Beruflich Dokumente
Kultur Dokumente
DE COMANDOS CISCO
Guía de comandos de Cisco desde Básico hacia Avanzado, con este
manual usted podrá encontrar ejemplos al más alto nivel de expertos en
configuraciones CISCO
Contenido
Comandos Básicos ...............................................................................................................9
Copiar el Running config al Startup ...............................................................9
Ver la configuración ..................................................................................................9
Habilitar CDP .............................................................................................................10
Habilitar CDP por interfaz ..............................................................................10
Monitorear y mantener CDP ....................................................................................10
LLDP ......................................................................................................................................10
Habilitar LLDP ..........................................................................................................10
Show Commands .............................................................................................................10
Cambiar el nombre al Router o Switch ..........................................................10
Configurar enlaces WAN SERIALES ......................................................................10
Configurar interfaces fastethernet ...............................................................11
Mensajes no solicitados de iOS.........................................................................11
Configurar Mensaje de Ingreso a los router o switchs .....................11
Configurar PoE ..............................................................................................................11
Contraseñas .........................................................................................................................11
Consola ...............................................................................................................................11
Telnet .................................................................................................................................11
SSH ........................................................................................................................................12
MTU ...........................................................................................................................................13
IPv4 ........................................................................................................................................13
IPv6 ........................................................................................................................................13
NAT ............................................................................................................................................13
Static NAT ........................................................................................................................13
Configurando Dynamic NAT .......................................................................................13
Configurar PAT OVERLOAD .........................................................................................14
Clear Commands ..............................................................................................................15
Troueblesooting ............................................................................................................15
DHCP ..........................................................................................................................................15
Configurar DHCP ............................................................................................................15
Configurando IP-Helper Address.........................................................................16
Troublesooting ..............................................................................................................16
1
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
IP SLA .....................................................................................................................................17
Configurar IP SLA .......................................................................................................17
Troubleshooting ............................................................................................................17
SNMP ..........................................................................................................................................18
SNMPv2c ...............................................................................................................................18
Configurar SNMPv2c Support for Trap and Inform ...................................18
Troubleshooting ............................................................................................................18
SNMPv3 .................................................................................................................................19
Administrando archivos IOS ......................................................................................20
Actualizando imágenes IOS ....................................................................................20
Copiando imágenes con TFTP ..................................................................................20
Verificando integridad de IOS con MD5 ........................................................20
Copiando imágenes con FTP ....................................................................................21
Copiando imágenes con SCP ....................................................................................22
Copiar un archivo en una unidad USB .............................................................23
Configuración tradicional de backup y restauración con el
comando copy ...................................................................................................................23
Alternativas para la configuración de Backup y la restauración
de manera automática ................................................................................................23
Borrando Archivos de Configuración ...............................................................23
Comandos Antiguos ...................................................................................................23
Comandos Nuevos ........................................................................................................24
Troubleshooting ............................................................................................................24
Administración de las licencias de IOS ......................................................24
Activación manual de licencias IOS ...........................................................24
Licencias de Derecho de Uso (60 días) ........................................................27
Troubleshooting ............................................................................................................27
Access Control List (ACL) ........................................................................................27
ACL Standars ...............................................................................................................27
Borrar Access List .....................................................................................................29
Opción de Host ..............................................................................................................30
Rangos de Access List ..............................................................................................30
Extended Access Lists ..............................................................................................31
2
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Named ACLs ........................................................................................................................32
Criterio de ubicación de la ACL Extendidas ............................................34
Colocando Estándar Acess List ...........................................................................35
Restricción del acceso de terminal virtual a un router ................36
IPV6 ACL ............................................................................................................................36
Verificar IPv6 ACLs...............................................................................................40
Configurar Rutas Estáticas ......................................................................................40
Borrar rutas estáticas ...........................................................................................41
Configurar rutas por defecto .................................................................................41
Debug .......................................................................................................................................41
Uso de enrutamiento de IP de depuración ...................................................41
Protocolos de Enrutamiento ......................................................................................41
Classfull ..........................................................................................................................41
Classless ..........................................................................................................................41
IPv6 ......................................................................................................................................41
Distancia Administrativa .......................................................................................41
Verificando distancia administrativa y tipo de Protocolo ...........42
RIPv1 ...................................................................................................................................42
Configurando RIPv1 .................................................................................................42
Verificación y solución de problemas ......................................................42
Configurar Passive Interface .........................................................................42
Desabilitando Automatic Summarization ....................................................42
Configurar Default-Information Originate .............................................43
RIPv2 ...................................................................................................................................43
Configurando RIPv2 .................................................................................................43
Verificación y solución de problemas ......................................................43
Desabilitando Automatic Summarization ....................................................43
Configurar Default-Information Originate .............................................43
Configurar Passive Interface .........................................................................43
Verificando actualizaciones ............................................................................43
EIGRP (Distance Vector Protocol) ....................................................................43
Enabling EIGRP Routing .......................................................................................44
EIGRP Interface commands ...................................................................................44
3
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Miscellaneous .............................................................................................................44
Show commands .............................................................................................................44
Modificar la métrica EIGRP ..............................................................................45
Configurando Hello Intervals and Hold Times ......................................45
Troubleshooting ............................................................................................................45
Dirección muticast .....................................................................................................46
OSPF (Link-state routing protocol) ...............................................................46
Configuring OSPF Routing ...................................................................................46
Prioritizing the DR (Router ID) ..................................................................46
Show commands .............................................................................................................46
Timers .............................................................................................................................47
Miscellaneous .............................................................................................................47
Referencia rápida: OSPF Routing - Multiple Areas ........................47
Configuring OSPF Routing ...................................................................................48
OSPF Routing - Area Range (Summarization) ...........................................49
Troubleshooting .................................................................................................................49
IPv6 ..........................................................................................................................................50
Comando para habilitar IPv6................................................................................50
Configurando direcciones de 128 bits ..........................................................50
Troubleshooting ........................................................................................................50
Generando interface única ID usando EUI-64 Modificado ..................51
Configurando IPv6 interfaces usando EUI-64 ............................................52
Configuración de dirección Dynamic Unicast ............................................52
Configurando y Verificando Anycast Address ............................................52
Troubleshooting ............................................................................................................53
Configurando IPv6 DHCP Relay .............................................................................53
Configurando rutas Estaticas con IPv6 ........................................................53
Configurando Rutas por Defecto.........................................................................54
Configurando Rutas por Defecto con SLAAC sobre las interfaces
del Router ........................................................................................................................54
Troubleshooting para Rutas Estaticas ..........................................................54
RIPNG ...................................................................................................................................55
Configurando RIPng .................................................................................................55
4
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Propagando Default Route ...................................................................................55
EIGRP for IPv6 ..............................................................................................................56
Dirección de Multicast .......................................................................................56
Show commands .............................................................................................................56
Sumarizacion Manual...............................................................................................56
Configuración de EIGRP for IPv6 ..................................................................56
OSPF V3 .............................................................................................................................101
Show Commands ...........................................................................................................101
Configurando Interfaces ...................................................................................101
RADIUS Server...................................................................................................................129
Show Commands...............................................................................................................129
Dialer Interface ...........................................................................................................129
Switching ............................................................................................................................130
VLANS .................................................................................................................................130
Crear un Vlan ...........................................................................................................130
Configuración de un Puerto Troncal .........................................................130
Configurando Puertos de Acesso...................................................................130
Configurar VLAN ......................................................................................................131
Asignando un Puerto a una VLAN...................................................................131
Borrando VLANs ........................................................................................................131
Configurando VLAN Nativa .................................................................................131
Configurando Private Vlans ............................................................................131
Configurando Asociaciones de puertos en PVlans .............................132
Troubleshooting ......................................................................................................132
Vlan de Voz ...................................................................................................................132
Switchport voice vlan none ............................................................................133
Switchport voice vlan dot1p ..........................................................................133
Switchport voice vlan untagged...................................................................133
Switchport voice vlan vvid (opción recomendada)...........................133
VTP ......................................................................................................................................133
Configurando Dominios ........................................................................................133
Configurando el servidor y cliente .........................................................133
Configurando VTP Pruning .................................................................................133
5
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
EtherChannel .................................................................................................................133
Configurando EtherChannel Load Balancing ...........................................133
Asignando puertos y configurando el protocolo ...............................134
Configurando metodos en Pagp .......................................................................134
Configurando LACP .................................................................................................134
Troubleshooting ......................................................................................................135
Spanning tree (STP) ................................................................................................135
Configurando STP....................................................................................................135
Configurando un Root Bridge ..........................................................................135
Cambiar el Root Bridge .....................................................................................135
Configurando PortFast ........................................................................................135
Configuración de BPDU GUARD ..........................................................................136
Configuración de Root Guard ..........................................................................136
Implementar PVST....................................................................................................136
Implementar PVST+ .................................................................................................136
Implementar Multiple Spanning Tree Protocol (MSTP) ...................137
Troubleshooting ......................................................................................................137
DHCPv6 ...............................................................................................................................138
Troublesooting ........................................................................................................139
WAN ..........................................................................................................................................140
Comandos PPP .................................................................................................................140
Configurar PPP ........................................................................................................140
Verificación de PPP.............................................................................................140
Configuración de la autenticación (PAP o CHAP) .............................141
Configuring PPP Multilink (MLP) ................................................................142
Error Detection ......................................................................................................143
Troubleshooting ......................................................................................................143
BGP ......................................................................................................................................144
Configuración de EBGP ........................................................................................145
Configurar rutas de descarte .......................................................................145
Show Commands ...........................................................................................................145
Estado vecino con el Neighbor Shut Down .............................................145
Alta disponibilidad ....................................................................................................145
6
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
HSRP ....................................................................................................................................145
Configuración HSRP Switchs ............................................................................145
Autenticación texto plano ..............................................................................146
Autenticación MD5 .................................................................................................146
Configurando HSRP Interface Tracking ....................................................146
Configuración HSRP Routers ............................................................................147
Configurar HSRP Interface Tracking .........................................................148
Diferencias entre HSRPv1 y HSRPv2............................................................148
Troubleshooting ......................................................................................................148
VRRP (Virtual Router Redundancy Protocol).............................................149
GBLP ....................................................................................................................................149
Configurar GBLP ......................................................................................................149
GLBP Interface Tracking ...................................................................................150
Netflow IOS .......................................................................................................................150
SPAN ........................................................................................................................................150
Configurar Local SPAN ............................................................................................150
Configurar SPAN ..........................................................................................................151
Troubleshooting ..........................................................................................................151
Seguridad ............................................................................................................................152
Switch Security ..........................................................................................................152
BPDU GUARD ..................................................................................................................152
Root Guard ..................................................................................................................152
Port Security ...........................................................................................................153
Troubleshooting Port security .....................................................................153
DHCP SNOOPING ...........................................................................................................154
IP Source Guard ......................................................................................................155
Troubleshooting DHCP SNOOPING .....................................................................155
Prevencion de ARP Spoofing ................................................................................155
Mejorando seguridad en Telnet .....................................................................156
HTTP Secure Server ...............................................................................................156
Authentication, Authorization, and Accounting (AAA) .................157
TACACS+ .........................................................................................................................157
Radius ...........................................................................................................................157
7
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Accounting ..................................................................................................................158
Security Using IEEE 802.1X Port-Based Authentication ............158
QoS ..........................................................................................................................................159
Configurando CoS trust using the IOS ........................................................159
Asignando CoS on a per-port basis ...............................................................159
Reescribiendo el CoS ..............................................................................................160
Implementing QoS for Voice ................................................................................160
Configuración de QoS para voz .........................................................................160
Auto QoS ..........................................................................................................................160
Interfaz de línea de comandos de QoS modular (CLI) .......................160
Classification of traffic – The class-map .........................................160
Definiendo the QoS policy – The policy-map ......................................161
Aplicando the policy to an interface – The service-policy ...161
IP Precedence and DSCP .........................................................................................161
Configuración de la confianza cos mediante el iOS ......................161
Asignando CoS on a per-port basis............................................................162
Rescribiendo the CoS ..........................................................................................162
Usando a MAC ACL to assign a DSCP value .............................................162
Configurando DSCP usando a MAC ACL .........................................................162
Uso de una ACL IP para definir el DSCP o la precedencia ........163
Configuración weighted fair queuing (WFQ).............................................163
Configuración Class-Based Weighted Fair Queuing ..............................164
CBWFQ Using WRED Packet Drop .......................................................................164
Low Latency Queuing (LLQ) ..................................................................................164
Multicast ............................................................................................................................165
PIM ......................................................................................................................................165
Configuración RPs .................................................................................................166
IGMP - Internet Group Management Protocol.............................................166
Configuración de las joins IGMP ................................................................166
CGMP ................................................................................................................................166
VPN ..........................................................................................................................................167
GRE ......................................................................................................................................167
IPSEC VPN ........................................................................................................................168
8
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Paso 1 Configurar las interfaces ..............................................................168
Paso 2 Configurar EIGRP ...................................................................................169
Paso 3 Crear Políticas IKE ............................................................................169
Paso 4 Configurar pre-shared keys............................................................169
Paso 5 configurar IPsec transform set Lifetimes...........................170
Paso 6 definir interesting traffic .........................................................170
Paso 7 Crear y aplicar Crypto Maps .........................................................170
Paso 8 Verificar Ipsec configuration ....................................................170
Paso 9 Verificar operación IPSEC ..............................................................170
Paso 10 Probar ........................................................................................................171
MPLS ........................................................................................................................................172
Comandos Básicos
Ver la configuración
Router# show running-config
Habilitar CDP
Switch(config)# cdp run
LLDP
Habilitar LLDP
switch(config)# lldp run
switch(config)# end
Switch(config)# interface fastethernet 5/1
Switch(config-if)# lldp enable
Show Commands
R1#show lldp neighbors
Router(config)# hostname R1
10
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R1(config-if)# no shutdown
R1(config-if)# no shutdown
R1(config-if)# no shutdown
Configurar PoE
Switch(config)# interface type mod/num
Switch(config-if)# power inline {auto [max milli-watts] | never
| static [max milli-watts]}
Ejemplo
Switch(config)# interface fastethernet 0/1
Switch(config-if)# power inline auto
Switch# show power inline fastethernet 0/1
Contraseñas
Consola
Router(config)# enable secret password privilege password
Router(config-line)# login
Telnet
Router(config)# line vty 0 4 telnet password
Router(config-line)# login
11
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
SSH
Paso 1
Paso 4
• SW1(config)#line vty 0 15
• SW1(config-line)#login local
• SW1(config-line)#exit
• SW1(config)#username wendell password odom
• SW1(config)#username chris password youdaman
Ejemplo 2
switch(config)# username xyz password abc123
switch(config)# ip domain-name xyz.com
switch(config)# crypto key generate rsa
switch(config)# ip ssh version 2
switch(config)# line vty 0 15
switch(config-line)# login local
switch(config-line)# transport input ssh
12
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
MTU
IPv4
R1(config)# interface gigabitethernet 0/0
R1(config-if)# ipv4 mtu 1400
IPv6
R1(config)# interface gigabitethernet 0/0
R1(config-if)# ipv6 mtu 1400
NAT
Static NAT
R1(config)#ip nat inside source static [inside local] [inside
global]
Ejemplo
13
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R1(config)# access-list 1 permit 10.1.0.0 0.0.255.255
R1(config)#interface ethernet 0
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#interface serial 0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)# ip nat pool nat-pool 179.9.8.80 179.9.8.95 netmask
255.255.255.0
R1(config)#ip nat inside source list 1 pool nat-pool
R1(config)#interface ethernet 0
14
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R1(config-if)#ip address 192.168.3.1 255.255.255.0
R1(config-if)#ip nat inside
R1(config)#interface ethernet 1
R1(config-if)#ip address 192.168.2.1 255.255.255.0
R1(config-if)#ip nat inside
R1(config)#interface serial 0
R1(config-if)#ip address 172.16.2.1 255.255.255.0
R1(config-if)#ip nat outside
R1(config)# access-list 1 permit 192.168.2.0 0.0.0.255
R1(config)# access-list 1 permit 192.168.3.0 0.0.0.255
R1(config)# ip nat pool nat-pool2 179.9.8.20 netmask
255.255.255.240
R1(config)# ip nat inside source list 1 interface serial 0
overload
Clear Commands
R1#clear ip nat translations
R1#clear ip nat translation inside global-ip local-ip [outside
local-ip global-ip]
R1#clear ip nat translation protocol inside global-ip global-
port local-ip local-port [outside local-ip local-port global-ip
global-ip global-port]
Troueblesooting
R1# show ip nat translations
R1# show ip nat statistics
R1# debug ip nat
DHCP
Configurar DHCP
R1(config)#ip dhcp pool pool-name
R1(config)#ip dhcp-excluded-address ip-address [end-ip-address]
R1(dhcp-config)#network ip-address mask
R1(dhcp-config)#default-router ip-adress
R1(dhcp-config)#dns-server ip-address
R1(dhcp-config)#netbios-name-server ip-address
15
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R1(dhcp-config)#domain-name name
Ejemplo
Router (config) #ip excluded-address 172.16.1.254
Router (config) dhcp pool subnet12
Router (dhcp-config)#network 172 . 16. 12.0 255.255 .255.0
Router (dhcp—config)# default-router 172.16.12.254
Router (dhcp—config)#dns-server 172. 16. 1.2
R1(dhcp-config)#netbios-name-server 172.16.1.3
Router (dhc-confi )#domain—name foo.com
RTA(config)#interface e0
RTA(config-if)#ip helper-address 192.168.1.254
Troublesooting
R1# show ip dhcp binding
16
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R1# debug ip dhcp server events
IP SLA
Configurar IP SLA
Troubleshooting
R1#show ip sla summary
R1#show ip sla configuration
R1#show ip sla statistics
R1#show ip sla history
17
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
SNMP
SNMPv2c
COMANDO EJEMPLO
R1(config)# ip access-list R1(config)#ip access list
standard [nombre_ACL] standard ACL_PROTECTSNMP
R1(config)#permit host [IP] R1(config)#permit host 10.1.3.3
¡
R1(config)#snmp-server community R1(config)#snmp-server
community string RO [IPv6 community secretROpw RO ACL_
acl_name] [acl_name] PROTECTSNMP
R1(config)#snmp-server community R1(config)#snmp-server community
community string RW RO [IPv6 secretRWpw RW ACL_ PROTECTSNMP
acl_name] [acl_name] R1(config)#snmp-server location
R1(config)#snmp-server location Atlanta
[nombre] R1(config)#snmp-server contact
R1(config)#snmp-server contact Tyler B
[nombre]
Troubleshooting
R1# show snmp community
R1# show snmp location
R1# show snmp contact
R1# show snmp host
R1# show snmp
18
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
SNMPv3
19
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Administrando archivos IOS
Actualizando imágenes IOS
1. Obtén la imagen de el sitio oficial www.cisco.com usando
http o ftp
2. Coloque la imagen dentro de su red o en algún lugar que
sea alcanzable por su router, las ubicaciones pueden ser
TFTP, FTP, SCP o una unidad de USB.
3. Coloque el comando desde el router copiando el archivo en
la memoria flash que esta permanece en la unidad de manera
permanente.
20
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
1749549056 1487929344 disk rw flash0:
R4# show flash
-#- --length-- -----date/time------ path
1 104193476 Jul 21 2015 13:38:06 +00:00 c2900-universalk9-
mz.SPA.154-3.M3.bin
3 3000320 Jul 10 2012 00:05:44 +00:00 cpexpress.tar
4 1038 Jul 10 2012 00:05:52 +00:00 +00:00 home.tar
6 1697952 Jul 10 2012 00:06:16 +00:00 securedesktop-ios-
3.1.1.45-k9.pkg
7 415956 Jul 10 2012 00:06:28 +00:00 sslclient-win-1.1.4.176.pkg
8 1153 Aug 16 2012 18:20:56 +00:00 wo-lic-1
9 97794040 Oct 10 2014 21:06:38 +00:00 c2900-universalk9-
mz.SPA.152-4.M1.bin
49238016 bytes available (207249408 bytes used)
R4# verify /md5 flash0:c2900-universalk9-m z.SPA.154-3.M3.bin
a79e325e6c498b70829d4d
................................................................
......................
................................................................
...................... .....MD5 of flash0:c2900-universalk9-
mz.SPA.154-3.M3.bin Done!
Verified (flash0:c2900-universalk9-mz.SPA.154-3.M3.bin) =
a79e325e6c498b70829d4d b0afba5041
Computadora
22
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
WO-iMac:Desktop wendellodom$ scp c2900-universalk9-mz.SPA.155-
2.T1.bin wendell@192.168.1.9:flash0:c2900-universalk9-
mz.SPA.155-2.T1.bin
Password:
c2900-universalk9-mz.SPA.155-2.T1.bin 100% 102MB 322.8KB/s
23
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Comandos Nuevos
Device# erase nvram:
Nota: no existe un comando en Cisco IOS que borre el contenido
del running-config. Para borrar el archivo de configuración usted
deberá realizar lo siguiente. Borre el archivo de configuración
de inicio, luego recargue el enrutador para que el mismo cargue
un archivo de configuración en el arranque vacío.
Troubleshooting
Device# show flash
Device# show file systems
Device# dir filesystem:
Device# dir filesystem:directory
Device# show archive
24
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted License Priority: None
Index 3 Feature: uck9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 4 Feature: datak9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium ! Lines omitted for brevity; 8 more
feature licenses available
25
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Colocar el comando show file systems y verificar que nombre de
unidad USB tiene tu equipo
Una vez identificado el nombre de la USB colocar el comando dir
filesystem:
R1# dir usbflash1:/
R1# licence install usbflash1:FTX1628838P_201302111432454180.lic
26
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Licencias de Derecho de Uso (60 días)
R1(config)# license boot module c2900 technology-package
package_name
R1(config)# license boot module c2900 technology-package
securityk9
Troubleshooting
Para verificar el estado de la licencia
R1# show version | begin Technology Package
R1# show license
R1# show licence feature
Tenga en cuenta que las Acess List deben ser aplicadas al puerto
más cercano del destino
ACL Standars
1. R1(config)# access-list access-list-number {permit | deny
} {test-condition}
2. R1(config-if)# {protocol} access-group access-list-number
Ejemplo
27
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
RouterB(config)# interface s 1
RouterB(config-if)# ip access-group 10 out
Aplicando Access List
Es una buena práctica aplicar las ACL estándar en la interfaz
más cercana al destino del tráfico y las ACL extendidas en la
interfaz más cercana al origen. (viniendo más adelante)
Ejemplo 2
172.16.20.0/24 172.16.40.0/24
s0 s0 s1 s0
RouterA .1 .2 RouterB .1 .2 RouterC
.1 e0 .1 e0 .1 e0
28
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
1. Permitir sólo los hosts 172.16.30.2, 172.16.30.3,
172.16.30.4, 172.16.30.5 de salir de la red de ventas.
2. Deniegue a todos los demás hosts de la red de ventas que
abandonen la red 172.16.30.0/24.
RouterB(config)#access-list 10 permit 172.16.30.2
RouterB(config)#access-list 10 permit 172.16.30.3
RouterB(config)#access-list 10 permit 172.16.30.4
RouterB(config)#access-list 10 permit 172.16.30.5
Implicit “deny any” -do not need to add this, discussed later
RouterB(config)#access-list 10 deny 0.0.0.0 255.255.255.255
RouterB(config)# interface e 0
RouterB(config-if)# ip access-group 10 in
RouterA(config)# interface e 0
RouterA(config-if)#ip access-group 11 out
Opción de Host
RouterB(config)#access-list 10 permit 192.168.1.100 0.0.0.0
RouterB(config)#access-list 10 permit host 192.168.1.100
172.16.10.100 0.0.0.0 replaced by host 172.16.10.100
192.168.1.100 0.0.0.0 replaced by host 192.168.1.100
30
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Extended Access Lists
31
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Ejemplo
RouterA(config)# interface e 0
RouterA(config-if)#ip access-group 11 in
Named ACLs
32
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
33
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Criterio de ubicación de la ACL Extendidas
La regla general:
34
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
interface fastethernet 0/1
access-group 101 in
access-list 101 deny tcp any 172.16.0.0 0.0.255.255 eq telnet
access-list 101 deny tcp any 172.16.0.0 0.0.255.255 eq ftp
access-list 101 permit ip any any
RouterD
interface fastethernet 0/0
access-group 10 in
access-list 10 deny 10.0.0.0 0.255.255.255
access-list 10 permit any
35
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
• Es mejor utilizar listas de acceso extendido, y colocarlas
cerca de la fuente, ya que este tráfico se desplazará
hasta el router antes de ser negado.
Rt1(config-line)#
IPV6 ACL
IPV4 IPV6
Standard • Named Only
• Numered • Similar features to
• Named Extended ACLs
Extended
• Numered
• Named
36
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
IPv4 - ip access-group IPv6 - ipv6 traffic-
filter
Wildcard Mask No Wildcard Masks -
Instead, the prefix-
length is used
permit icmp any any nd-na
permit icmp any any nd-ns
37
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Ejemplo
39
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R3(config-ipv6-acl)# remark Deny telnet access to PC2 for all other
devices
R3(config-ipv6-acl)# deny tcp any host 2001:db8:cafe:11::11 eq 23
R3(config-ipv6-acl)#remark Permit access to everything else
R3(config-ipv6-acl)#permit ipv6 any any
R3(config-ipv6-acl)#exit
R3(config)#interface g0/0
R3(config-if)#ipv6 traffic-filter RESTRICTED-ACCESS in
Debug
Uso de enrutamiento de IP de depuración
R2# debug ip routing
Protocolos de Enrutamiento
Classfull
• RIP
• IGRP
Classless
• RIP v2
• EIGRP
• OSPF v2
• IS-IS
IPv6
• RIPng
• EIGRP for IPv6
• OSPF v3
• IS-IS for IPv6
Distancia Administrativa
41
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Verificando distancia administrativa y tipo de Protocolo
R2# show ip protocols
RIPv1
Configurando RIPv1
R1# conf terminal
R1(config-router)# exit
42
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Configurar Default-Information Originate
R2(config)# router rip
R2(config-router)# end
RIPv2
Configurando RIPv2
R1# conf terminal
R1(config-router)# version 2
R1(config-router)# exit
R2(config-router)# end
Verificando actualizaciones
R2# debug ip rip
43
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Enabling EIGRP Routing
Router(config)# router eigrp AS number (Must be the same on all
routers)
Show commands
Router# show ip eigrp neighbors {muestra los vecinos}
44
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Router# show ip route eigrp {Rutas EIGRP en la tabla de
enrutamiento}
Redistribution
Troubleshooting
1. ¿Qué se debe hacer si no estas las tablas de los neighbors?
a. Compruebe las interfaces locales para asegurarse de que se
activa con el comando show ip interface brief
b. Tratar de hacer ping a la dirección del neighbors
2. ¿Qué sucede si hay PING exitoso y el router no puede visualizar
al router vecino?
a. Verificar si ambos router están en el mismo EIGRP process
ID con el comando show ip eigrp neighbors
b. Verificar si no existen passive-interface con el comando
show ip protocols
c. Verificar si es que los pesos de las métricas se
encuentran establecidos por defecto con los valores K1=1,
K2=0, K3=1, K4=0, K5=0 con el comando show ip protocols
d. Verificar si se está realizando un auto-summary, si es el
caso deshabilitar con el comando no auto-summary.
3. ¿Como que comando se encuentra Successor y Feasible Successor?
a. El comando que se debe aplicar es show ip eigrp topology
45
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Router# show ip eigrp neighbors {muestra los vecinos}
Dirección muticast
224.0.0.10
1. Priority
Authentication
Show commands
Router# show ip protocols
Timers
Router(config-if)# ip ospf hello-interval value
Miscellaneous
Router# debug ip ospf
Stub Area
• Receives summary LSAs (routes) within its own autonomous system
• Does not receive external LSAs (routes)
• Default route injected automatically by ABR
47
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
NSSA (Not So Stubby Area)
48
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
OSPF Routing - Area Range (Summarization)
Virtual Links
Miscellaneous
Router(config-router)# area process-id default-cost metric
Troubleshooting
Router# clear ip ospf process
IPv6
Comando para habilitar IPv6
R1(config)# ipv6 unicast-routing -- Direccion global unicast
R1(config)# ipv6 enable.- habilita la interfaz IPV6 y genera link-
local address
Troubleshooting
R1#show ipv6 interface brief
R1# show ipv6 interface GigabitEthernet 0/0
50
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Generando interface única ID usando EUI-64 Modificado
1. Divida la dirección MAC de 6 bytes (12 dígitos
hexadecimales) en dos mitades (6 dígitos hexadecimales en
cada uno).
2. Inserte FFFE entre los dos, haciendo que la ID de la
interfaz ahora tenga un total de 16 dígitos hexadecimales
(64 bits).
3. Invierta el séptimo bit de la interfaz
Ejemplo
Falta aun el tercer paso de invertir el séptimo bit
51
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Resultado ejemplo 1: 0213:12 FF:FE 34:ABCD
Resultado ejemplo 2: 1412:34 FF:FE 56:789ª
Troubleshooting
R1# show ipv6 route [connected] [local]
R1# show ipv6 interface type number
R1# show ipv6 interface brief type number
53
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Ejemplos
1. Se crea una ruta estática directamente conectada
utilizando sólo los parámetros de tipo de interfaz y de
número de interfaz.
Router(config)# ipv6 route 2001:CC1E::/32 serial 0/0/0
2. Se crea una ruta estática recursiva utilizando sólo el
parámetro de dirección de salto siguiente.
Router(config)# ipv6 route 2001:CC1E::/32 2001:12::1
3. Una ruta estática completamente especificada incluye la
interfaz de salida y la dirección de salto siguiente.
Router(config)# ipv6 route [prefix/length] next_hop_address
[interface] [next_hop]
Router(config)# ipv6 route 2001:CC1E::/32 ser 0/0/0 2001:12::1
4. Una ruta estática flotante
Router(config)# ipv6 route [prefix/length]
next_hop_address[interface |next_hop] [AD]
Router(config)# ipv6 route 2001:CC1E::/32 ser 0/0/0 15
5. Rutas IPv6 estáticas de Host
Router(config)# ipv6 route [address_host/128] [interface
|next_hop]
Router(config)# ipv6 route 2001:db8:1111:2::22/128 s/0/0
FE80::FF:FE00:2
Router(config)# ipv6 route 2001:db8:1111:2::22/128
2001:db8:1111:4::2
54
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
RIPNG
Configurando RIPng
55
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Only option
R1(config)# ipv6 route ::/0 2001:DB8:FEED:1::1
R1(config)# interface Ethernet 0/3
R1(config-if)# ipv6 rip CCNP_RIP default-information only
Show commands
R2# show ipv6 interface brief
Sumarizacion Manual
R3(config-if)# ipv6 summary-address eigrp 2 2001:db8:f::/62
Topologia
56
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Objectives
• Configure Named EIGRP for IPv4 and IPv6.
• Verify Named EIGRP configuration.
• Configure and verify passive routes Named EIGRP
configuration.
• Configure and verify default route using Named EIGRP
configuration.
Background
What is known as “classic” EIGRP requires separate EIGRP
configuration modes and commands for IPv4 and IPv6. Each process is
configured separately, router eigrp as-number for IPv4 and ipv6
router eigrp as-number for IPv6.
Named EIGRP uses the address family (AF) feature to unify the
configuration process when implementing both IPv4 and IPv6. In this
lab, you will configure named EIGRP for IPv4 and IPv6.
Note: This lab uses Cisco 1941 routers with Cisco IOS Release 15.4
with IP Base. The switches are Cisco WS-C2960-24TT-L with
Fast Ethernet interfaces, therefore the router will use routing
metrics associated with a 100 Mb/s interface. Depending on the
router or switch model and Cisco IOS Software version, the commands
available and output produced might vary from what is shown in this
lab.
Required Resources
• 4 routers (Cisco IOS Release 15.2 or comparable)
• 3 switches (LAN interfaces)
• Serial and Ethernet cables
57
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R1(config-if)# ipv6 address FE80::1 link-local
R1(config-if)# ipv6 address 2001:DB8:CAFE:1::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface Serial0/0/0
R1(config-if)# ip address 192.168.2.1 255.255.255.252
R1(config-if)# ipv6 address FE80::1 link-local
R1(config-if)# ipv6 address 2001:DB8:CAFE:2::1/64
R1(config-if)# clock rate 64000
R1(config-if)# no shutdown
58
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R3(config)# interface GigabitEthernet0/0
R3(config-if)# ip address 192.168.5.1 255.255.255.0
R3(config-if)# ipv6 address FE80::3 link-local
R3(config-if)# ipv6 address 2001:DB8:CAFE:5::1/64
R3(config-if)# no shutdown
R3(config-if)# exit
R3(config)# interface Serial0/0/1
R3(config-if)# ip address 192.168.4.2 255.255.255.252
R3(config-if)# ipv6 address FE80::3 link-local
R3(config-if)# ipv6 address 2001:DB8:CAFE:4::2/64
R3(config-if)# no shutdown
R3(config-if)# exit
R3(config)# interface Serial0/1/0
R3(config-if)# ip address 192.168.77.2 255.255.255.0
R3(config-if)# ipv6 address FE80::3 link-local
R3(config-if)# ipv6 address 2001:DB8:FEED:77::2/64
R3(config-if)# clock rate 64000
R3(config-if)# no shutdown
R3(config-if)#
59
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
b. Verify connectivity by pinging across each of the local networks
connected to each router.
c. Issue the show ip interface brief and show ipv6 interface brief
commands on each router. This command displays a brief listing
of the interfaces, their status, and their IP addresses. Router
R1 is shown as an example.
R1# show ip interface brief
Interface IP-Address OK? Method Status
Protocol
Embedded-Service-Engine0/0 unassigned YES unset
administratively down down
GigabitEthernet0/0 192.168.1.1 YES manual up
up
GigabitEthernet0/1 unassigned YES unset
administratively down down
Serial0/0/0 192.168.2.1 YES manual up
up
Serial0/0/1 unassigned YES unset
administratively down down
R1# show ipv6 interface brief
Em0/0 [administratively down/down]
unassigned
GigabitEthernet0/0 [up/up]
FE80::1
2001:DB8:CAFE:1::1
GigabitEthernet0/1 [administratively down/down]
unassigned
Serial0/0/0 [up/up]
FE80::1
2001:DB8:CAFE:2::1
Serial0/0/1 [administratively down/down]
unassigned
R1#
R1(config-router-af)#
c. In address family configuration mode you can enable EIGRP for
specific interfaces and define other general parameters such as
the router ID and stub routing. Issue the eigrp ? to see the
available options configured using the eigrp command. Use the
eigrp router-id command to configure the EIGRP router ID for the
IPv4 address family.
R1(config-router-af)# eigrp ?
default-route-tag Default Route Tag for the Internal
Routes
log-neighbor-changes Enable/Disable EIGRP neighbor logging
log-neighbor-warnings Enable/Disable EIGRP neighbor warnings
router-id router id for this EIGRP process
stub Set address-family in stubbed mode
61
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R1(config-router-af)#
d. While still in the address family configuration mode for IPv4,
use the network command to enable EIGRP on the interfaces. These
are the same network commands used in “classic” EIGRP for IPv4.
R1(config-router-af)# network 192.168.1.0
R1(config-router-af)# network 192.168.2.0 0.0.0.3
R1(config-router-af)#
e. Exit the IPv4 address family configuration mode using the exit-
address-family command or the shorter exit command. Notice that
you are still in named EIGRP configuration mode.
R1(config-router-af)# exit-address-family
R1(config-router)#
62
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Step 4: Configure Named EIGRP on R2 and R3.
a. Configure named EIGRP on R2 for the IPv4 address family. The
IPv6 unicast routing is enabled in preparation for configuring
the IPv6 address family.
R2(config)# ipv6 unicast-routing
R2(config)# router eigrp DUAL-STACK
R2(config-router)# address-family ipv4 unicast autonomous-system
4
R2(config-router-af)# eigrp router-id 2.2.2.2
R2(config-router-af)# network 192.168.2.0 0.0.0.3
*Jul 25 20:11:37.643: %DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor
192.168.2.1 (Serial0/0/0) is up: new adjacency
R2(config-router-af)# network 192.168.3.0
R2(config-router-af)# network 192.168.4.0 0.0.0.3
R2(config-router-af)# exit-address-family
R2(config-router)#
Notice that the adjacency between R1 and R2 is established after
enabling EIGRP for IPv4 on the serial 0/0/0 interface.
b. Configure the IPv6 address family for EIGRP on R2.
R2(config-router)# address-family ipv6 unicast autonomous-system
6
*Jul 25 20:19:05.435: %DUAL-5-NBRCHANGE: EIGRP-IPv6 6: Neighbor
FE80::1 (Serial0/0/0) is up: new adjacency
R2(config-router-af)# eigrp router-id 2.2.2.2
R2(config-router-af)#
Notice that the IPv6 adjacency with R1 comes up immediately
after configuring the IPv6 AF. This is because by default, all
IPv6 interfaces are enabled automatically.
c. On R3, configure named EIGRP on R3 for both the IPv4 and IPv6
address families. After the appropriate commands are configured
the IPv4 and IPv6 EIGRP adjacencies are established between R2
and R3. The serial link between R3 and R4 is also automatically
enabled in EIGRP for IPv6. This link is not suppose to be
included and will be disabled in EIGRP for IPv6 later in step 6.
R3(config)# ipv6 unicast-routing
R3(config)# router eigrp DUAL-STACK
R3(config-router)# address-family ipv4 unicast autonomous-system
4
R3(config-router-af)# eigrp router-id 3.3.3.3
R3(config-router-af)# network 192.168.4.0 0.0.0.3
*Jun 26 13:11:41.343: %DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor
192.168.4.1 (Serial0/0/1) is up: new adjacency
R3(config-router-af)# network 192.168.5.0
R3(config-router-af)# exit-address-family
R3(config-router)# address-family ipv6 unicast autonomous-system
6
63
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
*Jun 26 13:12:22.819: %DUAL-5-NBRCHANGE: EIGRP-IPv6 6: Neighbor
FE80::2 (Serial0/0/1) is up: new adjacency
R3(config-router-af)# eigrp router-id 3.3.3.3
R3(config-router-af)#
R1(config-router-af-interface)#
64
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
The interface configuration mode commands are similar for both
the IPv4 and IPv6 address families. Commands issued are specific
for an interface within the address family, IPv4 or IPv6.
c. Using the passive-interface command, configure G0/0 interface as
passive for both the IPv4 and IPv6 EIGRP address families.
R1(config-router-af-interface)# passive-interface
R1(config-router-af-interface)# exit-af-interface
R1(config-router-af)# exit-address-family
R1(config-router)# address-family ipv6 unicast autonomous-system
6
R1(config-router-af)# af-interface gigabitethernet 0/0
R1(config-router-af-interface)# passive-interface
R1(config-router-af-interface)# exit-af-interface
R1(config-router-af)# exit-address-family
R1(config-router)#
d. Configure R2’s G0/0 interface as passive for both the IPv4 and
IPv6 address families.
R2(config)# router eigrp DUAL-STACK
R2(config-router)# address-family ipv4 unicast autonomous-system
4
R2(config-router-af)# af-interface gigabitethernet 0/0
R2(config-router-af-interface)# passive-interface
R2(config-router-af-interface)# exit-af-interface
R2(config-router-af)# exit-address-family
R2(config-router)# address-family ipv6 unicast autonomous-system
6
R2(config-router-af)# af-interface gigabitethernet 0/0
R2(config-router-af-interface)# passive-interface
R2(config-router-af-interface)# exit
R2(config-router-af)# exit
R2(config-router)#
e. Configure R3’s G0/0 interface as passive for both the IPv4 and
IPv6 address families.
R3(config)# router eigrp DUAL-STACK
R3(config-router)# address-family ipv4 unicast autonomous-system
4
R3(config-router-af)# af-interface gigabitethernet 0/0
R3(config-router-af-interface)# passive-interface
R3(config-router-af-interface)# exit-af-interface
R3(config-router-af)# exit-address-family
R3(config-router)# address-family ipv6 unicast autonomous-system
6
R3(config-router-af)# af-interface gigabitethernet 0/0
R3(config-router-af-interface)# passive-interface
R3(config-router-af-interface)# exit
65
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R3(config-router-af)# exit
R3(config-router)#
Notice the exit command was used as the shorter method for the
exit-af-interface and exit-address-family commands.
Interfaces:
Serial0/0/1
Serial0/1/0
GigabitEthernet0/0 (passive)
Redistribution:
None
R3#
Interfaces:
Serial0/0/1
GigabitEthernet0/0 (passive)
Redistribution:
None
R3#
67
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Does the shutdown command used on S0/1/0 within the IPv6 AF also
have the same affect for that interface within the IPv4 AF?
________________________________________________________________
_________________
No, the shutdown command on S0/1/0 was configured within the
IPv6 AF and has no affect on the IPv4 AF.
69
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Default networks not accepted from incoming updates
Redistributing: static
EIGRP-IPv4 VR(DUAL-STACK) Address-Family Protocol for AS(4)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 K6=0
Metric rib-scale 128
Metric version 64bit
NSF-aware route hold timer is 240
Router-ID: 3.3.3.3
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Total Prefix Count: 5
Total Redist Count: 1
70
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Maximum metric variance 1
Total Prefix Count: 6
Total Redist Count: 1
Interfaces:
Serial0/0/1
GigabitEthernet0/0 (passive)
Redistribution:
Redistributing protocol static
IPv6 Routing Protocol is "static"
R3#
Why does the show ip protocols command indicate that automatic
summarization is disabled?
________________________________________________________________
_______________
In IOS 15, automatic summarization in EIGRP for IPv4 is disabled
by default. It can be enabled using the auto-summary command in
topology configuration mode.
71
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R1# show ipv6 route eigrp
IPv6 Routing Table - default - 9 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static
route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D -
EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix,
DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 -
OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA
ext 2
a - Application
EX ::/0 [170/34036062]
via FE80::2, Serial0/0/0
D 2001:DB8:CAFE:4::/64 [90/23796062]
via FE80::2, Serial0/0/0
D 2001:DB8:CAFE:5::/64 [90/23847262]
via FE80::2, Serial0/0/0
D 2001:DB8:CAFE:99::/64 [90/23796702]
via FE80::2, Serial0/0/0
R1#
72
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP-IPv4 VR(DUAL-STACK) Address-Family Protocol for AS(4)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 K6=0
Metric rib-scale 128
Metric version 64bit
NSF-aware route hold timer is 240
Router-ID: 2.2.2.2
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Total Prefix Count: 6
Total Redist Count: 0
R2#
R2# show ipv6 protocols
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "application"
IPv6 Routing Protocol is "ND"
IPv6 Routing Protocol is "eigrp 6"
EIGRP-IPv6 VR(DUAL-STACK) Address-Family Protocol for AS(6)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 K6=0
Metric rib-scale 128
Metric version 64bit
NSF-aware route hold timer is 240
Router-ID: 2.2.2.2
Topology : 0 (base)
73
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 16
Maximum hopcount 100
Maximum metric variance 1
Total Prefix Count: 6
Total Redist Count: 0
Interfaces:
Serial0/0/0
Serial0/0/1
GigabitEthernet0/0 (passive)
Redistribution:
None
R2#
b. Issue the show ip eigrp neighbors and show ipv6 eigrp neighbors
command on R1 to verify the neighbor adjacencies with R2.
R1# show ip eigrp neighbors
EIGRP-IPv4 VR(DUAL-STACK) Address-Family Neighbors for AS(4)
H Address Interface Hold Uptime
SRTT RTO Q Seq
(sec)
(ms) Cnt Num
0 192.168.2.2 Se0/0/0 13 03:56:20
31 186 0 8
R1# show ipv6 eigrp neighbors
EIGRP-IPv6 VR(DUAL-STACK) Address-Family Neighbors for AS(6)
H Address Interface Hold Uptime
SRTT RTO Q Seq
(sec)
(ms) Cnt Num
0 Link-local address: Se0/0/0 13 00:09:14
669 4014 0 21
FE80::2
R1#
c. Examine R1’s EIGRP topology tables for IPv4 and IPv6 using the
show ip eigrp topology and show ipv6 eigrp topology commands.
R1# show ip eigrp topology
EIGRP-IPv4 VR(DUAL-STACK) Topology Table for AS(4)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R -
Reply,
r - reply Status, s - sia Status
74
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
P 192.168.1.0/24, 1 successors, FD is 13107200
via Connected, GigabitEthernet0/0
P 0.0.0.0/0, 1 successors, FD is 4356615958
via 192.168.2.2 (4356615958/3045895958), Serial0/0/0
P 192.168.4.0/30, 1 successors, FD is 3045895958
via 192.168.2.2 (3045895958/1735175958), Serial0/0/0
P 192.168.5.0/24, 1 successors, FD is 3052449558
via 192.168.2.2 (3052449558/1741729558), Serial0/0/0
R1#
d. Verify that R1 has all the IPv4 and IPv6 routes shown in the
topology with the exclusion of R2’s LAN by using the show ip
route eigrp and show ipv6 route eigrp commands.
R1# show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M -
mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 -
IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-
user static route
o - ODR, P - periodic downloaded static route, H - NHRP,
l - LISP
a - application route
75
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
+ - replicated route, % - next hop override
76
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Sending 5, 100-byte ICMP Echos to 2001:DB8:CAFE:5::1, timeout is
2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
52/55/56 ms
R1#
f. Examine the named EIGRP configuration showing both the IPv4 and
IPv6 address families with the show running-config | section
router eigrp command. The output for R3 is displayed below.
R3# show running-config | section router eigrp
router eigrp DUAL-STACK
!
address-family ipv4 unicast autonomous-system 4
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
topology base
redistribute static
exit-af-topology
network 192.168.4.0 0.0.0.3
network 192.168.5.0
eigrp router-id 3.3.3.3
exit-address-family
!
address-family ipv6 unicast autonomous-system 6
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
af-interface Serial0/1/0
shutdown
exit-af-interface
!
topology base
redistribute static
exit-af-topology
eigrp router-id 3.3.3.3
exit-address-family
R3#
77
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Device Configurations (Instructor version)
Initial Configurations
Router R1
hostname R1
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:1::1/64
no shutdown
!
interface Serial0/0/0
ip address 192.168.2.1 255.255.255.252
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:2::1/64
clock rate 64000
no shutdown
!
end
Router R2
hostname R2
!
interface GigabitEthernet0/0
ip address 192.168.3.1 255.255.255.0
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:3::1/64
no shutdown
!
interface Serial0/0/0
ip address 192.168.2.2 255.255.255.252
ipv6 address FE80::2 link-local
78
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
ipv6 address 2001:DB8:CAFE:2::2/64
no shutdown
!
interface Serial0/0/1
ip address 192.168.4.1 255.255.255.252
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:4::1/64
clock rate 64000
no shutdown
!
end
Router R3
hostname R3
!
interface GigabitEthernet0/0
ip address 192.168.5.1 255.255.255.0
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:5::1/64
no shutdown
!
interface Serial0/0/1
ip address 192.168.4.2 255.255.255.252
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:4::2/64
no shutdown
!
interface Serial0/1/0
ip address 192.168.77.2 255.255.255.0
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:FEED:77::2/64
clock rate 64000
no shutdown
!
end
Router R4
hostname R4
79
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
!
interface Serial0/0/0
ip address 192.168.77.1 255.255.255.0
ipv6 address FE80::4 link-local
ipv6 address 2001:DB8:FEED:77::1/64
no shutdown
!
ipv6 route 2001:DB8:ABCD::/48 2001:DB8:FEED:77::2
ipv6 route 2001:DB8:CAFE::/48 2001:DB8:FEED:77::2
ip route 0.0.0.0 0.0.0.0 192.168.77.2
!
end
Final Configurations
Router R1
hostname R1
!
ipv6 unicast-routing
ip cef
ipv6 cef
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:1::1/64
!
interface Serial0/0/0
ip address 192.168.2.1 255.255.255.252
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:2::1/64
clock rate 64000
!
router eigrp DUAL-STACK
!
address-family ipv4 unicast autonomous-system 4
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 192.168.1.0
network 192.168.2.0 0.0.0.3
eigrp router-id 1.1.1.1
exit-address-family
!
address-family ipv6 unicast autonomous-system 6
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
topology base
80
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
exit-af-topology
eigrp router-id 1.1.1.1
exit-address-family
!
end
Router R2
hostname R2
!
ipv6 unicast-routing
ip cef
ipv6 cef
!
interface GigabitEthernet0/0
ip address 192.168.3.1 255.255.255.0
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:3::1/64
!
interface Serial0/0/0
ip address 192.168.2.2 255.255.255.252
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:2::2/64
!
interface Serial0/0/1
ip address 192.168.4.1 255.255.255.252
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:4::1/64
clock rate 64000
!
router eigrp DUAL-STACK
!
address-family ipv4 unicast autonomous-system 4
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 192.168.2.0 0.0.0.3
network 192.168.3.0
network 192.168.4.0 0.0.0.3
eigrp router-id 2.2.2.2
exit-address-family
!
address-family ipv6 unicast autonomous-system 6
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
topology base
exit-af-topology
eigrp router-id 2.2.2.2
81
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
exit-address-family
!
end
Router R3
hostname R3
!
ipv6 unicast-routing
ip cef
ipv6 cef
!
interface GigabitEthernet0/0
ip address 192.168.5.1 255.255.255.0
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:5::1/64
!
interface Serial0/0/1
ip address 192.168.4.2 255.255.255.252
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:4::2/64
!
interface Serial0/1/0
ip address 192.168.77.2 255.255.255.0
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:FEED:77::2/64
clock rate 64000
!
router eigrp DUAL-STACK
!
address-family ipv4 unicast autonomous-system 4
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
topology base
redistribute static
exit-af-topology
network 192.168.4.0 0.0.0.3
network 192.168.5.0
eigrp router-id 3.3.3.3
exit-address-family
!
address-family ipv6 unicast autonomous-system 6
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
af-interface Serial0/1/0
shutdown
exit-af-interface
!
topology base
redistribute static
82
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
exit-af-topology
eigrp router-id 3.3.3.3
exit-address-family
!
ip route 0.0.0.0 0.0.0.0 192.168.77.1
!
ipv6 route ::/0 Serial0/1/0 2001:DB8:FEED:77::1
!
end
Router R4
hostname R4
!
interface Serial0/0/0
ip address 192.168.77.1 255.255.255.0
ipv6 address FE80::4 link-local
ipv6 address 2001:DB8:FEED:77::1/64
!
ipv6 route 2001:DB8:CAFE::/48 2001:DB8:FEED:77::2
ip route 0.0.0.0 0.0.0.0 192.168.77.2
!
end
Topology
83
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Objectives
• Configure EIGRP for IPv6.
• Verify EIGRP for IPv6.
• Configure and verify passive routes using EIGRP for IPv6.
• Configure and verify summary routes using EIGRP for IPv6.
• Configure and verify default route using EIGRP for IPv6.
Background
EIGRP for IPv6 has the same overall operation and features as EIGRP
for IPv4. However, there are a few major differences between them:
• EIGRP for IPv6 is configured directly on the router interfaces.
• In the absence of the router having any IPv4 addresses, a 32-bit
router ID must be configured for the routing process to start.
• IPv6 unicast routing must be enabled before the routing process
can be configured.
In this lab, you will configure the network with EIGRP routing for
IPv6. You will also assign router IDs, configure passive
interfaces, a summary route, and verify the network is fully
converged.
Note: This lab uses Cisco 1941 routers with Cisco IOS Release 15.2
with IP Base. The switches are Cisco WS-C2960-24TT-L with Fast
Ethernet interfaces, therefore the router will use routing metrics
associated with a 100 Mb/s interface. Depending on the router or
switch model and Cisco IOS Software version, the commands available
and output produced might vary from what is shown in this lab.
Required Resources
• 4 routers (Cisco IOS Release 15.2 or comparable)
• 3 switches (LAN interfaces)
• Serial and Ethernet cables
85
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R3(config-if)# ipv6 address 2001:db8:cafe:4::2/64
R3(config-if)# ipv6 address fe80::3 link-local
R3(config-if)# no shutdown
R3(config-if)# exit
R3(config)# interface gigabitethernet 0/0
R3(config-if)# ipv6 address 2001:db8:cafe:5::1/64
R3(config-if)# ipv6 address fe80::3 link-local
R3(config-if)# no shutdown
R3(config-if)# exit
R3(config)# interface loopback 1
R3(config-if)# ipv6 address 2001:db8:abcd:1::1/64
R3(config-if)# exit
R3(config)# interface loopback 2
R3(config-if)# ipv6 address 2001:db8:abcd:2::1/64
R3(config-if)# exit
R3(config)# interface loopback 3
R3(config-if)# ipv6 address 2001:db8:abcd:3::1/64
R3(config-if)# exit
R3(config)# interface loopback 4
R3(config-if)# ipv6 address 2001:db8:abcd:4::1/64
R3(config-if)# exit
R3(config)# interface loopback 5
R3(config-if)# ipv6 address 2001:db8:abcd:5::1/64
R3(config-if)# exit
R3(config)# interface serial 0/1/0
R3(config-if)# ipv6 address 2001:db8:feed:77::2/64
R3(config-if)# ipv6 address fe80::3 link-local
R3(config-if)# clock rate 64000
R3(config-if)# no shutdown
R3(config-if)# exit
86
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R3(config)#
87
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R2(config)# ipv6 router eigrp 1
R2(config-rtr)# router-id 2.2.2.2
88
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
h. When you assign EIGRP for IPv6 on R2’s serial 0/0/0 interface
you will see the neighbor adjacency message as the interface is
added to the EIGRP routing process.
R1#
*Sep 24 15:28:13.911: %DUAL-5-NBRCHANGE: EIGRP-IPv6 1: Neighbor FE80::2
(Serial0/0/0) is up: new adjacency
R1#
What address on R2 is used to form the neighbor adjacency with
R1? What type of IPv6 address is used to establish the
adjacencies?
________________________________________________________________
______________
The link-local address FE80::2 of the neighbor’s interface,
which was manually configured in Step 1.
89
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Success rate is 100 percent (5/5), round-trip min/avg/max =
52/55/56 ms
R1#
i. Use the show ipv6 route eigrp command to display IPv6 specific
EIGRP routes on all the routers. The output of R1’s routing
table is displayed below.
R1# show ipv6 route eigrp
IPv6 Routing Table - default - 13 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static
route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D -
EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix,
DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 -
OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA
ext 2
a - Application
D 2001:DB8:ABCD:1::/64 [90/2809856]
via FE80::2, Serial0/0/0
D 2001:DB8:ABCD:2::/64 [90/2809856]
via FE80::2, Serial0/0/0
D 2001:DB8:ABCD:3::/64 [90/2809856]
via FE80::2, Serial0/0/0
D 2001:DB8:ABCD:4::/64 [90/2809856]
via FE80::2, Serial0/0/0
D 2001:DB8:ABCD:5::/64 [90/2809856]
via FE80::2, Serial0/0/0
D 2001:DB8:CAFE:3::/64 [90/2172416]
via FE80::2, Serial0/0/0
D 2001:DB8:CAFE:4::/64 [90/2681856]
via FE80::2, Serial0/0/0
D 2001:DB8:CAFE:5::/64 [90/2684416]
via FE80::2, Serial0/0/0
R1#
j. Examine R1’s EIGRP for IPv6 topology table using the show ipv6
eigrp topology command.
R1# show ipv6 eigrp topology
EIGRP-IPv6 Topology Table for AS(1)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R -
Reply,
r - reply Status, s - sia Status
90
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
via FE80::2 (2681856/2169856), Serial0/0/0
P 2001:DB8:CAFE:2::/64, 1 successors, FD is 2169856
via Connected, Serial0/0/0
P 2001:DB8:ABCD:3::/64, 1 successors, FD is 2809856
via FE80::2 (2809856/2297856), Serial0/0/0
P 2001:DB8:ABCD:5::/64, 1 successors, FD is 2809856
via FE80::2 (2809856/2297856), Serial0/0/0
P 2001:DB8:ABCD:4::/64, 1 successors, FD is 2809856
via FE80::2 (2809856/2297856), Serial0/0/0
P 2001:DB8:CAFE:1::/64, 1 successors, FD is 28160
via Connected, GigabitEthernet0/0
R1#
Why are there no feasible successors?
________________________________________________________________
___________________
R1 does not have any other paths to these networks. There are no
redundant paths in this topology.
Why are there two more entries in R1’s EIGRP topology table than
there is when displaying R1’s EIGRP routes with the show ipv6
route eigrp command?
________________________________________________________________
___________________
The show ipv6 route eigrp command does not include the directly
connected networks.
k. Issue the show ipv6 protocols command to verify the configured
parameters. Examining the output, EIGRP for IPv6 is the
configured IPv6 routing protocol with 1.1.1.1 as the router ID
for R1. This routing protocol is associated with autonomous
system 1 with two active interfaces: G0/0 and S0/0/0.
R1# show ipv6 protocols
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "application"
IPv6 Routing Protocol is "ND"
IPv6 Routing Protocol is "eigrp 1"
EIGRP-IPv6 Protocol for AS(1)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
NSF-aware route hold timer is 240
Router-ID: 1.1.1.1
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 16
Maximum hopcount 100
Maximum metric variance 1
Interfaces:
GigabitEthernet0/0
Serial0/0/0
Redistribution:
None
R1#
91
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Step 5: Configure and verify passive interfaces.
l. A passive interface does not allow outgoing and incoming routing
updates over the configured interface. The passive-interface
interface command causes the router to stop sending and
receiving Hello packets over an interface but continues to
advertise that network in it’s routing updates. Configure
passive interfaces on each of the three routers’ LAN interfaces.
R1(config)# ipv6 router eigrp 1
R1(config-rtr)# passive-interface g0/0
Interfaces:
Serial0/0/0
GigabitEthernet0/0 (passive)
Redistribution:
None
R1#
94
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:ABCD:2::1, timeout is
2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
52/55/56 ms
R1# ping 2001:db8:abcd:3::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:ABCD:3::1, timeout is
2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
56/56/56 ms
R1# ping 2001:db8:abcd:4::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:ABCD:4::1, timeout is
2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
56/56/56 ms
R1#R1# ping 2001:db8:abcd:5::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:ABCD:5::1, timeout is
2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
52/56/60 ms
R1#
Interfaces:
Serial0/0/1
Loopback1
Loopback2
Loopback3
Loopback4
95
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Loopback5
GigabitEthernet0/0 (passive)
Redistribution:
None
Address Summarization:
2001:DB8:ABCD::/61 for Se0/0/1
Summarizing 5 components with metric 128256
R3#
96
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
________________________________________________________________
_______________
The redistributed route is considered an external EIGRP route
with an administrative distance of 170.
v. Verify reachability to R4 by pinging its serial interface.
R1# ping 2001:db8:feed:77::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:FEED:77::1, timeout
is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
80/83/84 ms
R1#
w. IPv6 Routing CEF is a forwarding mechanism to optimize the layer
3 and layer 2 lookup processes into a single process. Starting
with IOS 15.4 CEF for IPv6 is enabled automatically when ipv6
unicast-routing is configured. The show ipv6 cef command can be
used to verify the status of CEF for IPv6. If CEF is disabled,
it can be enabled with the ipv6 cef global configuration
command. The output below shows an example of CEF currently
disabled and then enabled.
Note: CEF for IPv4 is enabled by default.
R1# show ipv6 cef summary
IPv6 CEF is disabled.
VRF Default
1 prefix (1/0 fwd/non-fwd)
Table id 0x1E000000
Database epoch: 0 (1 entry at this epoch)
R1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# ipv6 cef
R1(config)# exit
R1# show ipv6 cef summary
IPv6 CEF is enabled and running centrally.
VRF Default
14 prefixes (14/0 fwd/non-fwd)
Table id 0x1E000000
Database epoch: 0 (14 entries at this epoch)
Initial Configurations
Router R1
hostname R1
!
interface GigabitEthernet0/0
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:1::1/64
97
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
no shutdown
!
interface Serial0/0/0
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:2::1/64
clock rate 64000
no shutdown
!
end
Router R2
hostname R2
!
interface GigabitEthernet0/0
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:3::1/64
no shutdown
!
interface Serial0/0/0
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:2::2/64
no shutdown
!
interface Serial0/0/1
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:4::1/64
clock rate 64000
no shutdown
!
end
Router R3
hostname R3
!
interface Loopback1
ipv6 address 2001:DB8:ABCD:1::1/64
!
interface Loopback2
ipv6 address 2001:DB8:ABCD:2::1/64
!
interface Loopback3
ipv6 address 2001:DB8:ABCD:3::1/64
!
interface Loopback4
ipv6 address 2001:DB8:ABCD:4::1/64
!
interface Loopback5
ipv6 address 2001:DB8:ABCD:5::1/64
!
interface GigabitEthernet0/0
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:5::1/64
no shutdown
!
98
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
interface Serial0/0/1
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:4::2/64
no shutdown
!
interface Serial0/1/0
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:FEED:77::2/64
clock rate 64000
no shutdown
!
end
Router R4
hostname R4
!
interface Serial0/0/0
ipv6 address FE80::4 link-local
ipv6 address 2001:DB8:FEED:77::1/64
no shutdown
!
ipv6 route 2001:DB8:ABCD::/48 2001:DB8:FEED:77::2
ipv6 route 2001:DB8:CAFE::/48 2001:DB8:FEED:77::2
!
end
Final Configurations
Router R1
hostname R1
!
ipv6 unicast-routing
ipv6 cef
!
interface GigabitEthernet0/0
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:1::1/64
ipv6 eigrp 1
!
interface Serial0/0/0
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:2::1/64
ipv6 eigrp 1
clock rate 64000
!
ipv6 router eigrp 1
passive-interface GigabitEthernet0/0
eigrp router-id 1.1.1.1
!
end
99
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Router R2
hostname R2
!
ipv6 unicast-routing
ipv6 cef
!
interface GigabitEthernet0/0
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:3::1/64
ipv6 eigrp 1
!
interface Serial0/0/0
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:2::2/64
ipv6 eigrp 1
!
interface Serial0/0/1
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:4::1/64
ipv6 eigrp 1
clock rate 64000
!
ipv6 router eigrp 1
passive-interface GigabitEthernet0/0
eigrp router-id 2.2.2.2
!
end
Router R3
hostname R3
!
ipv6 unicast-routing
ipv6 cef
!
interface Loopback1
ipv6 address 2001:DB8:ABCD:1::1/64
ipv6 eigrp 1
!
interface Loopback2
ipv6 address 2001:DB8:ABCD:2::1/64
ipv6 eigrp 1
!
interface Loopback3
ipv6 address 2001:DB8:ABCD:3::1/64
ipv6 eigrp 1
!
interface Loopback4
ipv6 address 2001:DB8:ABCD:4::1/64
ipv6 eigrp 1
!
interface Loopback5
ipv6 address 2001:DB8:ABCD:5::1/64
ipv6 eigrp 1
!
interface GigabitEthernet0/0
100
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:5::1/64
ipv6 eigrp 1
!
interface Serial0/0/1
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:4::2/64
ipv6 eigrp 1
ipv6 summary-address eigrp 1 2001:DB8:ABCD::/61
!
interface Serial0/1/0
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:FEED:77::2/64
clock rate 64000
!
ipv6 route ::/0 Serial0/1/0 2001:DB8:FEED:77::1
ipv6 router eigrp 1
passive-interface GigabitEthernet0/0
eigrp router-id 3.3.3.3
redistribute static
!
end
Router R4
hostname R4
!
interface Serial0/0/0
ipv6 address FE80::4 link-local
ipv6 address 2001:DB8:FEED:77::1/64
!
ipv6 route 2001:DB8:ABCD::/48 2001:DB8:FEED:77::2
ipv6 route 2001:DB8:CAFE::/48 2001:DB8:FEED:77::2
!
end
OSPF V3
Show Commands
R1# show ipv6 ospf neighbor
R1# show ipv6 ospf database
R3# show ipv6 route ospf
Configurando Interfaces
101
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Objectives
• Configure multi-area OSPF on a router.
• Verify multi-area behavior.
• Create an OSPF virtual link.
• Summarize an area.
• Generate a default route into OSPF.
Background
You are responsible for configuring the new network to connect
your company’s engineering, marketing, and accounting
departments, represented by loopback interfaces on each of the
three routers. The physical devices have just been installed and
connected by serial cables. Configure multiple-area OSPFv2 to
allow full connectivity between all departments.
In addition, R1 has a loopback interface representing a
connection to the Internet. This connection will not be added
into OSPFv2. R3 will have four additional loopback interfaces
representing connections to branch offices.
Note: This lab uses Cisco 1941 routers with Cisco IOS Release
15.4 with IP Base. The switches are Cisco WS-C2960-24TT-L with
Fast Ethernet interfaces, therefore the router will use routing
metrics associated with a 100 Mb/s interface. Depending on the
router or switch model and Cisco IOS Software version, the
102
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
commands available and output produced might vary from what is
shown in this lab.
Required Resources
• 3 routers (Cisco IOS Release 15.2 or comparable)
• Serial and Ethernet cables
Step 0: Suggested starting configurations.
a. Apply the following configuration to each router along with
the appropriate hostname. The exec-timeout 0 0 command should
only be used in a lab environment.
Router(config)# no ip domain-lookup
Router(config)# line con 0
Router(config-line)# logging synchronous
Router(config-line)# exec-timeout 0 0
Step 1: Configure addressing and loopbacks.
Using the addressing scheme in the diagram, apply IP addresses
to the serial interfaces on R1, R2, and R3. Create loopbacks on
R1, R2, and R3, and address them according to the diagram.
R1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# interface loopback 1
R1(config-if)# description Engineering Department
R1(config-if)# ip address 10.1.1.1 255.255.255.0
R1(config-if)# interface loopback 30
R1(config-if)# ip address 172.30.30.1 255.255.255.252
R1(config-if)# interface serial 0/0/0
R1(config-if)# ip address 10.1.12.1 255.255.255.0
R1(config-if)# clockrate 64000
R1(config-if)# no shutdown
103
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R2(config-if)# description Marketing Department
R2(config-if)# ip address 10.1.2.1 255.255.255.0
R2(config-if)# interface serial 0/0/0
R2(config-if)# ip address 10.1.12.2 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# interface serial 0/0/1
R2(config-if)# ip address 10.1.23.2 255.255.255.0
R2(config-if)# clockrate 64000
R2(config-if)# no shutdown
104
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Note: The default behavior of OSPF for loopback interfaces is to
advertise a 32-bit host route. To ensure that the full /24
network is advertised, use the ip ospf network point-to-point
command. Change the network type on the loopback interfaces so
that they are advertised with the correct subnet.
R1(config)# router ospf 1
R1(config-router)# router-id 1.1.1.1
R1(config-router)# network 10.1.12.0 0.0.0.255 area 0
R1(config-router)# network 10.1.1.0 0.0.0.255 area 0
R1(config-router)# exit
R1(config)# interface loopback 1
R1(config-if)# ip ospf network point-to-point
R1(config-if)# end
105
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
106
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
R1#
b. Verify that you can see OSPF neighbors in the show ip ospf
neighbors output on both routers. Verify that the routers can
see each other’s loopback with the show ip route command.
R1# show ip ospf neighbor
107
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
2.2.2.2 0 FULL/ - 00:00:30 10.1.12.2
Serial0/0/0
108
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R2# show ip ospf neighbor
Again, the show ip ospf command should used to verify the OSPF
router ID. If the OSPF router ID is using a 32-bit value other
than the one specified by the router-id command, you can reset
the router ID by using the clear ip ospf pid process command and
re-verify using the command show ip ospf.
111
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
+ - replicated route, % - next hop override
Routing loops might occur because any route could get advertised
to different areas. By passing through the backbone, type 3 LSAs
are generated by their respective areas and not sent back in.
You can get around this situation by creating a virtual link. A
virtual link is an OSPF feature that creates a logical extension
of the backbone area across a regular area, without actually
adding any physical interfaces into area 0.
Note: Prior to creating a virtual link you need to identify the
OSPF router ID for the routers involved (R2 and R3), using a
command such as show ip ospf, show ip protocols or show ip ospf
interface. The output for the show ip ospf command on R1 and R3
is shown below.
R2# show ip ospf
112
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Routing Process "ospf 1" with ID 2.2.2.2
<output omitted>
113
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
ia - IS-IS inter area, * - candidate default, U - per-
user static route
o - ODR, P - periodic downloaded static route, H - NHRP,
l - LISP
a - application route
+ - replicated route, % - next hop override
114
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
3.3.3.3 0 FULL/ - - 10.1.23.3
OSPF_VL0
1.1.1.1 0 FULL/ - 00:00:38 10.1.12.1
Serial0/0/0
3.3.3.3 0 FULL/ - 00:00:35 10.1.23.3
Serial0/0/1
115
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Suppress hello for 1 neighbor(s)
<output omitted>
When are virtual links useful?
116
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 -
IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-
user static route
o - ODR, P - periodic downloaded static route, H - NHRP,
l - LISP
a - application route
+ - replicated route, % - next hop override
117
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Link ID ADV Router Age Seq# Checksum
Link count
1.1.1.1 1.1.1.1 98 0x80000006 0x00AA98
3
2.2.2.2 2.2.2.2 608 0x80000006 0x00AF0B
4
3.3.3.3 3.3.3.3 1 (DNA) 0x80000002 0x00ADFC
1
118
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
192.168.100.0 3.3.3.3 43 0x80000002 0x00263E
R2#
119
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
L 10.1.23.3/32 is directly connected, Serial0/0/1
O 192.168.100.0/22 is a summary, 00:02:17, Null0
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, Loopback100
L 192.168.100.1/32 is directly connected, Loopback100
192.168.101.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.101.0/24 is directly connected, Loopback101
L 192.168.101.1/32 is directly connected, Loopback101
192.168.102.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.102.0/24 is directly connected, Loopback102
L 192.168.102.1/32 is directly connected, Loopback102
192.168.103.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.103.0/24 is directly connected, Loopback103
L 192.168.103.1/32 is directly connected, Loopback103
R3#
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
121
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
o - ODR, P - periodic downloaded static route, H - NHRP,
l - LISP
a - application route
+ - replicated route, % - next hop override
R3#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M -
mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 -
IS-IS level-2
122
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
ia - IS-IS inter area, * - candidate default, U - per-
user static route
o - ODR, P - periodic downloaded static route, H - NHRP,
l - LISP
a - application route
+ - replicated route, % - next hop override
123
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
C 192.168.103.0/24 is directly connected, Loopback103
L 192.168.103.1/32 is directly connected, Loopback103
R3#
n. You should be able to ping the interface connecting to the
Internet from R2 or R3, despite never being advertised into
OSPF.
R3# ping 172.30.30.1
124
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
end
Router R2
hostname R2
!
interface Loopback2
description Marketing Department
ip address 10.1.2.1 255.255.255.0
!
interface Serial0/0/0
ip address 10.1.12.2 255.255.255.0
no shutdown
!
interface Serial0/0/1
ip address 10.1.23.2 255.255.255.0
clock rate 64000
no shutdown
!
end
Router R3
hostname R3
!
interface Loopback3
description Accounting Department
ip address 10.1.3.1 255.255.255.0
!
interface Loopback100
ip address 192.168.100.1 255.255.255.0
125
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
!
interface Loopback101
ip address 192.168.101.1 255.255.255.0
!
interface Loopback102
ip address 192.168.102.1 255.255.255.0
!
interface Loopback103
ip address 192.168.103.1 255.255.255.0
!
interface Serial0/0/1
ip address 10.1.23.3 255.255.255.0
no shutdown
!
end
126
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
ip address 10.1.12.1 255.255.255.0
clock rate 64000
no shutdown
!
router ospf 1
router-id 1.1.1.1
network 10.1.1.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0
default-information originate always
!
end
Router R2
hostname R2
!
interface Loopback2
description Marketing Department
ip address 10.1.2.1 255.255.255.0
ip ospf network point-to-point
!
interface Serial0/0/0
ip address 10.1.12.2 255.255.255.0
no shutdown
!
interface Serial0/0/1
ip address 10.1.23.2 255.255.255.0
clock rate 64000
no shutdown
!
router ospf 1
127
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
router-id 2.2.2.2
area 23 virtual-link 3.3.3.3
network 10.1.2.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 23
!
end
Router R3
hostname R3
!
interface Loopback3
description Accounting Department
ip address 10.1.3.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback100
ip address 192.168.100.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback101
ip address 192.168.101.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback102
ip address 192.168.102.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback103
ip address 192.168.103.1 255.255.255.0
128
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
ip ospf network point-to-point
!
interface Serial0/0/1
ip address 10.1.23.3 255.255.255.0
no shutdown
!
router ospf 1
router-id 3.3.3.3
area 23 virtual-link 2.2.2.2
area 100 range 192.168.100.0 255.255.252.0
network 10.1.3.0 0.0.0.255 area 23
network 10.1.23.0 0.0.0.255 area 23
network 192.168.100.0 0.0.3.255 area 100
!
end
RADIUS Server
Show Commands
R1# show aaa servers
R1# show radius server-group all
Dialer Interface
Router (config-if)#ip address negotiated
Router (config-if)#encapsulation ppp
Router (config-if)#dialer pool number
129
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Switching
VLANS
Crear un Vlan
Switch# configure terminal
Switch(config)# vlan 5
Switch(config-vlan)# name Engineering
Switch(config-vlan)# exit
Borrando VLANs
DLS1(config)# inter fa 0/1
DLS1(config-if)# no switchport access vlan 55
DLS1(config-if)# exit
DLS1(config)# no vlan 55
DLS1(config)# end
131
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Switch(config-vlan)# private-vlan isolated
Switch(config)# vlan 100
Switch(config-vlan)# private-vlan association 200,201,300
Switch(config)# interface vlan 100
Switch(config-if)# private-vlan mapping add 200,201,300
Troubleshooting
Switch# show vlan id [numero de vlan]
Switch# show running-config interface FastEthernet [interface]
Switch# show interfaces f0/18 switchport
Switch# show mac-address-table interface GigabitEthernet 0/1
vlan 1
ALS1# show interface trunk
Vlan de Voz
Switch(config)# interface type mod/num
132
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Switch(config-if)# switchport voice vlan {vlan-id | dot1p |
untagged | none}
VTP
Configurando Dominios
Servidor
DLS1(config)# vtp domain SWLAB
DLS1(config)# vtp password cisco
Cliente
ALS1(config)# vtp domain Cabrillo
ALS1(config)# vtp password cisco
EtherChannel
Configurando EtherChannel Load Balancing
Switch(config)# port-channel load-balance src-dst-ip
133
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Asignando puertos y configurando el protocolo
DLS1(config)# interface range fa 0/1 - 4
DLS1(config-if-range)# channel-protocol ?
lacp Prepare interface for LACP protocol
pagp Prepare interface for PAgP protocol
DLS1(config-if-range)# channel-protocol pagp
Configurando LACP
DLS1(config)# interface range fa 0/11 - 12
DLS1(config-if-range)# switchport trunk encapsulation dot1q
DLS1(config-if-range)# switchport mode trunk
DLS1(config-if-range)# channel-protocol lacp
DLS1(config-if-range)# channel-group 1 mode active
DLS1(config-if-range)# lacp port-priority 99
134
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
DLS2(config)# interface range fa 0/11 - 12
DLS2(config-if-range)# switchport trunk encapsulation dot1q
DLS2(config-if-range)# channel-protocol lacp
DLS2(config-if-range)# channel-group 1 mode passive
Troubleshooting
DLS1# show etherchannel protocol
DLS1# show etherchannel summary
Configurando PortFast
Access2(config)#interface range fa 0/10 - 24
Access2(config-if-range)#switchport mode access
<Previously configured>
135
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Access2(config-if-range)#spanning-tree portfast
O
Access2(config)#spanning-tree portfast default
ADVERTENCIA: PortFast sólo se debe activar en los puertos que
están conectados a un solo host.
Implementar PVST
Switch(config)# spanning-tree mode pvst
Implementar PVST+
Switch(config)# spanning-tree mode rapid-pvst
Switch(config-if)# spanning-tree portfast
136
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Implementar Multiple Spanning Tree Protocol (MSTP)
Troubleshooting
Switch(config)# show spanning-tree inteface type mod/num
portfast
137
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
DHCPv6
COMANDOS EJEMPLO
Router(config)#ipv6 unicast- R1(config)#ipv6 unicast-routing
routing
Router(config)#ipv6 dhcp pool R1(config)#ip dhcp pool IPV6-
pool-name STATELESS
Router(config-dhcpv6)# R1(config-dhcpv6)#
Router(config-dhcpv6)#dns-server R1(config-dhcpv6)#dns-server
dns-server-address 2001:db8:cafe:aaaa::5
Router(config-dhcpv6)#domain-name R1(config-dhcpv6)#domain-name
domain-name example.com
Router(config)#interface type R1(config)#interface g0/1
number R1(config-if)#ipv6 dhcp server
Router(config-if)#ipv6 dhcp IPV6-STATELESS
server pool-name R1(config-if)#ipv6 nd other-
Router(config-if)#ipv6 nd other- config-flag
config-flag ----------------o----------------
--- Managed configuration --
R1(config-if)#ipv6 nd managed- R1(config-if)#ipv6 nd managed-
config-flag config-flag
DHCPv6 Relay Agent Commands
R1(config)#interface g0/0 R1(config)#interface g0/0
R1(config-if)#ipv6 dhcp relay R1(config-if)#ipv6 dhcp relay
destination 2001:db8:cafe:1::6 destination 2001:db8:cafe:1::6
R1(config-if)#end R1(config-if)#end
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 dhcp pool IPV6-STATELESS
R1(config-dhcpv6)#dns-server 2001:db8:cafe:aaaa::5
R1(config-dhcpv6)#domain-name example.com
R1(config-dhcpv6)#exit
R1(config)#interface g0/1
R1(config-if)#ipv6 address 2001:db8:cafe:1::1/64
R1(config-if)#ipv6 dhcp server IPV6-STATELESS
R1(config-if)#ipv6 nd other-config-flag
R3(config)#interface g0/1
R3(config-if)#ipv6 enable
R3(config-if)#ipv6 address autoconfig
138
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R3(config-if)#
Troublesooting
R1#show ipv6 dhcp pool
DHCPv6 pool: IPV6-STATELESS
DNS server: 2001:DB8:CAFE:AAAA::5
Domain name: example.com
Active clients: 0
R3#show ipv6 interface g0/1
139
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R1#show ipv6 dhcp binding
WAN
Comandos PPP
Configurar PPP
Router#configure terminal
Router(config)#interface serial 0/0
Router(config-if)#encapsulation ppp
Verificación de PPP
140
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Configuración de la autenticación (PAP o CHAP)
Rtr(config)# username remote-host password remote-password
Esto debe coincidir con el nombre de usuario PAP enviado por PPP
en el host remoto.
Rtr(config-if)# ppp pap sent-username this-host username
password this-host-password
Las contraseñas no necesitan coincidir entre el control remoto y
el host. No debe ser lo mismo que la contraseña de enable-
Secret.
Router(config-if)#ppp authentication {chap | chap pap | pap chap
| pap}
Dos opciones: primera opción | segunda opción
Si ambos métodos están habilitados, se solicitará el primer
método especificado durante la negociación de vínculos.
Si el par sugiere usar el segundo método o simplemente rechaza
el primer método, entonces se intentará el segundo método.
141
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Configuring PPP Multilink (MLP)
Router(config)#interface serial 0/0
Router(config-if)#encapsulation ppp
Router(config-if)#ppp multilink
142
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Error Detection
Router(config)#interface serial 0/0
Router(config-if)#encapsulation ppp
Router(config-if)#ppp quality percentage
Troubleshooting
Router1#show interfaces s0/0
Router1#show controllers serial 0/0
Router1#debug ppp negotiation
Comando para verificar el tipo de negociacion en la
autenticacion chap
143
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
BGP
Puerto 179 TCP
144
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Configuración de EBGP
Router(config)#router bgp AS-number
RTA(config)#router bgp 100
Router(config-router)#neighbor ip-address remote-as AS-number
RTA(config-router)#neighbor 10.1.1.1 remote-as 200
RTA(config)#router bgp 100
Router(config-router)#network 192.0.2.0 mask 255.255.255.0
Show Commands
R1# show ip interface brief
R1# show ip bgp
R1# show ip bgp neighbors
R1# show ip bgp summary
R1# show tcp brief
Primero, el comando show tcp brief muestra todas las conexiones
TCP que termnan en este enrutador (RI ya sea BGP o no. Cada
linea enumera la dirección IP del enrutador local)
R1# show ip route [network mask] longer-prefixes
R1# show ip route 192.0.2.0 255.255.255.0 longer-prefixes
Directamente el proceso BGP añadira a la entrada BGP con
prefijo/mascara si el prefijo/mascara existe en la table IP
Alta disponibilidad
HSRP
Configuración HSRP Switchs
Switch(config-if)#standby group-number ip virtual-ip-address
Switch(config-if)#standby version 2 ------se configura la
versión 2 HSRP por defecto viene la versión 1----
145
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Switch(config-if)#standby group-number priority priority-value
El valor de prioridad indica el número que prioriza un enrutador
de reserva potencial. La gama es 0 a 255; el valor por defecto
es 100
Switch(config-if)#standby group-number preempt [delay [minimum
seconds] [reload seconds]]
Minimo: 0-3600
Reload: 0-3600
Para habilitar un enrutador para reanudar el estado activo
después de un cambio de estado, introduzca el siguiente comando
en el modo de configuración de interfaz
Switch(config-ig)# standby group timers [msec] hellotime [msec]
holdtime
Autenticación MD5
Switch(config-if)#standby group-number authentication md5 key-
string [0|7] string
Switch(config-if)#standby 1 authentication md5 key-string
password
Hellotime
Default = 3 seconds
Value varies from 1 to 255.
Holdtime
Default = 10 seconds
Value varies from 1 to 255
group-number: se refiere al número de grupo de espera HSRP, el
número de grupo puede variar entre 0 y 255.
virtual-ip-address: indica la dirección IP virtual del grupo
HSRP
146
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
DLS1 DLS2
interface vlan 10 interface vlan 10
ip add 172.16.10.201 ip add 172.16.10.202
255.255.255.0 ---- Ip deben estar 255.255.255.0 ---- Ip deben
en la misma subnet------ estar en la misma subnet------
standby 1 priority 200 standby 1 priority 100
standby 1 ip 172.16.10.1 standby 1 ip 172.16.10.1
standby 1 preempt standby 1 preempt
R1 R2
interface gig 0/2 interface gig 0/2
ip address 10.10.10.10 ip address 10.10.10.11
255.255.255.0 255.255.255.0
standby 1 priority 120 standby 1 priority 110
standby 1 preempt standby 1 preempt
standby 1 ip 10.10.10.1 standby 1 ip 10.10.10.1
147
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Configurar HSRP Interface Tracking
Router A Router B
interface Ethernet0 interface Ethernet0
ip address 171.16.6.5 /24 ip address 171.16.6.6 /24
no ip redirects no ip redirects
standby 1 priority 105 standby 1 priority 100
standby 1 preempt standby 1 preempt
standby 1 ip 171.16.6.100 standby 1 ip 172.16.6.100
standby 1 track Serial1 standby 1 track Serial1
interface Serial1 interface Serial1
ip address 171.16.2.5 /24 ip address 171.16.7.6 /24
Troubleshooting
R1#show standby brief
R1#show standby
148
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
VRRP (Virtual Router Redundancy Protocol)
RouterA(config)#interface fa 0/1
RouterA(config-if)#ip address 10.0.0.1 255.255.255.0
RouterA(config-if)#vrrp 1 ip 10.0.0.1
RouterA(config-if)#vrrp 1 priority 255
RouterB(config)#interface fa 0/1
RouterB(config-if)#ip address 10.0.0.2 255.255.255.0
RouterB(config-if)#vrrp 1 ip 10.0.0.1
RouterA(config-if)#vrrp 1 priority 200
RouterC(config)#interface fa 0/1
RouterC(config-if)#ip address 10.0.0.3 255.255.255.0
RouterC(config-if)#vrrp 1 ip 10.0.0.1
RouterA(config-if)#vrrp 1 priority 100
GBLP
Configurar GBLP
Switch(config-ig)# glbp group timers [msec] hellotime [msec]
holdtime
RouterA(config)#interface vlan 21
RouterA(config-if)#ip address 10.21.8.1 255.255.255.0
RouterA(config-if)#glbp 21 ip 10.21.8.10
RouterA(config-if)#glbp 21 priority 254
149
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
RouterB(config)#interface fa 0/1
RouterB(config-if)#ip address 10.21.8.2 255.255.255.0
RouterA(config-if)#glbp 21 ip 10.21.8.10
RouterA(config-if)#glbp 21 priority 100
Netflow IOS
R1#show ip cache Flow
SPAN
Monitor Session 1
Switch1(config)# monitor session 1 source interface Gi1/0/11 -
12 rx
Switch1(config)#monitor session 1 destination interface Gi1/0/21
Monitor Session 2
150
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Switch2(config)# monitor session 2 source vlan 11
Switch2(config)#monitor session 2 destination interface Gi1/0/22
Configurar SPAN
Switch(config)#monitor session 1 source interface F0/1
Switch(config)#monitor session 1 destination interface F0/2
Troubleshooting
S1# show monitor session all
151
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Seguridad
Switch Security
BPDU GUARD
Root Guard
Distribution1(config)#interface fa 0/3
Distribution1(config-if-range)#spanning-tree guard root
Distribution1(config)#interface gig 0/2
Distribution1(config-if-range)#spanning-tree guard root
Distribution2(config)#interface fa 0/3
Distribution2(config-if-range)#spanning-tree guard root
Distribution2(config)#interface gig 0/1
Distribution2(config-if-range)#spanning-tree guard root
152
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Access2(config)#no spanning-tree uplinkfast
Port Security
S1(config)#interface FastEthernet0/2
S1(config-if)# switchport port-security
S1(config-if)# switchport port-security maximum 6
S1(config-if)# switchport port-security aging time 5
S1(config-if)# switchport port-security mac-address
0000.0000.000b
S1(config-if)# switchport port-security mac-address sticky
Opcional habilita aprendizaje stick sobre la interfaz
S1(config-if)# switchport port-security violation shutdown
Switch(config-if)# switchport port-security [maximum value]
violation {protect | restrict | shutdown} mac-address mac-
address
153
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
DHCP SNOOPING
154
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
IP Source Guard
Switch(config)# interface fastethernet0/1
Switch(config-if)# ip verify source
Ejemplo
Switch(config)# interface fastethernet0/1
Switch(config-if)# ip verify source port-security
155
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Switch(config-if)#ip arp inspection trust
Switch(config)#ip arp inspection validate
Ejemplo
TACACS+
RTA(config)#tacacs-server host 192.168.0.11
RTA(config)#tacacs-server host 192.168.0.12
RTA(config)#tacacs-server key topsecret
RTA(config)# aaa new-model
RTA(config)#aaa authentication enable default group tacacs+
enable none
Radius
RTB(config)#radius-server host 192.168.0.22
RTB(config)#radius-server host 192.168.0.23
RTB(config)#radius-server key topsecret
RTB(config)# aaa new-model
157
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
RTB(config)#aaa authentication login default local
RTB(config)#aaa authentication login PASSPORT group radius local
none
The default list se aplica a la consola (con 0), todas las
líneas TTY incluyendo la línea auxiliar o el puerto AUX, y todas
las líneas VTY.
Para reemplazar la lista de métodos predeterminada, aplique una
lista con nombre a una o varias de estas líneas.
RTB es configurado con el comando radius-server host y radius-
server key porque la lista de métodos con nombre se basa en
RADIUS.
El comando aaa authentication login default local configura el
método por defecto como username/password database
Este método se aplica a todos los ttys, VTYs y la consola de
forma predeterminada.
El comando aaa authentication login PASSPORT group radius local
none crea una lista de métodos con nombre denominada Passport.
El primer método de esta lista es el group of RADIUS servers
Si RTB no puede ponerse en contacto con un servidor RADIUS,
entonces RTB intentará contactar con la base de datos local de
usuario/contraseña.
Por último, la palabra clave None asegura que, si no hay nombres
de usuario en la base de datos local, se concede acceso al
usuario.
Accounting
Switch(config)# aaa new-model
Switch(config)# aaa accounting exec default start-stop group
tacacs+
Switch(config)# line vty 0 4
Switch(config-line)# accounting exec default
QoS
Configurando CoS trust using the IOS
switch(config)# mls qos
switch(config-if)# mls qos trust cos
Auto QoS
Switch(config)# interface type mod/num
Switch(config-if)# auto qos voip {cisco-phone | cisco-softphone
| trust}
160
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Switch(config-cmap)# match access-group name test
Switch(config-cmap)# match interface fastethernet 0/1
161
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
switch(config-if)# mls qos cos default-cos
162
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Uso de una ACL IP para definir el DSCP o la precedencia
Cree los criterios de condición.
163
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Configuración Class-Based Weighted Fair Queuing
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 64
Router(config-pmap-c)# queue-limit 30
164
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
router(config-pmap)# class voice
router(config-pmap-c)# priority 50
router(config-pmap)# class bar
router(config-pmap-c)# bandwidth 20
router(config-pmap)# class class-default
router(config-pmap-c)# fair-queue
Multicast
PIM
1. En primer lugar, habilite enrutamiento multicast
(deshabilitado de forma predeterminada):
165
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Router(config)#ip multicast-routing
Configuración RPs
Router(config)#ip pim rp-address <address>
Auto RP
• Configure un agente de asignación para que aprenda acerca
de todos los candidatos RPS, de modo que pueda compicar
una lista de los routers RP para los que grpups y anuncie
la lista a los enrutadores de cliente.
Router(config)#ip pim send-rp-discovery scope <ttl>
• Configure un candidato RP
Router(config)#ip pim rp-candidate <interface>
CGMP
Router(config-if)#ip cgmp
Switch(config) cgmp
166
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Switch(enable) set cgmp enable
VPN
GRE
R1(config)#interface tunnel number global
R1(config)#tunnel mode gre ip (opcional)
R1(config-if)#ip address ip mask
R1(config-if)#tunnel source ip address or interface id
R1(config-if)# tunnel destination ip address
Habilitar las rutas del tunnel en los protocolos de enrutamiento
sea dinámico o estático
Ejemplo
167
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
IPSEC VPN
169
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Paso 5 configurar IPsec transform set Lifetimes
R1(config)#crypto ipsec transform-set 50 esp-aes esp-sha-hmac
ah-sha-hmac
170
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Paso 10 Probar
R1(config)#ping 172.16.3.1 source 172.16.1.1
171
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
MPLS
Router R2
hostname R2
!
no ip domain lookup
!
interface GigabitEthernet0/0
ip address 192.168.2.1 255.255.255.0
!
interface Serial0/0/1
ip address 10.0.0.6 255.255.255.252
clock rate 64000
!
router ospf 1
network 10.0.0.4 0.0.0.3 area 0
network 192.168.2.0 0.0.0.255 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
end
Router R3
hostname R3
!
interface Serial0/0/0
ip address 10.0.0.1 255.255.255.252
clock rate 64000
173
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
!
interface Serial0/0/1
ip address 10.0.0.5 255.255.255.252
!
interface Serial0/1/0
ip address 10.0.0.9 255.255.255.252
clock rate 64000
!
router ospf 1
network 10.0.0.0 0.0.0.255 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
end
Router R4
hostname R4
!
no ip domain lookup
!
interface GigabitEthernet0/0
ip address 192.168.3.1 255.255.255.0
!
interface Serial0/0/0
ip address 10.0.0.10 255.255.255.252
!
router ospf 1
network 10.0.0.8 0.0.0.3 area 0
network 192.168.3.0 0.0.0.255 area 0
174
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
!
line con 0
exec-timeout 0 0
logging synchronous
end
175
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Neighbor ID Pri State Dead Time Address
Interface
192.168.3.1 0 FULL/ - 00:00:32 10.0.0.10
Serial0/1/0
192.168.2.1 0 FULL/ - 00:00:38 10.0.0.6
Serial0/0/1
192.168.1.1 0 FULL/ - 00:00:32 10.0.0.2
Serial0/0/0
R3#
176
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R3#
177
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
56/58/68 ms
R1# ping 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
52/55/56 ms
R1#
179
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R3(config-router)# exit
R3(config)#
180
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R3#
181
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R3#
182
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Name Default RD
Interfaces
SharedSites <not set> Se0/0/0
Se0/0/1
LoneSite <not set> Se0/1/0
R3#
183
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Router R1
184
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
R1# ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
56/56/56 ms
R1# ping 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2
seconds:
.....
Success rate is 0 percent (0/5)
R1#
Router R3
185
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
Device Configurations (Instructor version)
Router R3
hostname R3
!
no ip domain lookup
!
interface Serial0/0/0
ip vrf forwarding SharedSites
ip address 10.0.0.1 255.255.255.252
clock rate 64000
!
interface Serial0/0/1
ip vrf forwarding SharedSites
ip address 10.0.0.5 255.255.255.252
!
interface Serial0/1/0
ip vrf forwarding LoneSite
ip address 10.0.0.9 255.255.255.252
clock rate 64000
!
router ospf 1 vrf SharedSites
network 10.0.0.0 0.0.0.255 area 0
!
router ospf 2 vrf LoneSite
network 10.0.0.0 0.0.0.255 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
186
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
187
Ing. Gerardo Morales
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com