IP Services-Q0S Workbook Sikandar Shaik CCIEx2(RS/SP) JM ONLINE fe. Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, TADIAL s91_ 40” cua90380, 491, 7oscene345 way. noazolutfons. comAbout the Author Sikandar Shaik, a dual CCIE (RS/SP# 35012). is a highly experienced and extremely driven senior technical instructor and network consultant. He has been training networking courses for more than 10 years, teaching on a wide range of topics including Routing and Switching, Service Provider and Security (CCNA to CCIE). In addition, he has been developing and updating the content for these courses. He has assisted many engineers in passing out the lab examinations and securing certifications. Sikandar Shaik is highly skilled at designing, planning, coordinating, maintaining, troubleshooting and iplementing changes to various aspects of multi-scaled, multi-platform, multi-protocol complex networks as well as course development and instruction for a technical workforce in a varied networking environment. His experience includes responsibilities ranging from operating and maintaining PC's and peripherals to network control programs for multi-faceted data communication networks in LAN, MAN and WAN environments. Sikandar Shaik has delivered instructor led trainings in several states in India as well as in abroad in countries like China, Kenya and UAE. He has also worked as a Freelance Cisco Certified Instructor globally for Corporate Major Clients. Acknowledgment First and foremost | would like to thank the Almighty for his continued blessings and for always being there for me. You have given me the power and confidence to believe in myself and pursue my dreams. | could never have done this without the faith | have in you. Secondly | would like to thank the NOA Solutions team for their continued support, dedication and hard work which helped me in delivering a better product. | would like to thank my family for understanding my long nights at the computer. | have spent a lot of time on preparing ‘workbooks and this workbook would not have been possible without their support and encouragement. | would also like to recognize the cooperation of my students who took my trainings and workbooks. | believe my workbooks have helped them in upstilling themselves with respect to the subject and technologies and | will continue preparing workbooks for the updated technology versions. Shaik Gouse Moinuddin Sikandar CCIE x 2 (RS/SP) Feedback Please send feedback if there are any issues with respect to the content of this workbook. | would also appreciate suggestions from you which can improve this workbook further. Kindly send your feedback and suggestions at info@noasolutions.com NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 2INDEX PAGE NO Secure Shell (SSH) 5 DHCP 8 LAB: ROUTER AS DHCP SERVER .. 12 DHCP -IP HEPER ADDRE: 16 LAB : DHCP_Relay Agent (between VLAN) .. 20 DHcPv6 25 28 32 Logging on Cisco Routers . 37 NTP (Network Time Protocol) . 53 LAB NTP csssecssnssecesesnsssseecesnnsseeeenansceesennnseesesnannceeesnnnsceesenanseeesenne 56 LAB - NTP BROADCASTS 60 IP SLA 62 LAB : IP SLA using static route: (reliable Backup static routes) . 66 Embedded Event manage ss... af Sa ee First Hop Redundancy protocols 82 LAB: HOT STANDBY ROUTER PROTOCOL (HSRP)... 84 LAB: VRRP 95 ouep PE RRS Oa AB. eo. Mtoe LAB: GATEWAY LOAD BALANCING PROTOCOL (GLBP) 102 Network Address translation m3 LAB AL STATIC NAT. sessssccsesssseeceersnseceeennnneecerinsnceeeen 7 LAB -2 Dynamic NAT ..ecsesssseecserssseeeeemnssseeeenncseesermnsecereennseseeennse 120 LAB-3_ PORT ADDRESS TRANSLATION, 124 NAT with Route-maps ( Policy based NAT). 130 STATIC PAT 135 STATIC POLICY NAT: ssssssesersssee Quality of Service Introduction 142 Identify Qos Models .. 149 Modular Qos CLI 155 Implementing Qos Policy using MQC 160 Classification and Marking: 164 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 3Using NBAR sosssssssssssssecseseseetstsneensnsensssseceeeeeetsesetenannensasesessssseeeees 179 LAB : Classification and Marking: 189 LAB: Marking — Re-marking .. 194 Congestion Management using Qeueing - 199 LAB : CBWFQ ~ Bandwith Reservations 220 CBWFQ — Bandwitdh percent 223 LAB : CLASS-BASED WEIGHTED FAIR QUEUEING (CBWFQ) .. 225 LLQ : bandwith Reservations with prority .. 229 LLQ__ BANDWIDTH PERCENT ... 232 LOW LATENCY QUEUEING (LLQ) 235 Congestion Avoidance .. 238 Class based WRED - IP Precedence .. 244 WRED-CBWREB _DSCP based -esssssscseesesssseeeesnsseeeernnseceeserineseeernne 254 Traffic polieng & Shaping 258 LAB-L : Traffic POLICING 262 LAB-2: Traffic Policing... see 266 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 4Secure Shell (SSH + Most IT pros know that using Telnet to manage routers. switches, and firewalls is not exactly a security best practice. Instead, the accepted alternative to Telnet's lack of security is Secure Shell (SSH). © To set up access to a Cisco switch for SSH, you will need to have a user account created on your switch, SSH versions: © There are two versions of SSH. SSH Version 2 is an IETF standard that is more secure than version 1. * Version 1 is more vulnerable to man-in-the-middle attacks, * Cisco devices support both types of connections, but you can specify which version to use, Steps to Configure SSH: Telnet is enabled by default. but configuring even a basic SSH server requires several steps: Ensure that your IOS supports SSH. Configure a host name, unless this was done previously. Configure a domain name, unless this was done previously. Configure a client authentication method. Tell the router or switch to generate the Rivest, Shamir, and Adelman (RSA) keys that will be used to encrypt the session. Specify the SSH version, if you want to use version 2. Disable Telnet on the VTY lines. Enable SSH on the VTY lines. OMawNe pen LAB: CONFIGURE. SSH ON CISCO ROUTERS: 192.168.1100 folo 19 Rt 192,168.11 and IP addressing as per the diagram. * Configure RI to enable SSH_using the following Parameters: © hostname R1 © domain name —_networkonlineacademy.com © versoin SSH version 2 © Username Sikandar © Password discol23, ROUTER(config)#int f0/0 ROUTER(config.if}fip address 192.168.1.100 255.255.255.0 ROUTER(config-if}#no shutdown ROUTER(config-ifhend NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on” Page 5ROUTERSping 192.168.1.1 ‘Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168. nt Success rate is 100 percent (5/5), round-trip min/avg/max = timeout is 2 seconds: 3/14/28 ms ROUTER(config)#hostname R-1 R-l(config}#ip domain name networkonlineacademy.com R-l(config)#exit NOTE: both the hostname and domain name are required for the encryption keys to be generated: R-l(config)#username sikandar password ciscol23 R-I(config)#enable secret cisco R-l(config)#crypto key generate rsa general-keys modulus 1024 The name for the keys will be: REMRetWOrkOnlinescademycom % The key modulus size is 1024 bits % Generating 1024 bit RSA keys, keys will be non-exportable...{OK] *Mar 100:03:49.051: %SSH-5-ENABLED: SSHI1N99/has|beeh enabled Relish ip ssh SSH Enabled - version 1.99 Authentication timeout: 120 secs; Authentication retries: 3 R-l(config)#ip ssh version 2 R-l(config)#end Rl#sh ip ssh SSH Enabled - version 2.0 Authentication timeout: 120 secs; Authentication retries: 3 R-l(config)#ip ssh time-out 60 R-l(config)#ip ssh authentication-retries 3 R-l(config-line)#login local R-l(config-line)#transport input ssh telnet R-(config-line)#es NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 6To verify SSH use either Putty.exe or secure CRT application: Below is the screenshot of putty.exe g PUTTY Configuration Category: Sesson Bo opbna fe you PUTTY onsen ad Sent he seater orto core9 a Hos Name (Pade) Post a 152 1681.100 2 Features Connection 9p: Window Faw OTehet @ Fed OSH Oe epesrance fepeunes Load, sve dele ase ensen Tanda Saved Sessions Seleten Colours Deak Setings Load ae See Pox Tet Ose Regn ose aoe ose window on ext: ans ‘Aways (@)Never |Onty on clean eat | | ot Coe ferrerrerrerrs caneretcret CIEE: ere eras Rereereecesstrs cranny Cae ed coer ee ees eters N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. comDHCP (IPV4/v6) NA. allows a server to dynamically distribute IP addressing and configuration information to clients. “s Advantages : » Centralized network client J a) l © IP Address © Subnet Mask Default Gateway © DNS server configuration easier IP address management as a © Reduced network administration. ont o large network support Assigning a Static IPv4 Address to a Host AM OA. LAN Interface Properties Configuring a Static IPv4 Address, Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 uww.noasolution: ‘com Page 8Assigning a Dynamic IPv4 Address to a Host NA, [Assigning a Dynamic Pv Address DHCP - preferred method of “teasing” 1Pv4 aaa addresses to hosts on large networks, reduces the burden on network support staff and virtually eliminates entry errors DHCP Process OA, IP address request q =o, IP address offer Ss om—m:» “Yl DHCP client IP address selection DHCP server cee 0 IP address acknowledgment Ze NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 9Router as DHCP server OA. DHCPIcontig)tip dhep poo! CCIE DHCP(dhep-config)#? ‘defaultrouter Defauit routers ‘nsserver _Setname server exit Bxitfrom DHCP poo! configuration mode network Network number and mask no Negate a. command or set its defauits option Raw DHCP options DHCPIahcp-config)#metwork 192.168.1.0 255.255.255.0 DHCPIahcp-config}#cletault-router 192. 168.1.100 DHCPIahcp-config) tans-server 192.168.1.50 DHCPIahcp-config)¥ens-server 192.168.1.51 ron r0s.1.0720 DHCP|contig)#ip dhep excluded-address 192.168.1.100 DHCP{contig)#ip dhep excluded-address 192.168.1.1 192.168.1.10 DHCP{config)#ip dhep excluded-address 192.168.1.50 192.168.1.51 Router as DHCP Client a aA. on client side router Router(config)# int fa0/0 Router(configri]# jp address dhep Router(configri# no shut ro2.108.1.0/24 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 10Disadvantage: + Will increase the load on the router + Best suited for network that support 10 to 15 users. r92.108.1.0/24 Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 11LAB: ROUTER AS DHCP SERVER 192.168.1.0/24 TASK: * Configure RI and PC in the LAN with the IP address as per the diagram given. * Configure RI as DHCP with the following det + Use DHCP pool name “CCIE” Use network 192.168.1.0/24 Exclude address 192.168.1.1 ~ 192.168.1.10 to 192.168.1.50, 192.168.1.51 , 192.168.1.100 * IP address of Router is 192.168.1.100 * Dnsservers in the Network 192.168.1.50 , 192.168.1.51 Router(config)#hostname DHCP DHCP(config)#int f0/0 DHCP(config-if}#ip add 192.168.1.100 255.255.255.0 DHCP(config-if}#no shutdown DHCP(config)#ip dhep excluded-address ? A.B.C.D Low IP address DHCP(config)#ip dhep excluded-address 192.168.1.100 DHCP(config)#ip dhep excluded-address 192.168.1.1 192.168.1.10 DHCP(config)#ip dhep excluded-address 192.168.1.50 192.168.1.51 DHCP(config)#ip dhep pool CCIE DHCP(dhep-config)#? default-router Default routers NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 12dns-server Set name server exit Exit from DHCP pool configuration mode network Network number and mask no Negate a command or set its defaults option Raw DHCP options DHCP(dhep-config)#network 192.168.1.0 255.255.255.0 DHCP(dhep-config)#default-router 192.168.1.100 DHCP(dhep-config)#dns-server 192.168.1.50 DHCP(dhep-config)#dns-server 192.168.1.51 DHCP(dhep-config)#end ‘TO VERIFY ON PC : PCI>ipconfig /release IP Addres Subnet Mask. Default Gateway. DNS Server. PCI>ipconfig. /renew IP Addres: Subnet Mask. Default Gateway.. DNS Server. PC2>ipconfig /release IP Addres: Subnet Mask.. Default Gateway.. DNS Server. PC2>ipconfig. /renew IP Addres Subnet Mask. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 13TASK: + Connect a Router in the LAN as DHCP client which needs To Get Ip Aaddress Automatically From Dhep Server. 192.168.1.0/24 on dient side router Router(config)# int fa0/0 Router(config-f}# ip address dhep Router(config-if}# no shut Switch#sh dp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID DHCP Fas 0/3 168 R C2600 Fas 0/0 Router Fas0/6 149 RS C2600— Fas 0/0 Switch#tconf t Switch(config)fint f0/6 Switch(config-if)#spanning-tree portfast Switch(config-if)#end Routerf#sh ip int brief Interface IP-Address__ OK? Method Status Protocol FastEthernetO/I unassigned —_YES unset administratively down down, DHCP¥sh ip dhep binding NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 14IP address Client-ID/ Lease expiration Type Hardware address 192.168.1.11 _ 0005.5E88.800B Automatic 192.168.1.12 0001.974D.5308 Automatic 192.168.1.13 0002.4AD3.8E01 S Automatic NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 15Dhep Relay Agent (IP Helper Address) OA. » forwards Broadcast DHCP request received on interface to the DHCP server specified by the IP Helper address via unicast. » iphelperaddress a.bad oxcP lent ‘atianta Boston IP Helper Address Configure R-3(configFinterface f0/0 R-3(config-f ip helper address 10.0.0.2 R-3(config:ffexit NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 16DHCP server Configuration OA. Route(confighne ip routing Routerconfg)lp default gateway 192.168..100 ipconfig /release IP Address. Subnet Mask.. Default Gateway. DNS Server PC>ipconfig /renew IP Address. Subnet Mask.. Default Gateway.. DNS Servet NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 19LAB: DHCP_Relay Agent (between VLAN) Vian 10- 192.168.1.100 Vian 20- 192.168.2.100 DHCP TASK: © Design Topology & Assign IP addressing as per the given diagram. * Create vian 10 & 20 On Multi-layer Switch and assign Ports f0/1 -3 in vlan 10 and f0/4 - 5 in vlan 20. ‘Switch(config)#vlan 10 Switch(config-vian)#vian 20 Switch(config-vian)#fexit, ‘Switch(config)#int range f0/1 - 3 s Switch(config-ifrange) #switchport access vlan 10 Switch(config-if-range)#exit 3 3 Switch(config)#int range 0/4 - 5 Switch(config-if-range) fswitchport mode access Switch(configif-range) fswitchport access vlan 20 Switch(config-if-range)fexit Switch(config)#int vlan 10 Switch(config-if\#ip address 192.168.1.100 255.255.255.0 Switch(config-if#no shutdown Switeh(config-ifi#exit Switch(config)#int vlan 20 Switch(config-if}#ip address 192.168.2.100 255.255.255.0 ‘Switch(config-if}#no shutdown Switch(config.if)fend TASK: NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 waw.noasolutions.com Page 20* Configure RI as DHCP Server and Ensure that clients * Disable Routing on RI and assign Gateway address. ( here Router just acting as DHCP server and not a Router) Router(config)#no ip routing Router(config)#ip default-gateway 192.168.1.100 Router(config)#int £0/0 Router(config-if}#ip address 192.168.1.1 255.255.255.0 Router(config)#ip dhep excluded-address 192.168.1.1 Router(config)#ip dhep excluded-address 192.168.1.100 Router(config)#ip dhep pool NOA. Router(dhcp-config)#network 192.168.1.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.1.100 Router(dhep-config)#dns-server 192.168.1.50 Router(dhep-config)#exit Porc [conlg | outoe | Sirens 1? confgraton v6 Canfiation| One © Auto Cont @ stave NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 2116 Conran DHCP © Auto Conf @ State TASK: + Configure DHCP pool on RI for vian 20 users ( 192.168.2.0/24) + Configure Switch as Relay agent to assing dynamic IP address for vlan 20 + Enable Routing on Multi-layer switch to ensure that users on vian 20 send DHCP request on vian 10. Router(config)#ip dhep excluded-address 192.168.2.100 Router(config)#ip dhep pool NOA_VLAN20 Router(dhep-config)#default-router 192.168.2.100 Router(dhep-config)#dns-server 192.168.1.50 Router(dhcp-config)#network 192.168.2.0 255.255.255.0 Router(dhep-config)#exit, ‘Switch(config)#int vlan 20 Switch(config-if}#ip helper-address 192.168.1.1 Switeh(config-if #exit Switch(config)#ip routing NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 22ss contgaten Onc © Ate Cankg State mrmcrn 1? congestion «oe pa Joven request sccests Suinet Mack 5.255.255 Detat Cateway 352 160.2100 Ps conbouaton Once © Ao Cont Stave ik aca Aderees_ FE0:03:c7F:FECAOOnO PVs catnay Router#sh ip dhep binding IP address Client-ID/ Lease expiration Type Hardware address 192.168.1.2 0001.6317.38EE ~ Automatic 192.168.1.3 OOOC.CFES.5145 - Automatic 192.168.2.22 0001.9786.0859 -- Automatic 192.168.2.23 0001.C7CA.D890 -- Automatic PC>ipconfig FastEthernetO Connection:(default port) Link-local IPv6 Address......! FE80::201:C7FF:FECA:D890 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution hall,Banjarahills road no 1 Page 23IP Address. Subnet Mask. Default Gateway.. 1 192,168.2.23, 255.255.255.0 192.168.2.100 Pc>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1.1: byte Reply from 192.168, Reply from 192.168, Reply from 192.168, Ping statistics for 192.168.1 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in mill-seconds: Minimum = Oms, Maximum = Ims, Average = Oms PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168, Reply from 192.168. Reply from 192.168.1.2: byt Reply from 192.168.1.2: byt 32 time=Oms TTL=127 32 time=Oms TTL=127 2 time=Oms TTL=127 Ping statistics for 192.168.1.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = Oms, Maximum = Oms, Average = Oms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 24DHCP v4/v6 OA. allows a server to dynamically distribute IP addressing and configuration information to clients. IP Address Subnet Mask Default Gateway DNS server Advantages Centralized network client configuration easier IP address management Reduced network administration. large network support NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 25DHCPv6. NA. functionality of DHCPV6 is the same as DHCP for [Pw but there are some diferences. There's no broadcast Instead uses Solicited Multicast addres Glens listen for DHCP messages on UDP port 546. » Servers and relay agents listen for DHCP massages on UDP port 547. Gateway information learns based on Router Advertisement Messages (2oor:a08:3008:3) (overs) Ro a) DHCPv6 Configuration nero GA, Ri(conigipws dep poot NOA (config bcpv6) address prefix 2001:123:123:123:/64 Ae i(config-dhcpv6)¥dnsserver 2001:1234::1234 (config dbepv6)¥domain-name noasolutions.com Ri(config-dhepv6)vexdt Y(config)#int 0/0 aoovrzsziaiee l(config.itipv6 address 2001:123: l(config.ifitipv6 dhep server NOA RI(config.fMipv6 nd managed-config ag (configafjtno shutdown = Ri(config.fitexit ct Cet R2(config}#int 1/0 R2(confg-i)# fpv6 address dhep R2(config-)# no shutdown, NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 26DHCPvé6 Relay Agent A, i(config)tipys dhep poo! NOA RaR6 Ai(config-chepy6 address prefix 2001:34:34:34:/64 Rifconfg-chcpv6)#dne-server 2001:1234:1234 Ri(confg-dhepy6)#domale-name noasolutions.com Rifeontig-chepu6)fext _i(config}ine fo” RI{configiipw6 dhcp server NOA_R3RS Rifconfig-)pws nd managed config Rifcontigifet 3(configyint £10 R3(config:# pv dhep rely destination 2001 {configint f0/0 e(configf#ips enable s(config.ftipys address dhep Refconfigitno shutdown NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 27LAB :DHCPv6: 2001:123:123:123::/64 DHCP Client + The stateful version of DHCPv6 is pretty much the same as for IPv4. © Our DHCPV6 server will assign IPv6 addresses to all DHCPV6 clients and it will keep track of the bindings. In short, the DHCPV6 servers knows exactly what IPv6 address has been assigned to what host. * Stateless works a bit different. .the DHCPV6 server does not assign IPV6 addresses to the DHCPV6 clients, this is done through autoconfiguration. The DHCPV6 server is only used to assign information that autoconfiguration doesn't....stuff like a domain-name, multiple DNS servers and all the other options that DHCP has to offer. TASK: + Design The topology as per the diagram * Configure R1 as DHCPV6 Server (Statefull DHCP server) assigning IPv6 address to clients ( R2-R3) RI(config)#ipvé dhep pool NOA Ri(config-dhepv6)#? IPv6 DHCP configuration commands: address IPv6 address allocation default Set a command to its defaults dns-server DNS servers domain-name Domain name to complete unqualified host names exit Exit from DHCPvé configuration mode import Import options information _ Information refresh option NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 28link-address _Link-address to match nis NIs server options nisp NISP server options no Negate a command or set its defaults prefix-delegation IPv6 prefix delegation sip SIP server options sntp SNTP server options vendor-specific Configure Vendor-specific option RI(config-dhepv6)#address prefix 2001:123:123:12: RI(config-dhcpv6)#dns-server 2001:1234::1234 Ri(config-dhepv6)#domain-name noasolutions.com Ri(config-dhepv6)#exit Ri(config)#int £0/0 Ri(configif}#ipv6 address 2001:123:123:123::1/64 Ri(configeif}#ipv6 dhep server NOA Ri(config-if}#ipv6 nd managed-config-flag Ri(config-if}#no shutdown Ri(configif}#exit * Configures IPv6 interfaces neighbor discovery to allow the hosts to uses DHCP for address configuration. + We use the same command to activate the pool on the interface but there is one extra item. © The ipv6 nd other-config-flag is required as it will inform clients through RA (Router Advertisement) messages that they have to use DHCPV6 to receive extra information like the domain name and DNS server after they used autoconfiguration. Rl#debug ipv6 dhep IPv6 DHCP debugging is on R2(config)#int f0/0 R2(config-i# ipv6 address dhep R2(config-if# ipv6 enable R2(config-i# no shutdown Ra(config-i#end v6 DHCP: REEIVEA SOLICITS HHRIFEBOCEORGFEFEAIO on FastEtheret0/0 Pvé DHCP: Using interface pool NOA + IPvé DHCP: Creating binding for FE80::C802:16FF:FE40:0 in pool NOA NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 29*Mar 29 13:51:35.083: IPv6 DHCP: Binding for |A_NA 00030001 not found *Mar 29 13:51:35.087: IPv6 DHCP: Allocating !A_NA 00030001 in binding for FE80::C802:16FF:FE40:0 *Mar 29 13:51:35.087: IPv6 DHCP: Looking up pool 2001:123:123:123::/64 entry with username "00030001CA021640000000030001" *Mar 29 13:51:35.087: IPv6 DHCP: Poolentry for user not found *Mar 29 13:51:35,091 Pv DHCP: ABE Rew aes 20011235123123:1089:CCSSI999255C06 *Mar 2913:51:35.091: v6 DHCP: Alleating dees 2001123123123: T089:CCS6:999238C06 in bincing for FE80::C802:16FF:FE40:0, [AID 00030001 *Mar 29 13:51:35,095: IPv6 DHCP: Updating binding address entry for address 2001:123:123:123:1089:CC56:9992:BC06 *Mar 29 13:51:35,095: IPv6 DHCP: Setting time Rl#r on 2001:123:123:123:1089:CC56:9992:8C06 for 60 seconds *Mar 29 1: 5.095: IPvé DHCP: Sending ADVERTISE to|FESONCBO2:16FF!FE4O:0 on FastEthernet0/O *Mar 29 13:51:35.103: IPv6 DHCP: Received SOLICIT from FE80::C802:16FF:FE40:0 on FastEthernet0/0 *Mar 29 13:51:35.107: IPv6 DHCP: Using interface pool NOA *Mar 29 13:51:35.111: IPv6 DHCP: Reclaiming addresses for nt FE80::C802:16FF:FE40:0 30001 *Mar 29 13:51:35.1: IPv6 DHCP: Freeing address 2001:123:123:123:1089:CC56:9992:BC06 to internal pool 2001:123:123:123::/64 *Mar 29 13:51:35.1: IPv6 DHCP: Freeing |A_NA 00030001 from binding for FE80::C802:16FF:FE40:0 *Mar 29 13:51:35.115: IPv6 DHCP: Allocating |A_NA 00030001 in binding for FE80::C802:16FF:FE40:0 *Mar 29 13:51:35.115: IPv6 DHCP: Looking up pool 2001:123:12 /64 entry with username '00030001CA02164000000003000T' *Mar 29 13:51:35.115: IPv6 DHCP: Poolentry for user not found *Mar 29 13:51:35.119: IPv6 DHCP: Allocated new address 2001:123:123:123:D5A6:5913:D60 RI#:61FC *Mar 29 13:51:35.119: IPv6 DHCP: Allocating address 2001:123:123:123:D5A6:5913:D60:61FC in binding for FE80::C802:16FF:FE40:0, IAID 00030001 *Mar 29 13:51:35.123: IPv6 DHCP: Updating binding address entry for address 2001:123:123:123:D5A6:5913:D60:61FC *Mar 29 13:51:35.123: IPv6 DHCP: Setting timer on 2001:123:123:123:D5A6:5913:D60:61FC for 60 seconds *Mar 29 13:51:35.127: IPv6 DHCP: Sending ADVERTISE to FE80::C802:16FF:FE40:0 on FastEthernet0/O *Mar 29 13:51:35.283: IPv6 DHCP: Received REQUEST from FE80::C802:16FF:FE40:0 on FastEthernet0/O *Mar 29 13:51:35.287: IPv6 DHCP: Using interface pool NOA *Mar 29 13:51:35.287: IPv6 DHCP: Looking up pool 2001:123:123:123::/64 entry with username '00030001CA021640000000030001" *Mar 29 13:51:35.287: IPv6 DHCP: Poolentry for user found *Mar 29 13:51:35.291: IPvé DHCP: Found address 2001:123:123:123:D5A6:5913:D60:61FC in binding for FE80::C802:16FF:FE40:0, IAID 00030001 *Mar 29 13:51:35.291: |Pvé DHCP: Updating binding address entry for address 2001:123:123:123:D5A6:5913:D60:61FC *Mar 29 13:51:35.291: |Pv6 DHCP: Setting timer on 2001:123:123:123:D5A6:5913:D60:61FC for 172800 seconds *Mar 29 13:51:35.295: IPvé DHCP: Sending REPLY to FE80::C802:16FF:FE40:0 on FastEthernet0/O R2#sh ipv6 int brief FastEthemet0/0 [up/up] NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 30FE80::C802:16FF:FE40:0 Rl#sh ipv6 dhep pool DHICPv6 pool: NOA (Kelares allScation BRET ZOOINSEI2I:12II/64 valid 172800 preferred 86400 (1 in use, O conflicts) Ri#tsh ipv6 dhep binding Client: FE80::C802:16FF:FE40:0 DUID: 00030001CA0216400000 Username : unassigned IA NA: IA ID 0x00030001, TI 43200, T2 69120 Address: 2001:123:123:123:D5A6:5913:D60:61FC preferred lifetime 86400, valid lifetime 172800 expires at Mar 31 2015 01:51 PM (172724 seconds) R2#tsh ipv6 dhep interface f0/0 FastEthemet0/0 is in client mode Prefix State is IDLE Address State is OPEN Renew for address will be sent in 11:43:55 List of known servers: Reachable via address: FE8O::C801:13FF:FEF8:8 DUID: 00030001CA0113F80008 Preference: 0 Configuration parameters: IANA: IA ID 0x00030001, TI 43200, T2 69120 Address: 2001:123:123:123:D5A6:5913:D60:61FC/128 preferred lifetime 86400, valid lifetime 172800 expires at Mar 31 2015 01:51 PM (171836 seconds) DNS server: 2001:1234::1234 __ Domain name: noasolutions.com Information refresh time: O Prefix Rapid-Commit: disabled Address Rapid-Commit: disabled Ra#ping 2001:123:123:123::1 ‘Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:123:123:123::1, timeout is 2 seconds: mn Success rate is 100 percent (5/5), round-trip min/avg/max = 4/172/284 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 31LAB : DHCPv6 Relay Agent: 2001:123:123:123::/64 DUCP Client TASK: * Continue with the same previous lab configurations. + Connnect R3.and Assign IPv6 address as per the diagram. Ri(config)#int fO/1 Ri(configeif#ipv6 address 2001:13:13:13::64 Ri(config-if)#no shutdown, Ri(configif)#exit R3(config)#int f0/0 R3(config)#int fO/1 R3(confi R3#ping 2001:13:1 Type escape sequence to abort. Sending 5. 100-byte ICMP Echos to 2001:13:13:13: imeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 44/292/976 ms NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 32TASK : Confiure IPv6 EIGRP Routing between RI and R3 to provide Reachability between both LAN networks . R3 (config) #ipv6 unicast-routing R3(config)#ipv6 router eigrp 100 R3(config-rtr)#no shutdown R3(config-rtr)#eigep router-id 3.3.3.3 R3(config-tr) exit R3(config)#int (0/0 R3(config-if}#ipv6 eigrp 100 R3(config-if}#end Ri(config)#ipv6 router eigrp 100 Ri(config-rtr)#no shutdown Ri(config-rtr)#eigrp router- Ri(config-rtr)#exit 1. Ri(config)#int £0/0 Ri(config-if}#ipv6 eigrp 100 Ri(config)#int 0/1 Ri(config-iN#ipv6 eigrp 100 Ri(config-if)#end Rifsh ipv6 eigrp neighbors EIGRP-IPV6 Neighbors for AS(100) H_ Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num © Link-local address: Fa0/1 13 00:01:46 114 684 0 4 FE80::C804:16FF:FE9O:6 Rlfsh ipv6 route eigrp IPV6 Routing Table - default - 6 entries Codes: C - Connected, L - Local, $ - Static, U - Per-user Static route B- BGP, HA - Home Agent, MR - Mobile Router, R - RIP IT- ISIS LI, 12 - ISIS 12, 1A - ISIS interarea, 1S - ISIS summary D- EIGRP, EX - EIGRP external, ND - Neighbor Discovery O- OSPF Intra, Ol - OSPF Inter, OEI - OSPF ext 1, OE2 - OSPF ext 2 ONI - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 33TASK : Configure R4 as DHCP Client and get IPv6 address from DHCPv6 server (RI). Ri(config)#ipv6 dhep pool NOA_R3R4 RI(config-dhepv6)#address prefix 2001:34:34:34::/64. RI(config-dhcpv6)#dns-server 2001:1234::1234 Ri(config-dhcpv6)#domain-name noasolutions.com Ri(config-dhepv6)#exit RI(config)#int f0/1 Ri(config-if)#ipv6 dhep server NOA_R3R4 Ri(config-if}#ipvé nd managed-config-flag Ri(configif}#exit R3(config)#int (0/0 R3(config-if)# ipvé dhep relay destination 2001:13: R3(config-if)¥end 213221 Ri#debug ipv6 dhep IPvé DHCP debugging is on Ré(config)#int £0/0 Ra (config-if)#ipv6 enable Ré(config-if}#fipv6 address dhep R4(config-if}#no shutdown Ra(config-if¥end Rédfsh ipvé6 int brief FastEthernet0/O [up/up] FE80::C803:1AFF:FE28:8 Rit *Mar 29 14:10:28.851: |Pv6 DHCPHIREREIvEd IREIAV-FORWARD WfOin| 2OOTS:I3H13H3IOR FastEtherneto/ *Mar 29 14:10:28.855: IPvé DHCP: Using interface pool NOA_R3R4 *Mar 29 14:10:28.855: IPv6 DHCP: Efeating binding for FEGO::CB03:1AFF:FE2B:8 in| pOolNOAIRIR4 *Mar 29 14:10:28,855: IPv6 DHCP: Binding for IA_NA 00030001 not found *Mar 29 14:10:28.859: IPvé DHCP: Allocating |A_NA 00030001 in binding for FE80::C803:1AFF:FE28:8 *Mar 29 14:10:28.859: IPvé DHCP: Looking up pool 2001:34:34:34::/64 entry with username ‘00030001CA031A28000800030001' *Mar 29 14:10:28,859: IPv6 DHCP: Poolentry for user not found *Mar 29 14:10:28,863: IPv6 DHCP: AIG NEW Meares 2001345454: FCBRDOFSIS2ONIGES *Mar 29 14:10:28,863: IPv6 DHCP: Allocating address 2001:34:34:34:FC8F:DOF3:8201:1BE6 in binding for FE8O:1C803:1AFF:FE28:8, LAID 00030001 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 34*Mar 29 14:10:28.867: IPv6 DHCP: Updating binding address entry for address 2001:34:34:34:FC8F:DOF3:8201:1BE6 Pv6 DHCP: Setting timer on 2001:34:34:34:FC8F:DOF3:8201:1BE6 for 60 seconds : IPv6 DHCP: Sending RELAY-REPLY to 2001:13:13:13::3 on FastEther Ri#netO/1 *Mar 29 14:10:30,063: IPV6 DHCP: Received RELAY-FORWARD from 2001:13:13:13::3 on FastEthenet0/I *Mar 29 14:10:30,067: IPv6 DHCP: Using interface pool NOA_R3R4 *Mar 29 14:10:30.067: IPv6 DHCP: Looking up poo! 2001:3: '00030001CA031A28000800030001 Pv DHCP: Poolentry for user found *Mar 29 14:10:30.071: IPv6 DHCP: Found address 2001:34:34: FE80::C803:1AFF:FE28:8, IAID 00030001 *Mar 29 14:10:30.071: IPvé DHCP: Updating binding address entry for address :34:34::/64 entry with username :8201:1BE6 in binding for 2001:34:34:34:FC8F:DOF3:8201:1BE6 Rit *Mar 29 14:10:30.071: IPvé DHCP: Setting timer on 2001:34:34:34:FC8F:DOF3:8201:1BE6 for 172800 seconds *Mar 29 14:10:30.075: IPv6 DHCP: Sending RELAY-REPLY to 2001:13:13:13::3 on FastEthernet0/1 Rie Ré#ping 2001:123:123:123::1 ‘Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:123:123:123::1, timeout is 2 seconds: mt Success rate is 100 percent (5/5), round-trip min/avg/max = 248/490/1124 ms Ré#tsh ipv6 dhep int f0/0 FastEthemet0/0 is in client mode Prefix State is IDLE Address State is OPEN Renew for address will be sent in 11:58:35 List of known servers: Reachable via address: FE8O::C804:16FF:FE9O:8 DUID: 00030001CA0T13F80008 Preference: 0 Configuration parameters: IANA‘ IA ID 0x00030001, TI 43200, T2 69120 Address: 2001:34:34:34:FC8F:DOF3:8201:1BE6/128 preferred lifetime 86400, valid lifetime 172800 expires at Mar 31 2015 02:10 PM (172716 seconds) DNS server: 2001:1234::1234 Domain name: noasolutions.com Information refresh time: 0 Prefix Rapid-Commit: disabled Address Rapid-Commit: disabled NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 35Rlfsh ipv6 dhep binding Client: FE80::C802:16FF:FE40:0 DUID: 00030001CA0216400000 Username : unassigned IA NA: IA ID 0x00030001, TI 43200, T2 69120 Address: 2001:123:123:123:D5A6:5913:D60:61FC preferred lifetime 86400, valid lifetime 172800 expires at Mar 31 2015 01:51 PM (171565 seconds) Client: FE80::C803:1AFF:FE28:8 DUID: 00030001CA031A280008 Username : unassigned IA NA: IA ID 0x00030001, TI 43200, T2 69120 Address: 2001:34:34:34:FC8F:DOF3:8201:1BE6 preferred lifetime 86400, valid lifetime 172800 expires at Mar 31 2015 02:10 PM (172700 seconds) Ri#sh ipv6 dhep pool DHCPv6 pool: NOA Address allocation prefix: 2001:123:123:123::/64 valid 172800 preferred 86400 (1 in use, O conflicts) DNS server: 2001:1234::1234 Domain name: noasolutions.com Active clients: DHCPv6 pool: NOA_R3R4 Address allocation prefix: 2001:34:34:34::/64 valid 172800 preferred 86400 (1 in use, 0 conflicts) DNS server: 2001:1234::1234 Domain name: noasolutions.com Active clients: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 36Logging on Cisco Routers OA. Keeping track of events Console logging: By default, the router sends all log messages to its console port. Hence only the users that are physically connected to the router console port can view these messages i(config)int V0 i(configif #shutdown isco coy packets (UPDATE. REQUEST. QUERY, REPLY. HELLO, UNKNOWN, PROSE, ACK STUB SAQUERY,SAREPLY) LCR Pact evan eon contro gp 100 icone roe network L200 OA, Buffered loggi There ec Router(config)# logging buffered 16384 # show logging NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 37Terminal logging: Its similar to console logging, but it displays log messages to the router's VTY lines instead. This is not enabled by default # Terminal monitor igterminal monitor Ri(conignt 10/0 Al(contigifshutdown Syslog Server logging : The router can use syslog to forward log messages to external syslog servers for storage. This type of logging is not enabled by default. ma ‘#logging host 10.1.1.10 ee = Seem et = yi te e Smeapel Hee NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 38sco Routers Ri ra 81/0 179, 1112 Foo nae 20.1.1.1 + Knowing how to properly use logging is a necessary still for any network administrator. It's vital that you know how to use logging when it comes time to start troubleshooting. * The Cisco 10S offers a great many options for logging. To help bring you up to speed, let's discuss how to configure logging, examine how to view the log and its status, and look at three common errors when it comes to logging. + The /ogging command in Global Configuration Mode and the show logging command in Privileged Mode are two simple but powerful tools to configure and show all Cisco IOS logging options. Let's take a closer look. TASK: + Connect router to a Console port * Verity Console logging messges by making changes on router. Ri(config)#int s1/0 Ri(config-if)#shutdown Ri(config-if}fexit Ri(config)#int s1/0 Ri(config-if}#no shutdown Ri(config-if}#end Ri#debug eigrp packets (UPDATE, REQUEST, QUERY, REPLY, HELLO, UNKNOWN, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) EIGRP Packet debugging is on Rie Ri(config)#router eigrp 100 Ri(config-router)# network 1.0.0.0 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution Page 39Ri(config-router)# network 10.0.0.0 Ri(config-router)#end *Mar 31 11:53:33,699; EIGRPESSHRIig HELUOTEHIFAOIO - paklen 20 *Mar 31 11:53:33.699: AS 100, Flags Ox0:(NULL). Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 *Mar 31 11:53:35.155: %SYS-5-CONFIG_I: Configured from console by console Rie *Mar 31 11:53:35.915: YLINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up Rie *Mar 31 11:53:38,119: EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 11:53:38,119: AS 100, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/ *Mar 31 11:53:38.935: EIGRP: Sending HELLO on Sei/0 - paklen 20 *Mar 31 11:53:38,935: AS 100, Flags 0x0:(NULL). Seq 0/0 interface 0/0 iidbQ un/rely 0/0 Rie iidbQ un/rely 0/0 Rifundebug all All possible debugging has been turned off Ri#show logging Syslog logging: enabled (0 messages dropped. 0 messages rate-limited. 0 flushes, O overruns. xml disabled, filtering disabled) No Active Message Discriminator. No Inactive Message Discriminator. Console logging: level debugging. 86 messages logged. xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level debugging. 86 messages logged, xml disabled. filtering disabled Exception Logging: size (8192 bytes) Count and timestamp logging messages: disabled Persistent logging: disabled No active filter modules. Trap logging: level informational, 41 message lines logged. Logging Source-Interface:_ VRF Name: Log Buffer (8192 bytes): *Mar 31 11:49:18,047: %SYS-5-CONFIG_I: Configured from console by console *Mar 31 11:52:50,255: %S¥S-5-CONFIG_|: Configured from console by console NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 40*Mar 31 11:53:01.279: EIGRP: Sending HELLO on Fa0/O - paklen 20 *Mar 31 11:53:01.279: AS 100, Flags OxO:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 *Mar 31 11:53:05.855: EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 11:53:05.859: AS 100, Flags Ox0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 *Mar 31 11:53:10,827: EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 11:53:10,827: AS 100, Flags OxO:(NULL). Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 *Mar 31 11:53:15.479: EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 11:53:15.479: AS 100, Flags Ox0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 Mar 31 11:53:19.127: %SYS-5-CONFIG_|: Configured from console by console *Mar 31 11:53:19,859: EIGRP: Sending HELLO on Fa0/O - paklen 20 *Mar 31 11:53:19.863: AS 100, Flags Ox0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 *Mar 31 11:53:24.575: EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 11:53:24.575: AS 100, Flags 0x0:(NULL), Seq 0/0 interface 0/0 iidbQ un/rely 0/0 *Mar 31 11:53:29.219: EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 11:53:29.219: AS 100, Flags Ox0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 *Mar 31 11:53:33.699: EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 11:53:33.699: AS 100, Flags 0x0:(NULL), Seq 0/0 interface 0/0 iidbQ un/rely 0/0 *Mar 31 11:53:35.155: %SYS-5-CONFIG_I: Configured from console by console *Mar 31 11:53:35.915: YLINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state toup *Mar 31 11:53:38,119: EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 11:53:38.119: AS 100, Flags Ox0:(NULL). Seq 0/0 interface 0/0 iidbQ un/rely 0/0 *Mar 31 11:53:38.935: EIGRP: Sending HELLO on Sel/O - paklen 20 *Mar 31 11:53:38.935: AS 100, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 fidbQ un/rely 0/0 *Mar 31 11:53:42,547: EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 11:53:42,547: AS 100, Flags 0x0:(NULL). Seq 0/0 interface 0/0 iidbQ urvrely 0/0 *Mar 31 11:53:43.771: EIGRP: Sending HELLO on Sel/0 - paklen 20 *Mar 31 11:53:43.771: AS 100, Flags Ox0:(NULL), Seq 0/0 interfaceQ 0/0 jidbQ un/rely 0/0 *Mar 31 11:53:47,051; EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 11:53:47,051: AS 100, Flags Ox0:(NULL). Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 *Mar 31 11:53:48.747: EIGRP: Sending HELLO on Sel/0 - paklen 20 *Mar 31 11:53:48.747: AS 100, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 fidbQ un/rely 0/0 IGRP: Sending HELLO on Fa0/O - paklen 20 ‘AS 100, Flags Ox0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 IGRP: Sending HELLO on Sel/0 - paklen 20 *Mar 31 11:53:53.147: AS 100, Flags OxO:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 Rif Riffclear logging Clear logging buffer [confirm] Rifshow logging Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, O flushes, O overruns, xml disabled, filtering disabled) No Active Message Discriminator. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 41No Inactive Message Discriminator. Console logging: level debugging, 86 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level debugging, 86 messages logged, xml disabled, filtering disabled Exception Logging: size (8192 bytes) Count and timestamp logging messages: disabled Persistent logging: disabled No active filter modules. Trap logging: level informational, 41 message lines logged Logging Source-Interface: VRF Name: Log Buffer (8192 bytes): Rie TAS! * Configure the route to send buffered logging of its events to the memory * Change the buffer size for logging to 16384 bytes. ‘You can configure the router to send buffered logging of its events to the memory. (Rebooting the router wil lose all events stored in the buffered log.) Ri(config)#logging buffered 16384 Ri(config)¥end Rlfshow logging Syslog logging: enabled (0 messages dropped, O messages rate-limited. 0 flushes, O overruns. xml disabled, filtering disabled) No Active Message Discriminator. No Inactive Message Discriminator. Console logging: level debugging, 87 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level debugging. 1 messages logged, xml disabled, filtering disabled Exception Logging: size (8192 bytes) Count and timestamp logging messages: disabled Persistent logging: disabled NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 42No active filter modules. Trap logging: level informational, 42 message lines logged Logging Source-Interface: VRF Name: *Mar 31 11:59:52.663: %SYS-5-CONFIG_|: Configured from console by console Re TASK: * Configure VTY and enable password on RI for telnet access ‘© Telnet to RI from R2. Ri(config)#line vty 0.4 Ri(config-line)#password cisco Ri(config-line)#login Ri(configcline)#exit Ri(config)#enable secret cisco RI(config)#exit R2#telnet 1.1.1.1 Trying 1.1.1.1 User Access Ver Password: Ri>enable Password: TASK: © Configure RI to enable Terminal monitor to see the messges on the CLI if any changes done on the router RI(config)#int £0/0 Ri(config-if)¥shutdown Ri(configifpexit Ri(config)#do sh ip int brief Interface IP-Address OK? Method Status Protocol FastEthemet0/O 10.1.1. YES NVRAM administratively down down Seriall/o LLL YESNVRAM up up Serialt/1 4.4.4.2 YESNVRAM up down Seriall/2 unassigned YES NVRAM administratively down down Seriall/3 unassigned YES NVRAM_ administratively down down Loopbacko 1.0.0.1 YES NVRAM up up Loopback! 1.0.11 YESNVRAM up up Loopback2 1.0.2.1 YES NVRAM up up Loopback3 1.0.3.1 YESNVRAM up up R1(config)#int £0/0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 43Ri(config-if)#no shutdown Ri(config-if)#end + CISCO 10S doesn't send log messages to a terminal session over IP(i. telnet or SSH connections).If you want logging messages from IOS to appear on the terminal,use terminal monitor command. + If you want logging messages from IOS to appear on the your terminal then you need to use the ‘terminal monitor’ command. © Logging to your terminal will now occur. Of course, a message or log has to be happening for a message to appear. So lets use IOS to tell us that we have configured it. Rifterminal monitor Ri(config)#int £0/0 Ri(config-ifp#shutdown RI(config-if}#no shutdown Ri(config-if)#end Ri#debug eigrp packets (UPDATE, REQUEST, QUERY, REPLY, HELLO, UNKNOWN, PROBE. ACK, STUB, SIAQUERY, SIAREPLY) EIGRP Packet debugging is on *Mar 31 12:18:53,095: EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 12:18:53,095: AS 100, Flags Ox0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 *Mar 31 12:18:53,515: EIGRP: Sending HELLO on Sel/0 - paklen 20 *Mar 31 12:18:53,515: AS 100, Flags Ox0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/Oei Rifundebug all All possible debugging has been turned off Rit Ridexit [Connection to 1.1.1.1 closed by foreign host] Rae NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 44TASK: + Connect PC to Router 1 . assign IP addressing as per the diagram © Configure RI to send all log messges to external syslog server. * Use free source tool on PC to verify. R1 81/0 10.11.10 Syslog— Use a UNIX-style SYSLOG protocol to send messages to an external device for storing. The storage size does not depend on the router's resources and is limited only by the available disk space on the external syslog server. This option is not enabled by default. * Before configuring a Cisco device to send syslog messages, make sure that it is configured with the right date, time, and time zone, Sysiog data would be useless for troubleshooting if it shows the wrong date and time. You should configure all network devices to use NTP. Using NTP ensures a correct and synchronized system clock on all devices within the network. Setting the devices with the accurate time is helpful for event correlation. + To enable syslog functionality in a Cisco network, you must configure the builtin syslog client within the Cisco devices. * Cisco devices use a severity level of warnings through emergencies to generate error messages about software or hardware malfunctions. The debugging level displays the output of debug commands. The Notice level displays interface up or down transitions and system restart messages. The informational level reloads requests and low-process stack messages. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘om Page 45z = RI(config)#logging host 10.1.1.10 *Mar 31 12:47:26.599: YeSYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.1.1.10 port 514 started - CLI initiated Ri(config)#int s1/0. Ri(config-if)#shutdown down Ri(config-if}¥no shutdown *Mar 31 12:47:53.099: %LINK-3-UPDOWN: Interface Seriall/0, changed state to up *Mar 31 12:47:54,111: %SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriall/0, changed state to up Ri(config-if)#end NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 46io totes | eces| eereslsi] TAS * Enable debug eigrp packets on RI * Configure EIGRP on both routers and verify systogs on PC. Ri#fdebug eigrp packets (UPDATE, REQUEST, QUERY, REPLY, HELLO, UNKNOWN, PROBE. ACK, STUB, SIAQUERY, SIAREPLY) EIGRP Packet debugging is on Ri(config)#no router eigrp 100 Ri(config)#router eigrp 100 Ri(config-router)# network 1.0.0.0 Ri(config-router)# network 10.0.0.0 Ri(config-router)#exit R1(config)#logging trap ? <0-7> Logging severity level alerts Immediate action needed (severity=1) critical Critical conditions (severity debugging Debugging messages. —_(severity=7) emergencies System is unusable (severity=0) errors Error conditions (severity=3) informational Informational messages (sever notifications Normal but significant conditions (severity warnings Warning conditions (severity=4) Ri(config)#logging trap debugging * Use the debug level with caution, because it can generate a large amount of syslog traffic in a busy network. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on Page 47© When a level is specified in the | with lower severity levels as well. * For example, thelogging trap warning command configures the router to send all messages with the severity warning, error, critical, and emergency. * Similarly, the logging trap debugcommand causes the router to send all messages to the syslog server. Exercise caution while enabling the debug level. Because the debug process is assigned a high CPU priority, using it in a busy network can cause the router to crash. jing trap level command, the router is configured to send messages R2(config)#router eigrp 100 R2(config-router)#¢network 20.0.0.0 R2(config-router)#network 1.0.0.0 R2(config-router)#end Rae *Mar 31 13:21:59,539: Y%DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 1.1.1.1 (Serial1/0) is up: new adjacency Rae Mar 31 13:22:00,631: %SYS-5-CONFIG_I: Configured from console by console Rae NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 48Rifundebug all All possible debugging has been turned off Rie TASK: * configure R2 to send logging to host 10.1.1.1 + R2 source should be loop 0 interface. R2#ping 10.1.1.10 ‘Type escape sequence to abort. Sending 5. 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 24/75/148 ms R2(config)#logging host 10.1.1.10 R2(config)#logging source-interface loopback 0 R2(config)#end *Mar 31 13:25:24,251: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.1.1.10 port 514 started - CU initiated NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 49TASK; + Remove the logging host command on both routers and Change the logging to local logging. R1(config)# no logging host 10.1.1.10 Ri(config)# logging on Ri(config)Fexit TAS! © RI shoul wert uptime-based in log and debug messages. Timestamps represent how the time shows at the time of logging or debug output. Ri(config)#service timestamps ? debug Timestamp debug messages log Timestamp log messages Ri(config)#service timestamps log ? datetime Timestamp with date and time uptime Timestamp with system uptime Ri(config)#service timestamps log uptime ? Ri(config)#service timestamps log uptime Ri(config)#service timestamps debug uptime Ri(configh#exit NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution on’ Page 50Re Rie ODTASEISSYS-5-CONFIG_I: Configured from console by console Rifdebug eigrp packets GIDTABHGESYS-5-CONFIC_|: Configured from console by console Rl#debug eigrp packets (UPDATE, REQUEST, QUERY, REPLY, HELLO, UNKNOWN, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) EIGRP Packet debugging is on Rue Rie OR27M4BEIGRP: sending HELLO on Fa0/0 - paklen 20 O1274B2)9/AS 100, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 Rie Rifundebug all All possible debugging has been turned off TASK: + R2 should insert Datetime timestamps with time zone and year in log and debug messages. R2(config)#service timestamps log datetime localtime show-timezone year Ra(config)#service timestamps debug datetime localtime show-timezone year Ra(config)#exit, SMiaHISTIZOIS N4LO2:SOUTERISYS:5-CONFIG_|: Configured from console by console R2#fdebug eigrp packets (UPDATE, REQUEST, QUERY, REPLY, HELLO, UNKNOWN, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) EIGRP Packet debugging is on *MaHS1/2015 14:02:46 UTE: EIGRP: Received HELLO on Sel/0 - paklen 20 nbr 1.1.1.1 *Mar 31 2015 14:02:46 UTC: AS 100, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 fidbQ un/rely 0/0 peerQ un/rety 0/0 *Mar 31 2015 14: *Mar 31 2015 14: Rae *Mar 31 2015 14:02:48 UTC: EIGRP: Sending HELLO on Se1/0 - paklen 20 *Mar 31 2015 14:02:48 UTC: AS 100, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 Rae *Mar 31 2015 14:02:50 UTC: EIGRP: Received HELLO on Se1/0 - paklen 20 nbr 1.1.1.1 *Mar 31 2015 14:02:50 UTC: AS 100, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ uun/rely 0/0 *Mar 31 2015 14:02:51 UTC: EIGRP: Sending HELLO on Fa0/0 - paklen 20 *Mar 31 2015 14:02:51 UTC: AS 100, Flags Ox0:(NULL). Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 Rae :46 UTC: EIGRP: Sending HELLO on Fa0/0 - paklen 20 46 UTC: AS 100, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 51