Beruflich Dokumente
Kultur Dokumente
NOTE The content under the heading Internal Processing on Cisco Switches was most
recently published for the 100-101 Exam in 2013, in Chapter 6 of the CCENT/CCNA
ICND1 100-101 Official Cert Guide.
Some switches, and transparent bridges in general, use store-and-forward processing. With
store-and-forward, the switch must receive the entire frame before forwarding the first bit
of the frame. However, Cisco also offers two other internal processing methods for switch-
es: cut-through and fragment-free. Because the destination MAC address occurs very early
in the Ethernet header, a switch can make a forwarding decision long before the switch has
received all the bits in the frame. The cut-through and fragment-free processing methods
allow the switch to start forwarding the frame before the entire frame has been received,
reducing time required to send the frame (the latency, or delay).
With cut-through processing, the switch starts sending the frame out the output port as
soon as possible. Although this might reduce latency, it also propagates errors. Because the
frame check sequence (FCS) is in the Ethernet trailer, the switch cannot determine whether
the frame had any errors before starting to forward the frame. So, the switch reduces the
frames latency, but with the price of having forwarded some frames that contain errors.
Fragment-free processing works similarly to cut-through, but it tries to reduce the number
of errored frames that it forwards. One interesting fact about Ethernet CSMA/CD logic
is that collisions should be detected within the first 64 bytes of a frame. Fragment-free
processing works like cut-through logic, but it waits to receive the first 64 bytes before for-
warding a frame. The frames experience less latency than with store-and-forward logic and
slightly more latency than with cut-through, but frames that have errors as a result of colli-
sions are not forwarded.
With many links to the desktop running at 100 Mbps, uplinks at 1 Gbps, and faster
application-specific integrated circuits (ASIC), todays switches typically use store-and-
forward processing, because the improved latency of the other two switching methods
is negligible at these speeds.
The internal processing algorithms used by switches vary among models and vendors;
regardless, the internal processing can be categorized as one of the methods listed in
Table Q-1.
NOTE The content under the heading IOS Version and Other Reload Facts was most
recently published for the 100-101 Exam in 2013, in Chapter 7 of the CCENT/CCNA
ICND1 100-101 Official Cert Guide.
Appendix Q: Topics from Previous Editions 3
Working through the highlighted parts of the example, top to bottom, this command lists
NOTE The content under the heading Secondary IP Addressing was most recently
published for the 100-101 Exam in 2013, in Chapter 16 of the CCENT/CCNA ICND1
100-101 Official Cert Guide.
Secondary IP Addressing
Most networks today make use of either routers with VLAN trunks or Layer 3 switches.
This next topic moves to an interesting, but frankly less commonly used, feature that helps
overcome some growing pains with an IP network.
Imagine that you planned your IP addressing scheme for a network. Later, a particular sub-
net grows, and you have used all the valid IP addresses in the subnet. What should you do?
Three main options exist:
Make the existing subnet larger, by choosing a mask with more host bits. Existing hosts
have to change their subnet mask settings, and new hosts can use IP addresses from the
expanded address range.
Appendix Q: Topics from Previous Editions 5
Migrate to a completely new (larger) subnet. All existing devices change their IP addresses.
Add a second subnet in the same location using secondary addressing.
The first option works well, as long as the new subnet does not overlap with existing sub-
nets. For example, if the design used 172.16.2.0/24, and it ran out of addresses, the engi-
neer could try to use mask /23 instead. That creates a subnet 172.16.2.0/23, with a range of
addresses from 172.16.2.1 to 172.16.3.254. However, if subnet 172.16.3.0/24 had already
been assigned to some other part of the network, space would not exist in the addressing
plan to make the existing subnet larger.
The second option is more likely to work. The engineer looks at the unused IP addresses in
that IP network and picks a new subnet. However, all the existing IP addresses would need
to be changed. This is a relatively simple process if most or all hosts use DHCP, but poten-
tially laborious if many hosts use statically configured IP addresses.
The third option uses a Cisco router feature called secondary IP addressing. Secondary
addressing uses multiple networks or subnets on the same data link. (This feature actually
breaks the subnetting rules discussed earlier in this book, but it works.) By using more than
one subnet in the same Layer 2 broadcast domain, you increase the number of available IP
addresses.
Figure Q-1 shows the ideas behind secondary addressing. Hosts A and B sit on the same
LAN, in fact, in the same VLAN. So does R1. No trunking needs to occur, either. In fact, if
you ignore the numbers, normally, A, B, and R1 would all be part of the same subnet.
Subnet 172.16.1.0/24
172.16.1.9 A
GW = 172.16.1.1 172.16.1.1 G0/0 Q
172.16.9.1 R1
172.16.9.9 B (Secondary)
GW = 172.16.9.1
Subnet 172.16.9.0/24
Secondary addressing does have one negative: Traffic between hosts on the same VLAN,
but in different subnets, requires a trip through the router. For example, in Figure Q-1,
when host A in subnet 172.16.1.0 sends a packet to host B, in subnet 172.16.9.0, host As
logic is to send the packet to its default gateway. So, the sending host sends the packet to
the router, which then sends the packet to host B, which is in the other IP subnet but in the
same Layer 2 VLAN.
NOTE The content under the heading Internal Processing on Cisco Routers was most
recently published for the 100-101 Exam in 2013, in Chapter 16 of the CCENT/CCNA
ICND1 100-101 Official Cert Guide.
Over the years, Cisco has created several ways to optimize the internal process of how rout-
ers forward packets. Some methods tie to a specific model series of router. Layer 3 switches
do the forwarding in application-specific integrated circuits (ASIC), which are computer
chips built for the purpose of forwarding frames or packets. All these optimizations take the
basic logic from the five-step list here in the book, but work differently inside the router
hardware and software, in an effort to use fewer CPU cycles and reduce the overhead of
forwarding IP packets.
NOTE The content under the heading OSPF Configuration was most recently
published for the 100-101 Exam in 2013, in Chapter 17 of the CCENT/CCNA ICND1
100-101 Official Cert Guide. This short topic focuses on host name resolution.
8 CCENT/CCNA ICND1 100-105 Official Cert Guide
OSPF Configuration
Open Shortest Path First (OSPF) configuration includes only a few required steps, but it has
many optional steps. After an OSPF design has been chosena task that can be complex
in larger IP internetworksthe configuration can be as simple as enabling OSPF on each
router interface and placing that interface in the correct OSPF area.
This section shows several configuration examples, all with a single-area OSPF internetwork.
Following those examples, the text goes on to cover several of the additional optional con-
figuration settings. For reference, the following list outlines the configuration steps covered
in this appendix, as well as a brief reference to the required commands:
Step 1. Enter OSPF configuration mode for a particular OSPF process using the router
ospf process-id global command.
Step 2. (Optional) Configure the OSPF router ID by
A. Configuring the router-id id-value router subcommand
B. Configuring an IP address on a loopback interface
Step 3. Configure one or more network ip-address wildcard-mask area area-id router
subcommands, with any matched interfaces being added to the listed area.
For a more visual perspective on OSPFv2 configuration, Figure Q-2 shows the relation-
ship between the key OSPF configuration commands. Note that the configuration creates
a routing process in one part of the configuration, and then indirectly enables OSPF on
each interface. The configuration does not name the interfaces on which OSPF is enabled,
instead requiring IOS to apply some logic by comparing the OSPF network command to
the interface ip address commands. The upcoming example discusses more about this logic.
Configuration
OSPF Mode:
router ospf 1 Define Process ID
router-id 1.1.1.1 Set Router ID (Optional)
(Indirectly) Enable OSPF Process
on the Interface
network 10.0.0.0 0.255.255.255 area 0
Define Area Number
SW3 SW4
G0/0 G0/0
R3 R4
S0/0/0 S0/0/1
10.1.13.0/25 10.1.24.0/25
S0/0/1 .2 S0/0/0
S0/0/0 10.1.12.0/25
S0/0/1
R1 .2 R2
G0/0 .2 G0/0
The beginning single-area configuration on R3, as shown in Example Q-4, enables OSPF on
all the interfaces shown in Figure Q-3. First, the router ospf 1 global command puts the
user in OSPF configuration mode and sets the OSPF process-id. This number just needs to
be unique on the local router, allowing the router to support multiple OSPF processes in a
single router by using different process IDs. (The router command uses the process-id to
distinguish between the processes.) The process-id does not have to match on each router,
and it can be any integer between 1 and 65,535.
10 CCENT/CCNA ICND1 100-105 Official Cert Guide
Speaking generally rather than about this example, the OSPF network command tells a rout-
er to find its local interfaces that match the first two parameters on the network command.
Then, for each matched interface, the router enables OSPF on those interfaces, discovers
neighbors, creates neighbor relationships, and assigns the interface to the area listed in the
network command.
For the specific command in Example Q-4, any matched interfaces are assigned to area 0.
However, the first two parametersthe ip-address and wildcard-mask parameter values of
10.0.0.0 and 0.255.255.255need some explaining. In this case, the command matches all
three interfaces shown for Router R3; the next topic explains why.
Basically, a wildcard mask value of 0 in an octet tells IOS to compare to see whether
the numbers match, and a value of 255 tells IOS to ignore that octet when comparing the
numbers.
The network command provides many flexible options because of the wildcard mask. For
example, in Router R3, many network commands could be used, with some matching all
interfaces and some matching a subset of interfaces. Table Q-3 shows a sampling of options,
with notes.
Appendix Q: Topics from Previous Editions 11
Table Q-3 Example OSPF network Commands on R3, with Expected Results
Command Logic in Command Matched
Interfaces
network 10.1.0.0 0.0.255.255 Match interface IP addresses that begin G0/0.341
with 10.1 G0/0.342
S0/0/0
network 10.0.0.0 0.255.255.255 Match interface IP addresses that begin G0/0.341
with 10 G0/0.342
S0/0/0
network 0.0.0.0 255.255.255.255 Match all interface IP addresses G0/0.341
G0/0.342
S0/0/0
network 10.1.13.0 0.0.0.255 Match interface IP addresses that begin S0/0/0
with 10.1.13
network 10.1.3.1 0.0.0.0 Match one IP address: 10.1.3.1 G0/0.341
The wildcard mask gives the local router its rules for matching its own interfaces. For
example, Example Q-4 shows R3 using the network 10.0.0.0 0.255.255.255 area 0 com-
mand. In that same internetwork, Routers R1 and R2 would use the configuration shown in
Example Q-5, with two other wildcard masks. In both routers, OSPF is enabled on all the
interfaces shown in Figure Q-3.
Example Q-5 OSPF Configuration on Routers R1 and R2
! R1 configuration next - one network command enables OSPF
! on all three interfaces Q
router ospf 1
network 10.1.0.0 0.0.255.255 area 0
! R2 configuration next - One network command per interface
router ospf 1
network 10.1.12.2 0.0.0.0 area 0
network 10.1.24.2 0.0.0.0 area 0
network 10.1.2.2 0.0.0.0 area 0
Finally, note that other wildcard mask values can be used as well, so that the compari-
son happens between specific bits in the 32-bit numbers. Chapter 25, Basic IPv4 Access
Control Lists, discusses wildcard masks in more detail, including these other mask options.
NOTE The network command uses another convention for the first parameter (the
address): if an octet will be ignored because of the wildcard mask octet value of 255, the
address parameter should be a 0. However, IOS will actually accept a network command
that breaks this rule, but then IOS will change that octet of the address to 0 before putting
it into the running configuration file. For example, IOS will change a typed command that
begins with network 1.2.3.4 0.0.255.255 to network 1.2.0.0 0.0.255.255.
12 CCENT/CCNA ICND1 100-105 Official Cert Guide
Verifying OSPF
As mentioned earlier, OSPF routers use a three-step process. First, they create neighbor
relationships. Then they build and flood link-state advertisements (LSA), so each router in
the same area has a copy of the same LSDB. Finally, each router independently computes its
own IP routes and adds them to its routing table.
The show ip ospf neighbor, show ip ospf database, and show ip route commands display
information for each of these three steps, respectively. To verify OSPF, you can use the
same sequence. Or, you can just go look at the IP routing table, and if the routes look cor-
rect, OSPF probably worked.
First, examine the list of neighbors known on Router R3. R3 should have one neighbor rela-
tionship with R1, over the serial link. It also has two neighbor relationships with R4, over
the two different VLANs to which both routers connect. Example Q-6 shows all three.
Example Q-6 OSPF Neighbors on Router R3 from Figure Q-3
R3# show ip ospf neighbor
The detail in the output mentions several important facts, and for most people, working
right to left works best. For example, looking at the headings:
Interface: This is the local routers interface connected to the neighbor. For example, the
first neighbor in the list is reachable through R3s S0/0/0 interface.
Address: This is the neighbors IP address on that link. Again, for this first neighbor, the
neighbor, which is R1, uses IP address 10.1.13.1.
State: Although many possible states exist, for the details discussed in this chapter, FULL
is the correct and fully working state in this case.
Neighbor ID: This is the router ID of the neighbor.
Next, Example Q-7 shows the contents of the LSDB on Router R3. Interestingly, when
OSPF is working correctly in an internetwork with a single area design, all the routers will
have the same link-state database (LSDB) contents. So, the show ip ospf database command
in Example Q-7 should list the same exact information, no matter which of the four routers
on which it is issued.
Example Q-7 OSPF Database on Router R3 from Figure Q-3
R3# show ip ospf database
For the purposes of this book, do not be concerned about the specifics in the output of
this command. However, for perspective, note that the LSDB should list one Router Link
State (Type 1 Router LSA) for each of the four routers in the design, as highlighted in the
example.
Next, Example Q-8 shows R3s IPv4 routing table with the show ip route command. Note
that it lists connected routes as well as OSPF routes. Take a moment to look back at Figure
Q-3 and look for the subnets that are not locally connected to R3. Then look for those
routes in the output in Example Q-7.
Example Q-8 IPv4 Routes Added by OSPF on Router R3 from Figure Q-3
R3# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
! Legend lines omitted for brevity Q
First, take a look at the bigger ideas confirmed by this output. The code of O on the
left identifies a route as being learned by OSPF. The output lists five such IP routes. From
the figure, five subnets exist that do not happen to be connected subnets off Router R3.
Looking for a quick count of OSPF routes, versus nonconnected routes in the diagram,
gives a quick check of whether OSPF learned all routes.
Next, take a look at the first route (to subnet 10.1.1.0/25). It lists the subnet ID and mask,
identifying the subnet. It also lists two numbers in brackets. The first, 110, is the administra-
tive distance of the route. All the OSPF routes in this example use the default of 110. The
second number, 65, is the OSPF metric for this route.
Additionally, the show ip protocols command is popular as a quick look at how any routing
protocol works. This command lists a group of messages for each routing protocol running
on a router. Example Q-9 shows a sample, this time taken from Router R3.
Example Q-9 The show ip protocols Command on R3
R3# show ip protocols
*** IP Routing is NSF aware ***
The output shows several interesting facts. The first highlighted line repeats the parameters
on the router ospf 1 global configuration command. The second highlighted item points
out R3s router ID, as discussed further in the next section. The third highlighted line
repeats more configuration, listing the parameters of the network 10.0.0.0 0.255.255.255
area 0 OSPF subcommand. Finally, the last highlighted item in the example acts as a head-
ing before a list of known OSPF routers, by router ID.
To find its RID, a Cisco router uses the following process when the router reloads and
brings up the OSPF process. Note that when one of these steps identifies the RID, the pro-
cess stops.
1. If the router-id rid OSPF subcommand is configured, this value is used as the RID.
2. If any loopback interfaces have an IP address configured, and the interface has an
interface status of up, the router picks the highest numeric IP address among these
loopback interfaces.
3. The router picks the highest numeric IP address from all other interfaces whose inter-
face status code (first status code) is up. (In other words, an interface in up/down state
will be included by OSPF when choosing its router ID.)
The first and third criteria should make some sense right away: The RID is either configured
or is taken from a working interfaces IP address. However, this book has not yet explained
the concept of a loopback interface, as mentioned in Step 2.
A loopback interface is a virtual interface that can be configured with the interface
loopback interface-number command, where interface-number is an integer. Loopback
interfaces are always in an up and up state unless administratively placed in a shut-
down state. For example, a simple configuration of the command interface loopback 0,
followed by ip address 2.2.2.2 255.255.255.0, would create a loopback interface and
assign it an IP address. Because loopback interfaces do not rely on any hardware, these
interfaces can be up/up whenever IOS is running, making them good interfaces on which
to base an OSPF RID.
Example Q-10 shows the configuration that existed in Routers R1 and R2 before the cre-
ation of the show command output in Examples Q-6, Q-7, and Q-8. R1 set its router ID
using the direct method, while R2 used a loopback IP address. Q
Example Q-10 OSPF Router ID Configuration Examples
! R1 Configuration first
router ospf 1
router-id 1.1.1.1
network 10.1.0.0 0.0.255.255 area 0
network 10.0.0.0 0.255.255.255 area 0
! R2 Configuration next
!
interface Loopback2
ip address 2.2.2.2 255.255.255.255
Each router chooses its OSPF RID when OSPF is initialized, which happens when the
router boots or when a CLI user stops and restarts the OSPF process (with the clear ip ospf
process command). So, if OSPF comes up, and later, the configuration changes in a way
that would impact the OSPF RID, OSPF does not change the RID immediately. Instead,
IOS waits until the next time the OSPF process is restarted.
Example Q-11 shows the output of the show ip ospf command on R1, after the configura-
tion of Example Q-10 was made and after the router was reloaded, which made the OSPF
router ID change.
16 CCENT/CCNA ICND1 100-105 Official Cert Guide
By making an interface passive, OSPF does not form neighbor relationships over the inter-
face, but it does still advertise about the subnet connected to that interface. That is, the
OSPF configuration enables OSPF on the interface (using the network router subcommand),
and then makes the interface passive (using the passive-interface router subcommand).
To configure an interface as passive, two options exist. First, you can add the following
command to the configuration of the OSPF process, in router configuration mode:
passive-interface type number
Alternatively, the configuration can change the default setting so that all interfaces are pas-
sive by default, and then add a no passive-interface command for all interfaces that need to
not be passive:
passive-interface default
no passive interface type number
For example, in the sample internetwork in Figure Q-3, Router R1, at the bottom left of the
figure, has a LAN interface configured for VLAN trunking. The only router connected to
both VLANs is Router R1, so R1 will never discover an OSPF neighbor on these subnets.
Appendix Q: Topics from Previous Editions 17
Example Q-12 shows two alternative configurations to make the two LAN subinterfaces
passive to OSPF.
Example Q-12 Configuring Passive Interfaces on R1 and R2 from Figure Q-3
! First, make each subinterface passive directly
router ospf 1
passive-interface gigabitethernet0/0.11
passive-interface gigabitethernet0/0.12
! Or, change the default to passive, and make the other interfaces
! not be passive
router ospf 1
passive-interface default
no passive-interface serial0/0/0
no passive-interface serial0/0/1
In real internetworks, the choice of configuration style reduces to which option requires
the least number of commands. For example, a router with 20 interfaces, 18 of which are
passive to OSPF, has far fewer configuration commands when using the passive-interface
default command to change the default to passive. If only two of those 20 interfaces need
to be passive, use the default setting, in which all interfaces are not passive, to keep the con-
figuration shorter.
Interestingly, OSPF makes it a bit of a challenge to use show commands to find whether an
interface is passive. The show running-config command lists the configuration directly, but
if you cannot get into enable mode to use this command, note these two facts: Q
The show ip ospf interface brief command lists all interfaces on which OSPF is enabled,
including passive interfaces.
The show ip ospf interface command lists a single line that mentions that the interface is
passive.
Example Q-13 shows these two commands on Router R1, with the configuration shown in
the top of Example Q-12. Note that subinterfaces G0/0.11 and G0/0.12 both show up in
the output of show ip ospf interface brief.
Example Q-13 Displaying Passive Interfaces
R1# show ip ospf interface brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Gi0/0.12 1 0 10.1.1.129/25 1 DR 0/0
Gi0/0.11 1 0 10.1.1.1/25 1 DR 0/0
Se0/0/0 1 0 10.1.12.1/25 64 P2P 0/0
Se0/0/1 1 0 10.1.13.1/25 64 P2P 0/0
Figure Q-4 shows the idea of how OSPF advertises the default route, with the specific
OSPF configuration. In this case, a company connects to an ISP with their Router R1. That
router uses the OSPF default-information originate command (Step 1). As a result, the rout-
er advertises a default route using OSPF (Step 2) to the remote routers (B1, B2, and B3).
Appendix Q: Topics from Previous Editions 19
default-information originate
2
B1 1
ISP
2
B2 R1 ISP1
B3
B1
B3
Q
Figure Q-5 Default Routes Resulting from the default-information originate Command
Finally, this feature gives the engineer control over when the router originates this default
route. First, R1 needs a default route, either defined as a static default route or learned
from the ISP. The default-information originate command then tells the R1 to advertise a
default route when its own default route is working, and to advertise it as down when its
own default route fails.
NOTE The content under the heading Name Resolution with DNS was most recently
published for the 100-101 Exam in 2013, in Chapter 18 of the CCENT/CCNA ICND1
100-101 Official Cert Guide. This short topic focuses on host name resolution.
20 CCENT/CCNA ICND1 100-105 Official Cert Guide
TCP/IP Network
IP
Figure Q-6 Host Resolves Name to IP Address Before Sending Packet to Server1
When looking at problems with hosts, you can and should check the DNS settings to find
out what DNS server addresses the host tries to use. At the same time, the user at the host
can make the host try to use DNS. For example:
Open a web browser and type in the name of the web server. DNS resolves the name
that sits between the // and the first /.
Use a command like nslookup hostname, supported on most PC OSs, which sends a
DNS Request to the DNS server, showing the results.
Example Q-14 shows an example of the nslookup command that confirms that the hosts
Domain Name System (DNS) server is set to 209.18.47.61, with the end of the output show-
ing that the DNS request worked.
Example Q-14 nslookup Command (Mac)
Wendell-Odoms-iMac: wendellodom$ nslookup www.certskills.com
Server: 209.18.47.61
Address: 209.18.47.61#53
Non-authoritative answer:
www.certskills.com canonical name = certskills.com.
Name: certskills.com
Address: 173.227.251.150
And as a brief aside, note that routers and switches do have some settings related to DNS.
However, these router and switch DNS settings only allow the router or switch to act as
a DNS resolver (client). That is, the router and switch will use DNS messages to ask the
DNS server to resolve the name into its matching IP address. The commands to configure
Appendix Q: Topics from Previous Editions 21
how a router or switch will resolve host names into their matching addresses (all global
commands) are
ip name-server server_IP: Configure the IP addresses of up to six DNS servers in this
one command.
ip host name address: Statically configure one name and matching IP address on this one
router or switch. The local router/switch will use this IP address only if a command refers
to the name.
no ip domain-lookup: Disable the DNS resolver function so that the router or switch
does not attempt to ask a DNS server to resolve names. (The ip domain-lookup com-
mand, a default setting, enables the router to use a DNS server.)
NOTE The content in this section did not appear in prior editions. It was planned for a
prior edition and was not included for space. It is included here for those who may care.
First, IOS can tell when the order of the statements could be changed for faster internal
ACL processing, without changing the logic of the ACL. Sometimes, the order cannot be
changed, and sometimes it can. Generally, the less overlap between the statements in the
ACL, the more likely IOS can and will reorder the ACL.
As an example, consider the first three lines of ACL anyorder in Example Q-15. Each ACE
matches one host.
Example Q-15 Example of IOS Reordering the ACEs in an ACL
R1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# ip access-list standard anyorder
R1(config-std-nacl)# permit 9.9.9.1
R1(config-std-nacl)# permit 9.9.9.2
R1(config-std-nacl)# permit 9.9.9.3
R1(config-std-nacl)# ^Z
R1#
22 CCENT/CCNA ICND1 100-105 Official Cert Guide
You could reorder the ACEs in the ACL in Example Q-15 and any other order would work
the same way, because the matching logic does not overlap between the three statements.
And because a reordering of these three ACEs would have no impact, IOS takes advantage
of that fact and reorders the ACEs in the ACL. But why?
Cisco IOS examines and optimizes each ACL based on the routers internal search algorithm
when matching packets against the ACL. Cisco does not say much about the particulars of
the internal algorithms. But more importantly, IOS only changes the order to optimize the
search if that change has no impact on the ACL. Summarizing:
IOS may change the order of comparison for ACEs in an ACL, but only if that change
does not impact the decision (the match) made by the ACL.
Continuing the example in Example Q-15, the person who created that ACL could have
listed the individual ACEs in any order without changing the logic. However, as typed into
configuration mode, the statements in that ACL have a specific order. IOS may prefer a dif-
ferent order. Example Q-16 shows excerpts from two show commands that shows how IOS
reordered the sequence to optimize its own internal processing.
Example Q-16 Evidence of Reordering That Does Not Impact the ACL Decision
R1# show access-list anyorder
Standard IP access list anyorder
10 permit 9.9.9.1
30 permit 9.9.9.3
20 permit 9.9.9.2
When IOS reorders for internal processing, the literal order in the output of the show
commands tells us the order IOS will use. For example, in this case, IOS will compare the
statement with 9.9.9.1 first, then 9.9.9.3, and then 9.9.9.2. However, note that the ACL line
numbers for each ACE did not change.
As one final comparison, when ACE matching logic overlaps, the order of the ACEs is
important and IOS does not change the order. Example Q-17 shows an example. The ACL
uses ACEs that match three overlapping groups: host 9.9.9.9, all addresses that begin 9.9.9,
and all addresses that begin 9.9. Because these address ranges overlap, any reordering among
these three ACEs would change the logic of the ACL. Notice that the show access-lists
command at the end of the example confirms that IOS did not change the order of these
ACEs; the order of lines in the output tells us the order IOS will use to process the ACL.
Example Q-17 ACL Example That Does Not Allow IOS to Reorder
R1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# ip access-list standard thisorderonly
Appendix Q: Topics from Previous Editions 23
NOTE The content under the heading NAT Overload (PAT) on Consumer Routers was
most recently published for the 100-101 Exam in 2013, in Chapter 24 of the CCENT/CCNA
ICND1 100-101 Official Cert Guide. This short topic focuses on how consumer routers
do NAT.
24 CCENT/CCNA ICND1 100-105 Official Cert Guide
LAN WAN
To
ISP
LAN Switch Router Cable Modem
DHCP DHCP
A Server Client
Use 192.168.1.1
Use 200.1.1.249
B
Use 192.168.1.2
Router
ISP
Figure Q-8 Consumer Router as DHCP Server on LAN, DHCP Client on WAN
NOTE To make an enterprise-class router act like the router in Figure Q-8, on the WAN
port, use the ip address dhcp interface subcommand. This command simply tells the router
to learn its own interface IP address with DHCP. The DHCP server configuration would use
the same commands detailed in Chapter 20, DHCP and IP Networking on Hosts.
Appendix Q: Topics from Previous Editions 25
By using DHCP on both the LAN and the WAN sides, a consumer router has created a
perfect match of IP addresses to use PAT. The computers on the LAN all have private IP
addresses, and the one WAN port has a public IP address. All the consumer router has to do
is enable PAT, with the LAN side of the router as the NAT inside and the WAN port on the
NAT outside, as shown in Figure Q-9.
DHCP DHCP
NAT Inside Server Client NAT Outside
A
ISP
B Router
NOTE The content under the heading Dynamic Routes with OSPFv3 was most recent-
ly published for the 100-101 Exam in 2013, in Chapter 29 of the CCENT/CCNA ICND1
100-101 Official Cert Guide. This short topic focuses on using OSPF to learn IPv6 routes.
Next, consider the development of the original IPv6 protocols, back in early to mid 1990s.
Beyond IPv6 itself, many other protocols needed to be updated to make IPv6 work: ICMP,
TCP, UDP, and so on, including OSPF. When a working group updated OSPF to support
IPv6, what did they call it? OSPFv3, of course.
Interestingly, OSPFv3 supports advertising IPv6 routes but not IPv4 routes. So, OSPFv3
does not attempt to add IPv6 support to the existing OSPFv2. Although the protocols share
many similarities, think of OSPFv2 and OSPFv3 as different routing protocols: one for IPv4
routes (OSPFv2) and one for IPv6 routes (OSPFv3).
Because OSPFv3 advertises IPv6 routes, and only IPv6 routes, an enterprise network that
uses a dual-stack strategy actually needs to run both OSPFv2 and OSPFv3 (assuming they
use OSPF at all). Are their underlying concepts very similar? Yes. However, each router
would run both an OSPFv2 and OSPFv3 routing protocol process, with both processes
forming neighbor relationships, both sending database updates, and both calculating routes.
So, a typical migration from an OSPFv2, IPv4-only enterprise network, to instead support a
dual-stack IPv4/IPv6 approach (running both IPv4 and IPv6 on each host/router), would use
these basic steps:
Other routing protocols followed a similar progression for updates to support IPv6,
although with more unusual names. In the case of Routing Information Protocol (RIP), RIP
has two versions that support IPv4, with the expected names of RIP version 1 (RIPv1) and
RIP version 2 (RIPv2). To support IPv6, a working group created a new version of RIP,
called RIP next generation (RIPng), with the name chosen in reference to the Star Trek TV
series. (Yep.) Enhanced Interior Gateway Routing Protocol (EIGRP), as a Cisco-proprietary
routing protocol, has always been known simply as EIGRP. However, to make discussions
easier, some documents refer to EIGRP IPv4 support as EIGRP, and EIGRP for IPv6 as
EIGRPv6.
Table Q-4 summarizes the terminology for these main three interior IP routing protocols.
keeps getting longer, because the protocols do have many similarities. The following list
notes many of the similarities for the features of OSPFv2 and OSPFv3:
Both are link-state protocols.
Both use the same area design concepts and design terms.
Both require that the routing protocol be enabled on an interface.
Once enabled on an interface, both then attempt to discover neighbors connected to the
data link connected to an interface.
Both perform a check of certain settings before a router will become neighbors with
another router. (The list of checks is slightly different between OSPFv2 and OSPFv3.)
After two routers become neighbors, both OSPFv2 and OSPFv3 proceed by exchanging
the contents of their link-state databases (LSDB)the link-state advertisements (LSA)
that describe the network topologybetween the two neighbors.
After all the LSAs have been exchanged, both OSPFv2 and OSPFv3 use the shortest path
first (SPF) algorithm to calculate the best route to each subnet.
Both use the same metric concept, based on the interface cost of each interface, with the
same default cost values.
Both use LSAs to describe the topology, with some differences in how LSAs work.
The biggest differences between OSPFv3 and the older OSPFv2 lay with internals and con-
figuration. OSPFv3 changes the structure of some OSPF LSAs; however, these differences
do not sit within the scope of this book. OSPFv3 uses a more direct approach to configura-
tion, enabling OSPFv3 on each interface using an interface subcommand.
For later comparison to OSPFv3 configuration, Figure Q-10 shows the structure of the
Q
configuration for OSPFv2. It shows the fact that the OSPFv2 network subcommanda
subcommand in router configuration moderefers to the IPv4 address on an interface,
which then identifies the interface on which OSPFv2 should be enabled. In other words, the
OSPFv2 configuration does not mention the interface directly.
Configuration
OSPF Mode:
router ospf 1 Define Process ID
router-id 1.1.1.1 Set Router ID (Optional)
(Indirectly) Enable OSPF Process
on the Interface
network 10.0.0.0 0.255.255.255 area 0
Define Area Number
ospf process-id area area-id interface subcommand, as shown in Figure Q-11. This com-
mand enables the listed OSPFv3 process on that interface and sets the OSPFv3 area.
Configuration
OSPF Mode:
ipv6 router ospf 1 Define Process ID
router-id 1.1.1.1 Set Router ID (Optional)
Interface Mode:
interface S0/0/0 Direct!
(Directly) Enable OSPF Process
on the Interface
ipv6 ospf 1 area 0
NOTE Cisco IOS actually supports configuration of OSPFv2 using the same style of com-
mands shown for OSPFv3 in Figure Q-11 as well. IOS supports only the new, more direct
configuration style for OSPFv3, as shown in the figure.
Now that you have a general idea about the similarities and differences between OSPFv3
and OSPFv2, the rest of this section shows examples of how to configure and verify
OSPFv3.
Interestingly, OSPFv3 also uses a 32-bit RID, using the exact same rules as OSPFv2. The
number is typically listed in dotted-decimal notation (DDN). That is, OSPFv3, which sup-
ports IPv6, has a router ID that looks like an IPv4 address.
Using the same RID selection rules for OSPFv3 as for OSPFv2 leaves open one unfortunate
potential misconfiguration: A router that does not use the OSPFv3 router-id command, and
does not have any IPv4 addresses configured, cannot choose a RID. If the OSPFv3 process
does not have an RID, the process cannot work correctly, form neighbor relationships, or
exchange routes.
This problem can be easily solved. When configuring OSPFv3, if the router does not have
any IPv4 addresses, make sure to configure the RID using the router-id router subcommand.
Beyond that one small issue, the OSPFv3 configuration is relatively simple. The following
list summarizes the configuration steps and commands for later reference and study, with
examples to follow:
Step 1. Create an OSPFv3 process number and enter OSPF configuration mode for
that process, using the ipv6 router ospf process-id global command.
Step 2. Ensure that the router has an OSPF router ID, through either
A. Configuring the router-id id-value router subcommand
B. Preconfiguring an IPv4 address on any loopback interface whose line
status is up
C. Preconfiguring an IPv4 address on any working interface whose line sta-
tus is up
Step 3. Configure the ipv6 ospf process-id area area-number command on each
interface on which OSPFv3 should be enabled, to both enable OSPFv3 on the Q
interface and set the area number for the interface.
Area 0
Subnet 1 Subnet 4 Subnet 2
2001:DB8:1111:1:: /64 2001:DB8:1111:4:: /64 2001:DB8:1111:2:: /64
S0/0/0 S0/0/1
A G0/0 ::1 ::2 G0/0 B
::1 R1 R2 ::2
::1
S0/0/1
::3
G0/0 C
S0/0/0
R3 ::3
Subnet 5
2001:DB8:1111:5:: /64
All interfaces will be in area 0, so all the ipv6 ospf process-id area area-number com-
mands will refer to area 0.
Each router uses a different OSPF process ID number, just to emphasize the point that
the process IDs do not have to match on neighboring OSPFv3 routers.
Each router sets its router ID directly with the router-id command to an obvious number
(1.1.1.1, 2.2.2.2, and 3.3.3.3 for R1, R2, and R3, respectively).
The routers do not use IPv4.
To begin, Example Q-18 shows an excerpt from R1s show running-config command before
adding the OSPFv3 configuration with the ipv6 unicast-routing command, plus an ipv6
address command on each interface.
Example Q-18 R1 IPv6 Configuration Reference (Before Adding OSPFv3
Configuration)
ipv6 unicast-routing
!
interface serial0/0/0
no ip address
ipv6 address 2001:db8:1111:4::1/64
!
interface serial0/0/1
no ip address
ipv6 address 2001:db8:1111:5::1/64
!
interface GigabitEthernet0/0
no ip address
ipv6 address 2001:db8:1111:1::1/64
Example Q-19 begins to show the OSPFv3 configuration, starting on Router R1. Note that
at this point, Router R1 has no IPv4 addresses configured, so R1 cannot possibly choose an
OSPFv3 RID; it must rely on the configuration of the router-id command. Following the
example in sequence, the following occurs:
Step 1. The engineer adds the ipv6 router ospf 1 global command, creating the
OSPFv3 process.
Step 2. The router tries to allocate an OSPFv3 RID and fails, so it issues an error mes-
sage.
Step 3. The engineer adds the router-id 1.1.1.1 command to give R1s OSPFv3 process
an RID.
Step 4. The engineer adds ipv6 ospf 1 area 0 commands to all three interfaces.
When looking at the configuration on a single OSPFv3 router, only two other types of
parameters can be an issue: the OSPF process ID and the area number. When checking an
OSPFv3 configuration for errors, first check the process ID numbers and make sure that all
the values match on that router. For example, the ipv6 router ospf process-id commands
process ID should match all the ipv6 ospf process-id interface subcommands. The other
value, the area number, simply needs to match the planning diagram that shows which inter-
faces should be in which area.
When comparing two neighboring routers, some parameters must match or the routers will
not become neighbors. Troubleshooting these kinds of problems sits within the scope of
the 200-101 ICND2 exam, not the 100-101 ICND1 exam. However, the one big difference
between OSPFv2 and OSPFv3 in this neighbor checklist is that OSPFv3 neighbors do not
have to have IPv6 prefixes (subnets) or prefix lengths that match. Otherwise, OSPFv3 neigh-
bors must match with items such as both routers being in the same area, having the same Q
Hello interval and the same dead interval.
Example Q-20 shows a completed configuration for Router R2. In this case, Router R2
uses a different OSPF process ID than R1; the process IDs on neighbors do not have to
match with OSPFv2 or OSPFv3. R2 creates its OSPFv3 process (2), sets its RID (2.2.2.2),
and enables OSPFv3 on all three of its interfaces with the ipv6 ospf 2 area 0 interface
subcommand.
Example Q-20 Complete IPv6 Configuration, Using OSPFv3, on Router R2
ipv6 unicast-routing
!
ipv6 router ospf 2
router-id 2.2.2.2
!
interface serial0/0/1
ipv6 address 2001:db8:1111:4::2
ipv6 ospf 2 area 0
!
interface GigabitEthernet0/0
ipv6 address 2001:db8:1111:2::2
ipv6 ospf 2 area 0
32 CCENT/CCNA ICND1 100-105 Official Cert Guide
Interestingly, passive interface configuration works the same for both OSPFv2 and OSPFv3.
For example, in the configuration example based on Figure Q-12, only R1 connects to the
LAN subnet on the left side of the figure, so R1s G0/0 interface could be made passive to
OSPFv3. To do so, the engineer could add the passive-interface gigabitethernet0/0 sub-
command in OSPFv3 configuration mode on Router R1.
This section happens to mention a wide variety of OSPFv3 show commands that have a
matching and similar OSPFv2 show command. Table Q-5 lists these show commands for
easier reference and study.
NOTE Note that all the OSPFv3 commands use the exact same commands as those for
IPv4, except they use ipv6 instead of the ip parameter.
The highlights toward the end of Example Q-21 give some hints about the rest of the
configuration but not enough detail to list every part of the remaining OSPFv3 configura-
tion. The highlighted lines mention three interfaces are in this area and that the area is
backbone area 0. All these messages sit under the heading line at the top of the example,
for OSPFv3 process 1. These facts together tell us that this router (R1) uses the following
configuration:
Interface subcommand ipv6 ospf 1 area 0.
The router uses this interface subcommand on three interfaces.
However, the show ipv6 ospf command does not identify the interfaces on which OSPFv3
is working. To find those interfaces, use either of the two commands in Example Q-22.
Focusing first on the show ipv6 ospf interface brief command, this command lists one line
for each interface on which OSPFv3 is enabled. Each line lists the interface, the OSPFv3
process ID (under the heading PID), the area assigned to the interface, and the number of
OSPFv3 neighbors (Nbrs heading) known out that interface.
Example Q-22 Verifying OSPFv3 Interfaces
R1# show ipv6 ospf interface brief
Interface PID Area Intf ID Cost State Nbrs F/C
Gi0/0 1 0 3 1 DR 0/0
Se0/0/1 1 0 7 64 P2P 1/1
Se0/0/0 1 0 6 64 P2P 1/1
NOTE Just as with the show ip ospf interface brief command, the show ipv6 ospf
interface brief command lists both nonpassive and passive OSPFv3 interfaces.
Appendix Q: Topics from Previous Editions 35
The second half of the output in Example Q-22, listing the show ipv6 protocols com-
mand, lists information about every source of IPv6 routes on the router. This command
lists noticeably less detail about OSPFv3 than the show ip protocol command lists about
OSPFv2. However, both commands list the interfaces on which OSPFv3 is enabled.
Both of the commands in Example Q-22 give enough information to predict that this router
(R1) has an ipv6 ospf 1 area 0 subcommand under three interfaces: G0/0, S0/0/0, and S0/0/1.
R1 R2
R3 Q
RID 3.3.3.3
Before speeding along to the next topic, take a moment to look again at the output in
Example Q-23. Do you see anything in the output that makes you think of IPv6 instead of
IPv4? OSPFv3 uses 32-bit RIDs, listed in dotted-decimal notation, and it lists the IPv6 inter-
face ID, as opposed to the full IPv4 address, in the fifth column of output.
The example shows three lines of data under the heading lines in the section titled Router
Link States. This section shows data about the Type 1 Router LSAs. In that section, the
heading ADV Router refers to the router that advertised the LSA. In this case, R1 (RID
1.1.1.1) knows its own Type 1 LSA, plus R2s (RID 2.2.2.2) and R3s (RID 3.3.3.3).
FE80::FF:FE00:1 S0/0/1
A B
R1 R2
C
R3
O 2001:DB8:1111:1::/64 [110/65]
via FE80::FF:FE00:1, Serial0/0/1
Q
O 2001:DB8:1111:5::/64 [110/65]
via FE80::FF:FE00:3, GigabitEthernet0/0