Beruflich Dokumente
Kultur Dokumente
Configuration for
CCNA Students
By
Eng. Abeer Hosni
https://www.facebook.com/groups/1720572871550995/
Lab 1 (Basic Configuration):
R1(config)#int f0/0
R1(config-if)#no shutdown
R1(config-if)#int loop 1
R2(config)#int f0/1
R2(config-if)#no shutdown
R2(config-if)#int loop 2
R1#show ip protocol
R1(config)#router rip
R1(config-router)#network 10.0.0.0
R1(config-router)#network 1.0.0.0
R2(config)#router rip
R2(config-router)#network 10.0.0.0
R2(config-router)#network 2.0.0.0
To verify:
R1#show ip route
<Output omitted>
R1#ping 2.2.2.2
!!!!!
<Output omitted>
Notice that the update time shouldn’t exceed 30 sec and if it exceeds that time, this is an
indicator of a problem in the update between the two routers.
R1#show ip protocol
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
FastEthernet0/0 1 12
Loopback1 1 12
Maximum path: 4
1.0.0.0
10.0.0.0
Notice that the default is sending RIP v1 and receive any version. To hard code the
configuration to send and receive version 1 only:
R1(config)#router rip
R1(config-router)#version 1
Notice that the router now sends and receives version 1 only.
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
FastEthernet0/0 1 1
Loopback1 1 1
Maximum path: 4
1.0.0.0
10.0.0.0
This may cause a problem as version 1 and version 2 is not compatible with each other.
R2(config)#router rip
R2(config-router)#version 2
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
FastEthernet0/1 2 2
Loopback2 2 2
Maximum path: 4
2.0.0.0
10.0.0.0
<Output omitted>
Notice that the timer is more than 30 sec. After 180 sec, the invalid after timer the network is
still in the routing table but is possibly down.
R1#show ip route
<Output omitted>
After 240 sec, the flush timer from the beginning (60 sec more), the network is completely
flushed of the routing table.
R1#show ip route
<Output omitted>
R1#debug ip rip
R1#u all
All possible debugging has been turned off
R2#debug ip rip
May 13 12:02:46.619: RIP: ignored v2 packet from 2.2.2.2 (sourced from one of our addresses)
R2#u all
Notice that RIP version 1 sends its update using the broadcast address 255.255.255.255, and
RIP version 2 sends its update using the multicast address 224.0.0.9.
If we configure R1 to use the default which is sending version 1 and receive any version, and
hard code R2 to use version 2, R1 will receive all the updates from R2 but R2 will not accept any
updates from R1.
R1(config)#router rip
R1(config-router)#no version
R2(config)#router rip
R2(config-router)#version 2
<Output omitted>
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R1#show clock
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string CCNA
R1(config-keychain)#key 2
R1(config-keychain-key)#key-string CCNP
R1(config-keychain-key)#int f0/0
Key-chain CISCO1:
accept lifetime (00:00:00 UTC Jan 1 2014) - (00:00:00 UTC Jun 1 2014) [valid now]
send lifetime (00:00:00 UTC Jan 1 2014) - (00:00:00 UTC Jun 1 2014) [valid now]
Note: The key chain name is locally significant, meaning it doesn’t have to match on both
routers. The key ID is locally significant if we use the clear text mode, but must match if we use
the MD5 mode. The key string obviously must match.
Now R2 can’t see the updates from R1 as we haven’t configured the authentication on R2 yet.
And to figure out the problem, we will run the debug on R2.
R2#debug ip rip
May 13 11:29:45.803: RIP: ignored v2 packet from 2.2.2.2 (sourced from one of our addresses)
R2#u all
R2(config-keychain)# key 1
R2(config-keychain-key)# key 2
R2(config-keychain-key)#int f0/1
Now we will run debug again to see the problem with clear text authentication:
R2#debug ip rip
R2#u all
All possible debugging has been turned off
And if we run wire shark to capture the traffic between R1 and R2, we will see the key.
Now we will run the more secured mode of authentication which is MD5.
R1(config)#int f0/0
Notice that clear text authentication and MD5 authentication is not compatible with each
other.
R2#debug ip rip
R2#u all
R2(config)#int f0/1
<Output omitted>
R2#debug ip rip
RIP protocol debugging is on
R2#u all
We will run wire shark to capture the traffic between the two routers.
Lab 3 (RIP Equal Cost Load Balance):
We will maximize the previous lab to use three routers instead of only two routers.
R1(config)#int f0/1
R1(config-if)#no shutdown
R1(config-if)#router rip
R1(config-router)#network 11.0.0.0
R2(config)#int f0/0
R2(config-if)#no shutdown
R2(config-if)#router rip
R2(config-router)#network 12.0.0.0
R3(config)#int f0/0
R3(config-if)#no shutdown
R3(config-if)#int f0/1
R3(config-if)#no shutdown
R3(config-if)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 11.0.0.0
R3(config-router)#network 12.0.0.0
<Output omitted>
Notice that R1 can see the 12.0.0.0 network using two paths, via 11.0.0.3 and via 10.0.0.2, as there
is a tie in the administrative distance which is 120, and there is a tie also in the metric value
which is 1. This is called Equal Cost Load Balance.
To verify:
R1#traceroute 12.0.0.2
11.0.0.3 44 msec
R1#traceroute 12.0.0.3
1 10.0.0.2 80 msec
11.0.0.3 96 msec
10.0.0.2 56 msec
R1#show ip protocol
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
FastEthernet0/0 2 2
FastEthernet0/1 2 2
Loopback1 2 2
Maximum path: 4
1.0.0.0
10.0.0.0
11.0.0.0
By default the RIP routing protocol supports four paths to use in equal cost load balance. But this
can be changed under the RIP process.
R1(config)#router rip
R1(config-router)#maximum-path ?
Notes:
Passive interface command
-Used to prevent a router from sending updates through an interface
-Example:
Router(config-router)#passive-interface interface-type interface-number
Default-information originate command
-This command is used to specify that the router is to originate default information, by
propagating the static default route in RIP update. (Will be discussed later in OPSF routing
protocol)
Lab 4 (Floating Static Route):
Floating Static Routs means that we change the default Administrative Distance of the static
routing from 1 to a higher value. We will configure R1 to see the 2.2.2.2/32 network using RIP
and static routing. The default is that R1 will see that network using static routing via R2 serial
1/1 interface as static routing has a lower Administrative Distance, But we will change that and
increase the Administrative Distance of static routing, so that R1 will see the network 2.2.2.2/32
using RIP routing protocol as it has a higher scalability.
R1(config)#int f0/0
R1(config-if)#no shutdown
R1(config-if)#int s1/0
R1(config-if)#no shutdown
R1(config-if)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 10.0.0.0
R2(config)#int f0/0
R2(config-if)#no shutdown
R2(config-if)#int s1/1
R2(config-if)#no shutdown
R2(config-if)#int loop 2
R2(config-if)#router rip
R2(config-router)#network 10.0.0.0
R2(config-router)#network 2.0.0.0
R2(config-router)#version 2
R2(config-router)#no auto-summary
R3(config)#int f0/0
R3(config-if)#no shutdown
R3(config-if)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 10.0.0.0
Now we will configure R1 to see the 2.2.2.2/32 network using static route but will increase the
Administrative Distance value.
To verify:
R1#show ip route
<Output omitted>
Now R1 sees the 2.2.2.2/32 using RIP as it has a lower Administrative Distance AD.
R1(config)#int f0/0
R1(config-if)#shutdown
R1#show ip route
<Output omitted>
Immediately R1 changes its path to reach the 2.2.2.2/32 network using the static route. And
when the interface f0/0 comes up again it will use it to reach the 2.2.2.2/32 network.
R1(config)#int f0/0
R1(config-if)#no shutdown
<Output omitted>
R1#traceroute 2.2.2.2
Best Wishes
Abeer