Beruflich Dokumente
Kultur Dokumente
Lab Primer
Lab Primer
Lesson 1: Introduction to the Cisco Router
Command-Line Interface
Modes
User Mode vs. Privileged Mode
User mode is indicated by the > prompt next to the router name. In user mode, you can look at some of the
routers settings. In privileged mode (indicated by the # prompt), you can use the different show commands to
display all of the routers settings.
Router>
Router>enable
Router#
You can set an enable password to control access to privileged mode. This is a very important password because,
WHENITISCONlGUREDONLYTHOSEWHOKNOWTHEPASSWORDCANMAKECONlGURATIONCHANGESINPRIVILEGEDMODE4O
SETTHEENABLEPASSWORDYOUMUSTlRSTENTERCONlGURATIONMODEBYUSINGTHECONlGURETERMINAL command at
the privileged mode prompt.
Router>
Router>enable
Router#config term
Router(config)#enable password boson
You can securely encrypt an enable password by using the enable secret command.
Router(config)#enable secret cisco
The enable secretCOMMANDDElNESTHEENABLESECRETPASSWORDUSEDTOPROTECTACCESSTOPRIVILEGEDCOMMANDS
The password is case-sensitive. A password set with the enable password command is stored as clear text,
whereas a password set with the enable secretCOMMANDISENCRYPTED&ORSECURITYPURPOSESCONlGURINGTHE
router with an enable secret password is preferred. The enable secret password always takes precedence if both
the enable secret password and the enable password are set.
#ONlGURATION-ODE
&ROMPRIVILEGEDMODEYOUCANENTERCONlGURATIONMODEBYUSINGTHECONlGURETERMINAL command. To exit conlGURATIONMODETYPETHEend command or press the CTRL+Z key combination.
Router#config t
Router(config)#end
Router#
55
Accessing Help
To view all commands available from a mode, type ?; you do not have to press the ENTER key after typing the
question mark. This will display a list of all available commands in the current mode. You can also use the
question mark after you have started typing a command. For example, if you want to see all commands that can
be used with the show command, type show ? at the # prompt.
Router#show ?
access-expression List access expression
access-lists
List access lists
backup
Backup status
cdp
CDP information
clock
Display the system clock
cls
DLC user information
compress
Show compression statistics
configuration
Contents of Non-Volatile memory
--More--
2UNNING#ONlGURATION
4HECURRENTLYACTIVECONlGURATIONSCRIPTRUNNINGONTHEROUTERISREFERREDTOASTHERUNNING
CONlG in the routers
COMMAND
LINEINTERFACE#,) .OTETHATPRIVILEGEDMODEISREQUIREDTODISPLAYTHERUNNINGCONlGURATION4HE
RUNNINGCONlGURATIONSCRIPTISNOTAUTOMATICALLYSAVEDONA#ISCOROUTERANDWILLBELOSTINTHEEVENTOFAPOWER
FAILURE4HERUNNINGCONlGURATIONMUSTBEMANUALLYSAVEDWITHTHECOPYRUNNING
CONlGSTARTUP
CONlG command.
The following is an example of the type of output you will see when you run the SHOWRUNNING
CONlG command.
Router>
Router>enable
Router#show running-config
Building configuration...
Current configuration:
!
version 12.0
!
hostname Router
!
interface Serial0
56
no ip address
shutdown
!
interface BRI0
no ip address
shutdown
!
interface Ethernet0
no ip address
shutdown
!
line con 0
line aux 0
line vty 0 4
!
end
Router#
3TARTUP#ONlGURATION
4HESTOREDCONlGURATIONUSEDTOBOOTTHEROUTERISREFERREDTOASTHESTARTUP
CONlG in the routers CLI. If you
DECIDEYOUWOULDLIKETOSTARTCONlGURINGAROUTERFROMSCRATCHYOUWILLNEEDTORELOADTHEROUTERMAKINGSURE
YOUHAVEDELETEDTHESTARTUP
CONlGlLETHATISSTOREDIN.62!-4ODOTHISYOUWILLlRSTNEEDTOUSETHEerase
STARTUP
CONlGCOMMANDTOERASETHECONlGURATIONlLESTOREDIN.62!-.EXTYOUWILLNEEDTORELOADTHEROUTER
DONOTSAVETHECONlGURATIONSWHENPROMPTED
Router#erase startup-config
Erasing the nvram filesystem will remove all files! Continue? [confirm]
[OK]
Erase of nvram: complete
Router#reload
Proceed with reload? [confirm]
57
Router>show version
Router1 Operating System Software
Router uptime is 2 minutes
System returned to ROM by power-on
System image file is flash:c2500.bin
[output ommitted]
1 Ethernet/IEEE 802.3 interface(s)
1 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Show Protocols
Show Flash
&LASHMEMORYISASPECIALKINDOFMEMORYTHATCONTAINSTHEOPERATINGSYSTEMIMAGElLES FORTHEROUTER5NLIKE
REGULARROUTERMEMORYmASHMEMORYCONTINUESTOMAINTAINTHElLEIMAGEEVENAFTERPOWERISLOST4HEFOLLOWING
is an example of the type of output you will see when you issue the SHOWmASH command.
Router>show flash
System flash directory:
File Length Name/status
1 3015588 c2500.bin
[3015652 bytes used, 1178652 available, 4194304 total]
4096K bytes of processor board System flash (Read/Write)
Show History
By default, the routers command-line interface (CLI) maintains in memory the last 10 commands you have
entered. This default value can be changed. You can use one of two methods to cycle through previous router
commands entered since the last power loss. To simultaneously view all of the past commands still in router
memory, use the show history command. For single-line retrieval, use either the UP ARROW key or the CTRL+P
key combination to see the previous command, and use either the DOWN ARROW key or the CTRL+N key combination to see the next command.
Router>show history
58
show version
show protocols
show flash
enable
show running-config
disable
show history
Show Clock
The router keeps its own clock that can be used to synchronize devices. The show clock command displays
the clock.
Router#show clock
*00:38:35.755 UTC Mon Mar 1 1993
Router#
Show Hosts
You can create a list of host names on your router. You can view the entries (if any) by typing show hosts.
Router#show hosts
Default domain is not set
Name/address lookup uses static mappings
Host Flags Age Type Address(es)
Router#
Show Users
The show users command displays users who are connected to the router.
Router#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
Router#
Show Interfaces
59
Ping
The ping command allows a user to test basic connectivity. The syntax for the ping command is as follows:
ping ip_address
The pingCOMMANDWILLCAUSETHEROUTERTOSENDOUTlVEECHOREQUESTSTOTHEDESTINATION)0ADDRESS)FTHEROUTER
receives a reply, it will be noted in the CLI with an exclamation mark (!). If no reply is received, it will be noted
with a period (.).
The following shows the output of a successful ping of the 10.1.1.1 IP address:
Router#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/37/44 ms
Router#
The following shows the output of a failed ping of the 2.2.2.2 IP address:
Router#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Router#
The ping command is one of the most commonly used test tools. The PING protocol uses Internet Control Message
Protocol (ICMP) to communicate with other routers.
60
7HENYOUATTEMPTTOPINGDEVICESFORTHElRSTTIMEPINGMAYFAILONTHElRSTTRYIFTHEROUTERHASNOTCOMPLETED
Address Resolution Protocol (ARP) resolution.
You can also use the SHOWRUNNING
CONlG command or the show ip interface command on the local router to
view its IP addresses.
,ESSON"ASIC)0#ONlGURATIONAND6ERIlCATION
IP Addressing
)0ADDRESSINGISVERYEASYTOCONlGUREONA#ISCOROUTERALTHOUGHTHECALCULATIONOF)0ADDRESSESANDSUBNET
MASKSCANBERATHERDIFlCULT
The following syntax places an IP address on the interface:
ip address ip_address subnet_mask
'IVENTHEROUTERSBELOWWHATCOMMANDSSHOULDYOUISSUETOCONlGURE)0ADDRESSESON2OUTERAND2OUTER
2OUTER
2OUTER
2OUTER
Remember that /24 denotes a subnet mask of 255.255.255.0. For your convenience, here is a handy table
matching slash notation to the corresponding dotted decimal subnet masks:
Slash Dotted Decimal
/8 255.0.0.0
/16 255.255.0.0
/24 255.255.255.0
/9 255.128.0.0
/17 255.255.128.0
/25 255.255.255.128
/10 255.192.0.0
/18 255.255.192.0
/26 255.255.255.192
/11 255.224.0.0
/19 255.255.224.0
/27 255.255.255.224
/12 255.240.0.0
/20 255.255.240.0
/28 255.255.255.240
/13 255.248.0.0
/21 255.255.248.0
/29 255.255.255.248
/14 255.252.0.0
/22 255.255.252.0
/30 255.255.255.252
/15 255.254.0.0
/23 255.255.254.0
/31 255.255.255.254
61
2OUTERSHOULDBECONlGUREDASFOLLOWS
Router>
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router1
Router1(config)#int e0
Router1(config-if)#ip address 10.1.1.1 255.255.255.0
Router1(config-if)#no shut
Router1(config-if)#int s0
Router1(config-if)#ip address 172.16.10.1 255.255.255.0
Router1(config-if)#no shut
Router1(config-if)#end
Router1#
You can use sh ip interface brief to view the IP addresses on the interface:
Router1#sh ip interface brief
Interface
IP-Address
OK?
Method
Status
BRI0
unassigned
YES
manual
up
Ethernet0
10.1.1.1
YES
manual
up
Serial0
172.16.10.1
YES
manual
up
Router1#
Protocol
up
up
up
2OUTERSHOULDBECONlGUREDASFOLLOWS
Router>
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router2
Router2(config)#int e0
Router2(config-if)#ip address 10.1.1.2 255.255.255.0
Router2(config-if)#no shut
Router2(config-if)#exit
Router2(config)#exit
Router2#exit
62
Line protocol is
Meaning
administratively
down
down
Indicates that the interface has been turned off with the
shutdown command
up
down
Indicates that the cable is connected, but keepalives are not being received
down
down
up
up
You can view particular interfaces with the show interface SPECIlC?INTERFACEcommand; for instance, you can
issue the show interface serial 0 command. Alternatively, you can use the show ip interface brief command to
quickly display the status of all interfaces.
Router#show ip int brief
Interface
IP-Address
OK?
Method Status
Protocol
Ethernet0
unassigned
YES
not set
administratively down
down
PCbus0
unassigned
YES
not set
administratively down
down
Serial0
unassigned
YES
not set
up
down
Router#
63
#ONlGURINGTHE)NTERFACES
4OBRINGUPANINTERFACETHATISADMINISTRATIVELYDOWNYOUSHOULDENTERINTERFACECONlGURATIONMODEFROMCONlGURATIONMODEANDTHENISSUETHEno shutdown command.
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface ethernet 0
Router(config-if)#no shutdown
Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
%LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Router(config-if)#end
Router#
If your interface is the DCE, you must provide clocking using the clock rate command.
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface serial 0
Router(config-if)#clock rate 56000
Router(config-if)#end
Router#
It is often helpful to use the description command to add a description of the purpose of the interface.
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int e0
Router(config-if)#description My Connection to the Engineering Hub
Router(config-if)#end
Router#
You can use any of the following commands to view your changes:
show running-config
OR
show interfaces
OR
show controllers
Lesson 5: CDP
#ISCO$ISCOVERY0ROTOCOL#$0 ALLOWSDEVICESTOSHAREBASICCONlGURATIONINFORMATIONWITHOUTANYPROTOCOL
SPECIlCINFORMATIONBEINGCONlGURED#$0ISENABLEDBYDEFAULTONALLINTERFACES
CDP is a Data Link protocol that operates at Layer 2 of the Open Systems Interconnection (OSI) model. This is
important to understand because CDP is not routable and can only travel to directly connected devices.
64
CDP allows you to view information such as operating system version, protocol information, and much more. This
information can be very handy for troubleshooting a variety of problems.
#$0CONlGURATIONISENABLEDBYDEFAULTONTHEROUTERANDALLINTERFACES
CDP Commands
The CDP commands are simple. See the following tables.
'LOBAL#ONlGURATION#OMMANDS
no cdp run
cdp run
cdp timer 120
)NTERFACE#ONlGURATION#OMMANDS
cdp enable
no cdp enable
Show Commands
show cdp interface
show cdp neighbor
show cdp neighbor detail
show cdp
Lesson 6: ARP
ARP Commands
Show arp
The show arp command displays the Address Resolution Protocol (ARP) table, which contains detailed information about interfaces that are learning media access control (MAC) addresses. Looking at the table below, you
can see that the router learned the IP address and MAC address of each Ethernet interface. The Age column
indicates how long the router has had the information, and the Interface column indicates the interface from
which it learned this information. Notice that the age of the 1.1.1.4 address is not indicated because it is the IP
address of the Ethernet port that is connected to the router.
Router#show arp
Protocol Address
Age (min)
Hardware Addr
Type Interface
Internet 1.1.1.2
207
0000.0c32.f57d
ARPA Ethernet0
Internet 1.1.1.4
0060.7062.e040
ARPA Ethernet0
Router#
Clear arp
The information stored in the ARP table can become corrupted occasionally, which causes the router to experience packet-delivery problems. When this happens, the ARP table must be cleared and rebuilt. You must access
65
privileged mode and issue the clear arp command in order to clear the ARP table. After you have cleared the
ARP table, you can view it again using the show arp command. In this example, notice that all entries, with the
exception of the directly connected interfaces of the router, have disappeared.
Router#show arp
Protocol Address
Age (min)
Hardware Addr
Type Interface
Internet 1.1.1.2
0060.7062.e040
ARPA Ethernet0
Router#
66
in the example above. In order to use RIP version 2, the version 2 command must be entered after the router rip
command.
To enable RIP as the routing protocol on Router 1, the router rip command must be issued. Notice the new mode
the router has entered.
Router1(config)#router rip
Router1(config-router)#
Once RIP is running on Router 1, network statements must be used to tell the router which networks it is connected to. Every router interface that is directly connected to an active network needs a network number. Some
NETWORKSWILLBECONlGUREDWITHTHESAME)0ADDRESSINGSCHEMESWITHDIFFERENTSUBNETSANDSOMEWILLBECONlGUREDWITHENTIRELYDIFFERENTADDRESSINGSCHEMES4HEDIAGRAMBELOWSHOWSTWODIFFERENTADDRESSINGSCHEMES
2OUTER
2OUTER
2OUTER
Router 1s Ethernet 0 interface has an IP address of 10.1.1.1 with a /24 subnet mask, and its serial 0 interface has
an IP address of 172.16.10.1 with a /16 subnet mask. Because RIP is classful, only the class portions of the adDRESSESMUSTBESPECIlEDINTHENETWORKSTATEMENTS4HUSON2OUTERTHEnetwork 10.0.0.0 statement should be
used for the Ethernet 0 interface, and the network 172.16.0.0 statement should be used for the serial 0 interface.
Router1(config-router)#network 172.16.0.0
Router1(config-router)#network 10.0.0.0
Router1(config-router)#
2OUTERSHOULDBECONlGUREDASFOLLOWS
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router2
Router2(config)#int e0
Router2(config-if)#ip address 10.1.1.2 255.255.255.0
Router2(config-if)#no shut
00:17:25: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Router2(config-if)#exit
Router2(config)#
67
RIP should now be running on the network between Router 1 and Router 2.
2OUTERSHOULDBECONlGUREDASFOLLOWS
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router4
Router4(config)#int s0
Router4(config-if)#ip address 172.16.10.2 255.255.0.0
Router4(config-if)#no shut
00:20:35: %LINK-3-UPDOWN: Interface Serial0, changed state to up
Router4(config-if)#exit
Router4(config)#
Now, the RIP information must be added.
Router4(config)#router rip
Router4(config-router)#network 172.16.0.0
Router4(config-router)#exit
Router4(config)#exit
Router4#
/NCE2)0HASBEENCONlGUREDONTHEENTIRENETWORKshow commands can be used to verify that the routers are
receiving RIP routes. The most commonly used command is show ip route, which displays all entries in the routing table. This command should be issued at the privileged mode prompt on Router 4 to display the routes to the
directly connected Router 1 and to the other routers on the network.
Router4# show ip route
Gateway of last resort is not set
172.16.0.0/16 is subnetted, 1 subnet
C
172.16.10.0 is directly connected, Serial 0
R 10.0.0.0 [120/1] via 172.16.10.1 00:03:18, Serial 0
In the line R 10.0.0.0 [120/1] via 172.16.10.1, 00:00:21, Serial0, the R indicates that this is a RIP route. The
10.0.0.0 portion of the output indicates the destination network. The [120/1] portion of the output indicates that
120 is the administrative distance and that 1 hop is required to reach the destination. RIPs default administrative distance is 120; administrative distance is considered the trustworthiness of the route. If two routing
protocols have the same route, the router will pick the route with the lower administrative distance. The via
172.16.10.1 portion of the output indicates that 172.16.10.1 is the address of the next hop. The Serial0 portion
of the output indicates that this information was learned via the serial 0 interface.
The show ip protocols command displays information about the IP routing protocols that are enabled. The following is example output from the show ip protocols command.
68
Router4#show ip protocols
Routing Protocol is rip
Sending updates every 30 seconds, next due in 12 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Key-chain
Routing for Networks:
172.16.0.0
Routing Information Sources:
Gateway Distance Last Update
172.16.10.1 120 00:00:09
Distance: (default is 120)
Router4#
The output indicates that updates are being sent every 30 seconds. RIP is a distance vector routing protocol, so
it exchanges its entire routing table every 30 seconds. The 172.16.0.0 network is under the Routing for Networks
area, which indicates that the network statement is working. Notice that the administrative distance is 120,
which is the default.
IGRP
Interior Gateway Routing Protocol (IGRP) is a standards-based, distance vector IGP that is used by routers to
exchange routing information. IGRP uses a composite metric of bandwidth and delay to determine the best path
BETWEENTWOLOCATIONS4HEMETRICCANALSOBEADMINISTRATIVELYCONlGUREDTOFACTORINTHEMAXIMUMTRANSMISSION
unit (MTU), reliability, and load for the link.
In an IGRP network, each router broadcasts its entire IGRP table to its neighboring routers every 90 seconds. When
a router receives a neighbors IGRP table, it uses the information provided to update its own routing table and then
sends the updated table to its neighbors. This procedure is repeated by each router and results in a state referred
to as network convergence, in which all routers have an identical view of the internetwork topology.
2OUTERSHOULDBECONlGUREDASFOLLOWS
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router1
Router1(config)#int e0
Router1(config-if)#ip address 10.1.1.1 255.255.255.0
Router1(config-if)#no shut
00:35:15: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Router1(config-if)#exit
Router1(config)#int s0
69
2OUTER
2OUTER
2OUTER
Router 1s Ethernet 0 interface has an IP address of 10.1.1.1 with a /24 subnet mask, and its serial 0 interface
has an IP address of 172.16.10.1 with a /16 subnet mask. Because IGRP is classful, only the class portions of
THEADDRESSESMUSTBESPECIlEDINTHENETWORKSTATEMENT4HUSON2OUTERTHEnetwork 10.0.0.0 statement
should be issued for the Ethernet 0 interface, and the network 172.16.0.0 statement should be issued for the
serial 0 interface.
Router1(config-router)#network 172.16.0.0
Router1(config-router)#network 10.0.0.0
Router1(config-router)#
70
2OUTERSHOULDBECONlGUREDASFOLLOWS
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router2
Router2(config)#int e0
Router2(config-if)#ip address 10.1.1.2 255.255.255.0
Router2(config-if)#no shut
01:23:17: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Router2(config-if)#exit
01:23:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
Router2(config)#
.OW)'20MUSTBECONlGURED
Router2(config)#router IGRP 100
Router2(config-router)#network 10.0.0.0
Router2(config-router)#exit
Router2(config)#exit
Router2#
IGRP should now be running on the network between Router 1 and Router 2.
2OUTERSHOULDBECONlGUREDASFOLLOWS
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router4
Router4(config)#int s0
Router4(config-if)#ip address 172.16.10.2 255.255.0.0
Router4(config-if)#no shut
01:23:17: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
01:23:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
Router4(config-if)#exit
Router4(config)#
.OW)'20MUSTBECONlGURED
Router4(config)#router IGRP 100
Router4(config-router)#network 172.16.0.0
Router4(config-router)#exit
Router4(config)#exit
Router4#
/NCE)'20ISCONlGUREDONTHEENTIRENETWORKshow commands can be used to verify that the routers are receiving
routes. The show ip route command should be issued on Router 4 to display the route to the directly connected Router 1.
Router4#show ip route
Gateway of last resort is not set
71
OSPF
OSPF is a dynamic link-state, hierarchical IGP that is based on open standards. It was designed as a replacement for RIP and was derived from an early version of Intermediate System to Intermediate System (IS-IS). OSPF
is a robust protocol whose features include least-cost routing, multipath routing, and load balancing. The shortest path through the network is calculated by using the Dijkstra algorithm. Cisco uses its own implementation
of the OSPF standards with additional features that are important for interoperability.
72
/NCETHEROUTERISCONlGUREDFOR/30&THEROUTERSTARTSTHEPROCESSOFLEARNINGITSENVIRONMENTBYGOINGTHROUGH
a few phases of initialization. First, the router uses hello packets to identify its neighbors and develop adjacencies (relationships for exchanging routing updates) with them. The router then starts the ExStart phase, which
is the initial database exchange. Next is the Exchange phase in which the Designated Router sends the routing
information and receives an acknowledgement (ack) receipt from the new router. During the Loading phase, the
NEWROUTERCOMPILESAROUTINGTABLE/NCETHEROUTERlNISHESITSCALCULATIONSITPROGRESSESINTOITSFULLSTATEIN
which it is an active member of the network.
2OUTERSHOULDBECONlGUREDASFOLLOWS
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router1
Router1(config)#int e0
Router1(config-if)#ip address 10.1.1.1 255.255.255.0
Router(config-if)#no shut
00:12:33: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Router(config-if)#exit
Router1(config)#int s0
Router1(config-if)#ip address 172.16.10.1 255.255.0.0
Router1(config-if)#no shut
00:15:30: %LINK-3-UPDOWN: Interface Serial0, changed state to up
00:15:35: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up
Router1(config-if)#exit
Next, the router ospf 100 command should be issued to enable OSPF as the routing protocol. The 100 paramETERISAPROCESSIDENTIlCATIONNUMBERANINTEGERFROMTO THATISUSEDTOINITIALIZETHEPROTOCOLONTHE
ROUTER5NLIKETHE)'20AUTONOMOUSSYSTEMNUMBERTHEPROCESSIDENTIlCATIONNUMBERDOESNOTHAVETOBETHE
same for all of the routers within the OSPF area. The networks that are added to the OSPF session make up the
area. Notice the new mode that the router enters once the command is issued.
Router1(config)#router ospf 100
Router1(config-router)#
Once OSPF is running on Router 1, network statements must be used to tell the router which networks it is connected to, as well as to assign it its wildcard mask and OSPF area. Every router interface that is directly connectEDTOANACTIVENETWORKNEEDSANETWORKNUMBER3OMENETWORKSWILLBECONlGUREDWITHTHESAME)0ADDRESSING
SCHEMESWITHDIFFERENTSUBNETSANDSOMEWILLBECONlGUREDWITHENTIRELYDIFFERENTADDRESSINGSCHEMES4HE
diagram below shows two different addressing schemes.
73
2OUTER
2OUTER
2OUTER
Router 1s Ethernet 0 interface has an IP address of 10.1.1.1 with a /24 subnet mask, and its serial 0 interface
has an IP address of 172.16.10.1 with a /16 subnet mask. When the network statements are issued, the class
portions of the addresses, the wildcard masks, and the area IDs (an integer between 0 and 4,294,967,295)
must be provided. Thus, on Router 1, the network 10.0.0.0 0.0.0.255 area 0 command should be issued on the
Ethernet 0 interface, and the network 172.16.0.0 0.0.0.255 area 0 command should be issued on the serial 0
INTERFACE4HEWILDCARDMASKISUSEDFORTROUBLESHOOTINGSPECIlCLINKSBYEITHERADDINGORREMOVINGTHEM
Router1(config-router)#network 10.0.0.0 0.0.0.255 area 0
Router1(config-router)#network 172.16.0.0 0.0.255.255 area 0
Router1(config-router)#exit
Router1(config)#exit
Router1#
Now, the SHOWRUNNING
CONlGCOMMANDSHOULDBEISSUEDTOCONlRMTHATTHE/30&PROCESS)$WASDElNEDAS
100 and that the two networks were added to OSPF area 0.
Router1#show running-config
2OUTERSHOULDBECONlGUREDASFOLLOWS
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router2
Router2(config)#int e0
Router2(config-if)#ip address 10.1.1.2 255.255.255.0
Router2(config-if)#no shut
Router2(config-if)#exit
00:21:23: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
00:21:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
Router2(config)#
74
.OWTHE/30&PROCESSIDENTIlCATIONNUMBERANDNETWORKSTATEMENTMUSTBEADDED
Router2(config)#router ospf 100
Router2(config-router)#network 10.1.1.0 0.0.0.255 area 0
Router2(config-router)#exit
Router2(config)#exit
Router2#
OSPF should now be running on the network between Router 1 and Router 2.
2OUTERSHOULDBECONlGUREDASFOLLOWS
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router4
Router4(config)#int s0
Router4(config-if)#ip address 172.16.10.2 255.255.0.0
Router4(config-if)#no shut
Router4(config-if)#exit
4HE/30&PROCESSIDENTIlCATIONNUMBERANDNETWORKSTATEMENTMUSTBEADDED
Router4(config)#router ospf 100
Router4(config-router)#network 172.16.0.0 0.0.255.255 area 0
Router4(config-router)#exit
Router4(config)#exit
Router4#
OSPF should now be running on all three routers. The ping command can be used to test connectivity between the
routers. From Router 1, Router 4s serial 0 interface and Router 2s Ethernet interface should be pinged.
Router1#ping 172.16.10.2
Router1#ping 10.1.1.2
Next, Router 1 should be pinged from Router 2 and Router 4.
Router2#ping 10.1.1.1
Router4#ping 172.16.10.1
If all pings succeed, the routers are talking to each other in both directions and routing is successful.
Now, the show ip ospf interfaceCOMMANDSHOULDBEUSEDON2OUTERTOVERIFYPROPER/30&INTERFACECONlGURATION
Router1#show ip ospf interface
This is an excellent command for learning all interface information. The output includes the interface IP address, area assignment, process ID, router ID, cost, priority, network type, timer intervals, and adjacent neighbor
information. You can also see the Designated Router (DR)/Backup Designated Router (BDR) information when it
is applied.
Finally, the show ip ospf neighbor command should be issued.
Router1#show ip ospf neighbor
75
This command displays all of the important information concerning neighbors and the adjacency state. It also
DISPLAYSTHE$2OR"$2INFORMATIONIFITISCONlGURED
CHAP
Challenge-Handshake Authentication Protocol (CHAP) provides a more secure procedure for connecting to a
system than Password Authentication Protocol (PAP). Heres how CHAP works:
1. After the link is made, the server sends a challenge message to the connection requestor. The requestor
responds with a value obtained by using a one-way hash function.
2. The server checks the response by comparing its own calculation of the expected hash value.
3. If the values match, the authentication is acknowledged; otherwise, the connection is usually terminated.
At any time, the server can request that a new challenge message be sent by the connected party. Because
#(!0IDENTIlERSARECHANGEDFREQUENTLYANDBECAUSEAUTHENTICATIONCANBEREQUESTEDBYTHESERVERATANYTIME
#(!0PROVIDESMORESECURITYTHAN0!02&#DElNESBOTH#(!0AND0!0
#ONlGURING000WITH#(!0ONA#ISCO2OUTER
The following interface command enables PPP:
encapsulation ppp
PPP must be enabled on both ends of the link.
The following interface command must be added in order for authentication to be enabled:
ppp authentication chap
The routers will now require authentication over the link. They will attempt to log in with their host names as
THEIRUSERNAMESANDTHEIRENABLEPASSWORDSASTHEIR#(!0PASSWORDS)NGLOBALCONlGURATIONMODEONEACH
76
router, an entry that matches the remote routers user name and password must be made:
username Other_Router password Other_enable_pass
3AMPLE#ONlGURATIONSFOR000ON4WO$EVICES
(R1)s0----------s0(R2)
Router 1:
hostname R1
interface serial 0
encapsulation PPP
no shutdown
Router 2:
hostname R2
interface serial 0
encapsulation PPP
no shutdown
Router 2:
hostname R2
enable secret cool2
username R1 password toast1
interface serial 0
encapsulation PPP
ppp authentication chap
no shutdown
The following is a link where you can read more about PPP/CHAP authentication: http://www.cisco.com/warp/public/471/understanding_ppp_chap.html
77
78
cisco
default
ansi
ANSI Annex D
q933a
CCITT Q933a
4HEFOLLOWINGCOMMANDISUSEDINMULTIPOINT&RAME2ELAYEXAMPLESANDDElNESASTATICMAPPINGBETWEENA
protocol address and a Frame Relay DLCI:
frame-relay map-ip ip_address dlci [broadcast]
Again, the broadcast keyword is optional and should only be included if broadcast packets need to be forwarded
out of the subinterface. In static routing examples, routing updates are not required and the keyword is omitted.
4HEFOLLOWINGCOMMANDCREATESALOGICAL&RAME2ELAYSUBINTERFACEANDDElNESITASAPOINT
TO
POINTORMULTIpoint connection.
interface serial0.subinterface_# [point-to-point | multipoint]
A subinterface is treated as if it were a separate interface dedicated for a PVC to a remote site. Serial0 indicates
that the subinterface belongs to the physical serial 0 interface, and subinterface _# is the unique subinterface
ID number. The subinterface ID number can be any unique value between 0 and 4,294,967,295 and does not have
to be in any particular order (i.e., it is not necessary to begin with 1 and sequentially progress with 2, 3, and so
on). In fact, to reduce confusion, it is good practice to identify a subinterface with the same number as the DLCI
used on that subinterface.
4HEFOLLOWINGCOMMANDCONlGURESANINTERFACEWITHAN)0ADDRESSANDSUBNETMASK
ip address ip_address subnet_mask
79
!CCESSLISTSARECREATEDINTHEROUTERSGLOBALCONlGURATIONMODE2EMEMBERTHATALLSTANDARD)0ACCESSLISTS
MUSTBENUMBEREDINTHERANGEOFTHROUGH4HEFOLLOWINGCOMMANDSPERMITTRAFlCFROMADDRESS
80
ANDDENYALLOTHERTRAFlC
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 1 permit host 1.1.1.1
Router(config)#exit
Router#
4HISCONlGURATIONCREATESApermit statement for host address 1.1.1.1. Because the source mask was not specilEDTHEROUTERUSESADEFAULTOFMATCHEXACTLY $ONOTFORGETTHEIMPLICITdeny any statement at the end
OFTHEACCESSLISTTHISAUTOMATICALLYDENIESANYTRAFlCTHATWASNOTEXPLICITLYPERMITTED
81
82
s4HElNALCRITERIONISTOPERMITALLOTHERTRAFlCNOTPREVIOUSLYMENTIONED
The last line of the access list, 2OUTERCONlG ACCESS
LISTPERMITANY, accomplishes this by permitTINGALLPACKETSTHATWERENOTMATCHEDINTHElRSTTHREELINESOFTHELIST
83
"
-ATCHA3PECIlC(OST
All wildcard mask bits are zeros. For a standard access list to permit the host 192.168.0.58, you could use the
following command:
access-list 101 permit 192.168.0.58 0.0.0.0
Because standard access lists assume a 0.0.0.0 mask, you could rewrite the command as follows:
access-list 101 permit 192.168.0.58
For an extended access list to permit the same host of 192.168.0.58, you should use one of the following commands:
access-list 101 permit ip 192.168.0.58 0.0.0.0 any
OR
access-list 101 permit ip host 192.168.0.58 any
84
The key to matching an entire subnet is to use the following formula for the wildcard mask:
Wildcard mask = 255.255.255.255 subnet
So, for example, if the current subnet is 255.255.255.0, the mask would be 0.0.0.255, as calculated below:
255.255.255.255
255.255.255.0 0.0.0.255
In this equation, subtract each octet separately since an IP address is not a whole number.
To permit access to the network of 200.0.18.0 with a subnet mask of 255.255.255.0, you should use the following
commands.
Using a standard access list:
access-list 101 permit 200.0.18.0 0.0.0.255
Using an extended access list:
access-list 101 permit ip 200.0.18.0 0.0.0.255 any
To permit access to the network of 10.4.0.0 with a subnet mask of 255.255.0.0, you should use the following
commands.
Using a standard access list:
access-list 100 permit 10.4.0.0 0.0.255.255
Using an extended access list:
access-list 100 permit ip 10.4.0.0 0.0.255.255 any
Match an IP Range
#ONSIDERTHERANGEOFTHROUGH)NORDERTOlNDTHEWILDCARDMASKSUBTRACTTHELOWER)0
address from the higher IP address.
10.3.31.255
10.3.16.0 0.0.15.255
In this case, the wildcard mask for this range is 0.0.15.255.
To permit access to this range, you should use the following commands.
Using a standard access list:
access-list 100 permit 10.3.16.0 0.0.15.255
Using an extended access list:
access-list 100 permit ip 10.3.16.0 0.0.15.255 any
Note that each non-zero value in the mask must be one less than a power of 2 (i.e., 0, 1, 3, 7, 15, 31, 63, 127, 255).
85
Switch Components
A switch includes all of the hardware components of a PC, including a CPU, RAM, and an internetwork operating
system (IOS). A switch can be managed the same as a router; you can console into its console port, telnet to its
IP address, and even change the IOS through the use of TFTP.
Switches use some of the same commands that routers use. To check information about the interfaces, you can
use the show interfaces command. To display the IP information for the interfaces, use the show ip interfaces
COMMAND4OlNDINFORMATIONRELATINGTOTHEMODELNUMBEROR)/3VERSIONUSETHEshow version command. To
VIEWTHERUNNINGCONlGURATIONlLEUSETHESHOWRUNNING
CONlG command.
The show mac-address-table command displays the MAC table for the switch. The MAC table is the table that
matches all the ports on the switch with the MAC addresses it has learned.
Command-Line Interface
User Mode vs. Privileged Mode
User mode is indicated by the > prompt that follows the switch name. In user mode, you can look at some of the
switchs settings, but you cannot change them. In privileged mode, accessed by using the enable command in
user mode and indicated by the # prompt, you can use the different show commands to view all settings on the
SWITCH&ROMPRIVILEGEDMODEYOUCANACCESSCONlGURATIONMODEBYUSINGTHECONlGTERMINAL command.
Switch>
Switch>enable
Switch#
Accessing Help
To view all commands available from this mode, type ?. This will display a list of all available commands in the
current mode. You can also use the question mark after you have started typing a command. For example if you
want to use a show command but you do not remember which one to use, type show ? to display all commands
that you can use with the show command.
r1#show ?
86
#ONlGURATION-ODE
&ROMPRIVILEGEDMODEYOUCANENTERCONlGURATIONMODEBYUSINGTHECONlGTERMINAL command. You can exit
CONlGURATIONMODEBYTYPINGend or pressing the CTRL+Z key combination.
Switch#config t
Switch(config)#end
87