SlideShare a Scribd company logo

Ccna configuracion y comandos

Download as DOC, PDF
Alfonso Saucedo, profile picture
Alfonso Saucedo

This document provides information on commands and configuration for Cisco routers and switches. It discusses commands for viewing interface status, configuration files, routing tables, and protocols like OSPF, EIGRP, VTP, and ACLs. It also covers basic router configuration, IP addressing, static and dynamic routing, switch port configuration, and CDP for gathering neighbor device information.

Technology
1 of 97
Downloaded 28 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
Reference for commands for Cisco products http://www.cisco.com/univercd/home/home.htm CLI Password Configuration Cisco IOS Software Command Help IOS stores the commands that you type in a history buffer, storing ten commands by default. You can change the history size with the terminal history size x user exec command, where x is the number of commands for the CLI to recall; this can be set to a value between 0 and 256. You then can retrieve commands so that you do not have to retype the commands.
Key Sequences for Command Edit and Recall IOS enables enhanced editing mode by default and has for a long time. However, you can turn off these keystrokes with the no terminal editing exec command, and turn them back on with the terminal editing command. CLI Configuration Mode Versus Exec Modes
Cisco Router Memory Types Locations for Copying and Results from Copy Operations Configuration show Commands Getting into Setup Mode
The Cisco IOS Software Boot Sequence 1. The router performs a power-on self-test (POST) to discover and verify the hardware. 2. The router loads and runs bootstrap code from ROM. 3. The router finds the IOS or other software and loads it. 4. The router finds the configuration file and loads it into running config. Three OS Categories for Routers Two configuration tools tell the router what OS to load: X The configuration register X The boot system configuration command
On most Cisco routers, the default Configuration Register setting is hexadecimal 2102. Binary Version of Configuration Register, Value Hex 2102 The boot field is the name of the low-order 4 bits of the configuration register. This field can be considered a 4-bit value, represented as a single hexadecimal digit. (Cisco represents hexadecimal values by preceding the hex digit[s] with 0x—for example, 0xA would mean a single hex digit A.) If the boot field is hex 0, ROMMON is loaded. If the boot field is hex 1, RXBOOT mode is used. For anything else, it loads a full- featured IOS. But which one? The second method used to determine where the router tries to obtain an IOS image is through the use of the boot system configuration command. If the configuration register calls for a full-featured IOS (boot field 2-F), the router reads the startup-configuration file for boot system commands. If there are no boot system commands, the router takes the default action, which is to load the first file in Flash memory. Table 7-6 summarizes the use of the configuration register and the boot system command at initialization time, when the boot field’s value implies that the router will look for boot commands. The Boot System Commands Impact of the boot system Command on Choice of IOS: Boot Field Between 2 and F
Operating Cisco LAN Switches 2950 Front Panel and LEDs 2950 Switch LEDs and Meaning
Basic Router Configuration and Operation Configuring IP Addresses IP Configuration Commands
IP EXEC Commands
Basic Administrative Configuration On most routers, you would configure at least the following: X A host name for the router X Reference to a DNS so that commands typed on the router can refer to host names instead of IP addresses X Set a password on the console port X Set a password for those Telnetting to the router X Set the enable secret password to protect access to privileged mode X Create a banner stating an appropriate warning, depending on the security practices at that company To make the router ask for a password at the console, you need the login console subcommand; the password console subcommand tells the router what password is required at the console. Similar logic applies to the login and password vty subcommands. Two other things that you might want to configure habitually on routers are the console timeout and the synchronization of unsolicited messages. The exec timeout minutes seconds command sets the inactivity timeout. Also, unsolicited informational messages and output from the IOS debug command both show up at the console by default. These same messages can be seen at the aux port or when Telnetting into a router by using the terminal monitor command. The logging synchronous line subcommand tells the router not to interrupt the output of a show command with these unsolicited messages, letting you read the output
of the command that you typed before the router displays the other messages. logging synchronous can make your life a lot easier when using a router. Syslog messages also can be sent to another device. Two alternatives exist: sending the messages to a syslog server, and sending the messages as SNMP traps to a management station. The logging host command, where host is the IP address or host name of the syslog server, is used to enable sending messages to the external server. After SNMP is configured, the snmp-server enable traps command tells the IOS to forward traps, including syslog messages. Configuring IP Addresses The ip address interface subcommand configures the IP address for each interface. Because each interface has an IP address, the interface configuration command precedes each ip address command, identifying to IOS the interface to which the IP address should be assigned. Prefix Notation This notation, called prefix notation, denotes the subnet mask in terms of the number of 1 bits in the subnet mask. The number of bits of value binary 1 in the mask is considered to be the prefix. Prefix notation is simply a shorter way to write the mask. If you prefer to see the subnet masks instead of the prefix, simply use the terminal ip netmask-format decimal exec command. Seeding the Routing Table with Connected IP Routes The Cisco IOS routes IP packets by default—in other words, you do not need to type any commands to tell the router to enable IP routing. Before the router will route packets in or out an interface, the interface must have an IP address. The problem with the configurations shown so far is that the routers do not know routes to all the subnets in the network. The ultimate solution to this problem is to configure a dynamic routing protocol. Routers add routes to their routing tables for the subnets associated with their own physical interfaces. The show ip route command lists routes to the subnets connected to the router. The output from the command lists a C in the first column, which, according to the notes at the beginning of the command output, means “connected.” In other words, this router is connected directly to these subnets. The show ip interfaces brief command lists one line per interface, with IP address information and interface status. The show interfaces {interface} command lists more details about a single interface, with most of those details about the interface itself. Finally, the show ip interfaces {interface} command shows detailed information about the IP protocol running over interface. IOS adds connected routes to the routing table that meet the following requirements: X The interface has been configured with a valid IP address. X The interface is in an up and up status according to the various interface-oriented show commands. All three of the show commands that list interface status information use two designations of up and up. The first status keyword (the first of the two ups in this case) generally refers to OSI Layer 1 status. The second status word generally refers to the status of OSI Layer 2. Another instance in which a router might put an interface in status up and down is when the router does not receive keepalive messages on a regular basis. Cisco routers send, and expect to receive, proprietary keepalive messages on each interface. The purpose of the keepalives is to know whether the interface is usable. You can disable keepalives with the no keepalive interface subcommand, or you can change the timer with the keepalive interval interface subcommand.
To bring down an interface for administrative reasons and, as a side effect, remove the connected route from the routing table, you can use the shutdown interface subcommand. The no shutdown command brings the interface back up. Bandwidth, Clock Rate, and Serial Lines in the Lab To use a back-to-back WAN connection, one router must supply the clocking. The clock rate command sets the rate in bits per second on the router that has the DCE cable plugged into it. If no cable has been plugged in, the IOS accepts the command. If a DTE cable has been plugged in, IOS rejects the command. If you do not know which router has the DCE cable in it, you can find out by using the show controllers command. The bandwidth command tells IOS the speed of the link, in kilobits per second, regardless of whether the router is supplying clocking. The bandwidth setting does not change anything that the router does at Layer 1; instead, this setting is used by IOS software for other purposes. bandwidth defaults to T1 speed on serial interfaces. There is no default for clock rate, even with a DCE cable plugged in—it must be configured. IP Troubleshooting Features Internet Control Message Protocol TCP/IP includes a protocol specifically to help manage and control the operation of a TCP/IP network, called the Internet Control Message Protocol (ICMP). The ICMP protocol provides a wide variety of information about the health and operational status of a network. The ICMP messages sit inside an IP packet, with no transport layer header at all–so it is truly just an extension of the TCP/IP network layer. ICMP Message Types ICMP Echo Request and Echo Reply The ICMP echo request and echo reply messages are sent and received by the ping command. The echo request includes some data that can be specified by the ping command; whatever data is sent in the echo request is sent back in the echo reply. Destination Unreachable ICMP Message The ICMP Destination Unreachable message is sent when a message cannot be delivered completely to the application at the destination host. Because packet delivery can fail for many reasons, there are five separate unreachable functions (codes) using this single ICMP unreachable message. All five code types pertain directly to an IP, TCP, or UDP feature. ICMP Unreachable Codes
Codes That the ping Command Receives in Response to Its ICMP Echo Request IP Naming Commands IP Naming Commands
Telnet and Suspend The telnet IOS exec command enables you to Telnet from one Cisco device to another; in practical use, it is typically to another Cisco device. One of the most important features of the telnet command is the suspend feature. Telnet Command Options Cisco Discovery Protocol The Cisco Discovery Protocol (CDP) discovers basic information about neighboring routers and switches, without needing to know the passwords for the neighboring devices. CDP supports any LAN, HDLC, Frame Relay, and ATM interface—in fact, it supports any interface that supports the use of SNAP headers. The router or switch can discover Layer 2 and Layer 3 addressing details of neighboring routers without even configuring that Layer 3 protocol—this is because CDP is not dependent on any particular Layer 3 protocol. Devices that support CDP advertise their own information and learn information about others by listening for their advertisements. On media that support multicasts at the data link layer, CDP uses multicast; on other media, CDP sends a copy of the CDP update to any known data-link addresses. So, any CDP-
supporting device that shares a physical medium with another CDP-supporting device can learn about the other device. CDP discovers several useful details from the neighboring device: X Device identifier—Typically the host name X Address list—Network and data-link addresses X Port identifier—Text that identifies the port, which is another name for an interface X Capabilities list—Information on what type of device it is—for instance, a router or a switch X Platform—The model and OS level running in the device CDP is enabled in the configuration by default. The no cdp run global command disables CDP for the entire device, and the cdp run global command re-enables CDP. Likewise, the no cdp enable interface subcommand disables CDP just on that interface, and the cdp enable command switches back to the default state of CDP being enabled. The show cdp command has four options. THe show cdp neighbor command lists each neighbor, with one line of output per neighbor. The show cdp entry fred command lists the details learned by CDP about the neighbor whose host name is fred. Another command that lists the detailed information is the show cdp neighbor detail command, which is in the same format as show cdp entry but lists the information for every neighbor. Turning off CDP no cdp run (general) no cdp enable (para una interface) Gathering CDP Timers and Holdtime Information show cdp cdp timer cdp holdtime Gathering Neighbor Information show cdp neighbor show cdp neighbor detail show cdp entry * Gathering Interface Traffic Information show cdp traffic Gathering Port and Interface Information show cdp interface Managing Configuration Files copy source destination The source and the destination parameters can be running-config, startup-config, or tftp for RAM, NVRAM, and a TFTP server respectively. Two commands can be used to erase the contents of NVRAM. These are the write erase command, which is the older command, and the erase startup-config command, which is the newer command. Verifying Flash Memory show flash Backing Up the Cisco IOS
copy flash tftp Restoring or Upgrading the Cisco IOS Software copy tftp flash the router must be reloaded. Backing Up and Restoring the Cisco Configuration copy run start copy running-config tftp copy startup-config tftp show running-config Static Routing ip route destination_ip_address subnet_mask { ip-address | interface } [ distance ] Verifying Routing Tables show ip route clear ip route Configuring OSPF The commands used to configure OSPF are: • router ospf < process_number > where process_number is a number local to the router. This command configures OSPF as the routing protocol on the router. • network network_number wildcard_mask defines the networks that are to participate in the OSPF updates and the area that they reside in. • interface loopback < interface_number > ip address < ip_address > < subnet_mask >defines a loopback interface, which is a virtual interface, on the router. • ip ospf cost < cost > sets the default cost for the router. • auto-cost reference-bandwidth changes the OSPF cost formula. Note: The ip ospf cost command overrides the auto-cost reference-bandwidth command. Configuring EIGRP The commands used to configure EIGRP on a Cisco router are consistent with the other IP routing protocol commands. The EIGRP commands are: • router eigrp autonomous_system_number configures EIGRP as the routing protocol on the router. • network network_number [ wildcard_mask ] defines the networks that are to participate in the EIGRP updates. The [ wildcard_mask ] optional parameter identifies which interfaces are running EIGRP. • no network network_number [ wildcard_mask ] disables EIGRP. • no autosummary turns off automatic summarization. • ip summary address eigrp autonomous_system_number ip_address subnet_mask configures summarization at the interface level. • variance multiplier configures EIGRP to load-balance across unequal paths. • bandwidth line_speed overrides the default bandwidth settings on the links. VTP Configuration
Before VLANs can be configured, VTP must be configured. Configuring a VTP Management Domain • Switch# vlan database • Switch(vlan)# vtp domain domain_name To assign a switch to a management domain on a CLI-based switch, • Switch(enable) set vtp [ domain domain_name ] Configuring the VTP Mode • Switch# vlan database • Switch(vlan)# vtp domain domain_name • Switch(vlan)# vtp { server | client | transparent } • Switch(vlan)# vtp password password On a CLI-based switch, the following command can be used to configure the VTP mode: • Switch(enable) set vtp [ domain domain_name ] [ mode{ server | client | transparent }] [ password password ] Configuring the VTP Version • Switch# vlan database • Switch(vlan)# vtp v2-mode On a CLI-based switch, the VTP version number is configured using the following command: • Switch(enable) set vtp v2 enable Standard IP Access List Configuration • ip access-group {number | action [in | out]}, in which action can be either permit of deny and is used to enable access lists; and • access-class number | action [in | out], which can be used to enable either standard or extended access lists. The standard access list configuration can be verified using the following show commands: • show ip interface[type number], which includes a reference to the access lists enabled on the interface; • show access-lists [access-list-number | access-list-name], which shows details of configured access lists for all protocols; and • show ip access-list [access-list-number | access-list-name], which shows the access lists. Extended IP Access Control Lists • access-list access-list-number action protocol source source-wildcard destination destination-wildcard [log | log-input], which can be used to enable access lists; Basic Configuration and Operation Commands for the Cisco 2950 Switch Commands for Catalyst 2950 Switch Configuration
Ccna configuracion y comandos
Ccna configuracion y comandos
Basic Switch Operation Popular show Commands on a 2950 Switch
Ccna configuracion y comandos
Ccna configuracion y comandos
show interfaces fastethernet 0/13 command lists basic status and configuration information about fastethernet interface 0/13. show interfaces status lists the status of each interface in a single line, including the speed and duplex settings negotiated on that interface. show mac-address-table dynamic command lists all the dynamically learned entries in the bridging table. show mac-address-table shows both static and dynamic entries. show running-config command lists the default configuration. show startup-config erase startup-config copy running-config startup-config copy running-config startup-config
reload Typical Basic Administrative Configuration Basic Configuration of a 2950 Switch
Ccna configuracion y comandos
hostname name password password for the consol and vty(telnet) login commands tell the switch to require a password at the console and for Telnet sessions, enable password password enable secret password interface Fastethernet 0/5 command to enter interface configuration mode. duplex and speed commands tell the switch to force these settings rather than use the autonegotiated settings. shutdown puts an interface in a down status administratively no shutdown command brings the interface back up To configure the IP address, you first use the interface vlan 1 command, Next, the ip address command sets the IP address and subnet mask. ip default-gateway sets the default IP gateway for the switch Port Security Configuration To configure port security, you need to configure several things. You enable port security using the switchport port-security interface configuration command. Also, the 2950 switch IOS allows port security only on ports that do not connect to other switches. To designate an interface as not connecting to another switch, you use the switchport mode access command. Then you can statically configure the MAC addresses using the switchport portsecurity mac-address mac-address command.
Using Port Security to Define Correct MAC Addresses of Particular Interfaces switchport port-security mac-address
switchport mode access switchport port-security switchport port-security maximum you can configure up to 132 per interface using the switchport port- security maximum command. switchport port-security violation switchport portsecurity mac-address sticky tells the switch to learn the MAC address from the first frame sent into the switch, and then add the MAC address as a secure MAC to the running configuration show port-security interface fastethernet 0/1 show running-config Spanning Tree Protocol Configuration Cisco switches use STP by default. Configuration and Operations Commands from This Chapter for 2950 Switches Basic STP show Commands STP Status for the Network Shown in Figure 2-12 with Default STP Parameters
show spanning-tree Changing STP Port Costs and Bridge Priority Manipulating STP Port Cost and Bridge Priority
debug spanning-tree
spanning-tree cost 2 show spanning-tree spanning-tree vlan 1 root primary EtherChannel Configuration Configuring and Monitoring EtherChannel channel-group 1 mode on
show etherchannel 1 summary VLAN and Trunking Configuration 2950 VLAN Command List VLAN Configuration for a Single Switch Cisco 2950 switches use a slightly different configuration mode to configure VLAN and VTP information as compared to the other switch configuration commands. You use VLAN configuration mode, which is reached by using the vlan database enable mode EXEC command. So, instead of using the configure terminal enable mode command, you enter vlan database, after which you are placed in VLAN configuration mode. In VLAN configuration mode, you can configure VLAN information as well as VTP settings.
Ccna configuracion y comandos
vlan database vlan 2 name barney-2 exit apply abort switchport access vlan 2 switchport mode access interface range fastEthernet 0/9 - 12 switchport access vlan 3 if you had entered just the switchport access vlan commands before creating the VLANs in VLAN configuration mode, the switch would have automatically created the VLANs. show vlan brief show vlan show vlan id 2 VLAN Trunking Configuration Network with Two Switches and Three VLANs
Ccna configuracion y comandos
Ccna configuracion y comandos
switchport mode dynamic desirable 2950 Trunk Configuration Options with the switchport mode Command vtp domain fred show vtp show interfaces fastEthernet 0/17 switchport show interfaces fastEthernet 0/17 trunk Configuring and Testing Static Routes Sample Network Used in Static Route Configuration Examples
Ccna configuracion y comandos
Ccna configuracion y comandos
Configuring RIP and IGRP IP RIP and IGRP Configuration Commands
IP RIP and IGRP EXEC Commands Basic RIP and IGRP Configuration Sample Router with Five Interfaces
Completing the RIP Configuration from Example IGRP Configuration
Finally, the numbers between the brackets mention some very useful information. The first number represents the administrative distance, which is covered later in this chapter. The second number lists the metric associated with this route. IGRP uses the value set with the bandwidth command on each interface to determine the interface’s bandwidth. On LAN interfaces, the bandwidth command’s default values reflect the correct bandwidth. However, on serial interfaces, the bandwidth command defaults to 1544—in other words, T1 speed. (The bandwidth command uses units of kbps, so the bandwidth 1544 command sets the bandwidth to 1544 kbps, or 1.544 Mbps.) Examination of RIP and IGRP debug and show Commands Sample Three-Router Network with Subnet 10.1.2.0 Failing
Ccna configuracion y comandos
Ccna configuracion y comandos
The following list describes what happens at each point in the process: X POINT NUMBER 1—Albuquerque sends an update out Serial0, obeying split-horizon rules. Notice that 10.1.2.0, Yosemite’s Ethernet subnet, is not in the update sent out Albuquerque’s S0 interface. X POINT NUMBER 2—This point begins right after Yosemite’s E0 is shut down, simulating a failure. Albuquerque receives an update from Yosemite, entering Albuquerque’s S0 interface. The route to 10.1.2.0 has an infinite metric, which in this case is 16. X POINT NUMBER 3—Albuquerque formerly did not mention subnet 10.1.2.0 because of split-horizon rules (point 1). The update at point 3 includes a poisoned route for 10.1.2.0 with metric 16. This is an example of split horizon with poison reverse. X POINT NUMBER 4—Albuquerque receives an update in S1 from Seville. The update includes a metric 16 (infinite) route to 10.1.2.0. Seville does not suspend any splithorizon rules to send this route, because it saw the advertisement of that route earlier, so this is a simple case of route poisoning. Migrating to IGRP with Sample show and debug Commands
Ccna configuracion y comandos
Issues When Multiple Routes to the Same Subnet Exist By default, Cisco IOS software includes up to four equal-cost routes to the same subnet in the routing table —essentially as if maximum-paths 4 had been configured. You can configure maximum-paths as low as 1 or as high as 6. When RIP places more than one route to the same subnet in the routing table, the router balances the traffic across the various routes. The metric formula used for IGRP (and EIGRP) poses an interesting problem when considering equal- metric routes. IGRP can learn more than one route to the same subnet with different metrics; however, the
metrics are very unlikely to be equal, because the metric is actually calculated with a mathematical formula. So, with IGRP (and EIGRP), you can tell the routing protocol to think of metrics that are “pretty close” as being equal. To do so, Cisco IOS software uses the variance router subcommand to define how different the metrics can be for routes to be considered to have equal metrics. The variance command defines a multiplier; any metrics lower than the product of the lowest metric and the variance are considered equal. When IGRP places more than one route to the same subnet in the routing table, the router balances the traffic across the various routes in proportion to the metric values. You can choose to tell the router to use only the lowest-cost route using the traffic-share min router IGRP subcommand. This command tells the router that, even if multiple routes to the same subnet are in the routing table, it should use only the route that truly has the smallest metric. OSPF Configuration IP OSPF Configuration Commands IP OSPF EXEC Commands OSPF Single-Area Configuration Sample Network for OSPF Single-Area Configuration
router ospf 1 network OSPF Configuration with Multiple Areas Multiarea OSPF Network
OSPF Multiarea Configuration and show Commands on Albuquerque
Ccna configuracion y comandos
OSPF Multiarea Configuration and show Commands on Yosemite network 10.1.4.1 0.0.0.0 area 1 show ip route ospf show ip route The OSPF topology database includes information about routers and the subnets, or links, to which they are attached. To identify the routers in the neighbor table’s topology database, OSPF uses a router ID (RID) for each router. A router’s OSPF RID is that router’s highest IP address on a physical interface when OSPF starts running. Alternatively, if a loopback interface has been configured, OSPF uses the highest IP address on a loopback interface for the RID, even if that IP address is lower than some physical interface’s IP address. Also, you can set the OSPF RID using the router-id command in router configuration mode.
router-id NOTE If you’re not familiar with it, a loopback interface is a special virtual interface in a Cisco router. If you create a loopback interface using the interface loopback x command, where x is a number, that loopback interface is up and operational as long as the router IOS is up and working. You can assign an IP address to a loopback interface, you can ping the address, and you can use it for several purposes— including having a loopback interface IP address as the OSPF router ID. show ip ospf neighbor show ip ospf interface ip ospf cost x bandwidth auto-cost reference-bandwidth 1000 EIGRP Configuration IP EIGRP Configuration Commands IP EIGRP EXEC Commands
router eigrp network show ip route show ip route eigrp
show ip eigrp neighbors show ip eigrp interfaces NAT Configuration NAT Configuration Commands NAT EXEC Commands Static NAT Configuration NAT IP Address Swapping: Unregistered Networks
ip nat inside source static
ip nat inside ip nat outside show ip nat translations show ip nat statistics Dynamic NAT Configuration
The configuration for dynamic NAT includes a pool of inside global addresses, as well as an IP access list to define the inside local addresses for which NAT is performed. ip nat pool ip nat inside source ip nat inside source list 1 pool fred
ip nat pool fred show ip nat translations show ip nat statistics clear ip nat translation clear ip nat translation * debug ip nat NAT Overload Configuration (PAT Configuration) NAT Overload and PAT
ip nat inside source list 1 interface serial 0/0 overload show ip nat translations, HDLC and PPP Configuration PPP and HDLC Configuration Commands Point-to-Point-Related show and debug Commands
encapsulation hdlc no encapsulation ppp, CHAP Configuration Example ISDN Configuration and Dial-on-Demand Routing ISDN Configuration Commands
Ccna configuracion y comandos
ISDN-Related EXEC Commands DDR Legacy Concepts and Configuration You can configure DDR in several ways, including Legacy DDR and DDR dialer profiles. The main difference between the two is that Legacy DDR associates dial details with a physical interface, whereas DDR dialer profiles disassociate the dial configuration from a physical interface, allowing a great deal of flexibility. DDR Step 1: Routing Packets Out the Interface to Be Dialed Sample DDR Network
DDR does not dial until some traffic is directed (routed) out the dial interface. The router needs to route packets so that they are queued to go out the dial interface. Cisco’s design for DDR defines that the router receives some user-generated traffic and, through normal routing processes, decides to route the traffic out the interface to be dialed. Of course, routing protocols cannot learn routes over a BRI line that is not normally up! Therefore, static routes must be configured on SanFrancisco, pointing to subnets in LosAngeles. Then, packets are routed out the interface, which can trigger a dial of a B channel to LosAngeles. To begin the process of building a DDR configuration, IP routes are added to the configuration so that packets can be directed out BRI0 on SanFrancisco, DDR Step 2: Determining the Subset of the Packets That Trigger the Dialing Process Together, Steps 1 and 2 of Legacy DDR logic determine when to dial a circuit. These combined steps are typically called triggering the dial. In Step 1, a packet is routed out an interface to be dialed, but that alone does not necessarily cause the dial to occur. The Cisco IOS software allows Step 2 to define a subset of the packets routed in Step 1 to actually cause the route to dial. Cisco calls packets that are worthy of causing the device to dial interesting packets. Cisco does not name packets that are not worthy of causing the dial; Only interesting packets cause the dial to occur, but when the circuit is up, both interesting and boring traffic can flow across the link. Two different methods can be used to define interesting packets. In the first method, interesting is defined as all packets of one or more Layer 3 protocols (for example, all IP packets). The second method allows you to define packets as interesting if they are permitted by an access list.
DDR Step 3: Dialing (Signaling) Before the router can dial, or signal, to set up a call, it needs to know the phone number of the other router. The command is dialer string string, where string is the phone number. With only one site to dial, you can simply configure a single dial string. However, with multiple remote sites, the router needs to know each site’s phone number. It also needs to know which phone number to use when calling each site. Mapping Between the Next Hop and the Dial String
Two other important configuration elements are included in Example 10-4. First, CHAP authentication is configured. PAP or CHAP is required if you’re dialing to more than one site with ISDN—and PAP and CHAP require PPP. Notice that the usernames and password used with the two remote routers are shown near the top of the configuration. You should also note the importance of the broadcast keyword on the dialer map commands. Just as with any other point-to-point serial link, there is no true data-link broadcast. If a broadcast must be sent on the interface after the circuit has been created, you must use the broadcast keyword to tell the interface to forward the packet across the link.
DDR Step 4: Determining When the Connection Is Terminated The decision to take down the link is the most interesting part about what happens while the link is up. Although any type of packet can be routed across the link, only interesting packets are considered worthy of keeping the link up and spending more money. The router keeps an idle timer, which counts the time since the last interesting packet went across the link. If no interesting traffic happens for the number of seconds defined by the idle timer, the router brings the link down. Two idle timers can be set. With the dialer idle-timeout seconds command, the idle time is set. However, if the router wants to dial other sites based on receiving interesting traffic for those sites, and all the B channels are in use, another shorter idle timer can be used. The dialer fast-idle seconds command lets you configure a typically lower number than the idle timer so that when other sites need to be dialed, the link that is currently up can be brought down more quickly. ISDN BRI Configuration Completed SanFrancisco Configuration LosAngeles Configuration: Receive Only
isdn switch-type isdn spid1 isdn spid2 Summary of the New Configuration Needed for ISDN BRI Beyond Legacy DDR Configuration Summary of Legacy DDR Configuration Summary Legacy DDR Configuration Commands
ISDN and DDR show and debug Commands SanFrancisco DDR Commands
Ccna configuracion y comandos
Ccna configuracion y comandos
show dialer interface bri 0, show isdn active show isdn status debug isdn q921 debug isdn q931 debug dialer packets ISDN PRI Configuration To configure ISDN BRI, you need to configure only the switch type, plus the SPIDs if the service provider needs to have them configured. X Configure the type of ISDN switch to which this router is connected. X Configure the T1 or E1 encoding and framing options (controller configuration mode). X Configure the T1 or E1 channel range for the DS0 channels used on this PRI (controller configuration mode). X Configure any interface settings (for example, PPP encapsulation and IP address) on the interface representing the D channel. Configuring a T1 or E1 Controller PRI Controller Configuration Example Full PRI Configuration PRI Controller Configuration Example: Completed Configuration on SanFrancisco
The most unusual part of the configuration introduces the concept of actually identifying the D channel in the interface command. Notice the command interface serial 1/0:23. The :x notation, where x identifies one of the channels inside the PRI, tells the IOS which of the 24 channels you want to configure. The DDR interface subcommands should be configured on the D channel, which is channel 23 according to the command! The interface command numbers the channels from 0 through 23, with the D channel as the last channel, so the :23 at the end correctly tells IOS that you are configuring details for the 24th channel— the D channel. Summary of the New Configuration Needed for ISDN PRI Beyond Legacy DDR Configuration
DDR Configuration with Dialer Profiles Legacy DDR with Two BRIs and Eight Remote Sites The problem with Legacy DDR in this case is that it cannot be configured to dial all eight sites using any available B channel on either BRI. Dialer profiles overcome this problem with Legacy DDR using a slightly different style of DDR configuration. Dialer profiles pool the physical interfaces so that the router simply uses an available B channel on any of the BRIs or PRIs in the pool. Dialer profile configuration allows the Central Site router to dial any of the eight remote routers using either of the BRIs Dialer Profiles: Pooling Multiple BRIs to Reach Eight Remote Sites Summary of the New Configuration Needed for Dialer Profiles Versus Legacy DDR
SanFrancisco Configuration Migrated to Use Dialer Profiles and Two BRIs
ip route isdn switch-type dialer-list 2 switch-type dialer pool-member 3 Dialer Profiles: Pooling Multiple BRIs Multilink PPP Multilink PPP Configuration for Atlanta ppp multilink
dialer load-threshold. Summary of the New Configuration Needed for MLP Versus Legacy DDR Summary Legacy DDR Configuration Commands Summary of the New Configuration Needed for ISDN BRI Beyond Legacy DDR Configuration
Summary of the New Configuration Needed for ISDN PRI Beyond Legacy DDR Configuration Summary of the New Configuration Needed for Dialer Profiles Versus Legacy DDR Summary of the New Configuration Needed for MLP Versus Legacy DDR
Frame Relay Configuration Frame Relay Configuration Commands Frame Relay-Related EXEC Commands
A Fully-Meshed Network with One IP Subnet Mayberry Configuration Mount Pilot Configuration Raleigh Configuration
Yes, Frame Relay configuration can be that easy, because IOS uses some very good choices for default settings: X The LMI type is automatically sensed. X The encapsulation is Cisco instead of IETF. X PVC DLCIs are learned via LMI status messages. X Inverse ARP is enabled (by default) and is triggered when the status message declaring that the VCs are up is received. (Inverse ARP is covered in the next section.) In some cases, the default values are inappropriate. For example, you must use IETF encapsulation if one router is not a Cisco router. For the purpose of showing an alternative configuration, suppose that the following requirements were added: X The Raleigh router requires IETF encapsulation on both VCs. X Mayberry’s LMI type should be ANSI, and LMI autosense should not be used. Mayberry Configuration with New Requirements Raleigh Configuration with New Requirements Frame Relay Address Mapping Frame Relay “mapping” creates a correlation between a Layer 3 address and its corresponding Layer 2 address. Full Mesh with IP Addresses
show Commands on Mayberry, Showing the Need for Mapping
Mayberry can use two methods to build the mapping shown. One uses a statically configured mapping, and the other uses a dynamic process called Inverse ARP. Inverse ARP is enabled by default in Cisco IOS software Release 11.2 and later. frame-relay map Commands
A Partially-Meshed Network with One IP Subnet Per VC Partial Mesh with IP Addresses Atlanta Configuration
Charlotte Configuration Nashville Configuration Boston Configuration Output from EXEC Commands on Atlanta
Ccna configuracion y comandos
A Partially-Meshed Network with Some Fully-Meshed Parts Hybrid of Full and Partial Mesh Router A Configuration
Router B Configuration Router C Configuration Router D Configuration
Router E Configuration IP Addresses with Point-to-Point and Multipoint Subinterfaces Frame Relay Maps and Inverse ARP on Router C
Standard IP Access List Configuration Standard IP Access List Configuration Commands Standard IP Access List EXEC Commands Standard Access List on R1 Stopping Bob from Reaching Server1
Standard IP ACL: Example 2 The criteria for the access lists are as follows: X Sam is not allowed access to Bugs or Daffy. X Hosts on the Seville Ethernet are not allowed access to hosts on the Yosemite Ethernet. X All other combinations are allowed. Network Diagram for Standard Access List Example Yosemite Configuration for Standard Access List Example
Seville Configuration for Standard Access List Example Yosemite Configuration for Standard Access List Example: Alternative Solution Extended IP ACL Configuration Extended IP Access List Configuration Commands
Extended IP Access List EXEC Commands Extended IP Access Lists: Example 1 In this case, Bob is denied access to all FTP servers on R1’s Ethernet, and Larry is denied access to Server1’s web server. Network Diagram for Extended Access List Example 1 R1’s Extended Access List
R3’s Extended Access List Stopping Bob from Reaching FTP Servers Near R1 Extended IP Access Lists: Example 2 This example uses the same criteria and network topology as the second standard IP ACL example, as repeated here: X Sam is not allowed access to Bugs or Daffy. X Hosts on the Seville Ethernet are not allowed access to hosts on the Yosemite Ethernet. X All other combinations are allowed. Network Diagram for Extended Access List
Yosemite Configuration for Extended Access List Named Access List Configuration
Controlling Telnet Access with ACLs vty Access Control Using the access-class Command
Ccna configuracion y comandos

More Related Content

What's hot (20)

PDF
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
anilinvns
 
PDF
CCNA Quick Notes
Eng. Emad Al-Atoum
 
PPTX
VIRTUAL LANS
anilinvns
 
PPTX
Cisco ios overview
NetProtocol Xpert
 
DOCX
Saad baig practical file
SaadBaig33
 
PPT
managing your network environment
scooby_doo
 
PPT
CCNA Router Startup and Configuration
Dsunte Wilson
 
PPT
Cis81 ccna1v5-2-configuring networkoperatingsystem
Betselove
 
PDF
Cisco Certified Network Associate (CCNA) - R&S - Semester 2 Notes
Ahmed Gad
 
PPTX
ENHANCED IGRP (EIGRP) AND OPEN SHORTEST PATH FIRST (OSPF)
anilinvns
 
PPTX
Cisco router basic
Tapan Khilar
 
PDF
CCNA4v5 Chapter 8 - Monitoring the Netwok
Ahmed Gad
 
PPT
Chapter5ccna
ernestlithur
 
PDF
Cisco Certified Network Associate (CCNA) - R&S - Semester 1 Notes
Ahmed Gad
 
PDF
Ccent notes part 1
ahmady
 
PPT
Chapter10ccna
ernestlithur
 
PDF
CCNA 200-120 Exam Questions
Eng. Emad Al-Atoum
 
PDF
Ccna cheat sheet
aromal4frnz
 
PPT
CCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric Vanderburg
Eric Vanderburg
 
PPTX
Routing Protocols and Concepts - Chapter 1
CAVC
 
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
anilinvns
 
CCNA Quick Notes
Eng. Emad Al-Atoum
 
VIRTUAL LANS
anilinvns
 
Cisco ios overview
NetProtocol Xpert
 
Saad baig practical file
SaadBaig33
 
managing your network environment
scooby_doo
 
CCNA Router Startup and Configuration
Dsunte Wilson
 
Cis81 ccna1v5-2-configuring networkoperatingsystem
Betselove
 
Cisco Certified Network Associate (CCNA) - R&S - Semester 2 Notes
Ahmed Gad
 
ENHANCED IGRP (EIGRP) AND OPEN SHORTEST PATH FIRST (OSPF)
anilinvns
 
Cisco router basic
Tapan Khilar
 
CCNA4v5 Chapter 8 - Monitoring the Netwok
Ahmed Gad
 
Chapter5ccna
ernestlithur
 
Cisco Certified Network Associate (CCNA) - R&S - Semester 1 Notes
Ahmed Gad
 
Ccent notes part 1
ahmady
 
Chapter10ccna
ernestlithur
 
CCNA 200-120 Exam Questions
Eng. Emad Al-Atoum
 
Ccna cheat sheet
aromal4frnz
 
CCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric Vanderburg
Eric Vanderburg
 
Routing Protocols and Concepts - Chapter 1
CAVC
 

Similar to Ccna configuracion y comandos (20)

PPTX
INTRODUCTION TO IOS AND CISCO ROUTERS
anilinvns
 
PPTX
CCNA ppt Day 4
VISHNU N
 
PPT
Mod11
Alam Garcia
 
DOC
10 Command Line quan trọng để giao tiếp với Cisco IOs
Nhóc Nhóc
 
PPT
CCNA presentation.
Ajaigururaj R
 
PPT
Ccna2 mod3-configuring a-router
97148881557
 
PPTX
Chapter 2-Bascs of Switch & Router (1).pptx
desalewminale
 
DOCX
Basic about-router
saurabh goel
 
PDF
Cisco IOS in a Nutshell 2nd ed Edition James Boney
magobeadearo
 
PPTX
lab2_2.pptx
RobelTsada
 
PPT
Introduction to routers
Santosh Kulkarni
 
PPTX
CCNA at a glance
Vikas Raut
 
PPT
C C N A Day2
darulquthni
 
PPT
introduction-to-cisco-routers basic .ppt
nazeem1977
 
PPT
introduction-to-cisco-routers.ppt
RobelTsada
 
DOCX
Cisco router configuration tutorial
IT Tech
 
PPT
4040187-Ccna-Notes.pptnotew for all users
santoshp1925
 
PPT
4040187-Ccna-Notes.pptslide share scam side
santoshp1925
 
PPT
cisco Network Associates Notes +++++++++
ssclengineer2025
 
PDF
Cisco IOS in a Nutshell 2nd ed Edition James Boney
phobiasuihi
 
INTRODUCTION TO IOS AND CISCO ROUTERS
anilinvns
 
CCNA ppt Day 4
VISHNU N
 
Mod11
Alam Garcia
 
10 Command Line quan trọng để giao tiếp với Cisco IOs
Nhóc Nhóc
 
CCNA presentation.
Ajaigururaj R
 
Ccna2 mod3-configuring a-router
97148881557
 
Chapter 2-Bascs of Switch & Router (1).pptx
desalewminale
 
Basic about-router
saurabh goel
 
Cisco IOS in a Nutshell 2nd ed Edition James Boney
magobeadearo
 
lab2_2.pptx
RobelTsada
 
Introduction to routers
Santosh Kulkarni
 
CCNA at a glance
Vikas Raut
 
C C N A Day2
darulquthni
 
introduction-to-cisco-routers basic .ppt
nazeem1977
 
introduction-to-cisco-routers.ppt
RobelTsada
 
Cisco router configuration tutorial
IT Tech
 
4040187-Ccna-Notes.pptnotew for all users
santoshp1925
 
4040187-Ccna-Notes.pptslide share scam side
santoshp1925
 
cisco Network Associates Notes +++++++++
ssclengineer2025
 
Cisco IOS in a Nutshell 2nd ed Edition James Boney
phobiasuihi
 
Ad

Recently uploaded (20)

PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
PDF
NewMind AI Weekly Chronicles – July’25, Week III
NewMind AI
 
PPTX
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
The Future of Artificial Intelligence (AI)
Mukul
 
PPTX
Agentic AI in Healthcare Driving the Next Wave of Digital Transformation
danielle hunter
 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
PPTX
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PPTX
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PPTX
The Future of AI & Machine Learning.pptx
pritsen4700
 
PDF
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
NewMind AI Weekly Chronicles – July’25, Week III
NewMind AI
 
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
The Future of Artificial Intelligence (AI)
Mukul
 
Agentic AI in Healthcare Driving the Next Wave of Digital Transformation
danielle hunter
 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
The Future of AI & Machine Learning.pptx
pritsen4700
 
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
Ad

Ccna configuracion y comandos

  • 1. Reference for commands for Cisco products http://www.cisco.com/univercd/home/home.htm CLI Password Configuration Cisco IOS Software Command Help IOS stores the commands that you type in a history buffer, storing ten commands by default. You can change the history size with the terminal history size x user exec command, where x is the number of commands for the CLI to recall; this can be set to a value between 0 and 256. You then can retrieve commands so that you do not have to retype the commands.
  • 2. Key Sequences for Command Edit and Recall IOS enables enhanced editing mode by default and has for a long time. However, you can turn off these keystrokes with the no terminal editing exec command, and turn them back on with the terminal editing command. CLI Configuration Mode Versus Exec Modes
  • 3. Cisco Router Memory Types Locations for Copying and Results from Copy Operations Configuration show Commands Getting into Setup Mode
  • 4. The Cisco IOS Software Boot Sequence 1. The router performs a power-on self-test (POST) to discover and verify the hardware. 2. The router loads and runs bootstrap code from ROM. 3. The router finds the IOS or other software and loads it. 4. The router finds the configuration file and loads it into running config. Three OS Categories for Routers Two configuration tools tell the router what OS to load: X The configuration register X The boot system configuration command
  • 5. On most Cisco routers, the default Configuration Register setting is hexadecimal 2102. Binary Version of Configuration Register, Value Hex 2102 The boot field is the name of the low-order 4 bits of the configuration register. This field can be considered a 4-bit value, represented as a single hexadecimal digit. (Cisco represents hexadecimal values by preceding the hex digit[s] with 0x—for example, 0xA would mean a single hex digit A.) If the boot field is hex 0, ROMMON is loaded. If the boot field is hex 1, RXBOOT mode is used. For anything else, it loads a full- featured IOS. But which one? The second method used to determine where the router tries to obtain an IOS image is through the use of the boot system configuration command. If the configuration register calls for a full-featured IOS (boot field 2-F), the router reads the startup-configuration file for boot system commands. If there are no boot system commands, the router takes the default action, which is to load the first file in Flash memory. Table 7-6 summarizes the use of the configuration register and the boot system command at initialization time, when the boot field’s value implies that the router will look for boot commands. The Boot System Commands Impact of the boot system Command on Choice of IOS: Boot Field Between 2 and F
  • 6. Operating Cisco LAN Switches 2950 Front Panel and LEDs 2950 Switch LEDs and Meaning
  • 7. Basic Router Configuration and Operation Configuring IP Addresses IP Configuration Commands
  • 9. Basic Administrative Configuration On most routers, you would configure at least the following: X A host name for the router X Reference to a DNS so that commands typed on the router can refer to host names instead of IP addresses X Set a password on the console port X Set a password for those Telnetting to the router X Set the enable secret password to protect access to privileged mode X Create a banner stating an appropriate warning, depending on the security practices at that company To make the router ask for a password at the console, you need the login console subcommand; the password console subcommand tells the router what password is required at the console. Similar logic applies to the login and password vty subcommands. Two other things that you might want to configure habitually on routers are the console timeout and the synchronization of unsolicited messages. The exec timeout minutes seconds command sets the inactivity timeout. Also, unsolicited informational messages and output from the IOS debug command both show up at the console by default. These same messages can be seen at the aux port or when Telnetting into a router by using the terminal monitor command. The logging synchronous line subcommand tells the router not to interrupt the output of a show command with these unsolicited messages, letting you read the output
  • 10. of the command that you typed before the router displays the other messages. logging synchronous can make your life a lot easier when using a router. Syslog messages also can be sent to another device. Two alternatives exist: sending the messages to a syslog server, and sending the messages as SNMP traps to a management station. The logging host command, where host is the IP address or host name of the syslog server, is used to enable sending messages to the external server. After SNMP is configured, the snmp-server enable traps command tells the IOS to forward traps, including syslog messages. Configuring IP Addresses The ip address interface subcommand configures the IP address for each interface. Because each interface has an IP address, the interface configuration command precedes each ip address command, identifying to IOS the interface to which the IP address should be assigned. Prefix Notation This notation, called prefix notation, denotes the subnet mask in terms of the number of 1 bits in the subnet mask. The number of bits of value binary 1 in the mask is considered to be the prefix. Prefix notation is simply a shorter way to write the mask. If you prefer to see the subnet masks instead of the prefix, simply use the terminal ip netmask-format decimal exec command. Seeding the Routing Table with Connected IP Routes The Cisco IOS routes IP packets by default—in other words, you do not need to type any commands to tell the router to enable IP routing. Before the router will route packets in or out an interface, the interface must have an IP address. The problem with the configurations shown so far is that the routers do not know routes to all the subnets in the network. The ultimate solution to this problem is to configure a dynamic routing protocol. Routers add routes to their routing tables for the subnets associated with their own physical interfaces. The show ip route command lists routes to the subnets connected to the router. The output from the command lists a C in the first column, which, according to the notes at the beginning of the command output, means “connected.” In other words, this router is connected directly to these subnets. The show ip interfaces brief command lists one line per interface, with IP address information and interface status. The show interfaces {interface} command lists more details about a single interface, with most of those details about the interface itself. Finally, the show ip interfaces {interface} command shows detailed information about the IP protocol running over interface. IOS adds connected routes to the routing table that meet the following requirements: X The interface has been configured with a valid IP address. X The interface is in an up and up status according to the various interface-oriented show commands. All three of the show commands that list interface status information use two designations of up and up. The first status keyword (the first of the two ups in this case) generally refers to OSI Layer 1 status. The second status word generally refers to the status of OSI Layer 2. Another instance in which a router might put an interface in status up and down is when the router does not receive keepalive messages on a regular basis. Cisco routers send, and expect to receive, proprietary keepalive messages on each interface. The purpose of the keepalives is to know whether the interface is usable. You can disable keepalives with the no keepalive interface subcommand, or you can change the timer with the keepalive interval interface subcommand.
  • 11. To bring down an interface for administrative reasons and, as a side effect, remove the connected route from the routing table, you can use the shutdown interface subcommand. The no shutdown command brings the interface back up. Bandwidth, Clock Rate, and Serial Lines in the Lab To use a back-to-back WAN connection, one router must supply the clocking. The clock rate command sets the rate in bits per second on the router that has the DCE cable plugged into it. If no cable has been plugged in, the IOS accepts the command. If a DTE cable has been plugged in, IOS rejects the command. If you do not know which router has the DCE cable in it, you can find out by using the show controllers command. The bandwidth command tells IOS the speed of the link, in kilobits per second, regardless of whether the router is supplying clocking. The bandwidth setting does not change anything that the router does at Layer 1; instead, this setting is used by IOS software for other purposes. bandwidth defaults to T1 speed on serial interfaces. There is no default for clock rate, even with a DCE cable plugged in—it must be configured. IP Troubleshooting Features Internet Control Message Protocol TCP/IP includes a protocol specifically to help manage and control the operation of a TCP/IP network, called the Internet Control Message Protocol (ICMP). The ICMP protocol provides a wide variety of information about the health and operational status of a network. The ICMP messages sit inside an IP packet, with no transport layer header at all–so it is truly just an extension of the TCP/IP network layer. ICMP Message Types ICMP Echo Request and Echo Reply The ICMP echo request and echo reply messages are sent and received by the ping command. The echo request includes some data that can be specified by the ping command; whatever data is sent in the echo request is sent back in the echo reply. Destination Unreachable ICMP Message The ICMP Destination Unreachable message is sent when a message cannot be delivered completely to the application at the destination host. Because packet delivery can fail for many reasons, there are five separate unreachable functions (codes) using this single ICMP unreachable message. All five code types pertain directly to an IP, TCP, or UDP feature. ICMP Unreachable Codes
  • 12. Codes That the ping Command Receives in Response to Its ICMP Echo Request IP Naming Commands IP Naming Commands
  • 13. Telnet and Suspend The telnet IOS exec command enables you to Telnet from one Cisco device to another; in practical use, it is typically to another Cisco device. One of the most important features of the telnet command is the suspend feature. Telnet Command Options Cisco Discovery Protocol The Cisco Discovery Protocol (CDP) discovers basic information about neighboring routers and switches, without needing to know the passwords for the neighboring devices. CDP supports any LAN, HDLC, Frame Relay, and ATM interface—in fact, it supports any interface that supports the use of SNAP headers. The router or switch can discover Layer 2 and Layer 3 addressing details of neighboring routers without even configuring that Layer 3 protocol—this is because CDP is not dependent on any particular Layer 3 protocol. Devices that support CDP advertise their own information and learn information about others by listening for their advertisements. On media that support multicasts at the data link layer, CDP uses multicast; on other media, CDP sends a copy of the CDP update to any known data-link addresses. So, any CDP-
  • 14. supporting device that shares a physical medium with another CDP-supporting device can learn about the other device. CDP discovers several useful details from the neighboring device: X Device identifier—Typically the host name X Address list—Network and data-link addresses X Port identifier—Text that identifies the port, which is another name for an interface X Capabilities list—Information on what type of device it is—for instance, a router or a switch X Platform—The model and OS level running in the device CDP is enabled in the configuration by default. The no cdp run global command disables CDP for the entire device, and the cdp run global command re-enables CDP. Likewise, the no cdp enable interface subcommand disables CDP just on that interface, and the cdp enable command switches back to the default state of CDP being enabled. The show cdp command has four options. THe show cdp neighbor command lists each neighbor, with one line of output per neighbor. The show cdp entry fred command lists the details learned by CDP about the neighbor whose host name is fred. Another command that lists the detailed information is the show cdp neighbor detail command, which is in the same format as show cdp entry but lists the information for every neighbor. Turning off CDP no cdp run (general) no cdp enable (para una interface) Gathering CDP Timers and Holdtime Information show cdp cdp timer cdp holdtime Gathering Neighbor Information show cdp neighbor show cdp neighbor detail show cdp entry * Gathering Interface Traffic Information show cdp traffic Gathering Port and Interface Information show cdp interface Managing Configuration Files copy source destination The source and the destination parameters can be running-config, startup-config, or tftp for RAM, NVRAM, and a TFTP server respectively. Two commands can be used to erase the contents of NVRAM. These are the write erase command, which is the older command, and the erase startup-config command, which is the newer command. Verifying Flash Memory show flash Backing Up the Cisco IOS
  • 15. copy flash tftp Restoring or Upgrading the Cisco IOS Software copy tftp flash the router must be reloaded. Backing Up and Restoring the Cisco Configuration copy run start copy running-config tftp copy startup-config tftp show running-config Static Routing ip route destination_ip_address subnet_mask { ip-address | interface } [ distance ] Verifying Routing Tables show ip route clear ip route Configuring OSPF The commands used to configure OSPF are: • router ospf < process_number > where process_number is a number local to the router. This command configures OSPF as the routing protocol on the router. • network network_number wildcard_mask defines the networks that are to participate in the OSPF updates and the area that they reside in. • interface loopback < interface_number > ip address < ip_address > < subnet_mask >defines a loopback interface, which is a virtual interface, on the router. • ip ospf cost < cost > sets the default cost for the router. • auto-cost reference-bandwidth changes the OSPF cost formula. Note: The ip ospf cost command overrides the auto-cost reference-bandwidth command. Configuring EIGRP The commands used to configure EIGRP on a Cisco router are consistent with the other IP routing protocol commands. The EIGRP commands are: • router eigrp autonomous_system_number configures EIGRP as the routing protocol on the router. • network network_number [ wildcard_mask ] defines the networks that are to participate in the EIGRP updates. The [ wildcard_mask ] optional parameter identifies which interfaces are running EIGRP. • no network network_number [ wildcard_mask ] disables EIGRP. • no autosummary turns off automatic summarization. • ip summary address eigrp autonomous_system_number ip_address subnet_mask configures summarization at the interface level. • variance multiplier configures EIGRP to load-balance across unequal paths. • bandwidth line_speed overrides the default bandwidth settings on the links. VTP Configuration
  • 16. Before VLANs can be configured, VTP must be configured. Configuring a VTP Management Domain • Switch# vlan database • Switch(vlan)# vtp domain domain_name To assign a switch to a management domain on a CLI-based switch, • Switch(enable) set vtp [ domain domain_name ] Configuring the VTP Mode • Switch# vlan database • Switch(vlan)# vtp domain domain_name • Switch(vlan)# vtp { server | client | transparent } • Switch(vlan)# vtp password password On a CLI-based switch, the following command can be used to configure the VTP mode: • Switch(enable) set vtp [ domain domain_name ] [ mode{ server | client | transparent }] [ password password ] Configuring the VTP Version • Switch# vlan database • Switch(vlan)# vtp v2-mode On a CLI-based switch, the VTP version number is configured using the following command: • Switch(enable) set vtp v2 enable Standard IP Access List Configuration • ip access-group {number | action [in | out]}, in which action can be either permit of deny and is used to enable access lists; and • access-class number | action [in | out], which can be used to enable either standard or extended access lists. The standard access list configuration can be verified using the following show commands: • show ip interface[type number], which includes a reference to the access lists enabled on the interface; • show access-lists [access-list-number | access-list-name], which shows details of configured access lists for all protocols; and • show ip access-list [access-list-number | access-list-name], which shows the access lists. Extended IP Access Control Lists • access-list access-list-number action protocol source source-wildcard destination destination-wildcard [log | log-input], which can be used to enable access lists; Basic Configuration and Operation Commands for the Cisco 2950 Switch Commands for Catalyst 2950 Switch Configuration
  • 19. Basic Switch Operation Popular show Commands on a 2950 Switch
  • 22. show interfaces fastethernet 0/13 command lists basic status and configuration information about fastethernet interface 0/13. show interfaces status lists the status of each interface in a single line, including the speed and duplex settings negotiated on that interface. show mac-address-table dynamic command lists all the dynamically learned entries in the bridging table. show mac-address-table shows both static and dynamic entries. show running-config command lists the default configuration. show startup-config erase startup-config copy running-config startup-config copy running-config startup-config
  • 23. reload Typical Basic Administrative Configuration Basic Configuration of a 2950 Switch
  • 25. hostname name password password for the consol and vty(telnet) login commands tell the switch to require a password at the console and for Telnet sessions, enable password password enable secret password interface Fastethernet 0/5 command to enter interface configuration mode. duplex and speed commands tell the switch to force these settings rather than use the autonegotiated settings. shutdown puts an interface in a down status administratively no shutdown command brings the interface back up To configure the IP address, you first use the interface vlan 1 command, Next, the ip address command sets the IP address and subnet mask. ip default-gateway sets the default IP gateway for the switch Port Security Configuration To configure port security, you need to configure several things. You enable port security using the switchport port-security interface configuration command. Also, the 2950 switch IOS allows port security only on ports that do not connect to other switches. To designate an interface as not connecting to another switch, you use the switchport mode access command. Then you can statically configure the MAC addresses using the switchport portsecurity mac-address mac-address command.
  • 26. Using Port Security to Define Correct MAC Addresses of Particular Interfaces switchport port-security mac-address
  • 27. switchport mode access switchport port-security switchport port-security maximum you can configure up to 132 per interface using the switchport port- security maximum command. switchport port-security violation switchport portsecurity mac-address sticky tells the switch to learn the MAC address from the first frame sent into the switch, and then add the MAC address as a secure MAC to the running configuration show port-security interface fastethernet 0/1 show running-config Spanning Tree Protocol Configuration Cisco switches use STP by default. Configuration and Operations Commands from This Chapter for 2950 Switches Basic STP show Commands STP Status for the Network Shown in Figure 2-12 with Default STP Parameters
  • 28. show spanning-tree Changing STP Port Costs and Bridge Priority Manipulating STP Port Cost and Bridge Priority
  • 30. spanning-tree cost 2 show spanning-tree spanning-tree vlan 1 root primary EtherChannel Configuration Configuring and Monitoring EtherChannel channel-group 1 mode on
  • 31. show etherchannel 1 summary VLAN and Trunking Configuration 2950 VLAN Command List VLAN Configuration for a Single Switch Cisco 2950 switches use a slightly different configuration mode to configure VLAN and VTP information as compared to the other switch configuration commands. You use VLAN configuration mode, which is reached by using the vlan database enable mode EXEC command. So, instead of using the configure terminal enable mode command, you enter vlan database, after which you are placed in VLAN configuration mode. In VLAN configuration mode, you can configure VLAN information as well as VTP settings.
  • 33. vlan database vlan 2 name barney-2 exit apply abort switchport access vlan 2 switchport mode access interface range fastEthernet 0/9 - 12 switchport access vlan 3 if you had entered just the switchport access vlan commands before creating the VLANs in VLAN configuration mode, the switch would have automatically created the VLANs. show vlan brief show vlan show vlan id 2 VLAN Trunking Configuration Network with Two Switches and Three VLANs
  • 36. switchport mode dynamic desirable 2950 Trunk Configuration Options with the switchport mode Command vtp domain fred show vtp show interfaces fastEthernet 0/17 switchport show interfaces fastEthernet 0/17 trunk Configuring and Testing Static Routes Sample Network Used in Static Route Configuration Examples
  • 39. Configuring RIP and IGRP IP RIP and IGRP Configuration Commands
  • 40. IP RIP and IGRP EXEC Commands Basic RIP and IGRP Configuration Sample Router with Five Interfaces
  • 41. Completing the RIP Configuration from Example IGRP Configuration
  • 42. Finally, the numbers between the brackets mention some very useful information. The first number represents the administrative distance, which is covered later in this chapter. The second number lists the metric associated with this route. IGRP uses the value set with the bandwidth command on each interface to determine the interface’s bandwidth. On LAN interfaces, the bandwidth command’s default values reflect the correct bandwidth. However, on serial interfaces, the bandwidth command defaults to 1544—in other words, T1 speed. (The bandwidth command uses units of kbps, so the bandwidth 1544 command sets the bandwidth to 1544 kbps, or 1.544 Mbps.) Examination of RIP and IGRP debug and show Commands Sample Three-Router Network with Subnet 10.1.2.0 Failing
  • 45. The following list describes what happens at each point in the process: X POINT NUMBER 1—Albuquerque sends an update out Serial0, obeying split-horizon rules. Notice that 10.1.2.0, Yosemite’s Ethernet subnet, is not in the update sent out Albuquerque’s S0 interface. X POINT NUMBER 2—This point begins right after Yosemite’s E0 is shut down, simulating a failure. Albuquerque receives an update from Yosemite, entering Albuquerque’s S0 interface. The route to 10.1.2.0 has an infinite metric, which in this case is 16. X POINT NUMBER 3—Albuquerque formerly did not mention subnet 10.1.2.0 because of split-horizon rules (point 1). The update at point 3 includes a poisoned route for 10.1.2.0 with metric 16. This is an example of split horizon with poison reverse. X POINT NUMBER 4—Albuquerque receives an update in S1 from Seville. The update includes a metric 16 (infinite) route to 10.1.2.0. Seville does not suspend any splithorizon rules to send this route, because it saw the advertisement of that route earlier, so this is a simple case of route poisoning. Migrating to IGRP with Sample show and debug Commands
  • 47. Issues When Multiple Routes to the Same Subnet Exist By default, Cisco IOS software includes up to four equal-cost routes to the same subnet in the routing table —essentially as if maximum-paths 4 had been configured. You can configure maximum-paths as low as 1 or as high as 6. When RIP places more than one route to the same subnet in the routing table, the router balances the traffic across the various routes. The metric formula used for IGRP (and EIGRP) poses an interesting problem when considering equal- metric routes. IGRP can learn more than one route to the same subnet with different metrics; however, the
  • 48. metrics are very unlikely to be equal, because the metric is actually calculated with a mathematical formula. So, with IGRP (and EIGRP), you can tell the routing protocol to think of metrics that are “pretty close” as being equal. To do so, Cisco IOS software uses the variance router subcommand to define how different the metrics can be for routes to be considered to have equal metrics. The variance command defines a multiplier; any metrics lower than the product of the lowest metric and the variance are considered equal. When IGRP places more than one route to the same subnet in the routing table, the router balances the traffic across the various routes in proportion to the metric values. You can choose to tell the router to use only the lowest-cost route using the traffic-share min router IGRP subcommand. This command tells the router that, even if multiple routes to the same subnet are in the routing table, it should use only the route that truly has the smallest metric. OSPF Configuration IP OSPF Configuration Commands IP OSPF EXEC Commands OSPF Single-Area Configuration Sample Network for OSPF Single-Area Configuration
  • 49. router ospf 1 network OSPF Configuration with Multiple Areas Multiarea OSPF Network
  • 50. OSPF Multiarea Configuration and show Commands on Albuquerque
  • 52. OSPF Multiarea Configuration and show Commands on Yosemite network 10.1.4.1 0.0.0.0 area 1 show ip route ospf show ip route The OSPF topology database includes information about routers and the subnets, or links, to which they are attached. To identify the routers in the neighbor table’s topology database, OSPF uses a router ID (RID) for each router. A router’s OSPF RID is that router’s highest IP address on a physical interface when OSPF starts running. Alternatively, if a loopback interface has been configured, OSPF uses the highest IP address on a loopback interface for the RID, even if that IP address is lower than some physical interface’s IP address. Also, you can set the OSPF RID using the router-id command in router configuration mode.
  • 53. router-id NOTE If you’re not familiar with it, a loopback interface is a special virtual interface in a Cisco router. If you create a loopback interface using the interface loopback x command, where x is a number, that loopback interface is up and operational as long as the router IOS is up and working. You can assign an IP address to a loopback interface, you can ping the address, and you can use it for several purposes— including having a loopback interface IP address as the OSPF router ID. show ip ospf neighbor show ip ospf interface ip ospf cost x bandwidth auto-cost reference-bandwidth 1000 EIGRP Configuration IP EIGRP Configuration Commands IP EIGRP EXEC Commands
  • 54. router eigrp network show ip route show ip route eigrp
  • 55. show ip eigrp neighbors show ip eigrp interfaces NAT Configuration NAT Configuration Commands NAT EXEC Commands Static NAT Configuration NAT IP Address Swapping: Unregistered Networks
  • 56. ip nat inside source static
  • 57. ip nat inside ip nat outside show ip nat translations show ip nat statistics Dynamic NAT Configuration
  • 58. The configuration for dynamic NAT includes a pool of inside global addresses, as well as an IP access list to define the inside local addresses for which NAT is performed. ip nat pool ip nat inside source ip nat inside source list 1 pool fred
  • 59. ip nat pool fred show ip nat translations show ip nat statistics clear ip nat translation clear ip nat translation * debug ip nat NAT Overload Configuration (PAT Configuration) NAT Overload and PAT
  • 60. ip nat inside source list 1 interface serial 0/0 overload show ip nat translations, HDLC and PPP Configuration PPP and HDLC Configuration Commands Point-to-Point-Related show and debug Commands
  • 61. encapsulation hdlc no encapsulation ppp, CHAP Configuration Example ISDN Configuration and Dial-on-Demand Routing ISDN Configuration Commands
  • 63. ISDN-Related EXEC Commands DDR Legacy Concepts and Configuration You can configure DDR in several ways, including Legacy DDR and DDR dialer profiles. The main difference between the two is that Legacy DDR associates dial details with a physical interface, whereas DDR dialer profiles disassociate the dial configuration from a physical interface, allowing a great deal of flexibility. DDR Step 1: Routing Packets Out the Interface to Be Dialed Sample DDR Network
  • 64. DDR does not dial until some traffic is directed (routed) out the dial interface. The router needs to route packets so that they are queued to go out the dial interface. Cisco’s design for DDR defines that the router receives some user-generated traffic and, through normal routing processes, decides to route the traffic out the interface to be dialed. Of course, routing protocols cannot learn routes over a BRI line that is not normally up! Therefore, static routes must be configured on SanFrancisco, pointing to subnets in LosAngeles. Then, packets are routed out the interface, which can trigger a dial of a B channel to LosAngeles. To begin the process of building a DDR configuration, IP routes are added to the configuration so that packets can be directed out BRI0 on SanFrancisco, DDR Step 2: Determining the Subset of the Packets That Trigger the Dialing Process Together, Steps 1 and 2 of Legacy DDR logic determine when to dial a circuit. These combined steps are typically called triggering the dial. In Step 1, a packet is routed out an interface to be dialed, but that alone does not necessarily cause the dial to occur. The Cisco IOS software allows Step 2 to define a subset of the packets routed in Step 1 to actually cause the route to dial. Cisco calls packets that are worthy of causing the device to dial interesting packets. Cisco does not name packets that are not worthy of causing the dial; Only interesting packets cause the dial to occur, but when the circuit is up, both interesting and boring traffic can flow across the link. Two different methods can be used to define interesting packets. In the first method, interesting is defined as all packets of one or more Layer 3 protocols (for example, all IP packets). The second method allows you to define packets as interesting if they are permitted by an access list.
  • 65. DDR Step 3: Dialing (Signaling) Before the router can dial, or signal, to set up a call, it needs to know the phone number of the other router. The command is dialer string string, where string is the phone number. With only one site to dial, you can simply configure a single dial string. However, with multiple remote sites, the router needs to know each site’s phone number. It also needs to know which phone number to use when calling each site. Mapping Between the Next Hop and the Dial String
  • 66. Two other important configuration elements are included in Example 10-4. First, CHAP authentication is configured. PAP or CHAP is required if you’re dialing to more than one site with ISDN—and PAP and CHAP require PPP. Notice that the usernames and password used with the two remote routers are shown near the top of the configuration. You should also note the importance of the broadcast keyword on the dialer map commands. Just as with any other point-to-point serial link, there is no true data-link broadcast. If a broadcast must be sent on the interface after the circuit has been created, you must use the broadcast keyword to tell the interface to forward the packet across the link.
  • 67. DDR Step 4: Determining When the Connection Is Terminated The decision to take down the link is the most interesting part about what happens while the link is up. Although any type of packet can be routed across the link, only interesting packets are considered worthy of keeping the link up and spending more money. The router keeps an idle timer, which counts the time since the last interesting packet went across the link. If no interesting traffic happens for the number of seconds defined by the idle timer, the router brings the link down. Two idle timers can be set. With the dialer idle-timeout seconds command, the idle time is set. However, if the router wants to dial other sites based on receiving interesting traffic for those sites, and all the B channels are in use, another shorter idle timer can be used. The dialer fast-idle seconds command lets you configure a typically lower number than the idle timer so that when other sites need to be dialed, the link that is currently up can be brought down more quickly. ISDN BRI Configuration Completed SanFrancisco Configuration LosAngeles Configuration: Receive Only
  • 68. isdn switch-type isdn spid1 isdn spid2 Summary of the New Configuration Needed for ISDN BRI Beyond Legacy DDR Configuration Summary of Legacy DDR Configuration Summary Legacy DDR Configuration Commands
  • 69. ISDN and DDR show and debug Commands SanFrancisco DDR Commands
  • 72. show dialer interface bri 0, show isdn active show isdn status debug isdn q921 debug isdn q931 debug dialer packets ISDN PRI Configuration To configure ISDN BRI, you need to configure only the switch type, plus the SPIDs if the service provider needs to have them configured. X Configure the type of ISDN switch to which this router is connected. X Configure the T1 or E1 encoding and framing options (controller configuration mode). X Configure the T1 or E1 channel range for the DS0 channels used on this PRI (controller configuration mode). X Configure any interface settings (for example, PPP encapsulation and IP address) on the interface representing the D channel. Configuring a T1 or E1 Controller PRI Controller Configuration Example Full PRI Configuration PRI Controller Configuration Example: Completed Configuration on SanFrancisco
  • 73. The most unusual part of the configuration introduces the concept of actually identifying the D channel in the interface command. Notice the command interface serial 1/0:23. The :x notation, where x identifies one of the channels inside the PRI, tells the IOS which of the 24 channels you want to configure. The DDR interface subcommands should be configured on the D channel, which is channel 23 according to the command! The interface command numbers the channels from 0 through 23, with the D channel as the last channel, so the :23 at the end correctly tells IOS that you are configuring details for the 24th channel— the D channel. Summary of the New Configuration Needed for ISDN PRI Beyond Legacy DDR Configuration
  • 74. DDR Configuration with Dialer Profiles Legacy DDR with Two BRIs and Eight Remote Sites The problem with Legacy DDR in this case is that it cannot be configured to dial all eight sites using any available B channel on either BRI. Dialer profiles overcome this problem with Legacy DDR using a slightly different style of DDR configuration. Dialer profiles pool the physical interfaces so that the router simply uses an available B channel on any of the BRIs or PRIs in the pool. Dialer profile configuration allows the Central Site router to dial any of the eight remote routers using either of the BRIs Dialer Profiles: Pooling Multiple BRIs to Reach Eight Remote Sites Summary of the New Configuration Needed for Dialer Profiles Versus Legacy DDR
  • 75. SanFrancisco Configuration Migrated to Use Dialer Profiles and Two BRIs
  • 76. ip route isdn switch-type dialer-list 2 switch-type dialer pool-member 3 Dialer Profiles: Pooling Multiple BRIs Multilink PPP Multilink PPP Configuration for Atlanta ppp multilink
  • 77. dialer load-threshold. Summary of the New Configuration Needed for MLP Versus Legacy DDR Summary Legacy DDR Configuration Commands Summary of the New Configuration Needed for ISDN BRI Beyond Legacy DDR Configuration
  • 78. Summary of the New Configuration Needed for ISDN PRI Beyond Legacy DDR Configuration Summary of the New Configuration Needed for Dialer Profiles Versus Legacy DDR Summary of the New Configuration Needed for MLP Versus Legacy DDR
  • 79. Frame Relay Configuration Frame Relay Configuration Commands Frame Relay-Related EXEC Commands
  • 80. A Fully-Meshed Network with One IP Subnet Mayberry Configuration Mount Pilot Configuration Raleigh Configuration
  • 81. Yes, Frame Relay configuration can be that easy, because IOS uses some very good choices for default settings: X The LMI type is automatically sensed. X The encapsulation is Cisco instead of IETF. X PVC DLCIs are learned via LMI status messages. X Inverse ARP is enabled (by default) and is triggered when the status message declaring that the VCs are up is received. (Inverse ARP is covered in the next section.) In some cases, the default values are inappropriate. For example, you must use IETF encapsulation if one router is not a Cisco router. For the purpose of showing an alternative configuration, suppose that the following requirements were added: X The Raleigh router requires IETF encapsulation on both VCs. X Mayberry’s LMI type should be ANSI, and LMI autosense should not be used. Mayberry Configuration with New Requirements Raleigh Configuration with New Requirements Frame Relay Address Mapping Frame Relay “mapping” creates a correlation between a Layer 3 address and its corresponding Layer 2 address. Full Mesh with IP Addresses
  • 82. show Commands on Mayberry, Showing the Need for Mapping
  • 83. Mayberry can use two methods to build the mapping shown. One uses a statically configured mapping, and the other uses a dynamic process called Inverse ARP. Inverse ARP is enabled by default in Cisco IOS software Release 11.2 and later. frame-relay map Commands
  • 84. A Partially-Meshed Network with One IP Subnet Per VC Partial Mesh with IP Addresses Atlanta Configuration
  • 85. Charlotte Configuration Nashville Configuration Boston Configuration Output from EXEC Commands on Atlanta
  • 87. A Partially-Meshed Network with Some Fully-Meshed Parts Hybrid of Full and Partial Mesh Router A Configuration
  • 88. Router B Configuration Router C Configuration Router D Configuration
  • 89. Router E Configuration IP Addresses with Point-to-Point and Multipoint Subinterfaces Frame Relay Maps and Inverse ARP on Router C
  • 90. Standard IP Access List Configuration Standard IP Access List Configuration Commands Standard IP Access List EXEC Commands Standard Access List on R1 Stopping Bob from Reaching Server1
  • 91. Standard IP ACL: Example 2 The criteria for the access lists are as follows: X Sam is not allowed access to Bugs or Daffy. X Hosts on the Seville Ethernet are not allowed access to hosts on the Yosemite Ethernet. X All other combinations are allowed. Network Diagram for Standard Access List Example Yosemite Configuration for Standard Access List Example
  • 92. Seville Configuration for Standard Access List Example Yosemite Configuration for Standard Access List Example: Alternative Solution Extended IP ACL Configuration Extended IP Access List Configuration Commands
  • 93. Extended IP Access List EXEC Commands Extended IP Access Lists: Example 1 In this case, Bob is denied access to all FTP servers on R1’s Ethernet, and Larry is denied access to Server1’s web server. Network Diagram for Extended Access List Example 1 R1’s Extended Access List
  • 94. R3’s Extended Access List Stopping Bob from Reaching FTP Servers Near R1 Extended IP Access Lists: Example 2 This example uses the same criteria and network topology as the second standard IP ACL example, as repeated here: X Sam is not allowed access to Bugs or Daffy. X Hosts on the Seville Ethernet are not allowed access to hosts on the Yosemite Ethernet. X All other combinations are allowed. Network Diagram for Extended Access List
  • 95. Yosemite Configuration for Extended Access List Named Access List Configuration
  • 96. Controlling Telnet Access with ACLs vty Access Control Using the access-class Command