware while confirming systems design. Instructors can create their own self-evaluated activities that present immediate feedback to students on their proficiency in completing assignments.

Packet tracer

Download packet tracer from any of these location

http://uploading.com/files/ac18cbf4/c.pt_5.2.rar

Do right click and select extract here.

Double click on setup file to invoke installation

Cisco IOS Mode User Privilege Configurations

CLI Access Modes

Each Cisco device on CLI interface supports three access modes

User EXECProvides basic access to the IOS with limited command availability (basically simple monitoring and troubleshooting commands)

Privilege EXECProvides high-level management access to the IOS, including all commands available at User EXEC mode

25

ConfigurationAllows configuration changes to be made to the device

User EXEC Mode

Your initial access to the CLI is via the User EXEC mode, which has only a limited number of IOS commands you can execute. Depending on the Cisco device’s configuration, you might be prompted for a password to access this mode.

This mode is typically used for basic troubleshooting of networking problems. You can tell that you are in User EXEC mode by examining the prompt on the left side of the screen:

Router>

If you see a > character at the end of the information, you know that you are in User EXEC mode. The information preceding the > is the name of the Cisco device.

For instance, the default name of all Cisco routers is Router, whereas the 2960 switch’s User EXEC prompt looks like this: Switch>. These device names can be changed with the hostname command.

Privilege EXEC Mode

Once you have gained access to User EXEC mode, you can use the enable command to access Privilege EXEC mode:

Router> enableRouter#

Once you enter the enable command, if a Privilege EXEC password has been configured on the Cisco device, you will be prompted for it. Upon successfully authenticating, you will be in Privilege EXEC mode. You can tell that you are in this mode by examining the CLI prompt. In the preceding code example, notice that the > changed to a #.

When you are in Privilege EXEC mode, you have access to all of the User EXEC commands as well as many more advanced management and troubleshooting commands. These commands include extended ping and trace abilities, managing configuration files and IOS images, and detailed troubleshooting using debug commands. About the only thing that you can’t do from this mode is change the configuration of the Cisco device—this can be done only from Configuration mode. If you wish to return to User EXEC mode from Privilege EXEC mode, use the exit command:

Router# exitRouter>

Again, by examining the prompt, you can tell that you are now in User EXEC mode.

Configuration Modes of Cisco IOS Software

From privileged EXEC mode, you can enter global configuration mode using the configure terminal command.From global configuration mode, you can access specific configuration modes, which include, but are not limited to, the following:

Interface:Supports commands that configure operations on a per-interface basis

26

Subinterface:Supports commands that configure multiple virtual interfaces on a single physical interface

Controller:Supports commands that configure controllers (for example, E1 and T1 controllers)

Line:Supports commands that configure the operation of a terminal line (for example, the console or the vty ports)

Router:Supports commands that configure an IP routing protocol

If you enter the exit command, the router backs out one level, eventually logging out. In general, you enter the exit command from one of the specific configuration modes to return to global configuration mode. Press Ctrl+Z or enter end to leave configuration mode completely and return to the privileged EXEC mode.

Commands that affect the entire device are called global commands.The hostname and enable password commands are examples of global commands.

Commands that point to or indicate a process or interface that will be configured are called major commands. When entered, major commands cause the CLI to enter a specific configuration mode.

Major commands have no effect unless you immediately enter a subcommand that supplies the configuration entry. For example, the major command interface serial 0 has no effect unless you follow it with a subcommand that tells what is to be done to that interface.

Router Modes

Router>User mode

Router#Privileged mode (also known as EXEC-level mode)

Router(config)#Global configuration mode

Router(config-if)#Interface mode

Router(config-subif)#Subinterface mode

Router(config-line)#Line mode

Router(config-router)#Router configuration mode

Administration of Cisco devices

27

Back Up and Restore IOS

You can use TFTP, FTP, or RCP to transfer an IOS image to or from a server. Only tftp server is covered in CCNA exam so we will cover it. TFTP is the trivial file transfer protocol. Unlike FTP, there are no means of authenticating with a username or password or navigating directories.

To back up your IOS, you will use the copy command from within privileged EXEC mode. The syntax of this command is copy <from><to>. Thus, if you want to copy an IOS from your IOS to a TFTP server, the syntax would be copy tftp flash. After executing this command, you will be prompted with a number of questions asking for such things as the IOS filename and IP address of the TFTP server.

To restore or upgrade your IOS from a TFTP server to a router, the syntax would be copy tftp flash.

Remember the following troubleshooting steps if you are having difficulties using TFTP:

Verify that the TFTP server is running. Verify cable configurations. You should use a crossover cable between a router and a server or, if you

have a switch, use a straight-through cable from the router to the switch and from the switch to the server.

Verify that your router is on the same subnet as your TFTP server. If you are using a Linux TFTP server, make sure that you first use the touch command to create a zero-byte

file with the name of the IOS image; otherwise, the file will not copy to the TFTP server.

Being a Cisco Associate you should be able to take back and restore of networks critical resources. Cisco devices use Tftp server for this purpose. In real life you should keep daily back up of Cisco IOS and running configuration. In lab we can do the same practical on packet tracker.

Back up and Restore of Network Devices

28

Create this topology and load it in packet tracer

As you can see in diagram we have a TFTP server connected with router from cross cable. A pc is connected with router from console cable. IP address on Server is 10.0.0.2 and 10.0.0.1 on routers fast Ethernet port 0/0 is already configured.

Now your task is to take the back of running configuration on tftp server. So we can retrieve it in any situations.

Double click on pc0 click on Desktop tab select terminal click on terminal configuration ( Do not change default setting). Click on ok This will emulate Router on screen

Now Follow these steps

R1>enableR1#copy running-config tftp:Address or name of remote host []? 10.0.0.2Destination filename [R1-confg]?.!![OK - 359 bytes]

29

http://computernetworkingnotes.com/ccna_certifications/download/backup_restore.pkt

359 bytes copied in 3.078 secs (0 bytes/sec)R1#

Now we have taken the backup of running configuration. To verify it click on Server and select config tab and click on TFTP and scroll down. At the end of window you can see the backup files.

As you can see in image we have successfully taken the backup. Now open again terminal in PC0 and remove the startup configuration. And reload the router.

R1>enableR1#erase startup-configErasing the nvram filesystem will remove all configuration files! Continue? [confirm][OK]Erase of nvram: complete%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvramR1#reloadProceed with reload? [confirm]

30

Now router will restart and as we have already discussed in our pervious Example Booting process of Cisco devices, that router load its running configuration from NARAM. And we have deleted the contain for NAVRAM (Startup-configuration) so it will launch default startup program. Write No and press enter.

Now you will see default router prompt. We have to do some basic setting before connecting the TFTP Server.

Router>enableRouter#configure terminalRouter(config)#interface fastethernet 0/0Router(config-if)#ip address 10.0.0.1 255.0.0.0Router(config-if)#no shutdownRouter(config-if)#exitRouter(config)#exitRouter#

we have done the essential configuration to connect the tftp server. Now restore the configuration back to router

Router#copy tftp running-configAddress or name of remote host []? 10.0.0.2Source filename []? R1-confgDestination filename [running-config]?

Loading R1-confg from 10.0.0.2: ![OK - 359 bytes]

359 bytes copied in 0.032 secs (11218 bytes/sec)R1#

At this point the configuration is in RAM so you will lost it on reboot so copy it in NVRAM.

R1#copy running-config startup-configDestination filename [startup-config]?Building configuration...[OK]R1#

How to update IOS

Being a CCNA certified associate you should also be capable to update the IOS of Cisco devices. This process include the serious risk of getting defective of device. So don’t do it on live device until you became perfect on simulator.

31

Create this topology and load it in packet tracer

IP and other setting is already configured on Server and Router. We have new IOS stored on TFTP Server. Double click on pc0 click on Desktop tab select terminal click on terminal configuration ( Do not change default setting). This will emulate Router on screen.

First step toward the updating of IOS is to check the available space in flash

R1>enableR1#sh flash

System flash directory:File Length Name/status 1 33591768 c1841-advipservicesk9-mz.124-15.T1.bin[33591768 bytes used, 30424616 available, 64016384 total]63488K bytes of processor board System flash (Read/Write)R1#

As you can see in output we have 30424616 bytes free available. We can download new IOS in flash from TFTP Server. To load new IOS

R1#copy tftp flashAddress or name of remote host []? 10.0.0.2Source filename []?c1841-ipbasek9-mz.124-12.binDestination filename [c1841-ipbasek9-mz.124-12.bin]?.Loading c1841-ipbasek9-mz.124-12.bin from 10.0.0.2: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!![OK - 16599160 bytes]

16599160 bytes copied in 5.989 secs (620180 bytes/sec)

As you can see in output we have downloaded new IOS now we can remove old IOS

R1#delete flash:c1841-advipservicesk9-mz.124-15.T1.binDelete filename [c1841-advipservicesk9-mz.124-15.T1.bin]?Delete flash:/c1841-advipservicesk9-mz.124-15.T1.bin? [confirm]

R1#show flash

32

http://computernetworkingnotes.com/ccna_certifications/download/backup_restore.pkt

System flash directory:File Length Name/status 2 16599160 c1841-ipbasek9-mz.124-12.bin[16599160 bytes used, 47417224 available, 64016384 total]63488K bytes of processor board System flash (Read/Write)R1#

Now restart the router to take effect of new IOS

R1#reloadProceed with reload? [confirm]

%SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.

Self decompressing the image :################################################################# [OK] Restricted Rights Legend

Cisco IOS Software, 1841 Software (C1841-IPBASEK9-M), Version 12.4(12),Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2006 by Cisco Systems, Inc.Compiled Mon 15-May-06 14:54 by pt_teamImage text-base: 0x600790EC, data-base: 0x61480000Cisco IOS Software, 1841 Software (C1841-IPBASEK9-M), Version 12.4(12),Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2006 by Cisco Systems, Inc.Compiled Mon 15-May-06 14:54 by pt_team



Press RETURN to get started!

Router>

As you can see in output router is booted from new IOS. As new IOS is loaded so all pervious configuration will also be removed load it again from TFTP Server and save it to NVRAM.

Switching

2960 switch overview functionality

2960 Overview

33

The 2960 series of switches comes with the LAN-based software image, which provides advanced quality of service, rate limiting, access control list (ACL), and many other features.Depending on the series of 2960 Switch could have fast Ethernet port or dual purpose gigabit Ethernet port.The dual-purpose Gigabit Ethernet (GE) port supports a 10/100/1000 port and an SFP (fiber) port, where one of the two ports (not both) can be used. The 2960 series supports an optional external redundant power supply (RPS) that can be attached to the rear of the chassis.

2960 LEDs and MODE Button

The front of the 2960 chassis has many LEDs that you can use to monitor the switch's activity and performance. At the top-left of the 2960's front chassis are the SYSTEM and RPS LEDs. The colors of these LEDs and their meanings are shown in Table

LED Color Description

SYSTEM

Green The system is up and operational.

Amber The system experienced a malfunction.

Off The system is powered down.

RPS

Green The RPS is attached and operational.

AmberThe RPS is installed but is not operational. Check the RPS to ensure that it hasn't failed.

Flashing amberBoth the internal power supply and the external RPS are installed, but the RPS is providing power.

Off The RPS is not installed.

Switch Bootup Process

For your initial access to the switch, make sure you plug the rollover cable into the switch’s console port and the other end into the COM port of your computer. Start up a terminal emulation program such as HyperTerminal.

Switch have same hardware component that router have. And follow the same booting process. To know more about Cisco Devices booting process read our pervious Example

Cisco devices hardware devices and booting process

System Configuration Dialog

If no configuration is found, the IOS will run the setup script, commonly called the System Configuration Dialog. This script asks you questions to help it create a basic configuration on the switch. When posing questions, the setup script uses brackets ([ and ]) to indicate default values. Leaving these answers blank (that is, not supplying an

34

answer) results in the script accepting the value indicated in brackets for the configuration component. In the script, you can configure the switch’s hostname, set up a Privilege EXEC password, assign a password for the virtual type terminals (VTYs), and set up an IP address for a VLAN interface to manage the switch remotely.Here’s an example of this script:

Would you like to enter the initial configuration dialog? [yes/no]: yesAt any point you may enter a question mark '?' for help.Use ctrl-c to abort configuration dialog at any prompt.Default settings are in square brackets '[]'.

Basic of switching

Bridges and switches are layer 2 devices that segment (break up) collision domains. A collision domain basically includes all the devices that share a media type at layer 1.

Difference between bridge and switch

Functions Bridges Switches

Form of switching Software Hardware

Method of switching Store and forwardStore and forward, cut-through, Fragment-free

port 2-20 100 plus

Duplex Half Half and full

Collision domains 1 per port 1 per port

Broadcast domains 1 per vlan

STP instances 1 1

Methods of Switching

Store and Forward

35

Store and Forward is the basic mode that bridges and switches use. It is the only mode that bridges can use, but many switches can use one or more of the other modes as well, depending on the model. In Store-and-Forward switching, the entire frame is buffered (copied into memory) and the Cyclic Redundancy Check (CRC), also known as the FCS or Frame Check Sequence is run to ensure that the frame is valid and not corrupted.

Cut Through

Cut Through is the fastest switching mode. The switch analyzes the first six bytes after the preamble of the frame to make its forwarding decision. Those six bytes are the destination MAC address, which, if you think about it, is the minimum amount of information a switch has to look at to switch efficiently. After the forwarding decision has been made, the switch can begin to send the frame out the appropriate port(s), even if the rest of the frame is still arriving at the inbound port. The chief advantage of Cut-Through switching is speed; no time is spent running the CRC, and the frame is forwarded as fast as possible

Fragment-free

Switching will switch a frame after the switch sees at least 64 bytes, which prevents the switching of runt frames. This is the default switching method for the 1900 series. 2950 doesn’t support cut-through Fragment-Free switching is sometimes called "runtless" switching for this reason. Because the switch only ever buffers 64 bytes of each frame, Fragment Free is a faster mode than Store and Forward, but there still exists a risk of forwarding bad frames, so the previously described mechanisms to change to Store and Forward if excessive bad CRCs are received are often implemented as well.

Virtual LAN

A virtual LAN (VLAN) is a logical grouping of network devices in the same broadcast domain that can span multiple physical segments.

Advantages of VLANs:

Increase the number of broadcast domains while reducing their size. Provide additional security. Increase the flexibility of network equipment. Allow a logical grouping of users by function, not location. Make user adds, moves, and changes easier.

Subnets and VLANs

Logically speaking, VLANs are also subnets. A subnet, or a network, is a contained broadcast domain. A broadcast that occurs in one subnet will not be forwarded, by default, to another subnet. Routers, or layer-3 devices, provide this boundary function. Switch provide this function at layer 2 by VLAN.

Scalability

36

VLANs provide for location independence. This flexibility makes adds, changes, and moves of networking devices a simple process. It also allows you to group people together, which also makes implementing your security policies straightforward.

IP protocols supports 500 devices per vlans.

VLAN Membership

A device’s membership in a VLAN can be determined by one of two methods: static or dynamic

Static: - you have to assign manually Dynamic:- Configure VTP server and it will automatically do rest

VLAN Connections

two types of connections: access links and trunks.

Access-Link Connections An access-link connection is a connection between a switch and a device with a normal Ethernet NIC, where the Ethernet frames are transmitted unaltered.

Trunk Connections trunk connections are capable of carrying traffic for multiple VLANs. Cisco supports two Ethernet trunking methods:

Cisco’s proprietary Inter Switch Link (ISL) protocol for Ethernet IEEE’s 802.1Q, commonly referred to as dot1q for Ethernet

ISL is Cisco-proprietary trunking method that adds a 26-byte header and a 4-byte trailer to the original Ethernet frame. Cisco’s 1900 switch supports only ISL

802.1Q is a standardized trunking method that inserts a four-byte field into the original Ethernet frame and recomputed the FCS. The 2950 only supports 802.1Q. 802.1Q trunks support two types of frames: tagged and untagged.

An untagged frame does not carry any VLAN identification information in it—basically, this is a standard, unaltered Ethernet frame.

A tagged frame contains VLAN information, and only other 802.1Q-aware devices on the trunk will be able to process this frame

By default, all VLANs are permitted across a trunk link. Switch-to-Switch trunk links always require the use of a crossover cable, never a straight-through cable.

37

Configuration of Cisco 2960 Switch

To practically implement these command either create a simple topology on packet tracer .

Example topology for basic switch commands

Now click on any switch and configure it as given below

To know all available command on user exec mode type ?and press enter

Switch>?Exec commands: [1-99] Session number to resumeconnect Open a terminal connectiondisconnect Disconnect an existing network connectionenable Turn on privileged commandsexit Exit from the EXEClogout Exit from the EXECping Send echo messages

[Output is omitted]

Three command can be used to logout from terminal use any one

Switch>enableSwitch#disableSwitch>exit

Switch con0 is now available

Press RETURN to get started.

Show version command will tell about the device platform and detected interface and ios name

38

http://computernetworkingnotes.com/ccna_certifications/download/basic_switch_configure.pkt

Switch>enableSwitch#show versionCisco IOS Software, C2960 Software (C2960-LANBASE-M), Version12.2(25)FX, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2005 by Cisco Systems, Inc.Compiled Wed 12-Oct-05 22:05 by pt_teamROM: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX,RELEASE SOFTWARE (fc4)System returned to ROM by power-onCisco WS-C2960-24TT (RC32300) processor (revision C0) with21039K bytes of memory.24 FastEthernet/IEEE 802.3 interface(s)2 Gigabit Ethernet/IEEE 802.3 interface(s)

[Output is omitted]

show mac address command will show all detected mac address dynamically and manually

Switch#show mac-address-table Mac Address Table-------------------------------------------

Vlan Mac Address Type Ports---- ----------- -------- -----

1 0001.643a.5501 DYNAMIC Gig1/1

Run time configuration of ram can be any time by simple show run commands

Switch#show running-configBuilding configuration...Current configuration : 925 bytesversion 12.2no service password-encryption!hostname Switch

[Output is omitted]

To view startup configuration [ Stored in NVRAM] use show start command

Switch#show startup-configCurrent configuration : 925 bytesversion 12.2no service password-encryption!hostname Switch

[Output is omitted]

show vlan command will give the detail overview of all vlan configured on switch

Switch#show vlan

39

VLAN Name Status Ports---- -------------------------------- --------- -----------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24[Output is omitted]

show interface command will show all detected interface with their hardware description and configuration

Switch#show interfacesFastEthernet0/1 is up, line protocol is up (connected) Hardware is Lance, address is 0060.2f9d.9101 (bia 0060.2f9d.9101) MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set[Output is omitted]

interface vlan 1 is used to assign ip address and default gateway to switch. Show interface vlan 1 will give a over view of vlan1.

Switch#show interface vlan1Vlan1 is administratively down, line protocol is down Hardware is CPU Interface, address is 0060.5c23.82ae (bia 0060.5c23.82ae) MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec,reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00

[Output is omitted]

delete command is used to delete all vlan configuration from switch Don’t add space between flash and vlan.dat Run this exactly shown here adding a space could erase flash entirely leaving switch blank

Switch#delete flash:vlan.datDelete filename [vlan.dat]?Delete flash:/vlan.dat? [confirm]%deleting flash:/vlan.dat

Startup configuration can be removed by erase commands

Switch#erase startup-configErasing the nvram filesystem will remove all configuration files!Continue? [confirm][OK]Erase of nvram: complete%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram

use configure terminal command to go in global configuration mode

40

Switch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.

Now change default switch name to switch 1

Switch(config)#hostname Switch1

Set enable password to vinita and secret to nikki

Switch1(config)#enable password vinitaSwitch1(config)#enable secret nikki

Set console password to vinita and enable it by login command, order of command is important set password before you enable it

Switch1(config)#line console 0Switch1(config-line)#password vinitaSwitch1(config-line)#loginSwitch1(config-line)#exit

Enable 5 telnet session [ vty0 - vty4] for router and set their password to vinita

Switch1(config)#line vty 0 4Switch1(config-line)#password vinitaSwitch1(config-line)#loginSwitch1(config-line)#exit

Now set switch ip address to 192.168.0.10 255.255.255.0 and default gateway to 192.168.0.5

Switch1(config)#interface vlan1Switch1(config-if)#ip address 192.168.0.10 255.255.255.0Switch1(config-if)#exitSwitch1(config)#ip default-gateway 192.168.0.5

Set a description finance VLAN to interface fast Ethernet 1

Switch1(config)#interface fastEthernet 0/1Switch1(config-if)#description finance VLAN

By default switch automatically negotiate speed and duplex but you can adjust it manually

Switch1(config-if)#duplex full%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to down%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,changed state to downSwitch1(config-if)#duplex auto%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to upSwitch1(config-if)#duplex half%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to down%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,changed state to down

41

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to upSwitch1(config-if)#duplex autoSwitch1(config-if)#speed 10Switch1(config-if)#speed 100Switch1(config-if)#speed autoSwitch1(config-if)#exitSwitch1(config)#exit

mac address table can be wiped out by clear commands

Switch1#showSwitch1#show mac-address-table Mac Address Table-------------------------------------------

Vlan Mac Address Type Ports---- ----------- -------- -----

1 0001.643a.5501 DYNAMIC Gig1/1Switch1#clear mac-address-tableSwitch1#clear mac-address-table ?dynamic dynamic entry typeSwitch1#clear mac-address-table dynamic

To restart switch use reload command [ running configuration will be erased so copy it first to startup configuration ]

Switch1#reloadProceed with reload? [confirm]Switch con0 is now availablePress RETURN to get started.

Switch port security

In this Example I will show you that how can you

Configuring the IP address and subnet mask Setting the IP default gateway Enable telnet session for switch Enable Ethereal Channel Enable port security

To perform this activity Create this lab topology and load in packet tracer .

42

Switch Port Security

Configure IP address subnet mask and default gateway

IP address and default gateway is used to configure switch remotely via telnet or SSH. Without this essential configurations you have connect with switch via console cable each time. That's very tedious as you have to go near to switch each time.

Switch>enableSwitch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#hostname S1S1(config)#interface vlan 1S1(config-if)#ip address 10.0.0.10 255.0.0.0S1(config-if)#no shutdown%LINK-5-CHANGED: Interface Vlan1, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to upS1(config-if)#exitS1(config)#ip default-gateway 10.0.0.1

Enable Telnet and password protect the line

You can secure a switch by using passwords to restrict various levels of access. Using passwords and assigning privilege levels are simple ways of providing both local and remote terminal access control in a network. Passwords can be established on individual lines, such as the console, and to the privileged EXEC (enable) mode. Passwords are case sensitive. By default There are five VTY ports on the switch, allowing five simultaneous Telnet sessions, noting that other Cisco devices might have more than five logical VTY ports. The five total VTY ports are numbered from 0 through 4 and are referred to all at once as line vty 0 4.

S1(config)#line console 0S1(config-line)#password vinitaS1(config-line)#loginS1(config-line)#exitS1(config)#line vty 0 4S1(config-line)#password vinita

43

S1(config-line)#loginS1(config-line)#exitS1(config)#

Enable Switch port security

this feature set allows you (among several other options) to disable a port if more than one MAC address is detected as being connected to the port. This feature is commonly applied to ports that connect security-sensitive devices such as servers. You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses.

Switch>enableSwitch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#hostname S2S2(config)#interface fastEthernet 0/1S2(config-if)#switchport mode accessS2(config-if)#switchport port-securityS2(config-if)#switchport port-security maximum 1S2(config-if)#switchport port-security mac-address stickyS2(config-if)#switchport port-security violation shutdownS2(config-if)#exitS2(config)#

You can verify port security.

Click on the red x button on the right hand portion of the PT window. This will allow you to delete a connection in the topology. Place the x over the connection between Server and S2 and click. The connection should disappear.

Select the lightening bolt button on the bottom left-hand corner of the PT window to pull up connection types. Click the “copper straight-through” connection. Click the TestPC device and select the fastethernet port. Next, click on S2 and select port Fa0/1.

From the command prompt of TestPC type the command ping 10.0.0.4. The ping should fail.

On S3, enter the command show port-security interface fa0/1.

Port security is enabled, port-status is secure-shutdown, security violation count is 1.

Configure Vlan vtp server stp dtp

In our pervious Example you learnt about the feature of switching. To read these Examples you can follow these links. In this tutorial I will demonstrate that how can you

44

Configure Access or Trunk links Create VLAN Assign VLAN membership Configure Intra VLAN routing Configure VTP Server Make VTP Clients Show STP Static Configure DTP port

To complete these lab either create a topology as shown in figure or Create this file and load it in packet tracer

Advance switch configuration

PC configurations

Devices IP Address VLAN Connected With

PC0 10.0.0.2 VLAN10 Switch1 on F0/1






2960 – 24 TTL Switch 1 Configuration

Port Connected to VLAN LINK STATUS

F0/1 With PC0 VLAN10 Access OK


Gig1/1 With Router VLAN 10,20 Trunk OK

Gig 1/2 With Switch2 VLAN 10,20 Trunk OK

45

http://computernetworkingnotes.com/ccna_certifications/download/switching_basic.pkt

F0/24 Witch Switch2 VLAN 10,20 Trunk OK






F0/24 Witch Switch1 VLAN 10,20 Trunk Blocked

F0/23 Witch Switch3 VLAN 10,20 Trunk OK





F0/24 Witch Switch1 VLAN 10,20 Trunk Blocked

Task

You are the administrator at XYZ company have two department sales and management. You have given three pc for sales and three pc in management. You created two VLAN. VLAN 10 for sales and VLAN20 for management. For backup purpose you have interconnected switch with one extra connection. You have one router for intera VLAN communications.

Let's start configuration first assign IP address to all pc'sTo assign IP address double click on pc and select ip configurations from desktop tab and give ip address as shown in table given above

VLAN Trunking Protocol

Configure VTP Server

We will first create a VTP Server so it can automatically propagate VLAN information to other switch. Double click on Switch1 and select CLI. Set hostname to S1 and create VTP domain name example and set password to vinita ( Remember password is case sensitive ).

Switch 1

Switch>enableSwitch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#hostname S1S1(config)#vtp mode serverDevice mode already VTP SERVER.S1(config)#vtp domain exampleChanging VTP domain name from NULL to exampleS1(config)#vtp password vinitaSetting device VLAN database password to vinita

Configure VTP clients

46

Once you have created a VTP domain. Configure remaining Switch to Client mode.

Switch 2

Switch>enableSwitch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#hostname S2S2(config)#vtp mode clientSetting device to VTP CLIENT mode.S2(config)#vtp domain exampleChanging VTP domain name from NULL to exampleS2(config)#vtp password vinitaSetting device VLAN database password to vinitaS2(config)#

Switch 3

Switch>enableSwitch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#hostname S3S3(config)#vtp mode clientSetting device to VTP CLIENT mode.S3(config)#vtp domain exampleChanging VTP domain name from NULL to exampleS3(config)#vtp password vinitaSetting device VLAN database password to vinitaS3(config)#

Dynamic Trunking Protocol

Configure DTP port

All Switch ports remain by default in access mode. Access port can not transfer the trunk frame. Change mode to trunk on all the port those are used to interconnect the switches

Switch 1

S1(config)#interface fastEthernet 0/24S1(config-if)#switchport mode trunk%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24,changed state to down%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24,changed state to upS1(config-if)#exitS1(config)#interface gigabitEthernet 1/1S1(config-if)#switchport mode trunkS1(config-if)#exitS1(config)#interface gigabitEthernet 1/2S1(config-if)#switchport mode trunk%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/2,changed state to down%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/2,changed state to up

47

S1(config-if)#exitS1(config)#

Switch 2

S2(config)#interface gigabitEthernet 1/1S2(config-if)#switchport mode trunk%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1,changed state to down%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1,changed state to upS2(config-if)#exitS2(config)#interface gigabitEthernet 1/2S2(config-if)#switchport mode trunkS2(config-if)#exitS2(config)#interface fastEthernet 0/23S2(config-if)#switchport mode trunk%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23,changed state to down%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23,changed state to upS2(config-if)#exitS2(config)#interface fastEthernet 0/24S2(config-if)#switchport mode trunkS2(config-if)#exit

Switch 3

S3(config)#interface fastEthernet 0/24S3(config-if)#switchport mode trunkS3(config-if)#exitS3(config)#interface gigabitEthernet 1/1S3(config-if)#switchport mode trunkS3(config-if)#exit

Virtual LAN (VLAN)

Create VLAN

After VTP server configuration its time to organize VLAN. We need only to create VLAN on VTP server and reset will be done by VTP Server automatically.

Switch 1

S1(config)#vlan 10S1(config-vlan)#exitS1(config)#vlan 20S1(config-vlan)#exitS1(config)#

As we have already configure VTP server in our network so we don't need to create VLAN on S2 or S3. We need only to associate VLAN with port.

Assign VLAN membership

48

Switch 1

S1(config)#interface fastEthernet 0/1S1(config-if)#switchport access vlan 10S1(config-if)#interface fastEthernet 0/2S1(config-if)#switchport access vlan 20

Switch 2


Switch 3


Now we have two working vlan. To test connectivity do ping form 10.0.0.2 to 10.0.0.3 and 10.0.0.4. if you get successfully replay then you have successfully created VLAN and VTP server.

Spanning-Tree Protocol

In this configuration STP will block these ports F0/24 of S1 , F0/23 and F0/24 of S2 and F0/24 of S3 to avoid loop at layer to two. Verify those ports blocked due to STP functions

Verify STP ports

Switch 2

S2#show spanning-tree activeVLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0002.174D.7794 Cost 4 Port 26(GigabitEthernet1/2) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 00D0.FF08.82E1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20

Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- ---------------------------Fa0/1 Desg FWD 19 128.1 P2pFa0/2 Desg FWD 19 128.2 P2pFa0/23 Desg FWD 19 128.23 P2pFa0/24 Altn BLK 19 128.24 P2pGi1/1 Desg FWD 4 128.25 P2p

49

Gi1/2 Root FWD 4 128.26 P2p[Output is omitted]S2#

You can test STP protocols status on S1 and S3also withshow spanning-tree active command

Router on Stick

At this point of configurations you have two successfully running VLAN but they will not connect each other. To make intra VLAN communications we need to configure router . To do this double click on router and select CLI.

Configure intra VLAN

Router

Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#interface fastEthernet 0/0Router(config-if)#no ip addressRouter(config-if)#no shutdownRouter(config-if)#exitRouter(config)#interface fastEthernet 0/0.10Router(config-subif)#encapsulation dot1Q 10Router(config-subif)#ip address 10.0.0.1 255.0.0.0Router(config-subif)#exitRouter(config)#interface fastEthernet 0/0.20Router(config-subif)#encapsulation dot1Q 20Router(config-subif)#ip address 20.0.0.1 255.0.0.0Router(config-subif)#exit

To test connectivity between different vlan do ping form any pc to all reaming pc. it should be ping successfully. If you have error Create this configured topology and cross check that where you have committed mistake.

Routing Static Dynamics (RIP OSPF EIGRP)

Basic router configurations login in router

In our last Example I show you that how can you connect Cisco router. In this Example I will show how can you can configure router. For demonstration purpose I used packet tracer software. If you haven’t install packet tracer read our pervious Example to download and install packet tracer. Link is given on the top side of left. Create a simple topology by dragging dives on workspace as shown in figure.

50

Click inside the Router and select CLI and press Enter to get started. Setup mode start automatically if there is no startup configuration present. The answer inside the square brackets [ ], is the default answer. If this is the answer you want, just press enter. Pressing CTRL+C at any time will end the setup process, shut down all interfaces, and take you to user mode (Router>).

You cannot use setup mode to configure an entire router. It does only the basics. For example, you can only turn on either RIPv1 or Interior Gateway Routing Protocol (IGRP), but not Open Shortest Path First Protocol (OSPF) or Enhanced Interior Gateway Routing Protocol (EIGRP). You cannot create access control lists (ACL) here or enable Network Address Translation (NAT). You can assign an IP address to an interface, but not to a subinterface. All in all, setup mode is very limiting.


Continue with configuration dialog? [yes/no]:Write no and press enter. To get router prompt

You are now connected to Router and are in user mode prompt. The prompt is broken down into two parts, the hostname and the mode. “Router” is the Router0's hostname and “>” means you are in user mode.

Press RETURN to get startedRouter>

User mode is indicated with the '>' next to the router name. in this mode you can look at settings but can not make changes. In Privilege mode(indicated by the '#', you can do anything). To get into privilege mode the keyword is enable.

Next type the command enable to get to the privileged mode prompt.

Router > enableRouter#

To get back to the user mode, simply type disable. From the user mode type logout or exit to leave the router.

Router#disableRouter>Router>exitRouter con0 is now availablePress RETURN to get started

press enter to get back router prompt

Router>

You are now in User mode. Type ?to view all the available commands at this prompt.

Router>?

From privilege mode you can enter in configuration mode by typing configure terminal you can exit configuration mode type exit or <CTL>+z

51

Router>enableRouter#config terminalRouter(config)#exitRouter#

To view all commands available from this mode type ?and press enter This will give you the list of all available commands for the router in your current mode. You can also use the question mark after you have started typing a command. For example if you want to use a show command but you do not remember which one it uses 'show ?' will output all commands that you can use with the show command.

Router#show ?access-expression List access expressionaccess-lists List access listsbackup Backup statuscdp CDP informationclock Display the system clockcls DLC user informationcompress Show compression statisticsconfiguration Contents of Non-Volatile memory--More--

Basic Global Configurations mode Commands

Configuring a Router Name

This command works on both routers and switches

Router(config)#hostname LucknowLucknow(config)#You could choose any descriptive name for your cisco devices

Configuring PasswordsThise command works on both routers and switches

Router(config)#enable password test Sets enable password to test

Router(config)#enable secret vinita Sets enable secret password to vinita

Router(config)#line console 0 Enters console line mode

Router(config-line)#password console Sets console line mode password to console

Router(config-line)#login Enables password checking at login

Router(config)#line vty 0 4 Enters vty line mode for all five vty lines

Router(config-line)#password telnet Sets vty password to telnet


Router(config)#line aux 0 Enters auxiliary line mode

Router(config-line)#password aux Sets auxiliary line mode password to aux


CAUTION: The enable secret password is encrypted by default. The enable password is not. For this reason, recommended practice is that you never use the enable password command. Use only the enable secret password command in a router or switch configuration.You cannot set both enable secret password and enable password to the same password. Doing so defeats the use of encryption.

52

Configuring a Fast Ethernet Interface

Router(config)#interface fastethernet 0/0 Moves to Fast Ethernet 0/0 interface configuration mode

Router(config-if)#description Student Lab LAN Optional descriptor of the link is locally significant

Router(config-if)#ip address 192.168.20.1 255.255.255.0 Assigns address and subnet mask to interface

Router(config-if)#no shutdown Turns interface on

Creating a Message of the Day Banner

Router(config)#banner motd # Next Schedule metting with manager is Postponed #Router(config)#

The MOTD banner is displayed on all terminals and is useful for sending messages that affect all users. Use the no banner motd command to disable the MOTD banner. The MOTD banner displays before the login prompt and the login banner, if one has been created.

Creating a Login Banner

Router(config)#banner login # Unauthorized access is prohibited !Please enter your username and password. #Router(config)#

The login banner displays before the username and password login prompts. Use the no banner login command to disable the login banner. The MOTD banner displays before the login banner.

# is known as a delimiting character. The delimiting character must surround the banner and login message and can be any character so long as it is not a character used within the body of the message

Assigning a Local Host Name to an IP Address

Router(config)#ip host Lucknow 172.16.1.1

Assigns a host name to the IP address. After this assignment, you can use the host name rather than an IP address when trying to Telnet or ping to that address

The no ip domain-lookup Command

Router(config)#no ip domain-lookupRouter(config)#

Turns off trying to automatically resolve an unrecognized command to a local host name

Ever type in a command incorrectly and are left having to wait for a minute or two as the router tries to translate your command to a domain server of 255.255.255.255? The router is set by default to try to resolve any word that is not a command to a Domain Name System (DNS) server at address 255.255.255.255. If you are not going to set up DNS, turn off this feature to save you time as you type, especially if you are a poor typist

53

The logging synchronous Command

Router(config)#line console 0Router(config-line)#exec-timeout 0 0Router(config-line)#

Sets the time limit when the console automatically logs off. Set to 0 0 (minutes seconds) means the console never logs off.The command exec-timeout 0 0 is great for a lab environment because the console never logs out. This is considered to be bad security and is dangerous in the real world. The default for the exec-timeout command is 10 minutes and zero (0) seconds (exec-timeout 10 0).

Saving and erasing configurations

Router(config)#exit Bring you back in Privilege exec mode

Router#copy running-config startup-config Saves the running configuration to local NVRAM

Router#copy running-config tftp Saves the running configuration remotely to a TFTP server

Router#erase startup-config Deletes the startup configuration file from NVRAM

Configuration Example: Basic Router Configuration

For example purpose we will use the topology created in start of this Example. Create a simple topology by dragging dives on workspace as shown in figure.

Click inside the Router and select CLI and press Enter to get started.




Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R1R1(config)#interface fastethernet 0/0R1(config-if)#description Student Lab LANR1(config-if)#ip address 192.168.20.1 255.255.255.0R1(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

54

R1(config-if)#exitR1(config)#banner motd # Next Schedule metting with is postponed #R1(config)#banner login # Unauthorized access is prohibited ! Enter you user name and password #R1(config)#ip host Lucknow 172.16.1.1R1(config)#no ip domain-lookupR1(config)#line console 0R1(config-line)#exec-timeout 0 0R1(config-line)#logging synchronousR1(config-line)#password consloeR1(config-line)#loginR1(config-line)#exitR1(config)#line vty 0 4R1(config-line)#password telnetR1(config-line)#loginR1(config-line)#exit% Unrecognized commandR1(config)#enable password testR1(config)#enable secret vinitaR1(config)#exit%SYS-5-CONFIG_I: Configured from console by consoleR1#copy running-config startup-configDestination filename [startup-config]?Building configuration...[OK]R1#

Basic router configurations show commands

In our last Example I show you that how can you connect Cisco router. In this Example I will show how can you can configure router. For demonstration purpose I used packet tracer software. If you haven’t install packet tracer read our pervious Example to download and install packet tracer. Link is given on the top side of left. Create a simple topology by dragging dives on workspace as show in figure.

Basic Show Commands

Router#show running-config

Building configuration...

Current configuration : 419 bytes!version 12.4no service password-encryption!

55

hostname Router!ip ssh version 1!interface FastEthernet0/0[output is Omitted]

Show the active configuration in memory. The currently active configuration script running on the router is referred to as the running-config on the routers command-line interface. Note that privileged mode is required. The running configuration script is not automatically saved on a Cisco router, and will be lost in the event of power failure. The running configuration must be manually saved with the 'copy' command

Router#show flash

System flash directory:File Length Name/status 1 33591768 c1841-advipservicesk9-mz.124-15.T1.bin[33591768 bytes used, 30424616 available, 64016384 total]63488K bytes of processor board System flash (Read/Write)

Flash memory is a special kind of memory on the router that contains the operating system image file(s). Unlike regular router memory, Flash memory continues to maintain the file image even after power is lost.

Router#show history

The routers Command Line Interface (CLI) maintains by default the last 10 commands you have entered in memory.To retrieve the previous command you typedPress the up arrowTo retrieve the next command you typedPress the down arrow

Router#show protocols

Use this command to view the status of the current layer 3 routed protocols running on your router

Router#show version

Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1,RELEASE SOFTWARE (fc2)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Wed 18-Jul-07 04:52 by pt_team

ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)

System returned to ROM by power-onSystem image file is "flash:c1841-advipservicesk9-mz.124-15.T1.bin"[output is Omitted]Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.Processor board ID FTX0947Z18EM860 processor: part number 0, mask 492 FastEthernet/IEEE 802.3 interface(s)1 Low-speed serial(sync/async) network interface(s)

56

191K bytes of NVRAM.31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

This command will give you critical information, such as: router platform type, operating system revision, operating system last boot time and file location, amount of memory, number of interfaces, and configuration register

Router#show clock

*1:46:13.169 UTC Mon Nov 1 2009

Will show you Routers clock

Router#show hosts

will display a cached list of hosts and all of their interfaces IP addresses

Router#show users

Will show a list of all users who are connected to the router

Router#show interfaces

will give you detailed information about each interface

Router#show protocols

will show the global and interface-specific status of any layer 3 protocols

Router#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 10.0.0.1 YES manual up up

FastEthernet0/1 unassigned YES manual administratively down down

Serial0/0/0 20.0.0.1 YES manual up up

Vlan1 unassigned YES manual administratively down downRouter#

This command will show brief descriptions about interface. This command mostly used in troubleshooting. There may be three possible conditions of status. UP :- interface is up and operational DOWN :- physical link is detected but there are some problem in configurations. Administratively down :- port is disable by shutdown command ( Default mode of any port on router.)

R1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

57

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route

Gateway of last resort is not set

C 10.0.0.0/8 is directly connected, FastEthernet0/0C 20.0.0.0/8 is directly connected, Serial0/0/0D 30.0.0.0/8 [90/40514560] via 20.0.0.2, 00:02:55, Serial0/0/0D 40.0.0.0/8 [90/41026560] via 20.0.0.2, 00:02:54, Serial0/0/0D 50.0.0.0/8 [90/41029120] via 20.0.0.2, 00:02:50, Serial0/0/0R1#

This command will give a detail about known route. Router will not forward packet if route is not shown here for that packet. Router’s routing decision is made by this routing table.

R1#show controllers serial 0/0/0Interface Serial0/0/0Hardware is PowerQUICC MPC860DCE V.35, clock rate 64000idb at 0x81081AC4, driver data structure at 0x81084AC0

Most common use of this command is to find out whether the port is DCE end or DTE. If the port is DCE end then clock rate and bandwidth command will require. As you can see in output that port is DCE.

R1#show ip protocols

Routing Protocol is "eigrp 1 " Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1Redistributing: eigrp 1 Automatic network summarization is in effect Automatic address summarization: Maximum path: 4 Routing for Networks: 10.0.0.0 20.0.0.0 Routing Information Sources: Gateway Distance Last Update 20.0.0.2 90 16 Distance: internal 90 external 170

58

Use this command to know about running routing protocols. This will give the complete status about routing protocols likes on which interface its receiving updates and on which interface its broadcasting update what is time intervals

press enter to get back router promptRouter>

You are now in User mode. Type ?to view all the available commands at this prompt.Router>?

From privilege mode you can enter in configuration mode by typing configure terminal you can exit configuration mode type exit or <CTL>+z

Router>enableRouter#config terminalRouter(config)#exitRouter#

To view all commands available from this mode type: ?and press: enter This will give you the list of all available commands for the router in your current mode. You can also use the question mark after you have started typing a command. For example if you want to use a show command but you do not remember which one it uses 'show ?' will output all commands that you can use with the show command.

Router#show ?access-expression List access expressionaccess-lists List access listsbackup Backup statuscdp CDP informationclock Display the system clockcls DLC user informationcompress Show compression statisticsconfiguration Contents of Non-Volatile memory--More--

Basic of routing

Routing is the process by which a packet gets from one location to another. To route a packet, a router needs to know the destination address and on what interface to send the traffic out .When a packet comes into an interface (in interface) on a router, it looks up the destination IP address in the packet header and compares it with its routing table. The routing table, which is stored in RAM, tells the router which outgoing interface the packet should go out to reach the destination network. There are three ways to control routing decisions on your router:

Static routes Default routes

59

Dynamic routes

Static Routes

Use a static route when you want to manually define the path that the packet will take through your network. Static routes are useful in small networks with rarely changing routes, when you have little bandwidth and do not want the overhead of a dynamic routing protocol, or when you want to manually define all of your routes for security reasons. Static routes are created in global configuration mode. The syntax for the static route is as follows:

ip route destination network address [subnet mask]{next-hop-address | interface] [distance]

Defaults routers

This is the special type of static route, commonly called the gateway of last resort. If the specified destination is not listed in the routing table, the default route can be used to route the packet. A default route has an IP address of 0.0.0.0 and a subnet mask of 0.0.0.0, often represented as 0.0.0.0/0. Default routes are commonly used in small networks on a perimeter router pointing to the directly connected ISP router.

Dynamic Routes

A router learns dynamic routes by running a routing protocol. Routing protocols will learn about routes from other neighboring routers running the same routing protocol. Through this sharing process, a router will eventually learn about all of the reachable network and subnet numbers in the network.

Now be familiar with the terms routing protocol and routed protocol that have two different meanings. A routing protocol learns about routes for a routed protocol.

Routed protocol:

Any network protocol that provides enough information in its network layer address to enable a packet to be forwarded from one host to another host based on the addressing scheme, without knowing the entire path from source to destination. Packets generally are conveyed from end system to end system. IP is an example of a routed protocol.

Routing protocol:

Facilitates the exchange of routing information between networks, enabling routers to build routing tables dynamically. Traditional IP routing stays simple because it uses next-hop (next-router) routing, in which the router needs to consider only where it sends the packet and does not need to consider the subsequent path of the packet on the remaining hops (routers). Routing Information Protocol (RIP) is an example of a routing protocol.

There are two types of routing protocols:

Interior Gateway Protocols (IGP): These routing protocols exchange routing information within an autonomous system. Routing Information Protocol version 2 (RIPv2), Enhanced Interior Gateway Routing (EIGRP), and Open Shortest Path First (OSPF) are examples of IGPs.

Exterior Gateway Protocols (EGP): These routing protocols are used to route between autonomous systems. Border Gateway Protocol (BGP) is the EGP of choice in networks today.

Metrics

60

Routing Protocols Metric Description

RIP Hop count How many layer 3 hops away from the destination

OSPF Cost Measurement in the inverse of the bandwidth of the links

EIGRP Bandwidth The capacity of the links in Kbps (T1 = 1554)

EIGRP Delay Time it takes to reach the destination

EIGRP Load The path with the least utilization

EIGRP MTU The path that supports the largest frame sizes

EIGRP Reliability The path with the least amount of errors or down time

Autonomous Systems

An autonomous system (AS) is a group of networks under a single administrative control, which could be your company, a division within your company, or a group of companies.Not every routing protocol understands the concept of an AS. Routing protocols that understand the concept of an AS are EIGRP, OSPF, IS-IS, and BGP. RIP doesn’t understand autonomous systems, while OSPF does; but OSPF doesn’t require you to configure the AS number, whereas other protocols, such as EIGRP, do.

Administrative Distance

Administrative distance is the measure of trustworthiness that a router assigns to how a route to a network was learned. An administrative distance is an integer from 0 to 255. A routing protocol with a lower administrative distance is more trustworthy than one with a higher administrative distance.

Administrative Distance

Route Type

0 Connected interface route

1 Static route

90 Internal EIGRP route (within the same AS)

110 OSPF route

120 RIPv1 and v2 route

170 External EIGRP (from another AS)

255 Unknown route (is considered an invalid route and will not be used)

61

basic of static routing configure cisco router

Static routing occurs when you manually add routes in each router's routing table. There are advantages and disadvantages to static routing, but that's true for all routing processes.

Static routing has the following advantages:

There is no overhead on the router CPU. There is no bandwidth usage between routers. It adds security because the administrator can choose to allow routing access to certain networks only.

Static routing has the following disadvantages:

The administrator must really understand the internetwork and how each router is connected in order to configure routes correctly.

If a network is added to the internetwork, the administrator has to add a route to it on all routers—manually.

It's not possible in large networks because maintaining it would be a full-time job in itself.

Command syntax for static route:

ip route [destination_network] [mask] [next-hop_address orexit_interface] [administrative_distance] [permanent]

ip route The command used to create the static route.

destination_networkThe network you're placing in the routing table.

mask The subnet mask being used on the network.

next-hop_address The address of the next-hop router that will receive the packet and forward it to the remote network.

exit_interfaceUsed in place of the next-hop address if you want, and shows up as a directly connected route.

administrative_distance By default, static routes have an administrative distance of 1 (or even 0 if you use an exit interface instead of a next-hop address).

permanent Keyword (Optional) Without the permanent keyword in a static route statement, a static route will be removed if an interface goes down. Adding the permanent keyword to a static route statement will keep the static routes in the routing table even if the interface goes down and the directly connected networks are removed.

In previous Example you learn that

How to connect Cisco devices How to use available help options Basic of routing protocols Show commands How to configure router for basic

62

In this Example we will recall all the topics you have learnt yetand will try to implement these command in practically. Create a topology as shown in figure on packet tracer or

Now configure PC-0 first.To configure pc double click on pc and select desktop

Now click on IP configurations

Set ip address as shown in figure

63

IP address 10.0.0.2Subnet mask 255.0.0.0Default Gateway 10.0.0.1

Follow the same process in PC-2 and set the ip address to

IP address 30.0.0.2Subnet mask 255.0.0.0Default Gateway 30.0.0.1

Now double click on 1841 Router 0 and select CLI

Type no and press enter to avoid startup configurationNow you are in user exec mode.




Router>

Set Hostname to R1 and assign 10.0.0.1 255.0.0.0 ip address to fast Ethernet 0/0. also set a message “ Unauthorized access is prohibited”.

Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R1R1(config)#banner motd # Unauthorized access is prohibited #R1(config)#interface fastethernet 0/0R1(config-if)#ip address 10.0.0.1 255.0.0.0R1(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upR1(config-if)#exitR1(config)#

Configure Router-2 in same way with hostname R2 and 30.0.0.1 255.0.0.0 ip address on fast Ethernet 0/0.

64

Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R2R2(config)#interface fastEthernet 0/0R2(config-if)#ip address 30.0.0.1 255.0.0.0R2(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR2(config-if)#exitR2(config)#

Now we have connectivity between local segment and router's Ethernet port.

configure serial port

When Serial connections are configured they need one more command that normal Ethernet connections do not. That command is the clock rate command. The clock rate command establishes a common rate at which the sending and receiving routers will send data to each other. It should be noted that if using a service provider circuit, there is no need for the clock rate command since the service provider provides the clocking. Establish a simple serial to serial connection between R1 Serial 0/0/0 and R2 Serial 0/0/0.

Now configure serial port on both router with ip address 20.0.0.1 255.0.0.0 on one and 20.0.0.2 255.0.0.0 on two.

On R1

R1(config)#interface serial 0/0/0R1(config-if)#ip address 20.0.0.1 255.0.0.0R1(config-if)#clock rate 64000R1(config-if)#bandwidth 64R1(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to upR1(config-if)#exitR1(config)#

On R2

R2(config)#interface serial 0/0R2(config-if)#ip address 20.0.0.2 255.0.0.0R2(config-if)#no shutdownR2(config-if)#exit

At this point you have configured ip address on interfaces.But still pc0 will not ping to pc1 as R1 have no information the network of 30.0.0.0

There are two way to configure route in router. Static or Dynamic. You will learn more about static and dynamic in our next Example. In this example we will use simple static route.

65

First tell R1 about to network of 30.0.0.0

R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2R1(config)#

In this command 30.0.0.0 is the destination network and 255.0.0.0 is the subnetmask on destination network and 20.0.0.2 is the ip address of next hope

30.0.0.0 = destination network.255.0.0.0 = subnet mask.20.0.0.2 = next-hop address.

Say this way "To get to the destination network of 30.0.0.0, with a subnet mask of 255.0.0.0, send all packets to 20.0.0.2"

Now tell R2 about to network of 10.0.0.0

R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1R2(config)#

Now test the connectivity. Go on pc1 and C:\> ping 30.0.0.2

If you get reply then you have successfully configured static routing between R1 and R2.

Default Routing

default routingis used to send packets with a remote destination network not in the routing table to the next-hop router. You should only use default routing on stub networks—those with only one exit path out of the network.

Routing Information Protocol RIP

Routing Information Protocol (RIP) is a standards-based, distance-vector, interior gateway protocol (IGP) used by routers to exchange routing information. RIP uses hop count to determine the best path between two locations. Hop count is the number of routers the packet must go through till it reaches the destination network. The maximum allowable number of hops a packet can traverse in an IP network implementing RIP is 15 hops.

it has a maximum allowable hop count of 15 by default, meaning that 16 is deemed unreachable. RIP works well in small networks, but it's inefficient on large networks with slow WAN links or on networks with a large number of routers installed.

In a RIP network, each router broadcasts its entire RIP table to its neighboring routers every 30 seconds. When a router receives a neighbor's RIP table, it uses the information provided to update its own routing table and then sends the updated table to its neighbors.

Differences between RIPv1 or RIPv2

RIPv1

66

A classful protocol, broadcasts updates every 30 seconds, hold-down period 180 seconds. Hop count is metric (Maximum 15).

RIP supports up to six equal-cost paths to a single destination, where all six paths can be placed in the routing table and the router can load-balance across them. The default is actually four paths, but this can be increased up to a maximum of six. Remember that an equal-cost path is where the hop count value is the same. RIP will not load-balance across unequal-cost paths

RIPv2

RIPv2 uses multicasts, version 1 use broadcasts, RIPv2 supports triggered updates—when a change occurs, a RIPv2 router will

immediately propagate its routing information to its connected neighbors. RIPv2 is a classless protocol. RIPv2 supports variable-length subnet masking (VLSM) RIPv2 supports authentication. You can restrict what routers you want to participate

in RIPv2. This is accomplished using a hashed password value.

RIP Timers

RIP uses four different kinds of timers to regulate its performance:

Route update timer

Sets the interval (typically 30 seconds) between periodic routing updates in which the router sends a complete copy of its routing table out to all neighbors.

Route invalid timer

Determines the length of time that must elapse (180 seconds) before a router determines that a route has become invalid. It will come to this conclusion if it hasn’t heard any updates about a particular route for that period. When that happens, the router will send out updates to all its neighbors letting them know that the route is invalid.

Holddown timer

This sets the amount of time during which routing information is suppressed. Routes will enter into the holddown state when an update packet is received that indicated the route is unreachable. This continues either until an update packet is received with a better metric or until the holddown timer expires. The default is 180 seconds.

Route flush timer

Sets the time between a route becoming invalid and its removal from the routing table (240 seconds). Before it's removed from the table, the router notifies its neighbors of that route's impending failure. The value of the route invalid timer must be less than that of the route flush timer. This gives the router enough time to tell its neighbors about the invalid route before the local routing table is updated.

67

Rip Routing configurations

We will use two router and four subnet. Create a topology as shown in figure on packet tracer.

Router FastEthernet 0/0 FastEthernet 0/1 Serial 0/0/0

R1 10.0.0.1 20.0.0.1 50.0.0.1

R2 30.0.0.1 40.0.0.1 50.0.0.2

PC IP Address PC IP Address

PC0 20.0.0.2 PC1 20.0.0.3

PC2 40.0.0.2 PC3 40.0.0.3

PC4 10.0.0.2 PC5 10.0.0.3

PC6 30.0.0.2 PC7 30.0.0.3

Assign ip address to PC. Select pc and double click on it. select ip configurations from desktop tab and set ip address given as in table.

68

To configure router double click on it and select CLI.To configure this topology .

(1841Router0) Hostname R1

To configure and enable rip routing on R1 follow these commands exactly.

Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R1R1(config)#interface fastethernet 0/0R1(config-if)#ip address 10.0.0.1 255.0.0.0R1(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR1(config-if)#exitR1(config)#interface fastethernet 0/1R1(config-if)#ip address 20.0.0.1 255.0.0.0R1(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to upR1(config-if)#exitR1(config)#interface serial 0/0/0R1(config-if)#ip address 50.0.0.1 255.0.0.0R1(config-if)#clock rate 64000R1(config-if)#bandwidth 64R1(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downR1(config-if)#exitR1(config)#router ripR1(config-router)#network 10.0.0.0R1(config-router)#network 20.0.0.0R1(config-router)#network 50.0.0.0



Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R2R2(config)#interface fastethernet 0/0R2(config-if)#ip address 30.0.0.1 255.0.0.0R2(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,changed state to upR2(config-if)#exitR2(config)#interface fastethernet 0/1R2(config-if)#ip address 40.0.0.1 255.0.0.0

69

R2(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,changed state to upR2(config-if)#exitR2(config)#interface serial 0/0/0R2(config-if)#ip address 50.0.0.2 255.0.0.0R2(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0/0, changed state to upR2(config-if)#%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0,changed state to upR2(config-if)#exitR2(config)#router ripR2(config-router)#network 30.0.0.0R2(config-router)#network 40.0.0.0R2(config-router)#network 50.0.0.0R2(config-router)#exit

To test rip routing do ping from pc0 to all pc and vice versa. If you get replay then you have successfully configured rip routing but if you did not get replay double check this configuration and try to troubleshoot.

Rip Routing Configurations

In our pervious Example we discuss about the feature of RIP and configured a simple topology.

In this Example I will demonstrate an example of Rip Routingconfigurations. We will use four different series router so you can get familiar with all different platform covered in CCNA exam. Create a topology as shown in figure.

IP RIP comes in two different versions: 1 and 2. Version 1 is a distance vector protocol and is defined in RFC 1058. Version 2 is a hybrid protocol and is defined in RFCs 1721 and 1722. The CCNA exam now primarily focuses on

70

version 2. There are no major differences between RIPv1 or RIPv2 so far configurations concern. To read more about differences between RIPv1 or RIPv2 or know about the characteristics read our pervious Example about RIP.

1841 Series Router0 (R1)

FastEthernet0/0 Serial0/0/0

IP address 10.0.0.1 20.0.0.1

Connected With Pc0 R2 on Serial 0/0



IP address 50.0.0.1 40.0.0.2


2621XM Series Router0 (R3)


IP address 30.0.0.2 40.0.0.1

Connected With FastEthernet0/0 R4 on Serial 0/0/0


FastEthernet0/0 Serial0/0

IP address 30.0.0.1 20.0.0.2

Connected With

R3 on FastEthernet0/0

R1 on Serial 0/0/0

PC-PT PC0

FastEthernet0Default Gateway

IP address 10.0.0.2 10.0.0.1

Connected With


PC-PT PC1


IP address 50.0.0.2 50.0.0.1

Connected With


To configure any router double click on it and select CLI. To configure this topology .



Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R1R1(config)#interface fastethernet 0/0R1(config-if)#ip address 10.0.0.1 255.0.0.0R1(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR1(config-if)#exit

71

R1(config)#interface serial 0/0/0R1(config-if)#ip address 20.0.0.1 255.0.0.0R1(config-if)#clock rate 64000R1(config-if)#bandwidth 64R1(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downR1(config-if)#exit%LINK-5-CHANGED: Interface Serial0/0/0, changed state to upR1(config)#router ripR1(config-router)#network 10.0.0.0R1(config-router)#network 20.0.0.0R1(config-router)#exitR1(config)#

(2620XM-Router1) Hostname R2


Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R2R2(config)#interface serial 0/0R2(config-if)#ip address 20.0.0.2 255.0.0.0R2(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to upR2(config-if)#exitR2(config)#interface fastethernet 0/0R2(config-if)#ip address 30.0.0.1 255.0.0.0R2(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upR2(config-if)#exit%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR2(config)#router ripR2(config-router)#network 20.0.0.0R2(config-router)#network 30.0.0.0R2(config-router)#exitR2(config)#

(2620XM-Router2)Hostname R3


Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R3R3(config)#interface fastethernet 0/0R3(config-if)#ip address 30.0.0.2 255.0.0.0R3(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

72

R3(config-if)#interface serial 0/0R3(config-if)#ip address 40.0.0.1 255.0.0.0R3(config-if)#clock rate 64000R3(config-if)#bandwidth 64R3(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0, changed state to downR3(config-if)#exit%LINK-5-CHANGED: Interface Serial0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to upR3(config)#router ripR3(config-router)#network 30.0.0.0R3(config-router)#network 40.0.0.0R3(config-router)#exitR3(config)#



Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#interface serial 0/0/0Router(config-if)#ip address 40.0.0.2 255.0.0.0Router(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to upRouter(config-if)#exitRouter(config)#interface fastethernet 0/0Router(config-if)#ip address 50.0.0.1 255.0.0.0Router(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upRouter(config-if)#exitR4(config)#router ripR4(config-router)#network 40.0.0.0R4(config-router)#network 50.0.0.0R4(config-router)#exitR4(config)#

PC-1

PC>ipconfig

IP Address......................: 10.0.0.2Subnet Mask.....................: 255.0.0.0Default Gateway.................: 10.0.0.1

PC>ping 50.0.0.2

Pinging 50.0.0.2 with 32 bytes of data:

Reply from 50.0.0.2: bytes=32 time=156ms TTL=124

73

Reply from 50.0.0.2: bytes=32 time=127ms TTL=124Reply from 50.0.0.2: bytes=32 time=156ms TTL=124Reply from 50.0.0.2: bytes=32 time=140ms TTL=124

Ping statistics for 50.0.0.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 127ms, Maximum = 156ms, Average = 144msPC>

PC-2

PC>ipconfig


PC>ping 10.0.0.2


Reply from 10.0.0.2: bytes=32 time=140ms TTL=124Reply from 10.0.0.2: bytes=32 time=141ms TTL=124Reply from 10.0.0.2: bytes=32 time=157ms TTL=124Reply from 10.0.0.2: bytes=32 time=156ms TTL=124

Ping statistics for 10.0.0.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 140ms, Maximum = 157ms, Average = 148ms

You can verify that RIP is running successfully via show ip protocols command in privilege mode.

R1#show ip protocolsRouting Protocol is "rip"Sending updates every 30 seconds, next due in 2 secondsInvalid after 180 seconds, hold down 180, flushed after 240Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setRedistributing: ripDefault version control: send version 1, receive any version Interface Send Recv Triggered RIP Key-chain FastEthernet0/0 1 2 1 Serial0/0/0 1 2 1Automatic network summarization is in effectMaximum path: 4Routing for Networks:

10.0.0.020.0.0.0

Passive Interface(s):Routing Information Sources:

Gateway Distance Last Update20.0.0.2 120 00:00:20

Distance: (default is 120)

74

R1#

You can use show ip route command to troubleshoot rip network. If you did not see information about any route checks the router attached with that network.

R1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route


C 10.0.0.0/8 is directly connected, FastEthernet0/0C 20.0.0.0/8 is directly connected, Serial0/0/0R 30.0.0.0/8 [120/1] via 20.0.0.2, 00:00:01, Serial0/0/0R 40.0.0.0/8 [120/2] via 20.0.0.2, 00:00:01, Serial0/0/0R 50.0.0.0/8 [120/3] via 20.0.0.2, 00:00:01, Serial0/0/0R1#

To test rip routing do ping from pc1 to pc2 and vice versa. If you get replay then you have successfully configured rip routing but if you did not get replay double check this configuration and try to troubleshoot

Enhanced Interior Gateway Routing Protocol (EIGRP)

EIGRP is the advance version of Cisco’s earlier version IGRP. Before you learn more about EIGRP let be familiar with IGRP.

Interior Gateway Routing Protocol (IGRP)

The Interior Gateway Routing Protocol (IGRP) is a Cisco-proprietary routing protocol for IP. it is a distance vector protocol.

It uses a sophisticated metric based on bandwidth and delay. It uses triggered updates to speed-up convergence. It supports unequal-cost load balancing to a single destination.

IGRP is Cisco proprietary uses bandwidth, delay, reliability, load, and MTU as its metrics (bandwidth and delay be default).

IGRP's routing update period is every 90 seconds. Its hold-down period is 280 seconds, and its flush period is 630 seconds.

It also supports triggered updates and load balancing across unequal-cost paths.

IGRP requires an AS number in its router command; plus, when entering network numbers for the network command, they are entered as the classful network number, as they are for RIP.

75

IGRP supports both equal- and unequal-cost paths for load balancing to single destination Equal-cost paths are enabled by default, where IGRP supports up to six equal-cost paths (four by default) to a single destination in the IP routing table. IGRP, however, also supports unequal-cost paths, but this feature is disabled by default.

Enhanced Interior Gateway Routing Protocol

The Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietary routing protocol for IP. These characteristics include:

Fast convergence Loop-free topology VLSM and route summarization Multicast and incremental updates Routes for multiple routed protocols

Here is a brief comparison of EIGRP and IGRP:

Both offer load balancing across six paths (equal or unequal). They have similar metric structures. EIGRP has faster convergence (triggered updates and saving a neighbor’s

routing table locally). EIGRP has less network overhead, since it uses incremental updates.

Interesting point about these protocols is that if you have some routers in your network running IGRP and others running EIGRP and both sets have the same autonomous system number, routing information will automatically be shared between the two.

EIGRP uses a 32-bit metric, while IGRP uses a 24-bit metric. EIGRP uses the Diffusing Update Algorithm (DUAL) to update the routing table. One really unique feature of EIGRP is that it supports three routed protocols: IP, IPX, and AppleTalk Hello packets are generated every five seconds on LAN interfaces as multicasts (224.0.0.10).

For EIGRP routers to become neighbors, the following information must match:

The AS number The K-values (these enable/disable the different metric components)

When two routers determine whether they will become neighbors, they go through the following process:

1. The first router generates a Hello with configuration information.2. If the configuration information matches, the second router responds with an Update message with

topology information.3. The first router responds with an ACK message, acknowledging the receipt of the second’s ACK.4. The first router sends its topology to the second router via an Update message.5. The second router responds back with an ACK.

You must specify the AS number when configure EIGRP. Even though EIGRP is classless, you must configure it as a classful protocol when specifying your network numbers with the network command.

EIGRP Terms

Term Definition

76

SuccessorThe best path to reach a destination within the topology table.

Feasible successor

The best backup path to reach a destination within the topology table—multiple successors can be feasible for a particular destination.

Routing table This is all of the successor routes from the topology table. There is a separate routing table for each routed protocol.

Advertised distance The distance (metric) that a neighboring router is advertising for a specific route.

Feasible distance

The distance (metric) that your router has computed to reach a specific route: the advertised distance from the neighboring router plus the local router’s interface metric.

Neighbor table Contains a list of the EIGRP neighbors and is similar to the adjacencies that are built in OSPF between the designated router/backup DR and the other routers on a segment. Each routed protocol (IP, IPX, and AppleTalk) for EIGRP has its own neighbor table.

Topology table Similar to OSPF’s database, contains a list of all destinations and paths the EIGRP router learned—it is basically a compilation of the neighboring routers’ routing tables. A separate topology table exists for each routed protocol.

EIGRP Routing Configurations

EIGRP is a Cisco-proprietary routing protocol for TCP/IP. It’s actually based on Cisco’s proprietary IGRP routing protocol, with many enhancements built into it. Because it has its roots in IGRP, the configuration is similar to IGRP; however, it has many link state characteristics that were added to it to allow EIGRP to scale to enterprise network sizes. To know these characteristics read our pervious Example.

In this Example I will demonstrate an example of EIGRP Routing configurations. We will use four different series router so you can get familiar with all different platform covered in CCNA exam. Create a topology as shown in figure.

1841 Series Router0 (R1) 2811 Series Router0 (R4)

77


IP address 10.0.0.1 20.0.0.1



IP address 50.0.0.1 40.0.0.2




IP address 30.0.0.2 40.0.0.1




IP address 30.0.0.1 20.0.0.2

Connected With


R1 on Serial 0/0/0

PC-PT PC0


IP address 10.0.0.2 10.0.0.1

Connected With


PC-PT PC1


IP address 50.0.0.2 50.0.0.1

Connected With


To configure any router double click on it and select CLI.To configure this topology .


To configure and enable eigrp routing on R1 follow these commands exactly.

Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R1R1(config)#interface fastethernet 0/0R1(config-if)#ip address 10.0.0.1 255.0.0.0R1(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR1(config-if)#exitR1(config)#interface serial 0/0/0R1(config-if)#ip address 20.0.0.1 255.0.0.0

78

R1(config-if)#clock rate 64000R1(config-if)#bandwidth 64R1(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downR1(config-if)#exit%LINK-5-CHANGED: Interface Serial0/0/0, changed state to upR1(config)#router eigrp 1R1(config-router)#network 10.0.0.0R1(config-router)#network 20.0.0.0R1(config-router)#exitR1(config)#



Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R2R2(config)#interface serial 0/0R2(config-if)#ip address 20.0.0.2 255.0.0.0R2(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to upR2(config-if)#exitR2(config)#interface fastethernet 0/0R2(config-if)#ip address 30.0.0.1 255.0.0.0R2(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upR2(config-if)#exit%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR2(config)#router eigrp 1R2(config-router)#network 20.0.0.0R2(config-router)#network 30.0.0.0R2(config-router)#exitR2(config)#



Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R3R3(config)#interface fastethernet 0/0R3(config-if)#ip address 30.0.0.2 255.0.0.0R3(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

79

R3(config-if)#interface serial 0/0R3(config-if)#ip address 40.0.0.1 255.0.0.0R3(config-if)#clock rate 64000R3(config-if)#bandwidth 64R3(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0, changed state to downR3(config-if)#exit%LINK-5-CHANGED: Interface Serial0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to upR3(config)#router eigrp 1R3(config-router)#network 30.0.0.0R3(config-router)#network 40.0.0.0R3(config-router)#exitR3(config)#



Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#interface serial 0/0/0Router(config-if)#ip address 40.0.0.2 255.0.0.0Router(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to upRouter(config-if)#exitRouter(config)#interface fastethernet 0/0Router(config-if)#ip address 50.0.0.1 255.0.0.0Router(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upRouter(config-if)#exitR3(config)#router eigrp 1R3(config-router)#network 30.0.0.0R3(config-router)#network 40.0.0.0R3(config-router)#exitR3(config)#

PC-1 PC>ipconfig


PC>ping 50.0.0.2


Reply from 50.0.0.2: bytes=32 time=156ms TTL=124

80

Reply from 50.0.0.2: bytes=32 time=127ms TTL=124Reply from 50.0.0.2: bytes=32 time=156ms TTL=124Reply from 50.0.0.2: bytes=32 time=140ms TTL=124


PC-2 PC>ipconfig


PC>ping 10.0.0.2




You can verify that eigrp is running successfully via show ip protocols command in privilege mode.


Routing Protocol is "ospf 4" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 50.0.0.1 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 50.0.0.0 0.255.255.255 area 0 40.0.0.0 0.255.255.255 area 0 Routing Information Sources: Gateway Distance Last Update 40.0.0.1 110 00:01:26 Distance: (default is 110)

R4#

You can use show ip route command to troubleshoot eigrp network. If you did not see information about any route checks the router attached with that network.

81

R4#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route


O 10.0.0.0/8 [110/1564] via 40.0.0.1, 00:02:37, Serial0/0/0O 20.0.0.0/8 [110/1563] via 40.0.0.1, 00:02:37, Serial0/0/0O 30.0.0.0/8 [110/782] via 40.0.0.1, 00:02:37, Serial0/0/0C 40.0.0.0/8 is directly connected, Serial0/0/0C 50.0.0.0/8 is directly connected, FastEthernet0/0R4#

To test eigrp routing do ping from pc1 to pc2 and vice versa. If you get replay then you have successfully configured eigrp routing but if you did not get replay double check this configuration and try to troubleshoot.

OPEN SHORTEST PATH FIRST(OSPF)

Biggest advantage of OSPF over EIGRP is that it will run on any device as its based on open standard

Advantages

It will run on most routers, since it is based on an open standard. It uses the SPF algorithm, developed by Dijkstra, to provide a loop-free topology. It provides fast convergence with triggered, incremental updates via Link State

Advertisements (LSAs). It is a classless protocol and allows for a hierarchical design with VLSM and route

summarization.

Disadvantages:

It requires more memory to hold the adjacency (list of OSPF neighbors), topology and routing tables.

It requires extra CPU processing to run the SPF algorithm It is complex to configure and more difficult to troubleshoot.

Features

OSPF implements a two-layer hierarchy: the backbone (area 0) and areas off of the backbone (areas 1– 65,535)

To provide scalability OSPF supports two important concepts: autonomous systems and areas.

82

Synchronous serial links, no matter what the clock rate of the physical link is, the bandwidth always defaults to 1544 Kbps.

OSPF uses cost as a metric, which is the inverse of the bandwidth of a link.

OSPF Routing Configurations

In this Example I will demonstrate an example of OSPF Routing configurations. We will use four different series router so you can get familiar with all different platform covered in CCNA exam. Create a topology as shown in figure.

Configuring OSPF is slightly different from configuring RIP. When configuring OSPF, use the following syntax:

Router(config)# router ospf process_IDRouter(config-router)# network IP_address wildcard_maskarea area_#The process_ID is locally significant and is used to differentiate between OSPF processes running on the same router. Your router might be a boundary router between two OSPF autonomous systems, and to differentiate them on your router, you’ll give them unique process IDs. Note that these numbers do not need to match between different routers and that they have nothing to do with autonomous system numbers.



IP address 10.0.0.1 20.0.0.1




IP address 50.0.0.1 40.0.0.2






83

IP address 30.0.0.2 40.0.0.1


IP address 30.0.0.1 20.0.0.2

Connected With


R1 on Serial 0/0/0

PC-PT PC0


IP address 10.0.0.2 10.0.0.1

Connected With


PC-PT PC1


IP address 50.0.0.2 50.0.0.1

Connected With


To configure any router double click on it and select CLI.To configure this topology .


To configure and enable ospf routing on R1 follow these commands exactly.

Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R1R1(config)#interface fastethernet 0/0R1(config-if)#ip address 10.0.0.1 255.0.0.0R1(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR1(config-if)#exitR1(config)#interface serial 0/0/0R1(config-if)#ip address 20.0.0.1 255.0.0.0R1(config-if)#clock rate 64000R1(config-if)#bandwidth 64R1(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downR1(config-if)#exit%LINK-5-CHANGED: Interface Serial0/0/0, changed state to upR1(config)#router ospf 1R1(config-router)#network 10.0.0.0 0.255.255.255 area 0R1(config-router)#network 20.0.0.0 0.255.255.255 area 0R1(config-router)#exitR1(config)#

84



Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R2R2(config)#interface serial 0/0R2(config-if)#ip address 20.0.0.2 255.0.0.0R2(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to upR2(config-if)#exitR2(config)#interface fastethernet 0/0R2(config-if)#ip address 30.0.0.1 255.0.0.0R2(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upR2(config-if)#exit%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR2(config)#router ospf 2R2(config-router)#network 20.0.0.0 0.255.255.255 area 0R2(config-router)#network 300:03:10: %OSPF-5-ADJCHG: Process 2, Nbr 20.0.0.1 on Serial0/0 from LOADING to FULL, Loading Done0.0.0.0 0.255.255.255 area 0R2(config-router)#network 30.0.0.0 0.255.255.255 area 0R2(config-router)#exitR2(config)#



Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R3R3(config)#interface fastethernet 0/0R3(config-if)#ip address 30.0.0.2 255.0.0.0R3(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR3(config-if)#interface serial 0/0R3(config-if)#ip address 40.0.0.1 255.0.0.0R3(config-if)#clock rate 64000R3(config-if)#bandwidth 64R3(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0, changed state to downR3(config-if)#exit%LINK-5-CHANGED: Interface Serial0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to upR3(config)#router ospf 3

85

R3(config-router)#network 40.0.0.0 0.255.255.255 area 0R3(config-router)#network 30.0.0.0 0.255.255.255 area 000:04:53: %OSPF-5-ADJCHG: Process 3, Nbr 30.0.0.1 on FastEthernet0/0 from LOADING to FULL, Loading DR3(config-router)#exitR3(config)#%SYS-5-CONFIG_I: Configured from console by consoleR3#



Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#interface serial 0/0/0Router(config-if)#ip address 40.0.0.2 255.0.0.0Router(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to upRouter(config-if)#exitRouter(config)#interface fastethernet 0/0Router(config-if)#ip address 50.0.0.1 255.0.0.0Router(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upRouter(config-if)#exitR4(config)#router ospf 4R4(config-router)#network 50.0.0.0 0.255.255.255 area 0R4(config-router)#network 40.0.0.0 0.255.255.255 area 0R4(config-router)#00:06:32: %OSPF-5-ADJCHG: Process 4, Nbr 40.0.0.1 on Serial0/0/0 fromLOADING to FULL, Loading DoneR4(config-router)#exitR4(config)#

PC-1 PC>ipconfig


PC>ping 50.0.0.2



86


PC-2 PC>ipconfig


PC>ping 10.0.0.2




You can verify that ospf is running successfully via show ip protocols command in privilege mode.


Routing Protocol is "ospf 4" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 50.0.0.1 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 50.0.0.0 0.255.255.255 area 0 40.0.0.0 0.255.255.255 area 0 Routing Information Sources: Gateway Distance Last Update 40.0.0.1 110 00:01:26 Distance: (default is 110)

R4#

You can use show ip route command to troubleshoot ospf network. If you did not see information about any route checks the router attached with that network.

R4#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

87

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route


O 10.0.0.0/8 [110/1564] via 40.0.0.1, 00:02:37, Serial0/0/0O 20.0.0.0/8 [110/1563] via 40.0.0.1, 00:02:37, Serial0/0/0O 30.0.0.0/8 [110/782] via 40.0.0.1, 00:02:37, Serial0/0/0C 40.0.0.0/8 is directly connected, Serial0/0/0C 50.0.0.0/8 is directly connected, FastEthernet0/0R4#

To test ospf routing do ping from pc1 to pc2 and vice versa. If you get replay then you have successfully configured ospf routing but if you did not get replay double check this configuration and try to troubleshoot.

88

Access control list

ACLs are basically a set of commands, grouped together by a number or name that is used to filter traffic entering or leaving an interface.

When activating an ACL on an interface, you must specify in which direction the traffic should be filtered:

Inbound (as the traffic comes into an interface) Outbound (before the traffic exits an interface)

Inbound ACLs:Incoming packets are processed before they are routed to an outbound interface. An inbound ACL is efficient because it saves the overhead of routing lookups if the packet will be discarded after it is denied by the filtering tests. If the packet is permitted by the tests, it is processed for routing.

Outbound ACLs:Incoming packets are routed to the outbound interface and then processed through the outbound ACL.

Universal fact about Access control list

1. ACLs come in two varieties:Numbered and named2. Each of these references to ACLs supports two types of filtering: standard and

extended.3. Standard IP ACLs can filter only on the source IP address inside a packet.4. Whereas an extended IP ACLs can filter on the source and destination IP addresses in

the packet.5. There are two actions an ACL can take: permit or deny.6. Statements are processed top-down.7. Once a match is found, no further statements are processed—therefore, order is

important.8. If no match is found, the imaginary implicit deny statement at the end of the ACL drops

the packet.

89

9. An ACL should have at least one permit statement; otherwise, all traffic will be dropped because of the hidden implicit deny statement at the end of every ACL.

No matter what type of ACL you use, though, you can have only one ACL per protocol, per interface, per direction. For example, you can have one IP ACL inbound on an interface and another IP ACL outbound on an interface, but you cannot have two inbound IP ACLs on the same interface.

Access List Ranges

Type Range

IP Standard 1–99

IP Extended 100–199

IP Standard Expanded Range 1300–1999

IP Extended Expanded Range 2000–2699

Standard ACLs

A standard IP ACL is simple; it filters based on source address only. You can filter a source network or a source host, but you cannot filter based on the destination of a packet, the particular protocol being used such as the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), or on the port number. You can permit or deny only source traffic.

Extended ACLs:

An extended ACL gives you much more power than just a standard ACL. Extended IP ACLs check both the source and destination packet addresses. They can also check for specific protocols, port numbers, and other parameters, which allow administrators more flexibility and control.

Named ACLs

One of the disadvantages of using IP standard and IP extended ACLs is that you reference them by number, which is not too descriptive of its use. With a named ACL, this is not the case because you can name your ACL with a descriptive name. The ACL named DenyMike is a lot more meaningful than an ACL simply numbered 1. There are both IP standard and IP extended named ACLs. Another advantage to named ACLs is that they allow you to remove individual lines out of an ACL. With numbered ACLs, you cannot delete individual statements. Instead, you will need to delete your existing access list and re-create the entire list.

90

Configuration Guidelines

Order of statements is important: put the most restrictive statements at the top of the list and the least restrictive at the bottom.

ACL statements are processed top-down until a match is found, and then no more statements in the list are processed.

If no match is found in the ACL, the packet is dropped (implicit deny). Each ACL needs either a unique number or a unique name. The router cannot filter traffic that it, itself, originates. You can have only one IP ACL applied to an interface in each direction (inbound and

outbound)—you can't have two or more inbound or outbound ACLs applied to the same interface. (Actually, you can have one ACL for each protocol, like IP and IPX, applied to an interface in each direction.)

Applying an empty ACL to an interface permits all traffic by default: in order for an ACL to have an implicit deny statement, you need at least one actual permit or deny statement.

Remember the numbers you can use for IP ACLs.Standard ACLs can use numbers ranging 1–99 and 1300–1999, and extended ACLs can use 100–199 and 2000–2699.

Wildcard mask is not a subnet mask. Like an IP address or a subnet mask, a wildcard mask is composed of 32 bits when doing the conversion; subtract each byte in the subnet mask from 255.

There are two special types of wildcard masks:

0.0.0.0 and 255.255.255.255

A 0.0.0.0 wildcard mask is called a host mask

255.255.255.255. If you enter this, the router will cover the address and mask to the keyword any.

Placement of ACLs

Standard ACLs should be placed as close to the destination devices as possible.

Extended ACLs should be placed as close to the source devices as possible.

standard access lists

91

Because a standard access list filters only traffic based on source traffic, all you need is the IP address of the host or subnet you want to permit or deny. ACLs are created in global configuration mode and then applied on an interface. The syntax for creating a standard ACL is

access-list {1-99 | 1300-1999} {permit | deny} source-address [wildcard mask]

In this Example we will configure standard access list. If you want read the feature and characteristic of access list reads this previous Example.

Access control list

In this Example we will use a RIP running topology. Which we created in RIP routing practical.

Create this RIP routing topology and open it in packet tracer

Three basic steps to configure Standard Access List

Use the access-list global configuration command to create an entry in a standard ACL. Use the interface configuration command to select an interface to which to apply the

ACL. Use the ip access-group interface configuration command to activate the existing ACL on

an interface.

With Access Lists you will have a variety of uses for the wild card masks, but typically For CCNA exam prospective you should be able to do following:

92

http://computernetworkingnotes.com/ccna_certifications/rip_routing.htm

1. Match a specific host,2. Match an entire subnet,3. Match an IP range, or4. Match Everyone and anyone

Match specific hosts

Task

You have given a task to block 10.0.0.3 from gaining access on 40.0.0.0. While 10.0.0.3 must be able to communicate with networks. Other computer from the network of 10.0.0.0 must be able to connect with the network of 40.0.0.0.

Decide where to apply ACL and in which directions.

Our host must be able to communicate with other host except 40.0.0.0 so we will place this access list on FastEthernet 0/1 of R2 (2811) connected to the network of 40.0.0.0. Direction will be outside as packet will be filter while its leaving the interface. If you place this list on R1(1841) then host 10.0.0.3 will not be able to communicate with any other hosts including 40.0.0.0.

To configure R2 double click on it and select CLI (Choose only one method result will be same)

R2>enableR2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.R2(config)#access-list 1 deny host 10.0.0.3R2(config)#access-list 1 permit anyR2(config)#interface fastEthernet 0/1R2(config-if)#ip access-group 1 out

OR

R2>enableR2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.R2(config)#access-list 1 deny 10.0.0.3 0.0.0.0R2(config)#access-list 1 permit anyR2(config)#interface fastEthernet 0/1R2(config-if)#ip access-group 1 out

To test first do ping from 10.0.0.3 to 40.0.0.3 it should be request time out as this packet will filter by ACL. Then ping 30.0.0.3 it should be successfully replay.

PC>ping 40.0.0.3

93

Pinging 40.0.0.3 with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.

Ping statistics for 40.0.0.3: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PC>ping 30.0.0.3


Request timed out.Reply from 30.0.0.3: bytes=32 time=140ms TTL=126Reply from 30.0.0.3: bytes=32 time=156ms TTL=126Reply from 30.0.0.3: bytes=32 time=112ms TTL=126


As we applied access list only on specific host so other computer from the network of 10.0.0.0 must be able to connect with the network of 40.0.0.0. To test do ping from 10.0.0.2 to 40.0.0.3

PC>ipconfig


PC>ping 40.0.0.3


Request timed out.Reply from 40.0.0.3: bytes=32 time=141ms TTL=126Reply from 40.0.0.3: bytes=32 time=140ms TTL=126Reply from 40.0.0.3: bytes=32 time=125ms TTL=126

Ping statistics for 40.0.0.3: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

94

Approximate round trip times in milli-seconds: Minimum = 125ms, Maximum = 141ms, Average = 135ms

Match an entire subnet

Task

You have given a task to the network of 10.0.0.0 from gaining access on 40.0.0.0. While 10.0.0.0 must be able to communicate with networks .

Wildcards

Wildcards are used with access lists to specify an individual host, a network, or a certain range of a network or networks.

Formula to calculate wild card mask for access list

The key to matching an entire subnet is to use the following formula for the wildcard mask. It goes as follows:Wildcard mask = 255.255.255.255 – subnetSo for example if my current subnet was 255.0.0.0, the mask would be 0.255.255.255.

255.255.255.255255 .0 .0 .0 -----------------0. 255 .255.255----------------

Once you have calculated the wild card mask rest is same as we did in pervious example

R2>enableEnter configuration commands, one per line. End with CNTL/Z.R2(config)#access-list 2 deny 10.0.0.0 0.255.255.255R2(config)#access-list 2 permit anyR2(config)#interface fastethernet 0/1R2(config-if)#ip access-group 2 outR2(config-if)#


Now do ping from 10.0.0.2 to 40.0.0.3 and further 30.0.0.2 result should be same as the packet is filtering on network based

95

Match an IP range

You are a network administrator at XYZ You task is to block an ip range of 10.3.16.0 – 10.3.31.255 from gaining access to the network of 40.0.0.0

Solutions

Our range is 10.3.16.0 – 10.3.31.255. In order to find the mask, take the higher IP and subtract from it the lower IP.

10.3.31.25510.3.16.0 ---------------0.0.15.255--------------

In this case the wildcard mask for this range is 0.0.15.255.To permit access to this range, you would use the following:


One thing to note is that each non-zero value in the mask must be one less than a power of 2, i.e. 0, 1, 3, 7, 15, 31, 63, 127, 255.

Match Everyone and Anyone

This is the easiest of Access-Lists to create, just use the following: access-list 1 permit any oraccess-list 1 permit 0.0.0.0 255.255.255.255

Secure telnet session via standard ACL

This is among the highly tested topic in CCNA exam. We could use extended ACL to secure telnet session but if you did that, you’d have to apply it inbound on every interface, and that really wouldn’t scale well to a large router with dozens, even hundreds, of interfaces.Here's a much better solution:Use a standard IP access list to control access to the VTY lines themselves.

96

To perform this function, follow these steps:

1. Create a standard IP access list that permits only the host or hosts you want to be able to telnet into the routers.

2. Apply the access list to the VTY line with the access-class command

Secure R2 in a way that only 20.0.0.2 can telnet it beside it all other telnet session should be denied

R2>enableR2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.R2(config)#access-list 3 permit host 20.0.0.2R2(config)#line vty 0 4R2(config-line)#password vinitaR2(config-line)#loginR2(config-line)#access-class 3 in

To test do telnet from 20.0.0.2 first is should be successful.

PC>ipconfig


PC>telnet 50.0.0.2Trying 50.0.0.2 ...

User Access Verification

Password:R2>

Now telnet it from any other pc apart from 20.0.0.2.it must be filter and denied

PC>ipconfig


PC>telnet 50.0.0.2Trying 50.0.0.2 ...

97

% Connection refused by remote hostPC>

Configure Extended Access Lists

An extended ACL gives you much more power than just a standard ACL. Extended IP ACLs check both the source and destination packet addresses. They can also check for specific protocols, port numbers, and other parameters, which allow administrators more flexibility and control.

access-list access-list-number {permit | deny}protocol source source-wildcard [operator port]destination destination-wildcard [operator port][established] [log]

Command Parameters Descriptions

access-list Main command

access-list-number Identifies the list using a number in the ranges of 100–199 or 2000– 2699.

permit | deny Indicates whether this entry allows or blocks the specified address.

protocol IP, TCP, UDP, ICMP, GRE, or IGRP.

source and destination Identifies source and destination IP addresses.

source-wildcard and destination-wildcard

The operator can be lt (less than), gt (greater than), eq (equal to), or neq (not equal to). The port number referenced can be either the source port or the destination port, depending on where in the ACL the port number is configured. As an alternative to the port number, well-known application names can be used, such as Telnet, FTP, and SMTP.

established For inbound TCP only. Allows TCP traffic to pass if the packet is a response to an outbound-initiated session. This type of traffic has the acknowledgement (ACK) bits set. (See the Extended ACL with the

98

Established Parameter example.)log Sends a logging message to the console.

Before we configure Extended Access list you should cram up some important port number

Well-Known Port Numbers and IP Protocols

Port Number IP Protocol

20 (TCP) FTP data

21 (TCP) FTP control

23 (TCP) Telnet

25 (TCP) Simple Mail Transfer Protocol (SMTP)

53 (TCP/UDP) Domain Name System (DNS)

69 (UDP) TFTP

80 (TCP) HTTP

In this Example we will configure Extended access list. If you want to read the feature and characteristic of access list reads this previous Example.

Access control list

In this Example we will use a RIP running topology. Which we created in RIP routing practical.

99

Create this RIP routing topology and open it in packet tracer

Three basic steps to configure Extended Access List

Use the access-list global configuration command to create an entry in a Extended ACL. Use the interface configuration command to select an interface to which to apply the

ACL. Use the ip access-group interface configuration command to activate the existing ACL on

an interface.

With Access Lists you will have a variety of uses for the wild card masks, but typically For CCNA exam prospective you should be able to do following:

1. Block host to host2. Block host to network3. Block Network to network4. Block telnet access for critical resources of company5. Limited ftp access for user6. Stop exploring of private network form ping7. Limited web access8. Configure established keyword

Block host to host

Task

100

http://computernetworkingnotes.com/ccna_certifications/rip_routing.htm

You are the network administrator at XYZ Your company hire a new employee and give him a pc 10.0.0.3. your company's critical record remain in 40.0.0.3. so you are asked to block the access of 40.0.0.3 from 10.0.0.3. while 10.0.0.3 must be able connect with other computers of network to perfom his task.

Decide where to apply ACL and in which directions.

As we are configuring Extended access list. With extended access list we can filter the packed as soon as it genrate. So we will place our access list on F0/0 of Router1841 the nearest port of 10.0.0.3

To configure Router1841 (Hostname R1) double click on it and select CLI

R1>enableR1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.R1(config)#access-list 101 deny ip host 10.0.0.3 40.0.0.3 0.0.0.0R1(config)#access-list 101 permit ip any anyR1(config)#interface fastEthernet 0/0R1(config-if)#ip access-group 101 inR1(config-if)#exitR1(config)#

Verify by doing ping from 10.0.0.3 to 40.0.0.3. It should be reqest time out. Also ping other computers of network including 40.0.0.2. pingshuld be sucessfully.

Block host to network

Task

Now we will block the 10.0.0.3 from gaining access on the network 40.0.0.0. ( if you are doing this practical after configuring pervious example don't forget to remove the last access list 101. With no access-list command. Or just close the packet tracer without saving and reopen it to be continue with this example.)

R1(config)#access-list 102 deny ip host 10.0.0.3 40.0.0.0 0.255.255.255R1(config)#access-list 102 permit ip any anyR1(config)#interface fastEthernet 0/0R1(config-if)#ip access-group 102 inR1(config-if)#exitR1(config)#

Verify by doing ping from 10.0.0.3 to 40.0.0.3. and 40.0.0.2.It should be reqest time out. Also ping computers of other network. pingshuld be sucessfully.

101

Once you have calculated the wild card mask rest is same as we did in pervious example



Network to Network Access List

Task

Student’s lab is configured on the network of 10.0.0.0. While management's system remain in the network of 40.0.0.0. You are asked to stop the lab system from gaining access in management systems

Now we will block the network of 10.0.0.0 from gaining access on the network 40.0.0.0. ( if you are doing this practical after configuring pervious example don't forget to remove the last access list 101. With no access-list command. Or just close the packet tracer without saving and reopen it to be continue with this example.)

R1(config)#access-list 103 deny ip 10.0.0.0 0.255.255.255 40.0.0.0 0.255.255.255R1(config)#access-list 103 permit ip any anyR1(config)#interface fastethernet 0/0R1(config-if)#ip access-group 103 inR1(config-if)#exitR1(config)#

Verify by doing ping from 10.0.0.3 and 10.0.0.2 to 40.0.0.3. and 40.0.0.2.It should be reqest time out. Also ping computers of other network. pingshuld be sucessfully.

Network to host

Task

For the final scenario you will block all traffic to 40.0.0.3 from the Network of 10.0.0.0 To accomplish this write an extended access list. The access list should look something like the following.

102

R1(config)#interface fastethernet 0/0R1(config-if)#no ip access-group 103 inR1(config-if)#exitR1(config)#no access-list 103 deny ip 10.0.0.0 0.255.255.255 40.0.0.0 0.255.255.255R1(config)#access-list 104 deny ip 10.0.0.0 0.255.255.255 40.0.0.3 0.0.0.0R1(config)#access-list 104 permit ip any anyR1(config)#interface fastethernet 0/0R1(config-if)#ip access-group 104 inR1(config-if)#exitR1(config)#

Verify by doing ping from 10.0.0.3 and 10.0.0.2 to 40.0.0.3.It should be reqest time out. Also ping computers of other network. pingshuld be sucessfully.

Application based Extended Access list

In pervoius example we filter ip base traffic. Now we will filter applicaion base traffic. To do this practical either create a topology as shown in figure and enable telnet and http and ftp service on server or Create thispre configured topology and load it in packet tracer.

Extended Access list

The established keyword

The established keyword is a advanced feature that will allow traffic through only if it sees that a TCP session is already established. A TCP session is considered established if the three-way handshake is initiated first. This keyword is added only to the end of extended ACLs that are filtering TCP traffic.You can use TCP established to deny all traffic into your network except for incoming traffic that

103

http://computernetworkingnotes.com/ccna_certifications/download/extended_acl.pkt

was first initiated from inside your network. This is commonly used to block all originating traffic from the Internet into a company's network except for Internet traffic that was first initiated from users inside the company. The following configuration would accomplish this for all TCP-based traffic coming in to interface serial 0/0/0 on the router:

R1(config)#access-list 101 permit tcp any any establishedR1(config)#interface serial 0/0/0R1(config-if)#ip access-group 101 inR1(config-if)#exit

Although the access list is using a permit statement, all traffic is denied unless it is first established from the inside network. If the router sees that the three-way TCP handshake is successful, it will then begin to allow traffic through.

To test this access list double click on any pc from the network 10.0.0.0 and select web brower. Now give the ip of 30.0.0.2 web server. It should get sucessfully access the web page. Now go 30.0.0.2 and open command prompt. And do ping to 10.0.0.2 or any pc from the network the 10.0.0.0. it will request time out.

Stop ping but can access web server

We host our web server on 30.0.0.2. But we do not want to allow external user to ping our server as it could be used as denial of services. Create an access list that will filter all ping requests inbound on the serial 0/0/0 interface of router2.

R2(config)#access-list 102 deny icmp any any echoR2(config)#access-list 102 permit ip any anyR2(config)#interface serial 0/0/0R2(config-if)#ip access-group 102 in

To test this access list ping from 10.0.0.2 to 30.0.0.2 it should be request time out. Now open the web browser and access 30.0.0.2 it should be successfully retrieve

Grant FTP access to limited user

You want to grant ftp access only to 10.0.0.2. no other user need to provide ftp access on server. So you want to create a list to prevent FTP traffic that originates from the subnet 10.0.0.0/8, going to the 30.0.0.2 server, from traveling in on Ethernet interface E0/1 on R1.

R1(config)#access-list 103 permit tcp host 10.0.0.2 30.0.0.2 0.0.0.0 eq 20R1(config)#access-list 103 permit tcp host 10.0.0.2 30.0.0.2 0.0.0.0 eq 21R1(config)#access-list 103 deny tcp any anyeq 20R1(config)#access-list 103 deny tcp any anyeq 21R1(config)#access-list 103 permit ip any any

104

R1(config)#interface fastethernet 0/1R1(config-if)#ip access-group 103 inR1(config-if)#exit

Grant Telnet access to limited user

For security purpose you don’t want to provide telnet access on server despite your own system. Your system is 10.0.0.4. createa extended access list to prevent telnet traffic that originates from the subnet of 10.0.0.0 to server.

R1(config)#access-list 104 permit tcp host 10.0.0.4 30.0.0.2 0.0.0.0 eq 23R1(config)#access-list 104 deny tcp 10.0.0.0 0.255.255.255 30.0.0.2 0.0.0.0 eq 23R1(config)#access-list 104 permit ip any anyR1(config)#interface fast 0/1R1(config-if)#ip access-group 104 inR1(config-if)#exit

WAN protocols HDLC PPP Frame Really NAT PAT

Wan terms definitions Encapsulation method hdlc ppp

A WAN is a data communications network that operates beyond the geographical scope of a LAN.

WANs use facilities provided by a service provider, or carrier, such as a telephone or cable company. They connect the locations of an organization to each other, to locations of other organizations, to external services, and to remote users. WANs generally carry a variety of traffic types, such as voice, data, and video.

WAN connections are made up of many types of equipment and components.data communications equipment (DCE) terminates a connection between two sites and provides clocking and synchronization for that connection; it connects to data termination equipment (DTE). A DTE is an end-user device, such as a router or PC, which connects to the WAN via the DCE.

Term Definition

Customer premises equipment (CPE)

Your network's equipment, which includes the DCE (modem, NT1, CSU/ DSU) and your DTE (router, access server)

Demarcation point Where the responsibility of the carrier is passed on to you; this could be inside or outside your local facility; note that this is a logical boundary, not necessarily a physical boundary

Local loop The connection from the carrier's switching equipment to the demarcation point

105

Central office (CO) switch The carrier's switch within the toll network

Toll networkThe carrier's internal infrastructure for transporting your data

Customer premises equipment (CPE)Customer premises equipment (CPE) is equipment that's owned by the subscriber and located on the subscriber’s premises.

Demarcation pointThe demarcation point is the precise spot where the service provider’s responsibility ends and the CPE begins. It’s generally a device in a telecommunications closet owned and installed by the telecommunications company (telco). It’s your responsibility to cable (extended demarc) from this box to the CPE, which is usually a connection to a CSU/DSU or ISDN interface.

Local loopThe local loop connects the demarc to the closest switching office, which is called a central office.

Central office (CO)This point connects the customer’s network to the provider’s switching network.

Toll networkThe toll network is a trunk line inside a WAN provider’s network. This network is a collection of switches and facilities owned by the ISP. Definitely familiarize yourself with these terms because they’re crucial to understanding WAN technologies.

Synchronous V/s asynchronous

Synchronous serial connection allows you to simultaneously send and receive information without having to wait for any signal from the remote side. Nor does a synchronous connection need to indicate when it is beginning to send something or the end of a transmission. These two things, plus how clocking is done, are the three major differences between synchronous and asynchronous connections—asynchronous connections are typically used for dialup connections, such as modems.

wide-area networking can be broken into three categories:

Leased line Circuit switched Packet switched

Leased-Line Connections

In lease line, you get your very own piece of wire from your location to the service provider's network. This is good because no other customer can affect your line, as can be the case with other WAN services. You have a lot of control over this circuit to do things such as Quality of Service and other traffic management. The downside is that a leased line is expensive and gets a lot more expensive if you need to connect offices that are far apart.

These are usually referred to as a point-to-point or dedicated connection. A leased line is a pre-established WAN communications path that goes from the CPE through the DCE switch, then over to the CPE of the remote site.

106

The distance between the two sites is small, making them cost-effective. You have a constant amount of traffic between two sites and need to guarantee

bandwidth for certain applications

Circuit-Switched Connections

A circuit-switched WAN uses the phone company as the service provider, either with analog dial-up or digital ISDN connections. With circuit-switching, if you need to connect to the remote LAN, a call is dialed and a circuit is established; the data is sent across the circuit, and the circuit is taken down when it is no longer needed. Circuit-switched connections include the following types:

Asynchronous serial connectionsThese include analog modem dialup connections and the standard telephone system, which is commonly referred to as Plain Old Telephone Service (POTS) by the telephone carriers.

Synchronous serial connectionsThese include digital ISDN BRI and PRI dialup connections; they provide guaranteed bandwidth.

Packet-Switched Connections

Packet-switched WAN services allow you to connect to the provider's network in much the same way as a PC connects to a hub: When connected, your traffic is affected by other customers' and theirs by you. This can be an issue sometimes, but it can be managed. The advantage of this shared-bandwidth technology is that with a single physical connection from your router's serial port, you can establish virtual connections to many other locations around the world. Packet-switched connections use logical circuits to make connections between two sites. These logical circuits are referred to as virtual circuits (VCs). So if you have a lot of branch offices and they are far away from the head office, a packet-switched solution is a good idea.

X.25The oldest of these four technologies is X.25, which is an ITU-T standard. X.25 is a network layer protocol that runs across both synchronous and asynchronous physical circuits, providing a lot of flexibility for your connection options. X.25 was actually developed to run across unreliable medium. It provides error detection and correction, as well as flow control, at both the data link layer (by LAPB) and the network layer (by X.25). In this sense, it performs a function similar to what TCP, at the transport layer, provides for IP. Because of its overhead, X.25 is best delegated to asynchronous, unreliable connections. If you have a synchronous digital connection, another protocol, such as Frame Relay or ATM, is much more efficient.

Frame RelayFrame Relay is a digital packet-switched service that can run only across synchronous digital connections at the data link layer. Because it uses digital connections (which have very few errors), it does not perform any error correction or flow control as X.25 does. Frame Relay will, however, detect errors and drops bad frames. It is up to a higher layer protocol, such as TCP, to resend the dropped information.

ATMATM is also a packet-switched technology that uses digital circuits. Unlike Frame Relay and X.25, however, this service uses fixed-length (53 byte) packets, called cells, to transmit information. Therefore, this service is commonly called a cell-switched service. It has an advantage over Frame Relay in that it can provide guaranteed throughput and minimal delay for a multitude of services, includingvoice, video, and data. However, it does cost more than Frame Relay services. ATM (sort of an enhanced Frame Relay) can offer a connection guaranteed bandwidth, limited delay, limited number of errors, Quality of Service (QoS), and more. Frame Relay can provide some minimal guarantees to connections, but not to the degree of precision that ATM can. Whereas Frame Relay is limited to 45 Mbps connections, ATM can scale to very high speeds: OC-192 (SONET), for instance, affords about 10 Gbps of bandwidth.

107

Encapsulation method

With each WAN solution, there is an encapsulation type. Encapsulations wrap an information envelope around your data that is used to transport your data traffic. If you use leased line as your wide-area networking choice, you can encapsulate your data inside a High-Level Data-Link Control (HDLC) frame, PPP frame, or Serial Line IP (SLIP) frame. For packet-switched networks, you can encapsulate or package your data in X.25 frames, Frame Relay, or Asynchronous Transfer Mode (ATM) frames.

HDLC

Based on ISO standards, the HDLC (High-Level Data Link Control) protocol can be used with synchronous and asynchronous connections and defines the frame type and interaction between two devices at the data link layer. Cisco's HDLC is a proprietary protocol and will not work with other company's router.

PPP

PPP (the Point-to-Point Protocol) is based on an open standard.

PPP Authentication

PAP goes through a two-way handshake process. In this process, the source sends its username (or hostname) and password, in clear text, to the destination. The destination compares this information with a list of locally stored usernames and passwords. If it finds a match, the destination sends back an accept message. If it doesn't find a match, it sends back a reject message.

CHAP uses a three-way handshake process to perform the authentication. The source sends its username (not its password) to the destination. The destination sends back a challenge, which is a random value generated by the destination. used by the source to find the appropriate password to use for authentication Both sides then take the source's username, the matching password, and the challenge and run them through the MD5 hashing function. The source then takes the result of this function and sends it to the destination. The destination compares this value to the hashed output that it generated—if the two values match, then the password used by the source must have been the same as was used by the destination, and thus the destination will permit the connection.

Configure hdlc ppp pap chap

In this Example I will demonstrate how can you configure wan encapsulation protocols. HDLC is the default encapsulation for synchronous serial links on Cisco routers. You would only use the encapsulation hdlc command to return the link to its default state

For practical example of HDLC PPP create a simple topology as shown in figure in packet tracer.

108

Double click on R1 and check the default encapsulation

Router>Router#show interfaces serial 0/0/0Serial0/0/0 is up, line protocol is up (connected)Hardware is HD64570Internet address is 20.0.0.1/8MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255Encapsulation HDLC, loopback not set, keepalive set (10 sec) [output is omited]

As you can verify that default encapsulation on router is HDLC. A wan link work only when it detects same protocols on same sides. To check it change the default encapsulation to PPP.

Router#configure terminalRouter(config)#interface serial 0/0/0Router(config-if)#encapsulation pppRouter(config)#exitRouter#show interfaces serial 0/0/0Serial0/0/0 is up, line protocol is down (disabled)Hardware is HD64570Internet address is 20.0.0.1/8MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255Encapsulation PPP, loopback not set, keepalive set (10 sec) [output is omited]

as you can see that line protocols is disable. To enable it set the encapsulation back to HDLC and restart the port with shut down command

Router#configure terminalRouter(config)#interface serial 0/0/0Router(config-if)#encapsulation hdlcRouter(config-if)#shutdownRouter(config-if)#no shutdownRouter(config-if)#exitRouter(config)#exitRouter#show interfaces serial 0/0/0Serial0/0/0 is up, line protocol is up (connected)Hardware is HD64570

109

http://computernetworkingnotes.com/ccna_certifications/download/hdlc_ppp.pkt

Internet address is 20.0.0.1/8MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255Encapsulation HDLC, loopback not set, keepalive set (10 sec) [output is omited]

Configuration of PPP

Now we will configure PPP encapsulations on both router. We will also authenticate it with CHAP. Hostname of Router are R1 and R2 and password is vinita.

Double Click on R1 and configure it

Router>enableRouter#configure terminalRouter(config)#hostname R1R1(config)#username R2 password vinitaR1(config)#interface serial 0/0/0R1(config-if)#encapsulation pppR1(config-if)#ppp authentication chapR1(config-if)#exitR1(config)#

Now configure R2 for PPP

Router>enableRouter#configure terminalRouter(config)#hostname R2R2(config)#username R1 password vinitaR2(config)#interface serial 0/0/0R2(config-if)#encapsulation pppR2(config-if)#ppp authentication chapR2(config-if)#exit%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0,changed state to upR2(config)#

Frame Really

Frame Relay is a scalable WAN solution that is often used as an alternative to leased lines when leased lines prove to be cost unaffordable. With Frame Relay, you can have a single serial interface on a router connecting into multiple remote sites through virtual circuits.

DLCI

Each VC has a unique local address, called a DLCI. Circuits are identified by data-link connection identifiers (DLCI). DLCIs are assigned by your provider and are used between your router and the Frame Relay provider. In other words, DLCIs are locally significant. This means that as a VC traverses various segments in a WAN, the DLCI numbers can be different for each segment. DLCIs are locally significant. The carrier’s switches take care of mapping DLCI numbers for a VC between DTEs and DCEs.

Configuration of Frame Relay

110

Configuring Frame Relay involves the following steps:

Chang the encapsulation

Go in interface mode and select the Frame Relay encapsulation on the interface. There are two types of Frame Relay encapsulations: Cisco and IETF. Cisco is the default. The syntax to set your encapsulation is

encapsulation frame-relay [ietf]

Configuring the Frame Relay map

configuring a static Frame Relay map, is optional unless you are using subinterfaces. The Frame Relay map will map a Layer 3 address to a local DLCI. This step is optional because inverse-arp will automatically perform this map for you. The syntax for a Frame Relay map is as follows:

frame-relay map protocol address dlci [broadcast] [cisco | ietf]

Configuring subinterfaces

If you are using a routing protocol in a hub-and-spoke topology, you will probably want to use subinterfaces to avoid the split-horizon problem. To configure a subinterface, remove the IP address off the main interface and put it under the subinterface. Configuring a subinterface involves assigning it a number and specifying the type. The following command creates point-to-point subinterface serial0/0.1

Router(config)#interface serial0/0.1 point-to-point

To create a multipoint subinterface, enter multipoint instead:

Router(config)#interface serial0/0.1 multipoint

Assign IP address to subinterface

After entering one of these commands you will be taken to the subinterface configuration mode where you can enter your IP address:

Router(config-subif)#ip address 10.0.0.2 255.0.0.0If you are using a multipoint subinterface, you will need to configure frame-relay maps and you cannot rely on inverse-arp.

If you are using a point-to-point subinterface, you will need to assign a DLCI to the subinterface. This is only for point-to-point subinterfaces; this is not needed on the main interface or on multipoint subinterfaces. To assign a DLCI to a point-to-point subinterface, enter the following command under the subinterface:

frame-relay interface-dlci dlci

Configuration of Frame Relay

Lets practically implement whatever you learn so far. configure this topology in packet tracer.

111

Now first configure R1. Fast Ethernet port and hostname is already configured. Double click on R1 and configure serial port for frame relay encapsulation and further create sub interface for connecting R2, R3, R4. Configure also static route for connecting remaining network.

Configure R1

R1>enableR1#configure terminalR1(config)#interface serial 0/0/0R1(config-if)#encapsulation frame-relayR1(config-if)#no shutdownR1(config-if)#exitR1(config-subif)#interface serial 0/0/0.102 point-to-pointR1(config-subif)#ip address 192.168.1.245 255.255.255.252R1(config-subif)#frame-relay interface-dlci 102R1(config-subif)#exitR1(config)#interface serial 0/0/0.103 point-to-pointR1(config-subif)#ip address 192.168.1.249 255.255.255.252R1(config-subif)#frame-relay interface-dlci 103R1(config-subif)#exitR1(config)#interface serial 0/0/0.104 point-to-pointR1(config-subif)#ip address 192.168.1.253 255.255.255.252R1(config-subif)#frame-relay interface-dlci 104R1(config-subif)#exitR1(config)#ip route 192.168.1.64 255.255.255.224 192.168.1.246R1(config)#ip route 192.168.1.96 255.255.255.224 192.168.1.250R1(config)#ip route 192.168.1.128 255.255.255.224 192.168.1.254R1(config)#exit

configure R2

R2>enable

112

http://computernetworkingnotes.com/ccna_certifications/download/frame_relay.pkt

R2#configure terminalR2(config)#interface serial 0/0/0R2(config-if)#encapsulation frame-relayR2(config-if)#no shutdownR2(config-if)#exitR2(config)#interface serial 0/0/0.101 point-to-pointR2(config-subif)#ip address 192.168.1.246 255.255.255.252R2(config-subif)#frame-relay interface-dlci 101R2(config-subif)#exitR2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.245

configure R3

R3>enableR3#configure terminalR3(config)#interface serial 0/0/0R3(config-if)#encapsulation frame-relayR3(config-if)#no shutdownR3(config-if)#exitR3(config)#interface serial 0/0/0.101 point-to-pointR3(config-subif)#ip address 192.168.1.250 255.255.255.252R3(config-subif)#frame-relay interface-dlci 101R3(config-subif)#exitR3(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.249R3(config)#

configure R4

R4>enableR4#configure terminalR4(config)#interface serial 0/0/0R4(config-if)#encapsulation frame-relayR4(config-if)#no shutdownR4(config-if)#exitR4(config)#interface serial 0/0/0.101 point-to-pointR4(config-subif)#ip address 192.168.1.254 255.255.255.252R4(config-subif)#frame-relay interface-dlci 101R4(config-subif)#exitR4(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.253R4(config)#

now verify by doing ping from pc0 to all pc. It should be ping successfully. I have uploaded a configured topology but use it as the final resort first try yourself to configure it.

Router(config)#interface serial 0/0/0 Enter in interface mode

Router(config-if)#encapsulation frame-relay

Turns on Frame Relay encapsulation with the default encapsulation type of cisco

Router(config-if)#frame-relay lmitype {ansi | cisco |

Depending on the option you select, this command sets the LMI type to the ANSI standard, the Cisco standard, or the ITU-T Q.933 Annex A standard.

113

q933a}

Router(config-if)#frame-relay interface-dlci 110

Sets the DLCI number of 110 on the local interface and enters Frame Relay DLCI configuration mode

Router(config-fr-dlci)#exitReturns to interface configuration mode

Router(config-if)#frame-relay map ip 192.168.100.1 110 broadcast

Maps the remote IP address (192.168.100.1) to the local DLCI number (110). The optional broadcast keyword specifies that broadcasts across IP should be forwarded to this address. This is necessary when using dynamic routing protocols.

Router(config-if)#no frame-relay inverse arp Turns off Inverse ARP.

Router#show frame-relay map Displays IP/DLCI map entries

Router#show frame-relay pvc Displays the status of all PVCs configured

Router#show frame-relay lmi Displays LMI statistics

Router#clear frame-relay counters Clears and resets all Frame Relay counters

Router#clear frame-relay inarp Clears all Inverse ARP entries from the map table

Router#debug frame-relay lmi

Used to help determine whether a router and Frame Relay switch are exchanging LMI packets properly

114

Wireless networking on Cisco Router

wireless networking basic Transmission Factors Responsible

Wireless Networking

Wireless networking is the new face of networking. Wireless networking have been around for many years. Cell phones are also a type of wireless communication and are popular today for people talking to each other worldwide.Wireless networking are not only less expensive than more traditional wired networking but also much easier to install. An important goal of this site is to provide you adequate knowledge for installing a wireless network and get certified in wireless networks as well as.

Perhaps you already useing wireless networking in your local coffee shop, at the airport, or in hotel lobbies, and you want to set up a small office or home network. You already know how great wireless networking is, so you want to enjoy the benefits where you live and work. It is truly transformational to one's lifestyle to decouple computing from the wires! If you are looking to set up a wireless network, you've come to the right place. We will show you the best way to set up wirless network easily. Many people are looking to find out how to use wireless networking at home.

In this wireless networking section we provide An Absolute Beginner's Guide provides in the perfect format for easily learning what you need to know to get up to speed with wireless network without wasting a lot of time. The organization of this site, and the special elements that we have described in this section will help you get the information you need quickly, accurately, and with clarity. In this section you will find inspiration as well as practical information. we believe that Wireless networks is a modest technology that has the power to have a huge and positive impact.. This is wonderful material, and it's lots of fun! So what are you waiting for? It's time to Go for wireless networking.

Wireless Basic

Radio Frequency Transmission Factors

Radio frequencies (RF) are generated by antennas that propagate the waves into the air.Antennas fall under two different categories:

directional and omni-directional.

Directional antennas are commonly used in point-to-point configurations (connecting two distant buildings), and sometimes point-to-multipoint (connecting two WLANs).An example of a directional antenna is a Yagi antenna: this antenna allows you to adjust the direction and focus of the signal to intensify your range/reach.

115

Omni-directional antennas are used in point-to-multipoint configurations, where they distribute the wireless signal to other computers or devices in your WLAN. An access point would use an omni-directional antenna. These antennas can also be used for point-to-point connections, but they lack the distance that directional antennas supply

Three main factors influence signal distortion:

Absorption Objectsthat absorb the RF waves, such as walls, ceilings, and floors

Scattering Objects that disperse the RF waves, such as rough plaster on a wall, carpet on the floor, or drop-down ceiling tiles

Reflection Objects that reflect the RF waves, such as metal and glass

Responsible body

The International Telecommunication Union-Radio Communication Sector (ITU-R) is responsible for managing the radio frequency (RF) spectrum and satellite orbits for wireless communications: its main purpose is to provide for cooperation and coexistence of standards and implementations across country boundaries.

Two standards bodies are primarily responsible for implementing WLANs:

IEEEdefines the mechanical process of how WLANs are implemented in the 802.11 standards so that vendors can create compatible products.

The Wi-Fi Alliancebasically certifies companies by ensuring that their products follow the 802.11 standards, thus allowing customers to buy WLAN products from different vendors without having to be concerned about any compatibility issues.

Frequencies bands:

WLANs use three unlicensed bands:

1. 900 MHz Used by older cordless phones2. 2.4 GHz Used by newer cordless phones, WLANs, Bluetooth, microwaves, and other devices3. 5 GHz Used by the newest models of cordless phones and WLAN devices

900 MHz and 2.4 GHz frequencies are referred to as the Industrial, Scientific, and Medical (ISM) bands. 5 GHz frequency the Unlicensed National Information Infrastructure (UNII) band. Unlicensed bands are still regulated by governments, which might define restrictions in their usage.

A hertz (Hz) is a unit of frequency that measures the change in a state or cycle in a wave (sound or radio) or alternating current (electricity) during 1 second.

Transmission Method

Direct Sequence Spread Spectrum (DSSS)uses one channel to send data across all frequencies within that channel. Complementary Code Keying (CCK) is a method for encoding transmissions for higher data rates, such as 5.5 and 11 Mbps, but it still allows backward

116

compatibility with the original 802.11 standard, which supports only 1 and 2 Mbps speeds. 802.11b and 802.11g support this transmission method.

OFDM (Orthogonal Frequency Division Multiplexing)increases data rates by using a spread spectrum: modulation. 802.11a and 802.11g support this transmission method.

MIMO (Multiple Input Multiple Output)transmission, which uses DSSS and/or OFDM by spreading its signal across 14 overlapping channels at 5 MHz intervals. 802.11n uses it. Use of 802.11n requires multiple antennas.

WLAN Standards

Standards 802.11a 802.11b 802.11g 802.11n

Data Rate 54 Mbps 11 Mbps 54 Mbps248 Mbps (with 2×2 antennas)

Throughput 23 Mbps 4.3 Mbps 19 Mbps 74 Mbps

Frequency 5 GHz 2.4 GHz 2.4 GHz 2.4 and/or 5 GHz

Compatibility NoneWith 802.11g and the original 802.11

With 802.11b 802.11a, b, and g

Range (meters) 35–120 38–140 38–140 70–250

Number of Channels 3 Up to 23 3 14

Transmission OFDM DSSS DSSS/OFDM MIMO

Wireless networking Access Modes

Two 802.11 access modes can be used in a WLAN:

Ad hoc mode Infrastructure mode

Ad hoc mode is based on the Independent Basic Service Set (IBSS). In IBSS, clients can set up connections directly to other clients without an intermediate AP. This allows you to set up peer-to-peer network connections and is sometimes used in a SOHO. The main problem with ad hoc mode is that it is difficult to secure since each device you need to connect to will require authentication. This problem, in turn, creates scalability issues.

Infrastructure mode was designed to deal with security and scalability issues. In infrastructure mode, wireless clients can communicate with each other, albeit via an AP. Two infrastructure mode implementations are in use:

117

Basic Service Set (BSS) Extended Service Set (ESS)

In BSS mode,clients connect to an AP, which allows them to communicate with other clients or LANbased resources. The WLAN is identified by a single SSID; however, each AP requires a unique ID, called a Basic Service Set Identifier (BSSID), which is the MAC address of the AP’s wireless card. This mode is commonly used for wireless clients that don’t roam, such as PCs.

In ESS mode,two or more BSSs are interconnected to allow for larger roaming distances. To make this as transparent as possible to the clients, such as PDAs, laptops, or mobile phones, a single SSID is used among all of the APs. Each AP, however, will have a unique BSSID.

Coverage Areas

A WLAN coverage area includes the physical area in which the RF signal can be sent and received Two types of WLAN coverage’s are based on the two infrastructure mode implementations:

Basic Service Area (BSA) Extended Service Area (ESA)

The terms BSS and BSA, and ESS and ESA, can be confusing. BSS and ESS refer to the building topology whereas BSA and ESA refer to the actual signal coverage

BSAWith BSA, a single area called a cell is used to provide coverage for the WLAN clients and AP

ESAWith ESA, multiple cells are used to provide for additional coverage over larger distances or to overcome areas that have or signal interference or degradation. When using ESA, remember that each cell should use a different radio channel.

Wireless Networking Basic Security

How an end user client with a WLAN NIC accesses a LAN

1. To allow clients to find the AP easily, the AP periodically broadcasts beacons, announcing its (SSID) Service Set Identifier, data rates, and other WLAN information.

2. SSID is a naming scheme for WLANs to allow an administrator to group WLAN devices together.3. To discover APs, clients will scan all channels and listen for the beacons from the AP(s). By default, the

client will associate itself with the AP that has the strongest signal.4. When the client associates itself with the AP, it sends the SSID, its MAC address, and any other security

information that the AP might require based on the authentication method configured on the two devices.

5. Once connected, the client periodically monitors the signal strength of the AP to which it is connected.

118

6. If the signal strength becomes too low, the client will repeat the scanning process to discover an AP with a stronger signal. This process is commonly called roaming.

SSID and MAC Address Filtering

When implementing SSIDs, the AP and client must use the same SSID value to authenticate. By default, the access point broadcasts the SSID value, advertising its presence, basically allowing anyone access to the AP. Originally, to prevent rogue devices from accessing the AP, the administrator would turn off the SSID broadcast function on the AP, commonly called SSID cloaking. To allow a client to learn the SSID value of the AP, the client would send a null string value in the SSID field of the 802.11 frame and the AP would respond; of course, this defeats the security measure since through this query process, a rogue device could repeat the same process and learn the SSID value.

Therefore, the APs were commonly configured to filter traffic based on MAC addresses. The administrator would configure a list of MAC addresses in a security table on the AP, listing those devices allowed access; however, the problem with this solution is that MAC addresses can be seen in clear-text in the airwaves. A rogue device can easily sniff the airwaves, see the valid MAC addresses, and change its MAC address to match one of the valid ones.This is called MAC address spoofing.

WEP

WEP (Wired Equivalent Privacy) was first security solutions for WLANs that employed encryption. WEP uses a static 64-bit key, where the key is 40 bits long, and a 24-bit initialization vector (IV) is used. IV is sent in clear-text. Because WEP uses RC4 as an encryption algorithm and the IV is sent in clear-text, WEP can be broken. To alleviate this problem, the key was extended to 104 bits with the IV value. However, either variation can easily be broken in minutes on laptops and computers produced today.

802.1x EAP

The Extensible Authentication Protocol (EAP) is a layer 2 process that allows a wireless client to authenticate to the network. There are two varieties of EAP: one for wireless and one for LAN connections, commonly called EAP over LAN (EAPoL).

One of the concerns in wireless is allowing a WLAN client to communicate to devices behind an AP. Three standards define this process: EAP, 802.1x, and Remote Authentication Dial In User Service (RADIUS). EAP defines a standard way of encapsulating authentication information, such as a username and password or a digital certificate that the AP can use to authenticate the user.802.1x and RADIUS define how to packetize the EAP information to move it across the network.

WPA

Wi-Fi Protected Access (WPA) was designed by the Wi-Fi Alliance as a temporary security solution to provide for the use of 802.1x and enhancements in the use of WEP until the 802.11i standard would be ratified. WPA can operate in two modes: personal and enterprise mode. Personal mode was designed for home or SOHO usage. A pre-shared key is used for authentication, requiring you to configure the same key on the clients and the AP. With this mode, no authentication server is necessary as it is in the official 802.1 x standards. Enterprise mode is meant for large companies, where an authentication server will centralize the authentication credentials of the clients.

WPA2

119

WPA2 is the IEEE 802.11i implementation from the Wi-Fi Alliance. Instead of using WEP, which uses the weak RC4 encryption algorithm, the much more secure Advanced Encryption Standard (AES)–counter mode CBC-MAC Protocol (CCMP) algorithm is used.

Wireless Network

A wireless network enables people to communicate and access applications and information without wires. This provides freedom of movement and the ability to extend applications to different parts of a building, city, or nearly anywhere in the world. Wireless networks allow people to interact with e-mail or browse the Internet from a location that they prefer.

Many types of wireless communication systems exist, but a distinguishing attribute of a wireless network is that communication takes place between computer devices. These devices include personal digital assistants (PDAs), laptops, personal computers (PCs), servers, and printers. Computer devices have processors, memory, and a means of interfacing with a particular type of network. Traditional cell phones don't fall within the definition of a computer device; however, newer phones and even audio headsets are beginning to incorporate computing power and network adapters. Eventually, most electronics will offer wireless network connections.

As with networks based on wire, or optical fiber, wireless networks convey information between computer devices. The information can take the form of e-mail messages, web pages, database records, streaming video or voice. In most cases, wireless networks transfer data, such as e-mail messages and files, but advancements in the performance of wireless networks is enabling support for video and voice communications as well.

Types of Wireless Networks

WLANS: Wireless Local Area Networks

WLANS allow users in a local area, such as a university campus or library, to form a network or gain access to the internet. A temporary network can be formed by a small number of users without the need of an access point; given that they do not need access to network resources.

WPANS: Wireless Personal Area Networks

The two current technologies for wireless personal area networks are Infra Red (IR) and Bluetooth (IEEE 802.15). These will allow the connectivity of personal devices within an area of about 30 feet. However, IR requires a direct line of site and the range is less.

WMANS: Wireless Metropolitan Area Networks

This technology allows the connection of multiple networks in a metropolitan area such as different buildings in a city, which can be an alternative or backup to laying copper or fiber cabling.

WWANS: Wireless Wide Area Networks

120

These types of networks can be maintained over large areas, such as cities or countries, via multiple satellite systems or antenna sites looked after by an ISP. These types of systems are referred to as 2G (2nd Generation) systems.

Comparison of Wireless Network Types

Type Coverage Performance Standards Applications

Wireless PAN

Within reach of a person

ModerateWireless PAN Within reach of a person Moderate Bluetooth, IEEE 802.15, and IrDa Cable replacement for peripherals

Cable replacement for peripherals

Wireless LAN

Within a building or campus High IEEE 802.11, Wi-Fi, and HiperLAN

Mobile extension of wired networks

Wireless MAN

Within a city High Proprietary, IEEE 802.16, and WIMAX Fixed wireless between homes and businesses and the Internet

Wireless WAN Worldwide Low CDPD and Cellular 2G, 2.5G, and 3G Mobile access to the Internet

from outdoor areas

wireless configuration

In this topology we have three pc connected with Linksys Wireless routers.

DHCP is configured and enabled on Wireless router IP pool for DHCP is 192.168.0.100 to 192.168.0.150 PC are configured to receive IP from DHCP Server No security is configured Default SSID is configured to Default Topology is working on infrastructure mode Default user name and password is admin IP of wireless is set to 192.168.0.1

121

http://computernetworkingnotes.com/ccna_certifications/download/wire_less.pkt

Now your task is to:-

Configure Static IP on PC and Wireless Router Change SSID to MotherNetwork Change IP address of router to 10.0.0.1 and 10.0.0.2 of PC0 10.0.0.3 of PC1 10.0.0.4 of PC2 Secure your network by configuring WAP key on Router Connect PC by using WAP key

configure wireless network

As given in question our network is running on 192.168.0.0 network and all PC’s are DHCP clients and functioning properly. So we will first connect to Wireless router to off DHCP.

Double click on PC and select Web Browser. As given in question IP of Wireless router is 192.168.0.1 so give it in Web browser and press enter, now it will ask for authentication which is also given in question. Give user name admin and Password to admin

122

This will bring GUI mode of Wireless router. Scroll down screen to Network Step and Select Disable DHCP

Go in end of page and click on Save setting this will save setting click on continue for further setting

123

Now select Administration from top Manu and change password to test and go in the end of page and Click on Save Setting

Click on continue for further setting. This time it will ask you to authenticate again give new password test this time

124

Now click on wireless tab and set default SSID to MotherNetwork

Now Select wireless security and change Security Mode to WEP

125

Set Key1 to 0123456789

Again go in the end of page and Click on Save Setting

Now we have completed all given task on Wireless router. Now configure the static IP on all three PC's

Double click on pc select Desktop tab click on IP configuration select Static IP and set IP as given below

PC IP Subnet Mask Default GatewayPC0 192.168.0.2 255.255.255.0 192.168.0.1PC1 192.168.0.3 255.255.255.0 192.168.0.1PC2 192.168.0.4 255.255.255.0 192.168.0.1

Now it's time to connect PC's from Wireless router. To do so click PC select Desktop click on PC Wireless

126

Click on connect tab and click on Refresh button

As you can see in image that Wireless device is accessing MotherNetwork on CH 6 and signal strength is 100%. In left side you can see that WEP security is configured in network. Click on connect button to connect MotherNetwork

127

It will ask for WAP key insert 0123456789 and click connect

It will connect you with wireless router.

128

As you can see in image below that system is connected. And PCI card is active.

129

Documents

CCNA project report