CCNP2 CaseStudy1

8/8/2019 CCNP2 CaseStudy1

1/27

CCNP 2 - CaseStudy 1

CLI IPsec and Frame-Mode MPLS

Jeremy Carver n6144497

Vasily Shapochka n5498708


2/27


3/27

Table of Contents

CCNP 2 - Case Study 1 ................................................................................................................... 1

CLI IPsec and Frame-Mode MPLS .................................................................................................... 1

Jeremy Carver n6144497 ......................................................................................................... 1

Vasily Shapochka n5498708 .................................................................................................... 1

1. Outline ....................................................................................................................................... 4

2. Summary of the Company and Network Requirements ............................................................. 4

3. Logical diagram ......................................................................................................................... 5

4. Physical diagram ........................................................................................................................ 6

3. Discussion on the implementation of Routing ............................................................................ 7

4. Discussion on the physical layer design and equipment ............................................................ 7

5. Discussion on testing and verification strategies ....................................................................... 7

6. Recommendations for future network upgrades ........................................................................ 8

7. Router Interface Table ............................................................................................................... 8

8. Equipment Table ........................................................................................................................ 8

9. Questions ................................................................................................................................... 9

10. Router Configurations ............................................................................................................ 10

Router R1 .................................................................................................................................. 10

Router R2 .................................................................................................................................. 12

Router R3 .................................................................................................................................. 13

Router R4 .................................................................................................................................. 15

11. Testing Results ...................................................................................................................... 16

Router R1 .................................................................................................................................. 16

Router R2 .................................................................................................................................. 19

Router R3 .................................................................................................................................. 21


4/27

Router R4 .................................................................................................................................. 25

1. OutlineInternational Travel Agency is migrating to a network with Multi protocol Label Switching (MPLS)and VPN. This will provide a customer edge to the Wide Area Network (WAN) that allows a moreefficient data switching and a secure transfer of data from one office to another.

2. Summary of the Company and Network Requirements

The International Travel Agency requires a network that implements MPLS and VPN

technologies. It will use MPLS between the CE and PE and require a VPN tunnel between thelocal PE and remote PE to ensure the data travels securely through the Internet cloud.The addressing scheme that was provided in the scenario will be adhered to, allowing the

existing infrastructure to migrate without interruption. EIGRP should be used as a fast-converging routing protocol.

Detailed requirements of the company are as follows:

Configure all interfaces using the addressing scheme shown in the topology diagram. Run Enhanced Interior Gateway Routing Protocol (EIGRP) AS 1 in the entire International

Travel Agency core network. All subnets should be included. Create an IPSec tunnel between R1 and R3 with an appropriate transform set and Internet

Security Association and Key Management Protocol (ISAKMP) policy. This IPSec tunnel should only encrypt traffic between R1s loopback network and R4s

loopback network. Use pre-shared keys for authentication in the ISAKMP policy. Do not create any new interfaces to achieve this task. Use any encryption algorithms desired for the tasks listed above that use the crypto suite

of protocols. Configure MPLS on both ends of the link between R3 and R4. Configure R1 to send system logging messages at the error severity level to an imaginary

host located at 172.16.2.200. Set up the correct time on R4 using the clock set command. Use the inline IOS help

system if you do not know the syntax of this command. Configure R4 as a Network Time Protocol (NTP) master with stratum 5. Configure R3 as an NTP client of R4.


5/27

3. Logical diagram


6/27

4. Physical diagram


7/27

3. Discussion on the implementation of Routing

Enhanced Interior Gateway Routing Protocol (EIGRP) is the best choice for the International Travel Agency. It is a classless routing protocol, and has elements of both distance vector, andlink-state algorithms.

Every directly connected network must be entered into the routers configuration. The routerwill then have three routing tables dedicated to EIGRP: topology, neighbor and routing tables.Rapid convergence and future scalability will be realized using this protocol, as well as efficientuse of bandwidth. If any sudden changes occur to the network topology, EIGRP allows allconverged routers to update simultaneously.

4. Discussion on the physical layer design and equipment

The test-bed for this upgrade has been performed on the latest equipment. Cisco 3600 series

routers have been utilized and fully configured. This allows us to fully implement our solution ina realistic fashion.Serial port modules were used to simulate Wide Area Network links and Cisco CAB-SS-V35cables were used to directly connect routers from port to port.

The test-bed physical design is very simple although the real implementation will include otherdevices such as CSU-DSUs.

5. Discussion on testing and verification strategies

In order to test the ITA network, each implementation phase was followed by a number of commands issued on the router to make sure a high degree of reliability was achieved beforemoving to the next implementation stage. The following tests are ordered based upon theproject time line. As previously stated, logic is used when determining which stage in theprocess these tests take place.

A thorough testing of connectivity has been conducted at first using the Ping utility (seeresults below). This tests overall routers reachability and correct EIGRP configuration.

An extended Ping was used to activate the VPN tunnel and test ACLs for interestingtraffic.

The show crypto ipsec sa command (see below) was used to make sure the traffic isgoing through the tunnel successfully.

MPLS was further tester with traceroute and show interface serial 0/2/1 accounting tomake sure packets are getting tagged by the protocol when needed.

The debug ntp packets command was used to test communication between the NTPserver and NTP client.


8/27

The interface serial 0/2/1 accounting command was used to verify that MPLS packets arebeing sent and received.

6. Recommendations for future network upgrades

The previously implement network represents a connection between two ITA remote offices. Inorder to reduce connection cost, an IPSec tunnel is created over an Internet link between twooffices to provide secure connectivity and data transfer.MPLS that is used between the CE and PE may be extended in the future inside the providersnetwork in order to speed up the delivery between two locations.At the customer edge on both sides, the company may consider using a firewall solution to filterincoming and outgoing traffic as its routers are directly connected to the Internet whichrepresents a potential risk for the internal network.

7. Router Interface Table

Router Interface IP Address

R1 Serial 0/2/0 172.16.12.1

R1 Loopback 0 172.16.1.1

R2 Serial 0/2/0 172.16.12.2

R2 Serial 0/2/1 172.16.23.2

R2 Loopback 0 172.16.2.1

R3 Serial 0/2/0 172.16.23.3

R3 Serial 0/2/1 172.16.34.3

R3 Loopback 0 172.16.3.1

R4 Serial 0/2/0 172.16.34.4

R4 Loopback 0 172.16.4.1

8. Equipment Table

Equipment QuantityCisco 3600 Series Router (w. 1x T1 interface card module) 3


9/27

Cisco CAB-SS-V35 Cable 3

9. Questions

1. R3 and R4 will not send NTP queries as MPLS frames. R3 and R4 are two directlyconnected routers and the NTP protocol works only between them two. Thereforebecause of the PHP function, MPLS will not need to tag the packets as they would need tobe removed on the next hop. To avoid overhead MPLS sends packets as normal IPpackets.

2. R3 and R4 will not send packets as MPLS to each other because of the PHP function andbecause they are two directly connected routers.

3. R4 will send packets destined to R1 and R2 as MPLS frames but R3 will obviously removethe tag before forwarding further to R1 and R2. R3 will not send any packets as MPLSframes because on one side R1 and R2 are not configured with MPLS and on the otherside the PHP function removes the tag before any packet is sent towards R4.

R4 will not send as MPLS packets destined to R3 but will tag packets for other networkssuch as R2 and R1 although those tags will be removed by R3.

4. In the network configuration, the ESP protocol provides origin authenticity, integrity, andconfidentiality protection of a packet. The ESP protocol is defined in ITA networkconfiguration as esp-aes 256 esp-sha-hmac inside the transform set. The AH protocol onthe other side is intended to guarantee integrity and data origin authentication of IPpackets. Encapsulating Security Payload provides confidentiality and the AuthenticationHeader provides integrity . In the current configuration it is defined as ah-sha-hmac . ESPwith AES encryption of 256 bits is currently the most secure algorithm as it provides asmany as 256 bits for encryption which is the maximum value available nowadays.

5. The NTP server will ensure that routers in the network are configured with correct time. This will provide accurate time indication when error and other messages are logged tothe server. It is crucial to ensure that timestamps are correct when errors or attacks arerecorded.


10/27

10. Router Configurations

Router R1

Current configuration : 2027 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname R1!boot-start-markerboot-end-marker!

enable secret 5 $1$68v.$0pF2U4rVQiSFjMd/aTRmo.enable password 7 060503205F5D49!no aaa new-modelmemory-size iomem 15!!ip cef !!no ip domain lookupip host R2 172.16.12.2

!!!crypto isakmp policy 10encr aes 256authentication pre-sharegroup 5lifetime 3600

crypto isakmp key cisco address 172.16.23.3!crypto ipsec security-association lifetime seconds 1800!

crypto ipsec transform-set 50 ah-sha-hmac esp-aes 256 esp-sha-hmac!crypto map MYMAP 10 ipsec-isakmpset peer 172.16.23.3set security-association lifetime seconds 900set transform-set 50set pfs group5match address 101

!10


11/27

interface Loopback0description network connected to router 1ip address 172.16.1.1 255.255.255.0

!interface FastEthernet0/0no ip addressshutdownduplex autospeed auto

!interface FastEthernet0/1no ip addressshutdownduplex autospeed auto

!interface Serial0/2/0description Link to Router 2ip address 172.16.12.1 255.255.255.0clock rate 64000crypto map MYMAP

!router eigrp 1network 172.16.0.0no auto-summary

!!!ip http serverno ip http secure-server!logging trap errorslogging 172.16.2.200access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.4.0 0.0.0.255!!banner motd ^CC This is a secure system. Authorized Personnel Only! ^C!line con 0exec-timeout 0 0password 7 045802150C2Elogging synchronous

line aux 0line vty 0 4password 7 02050D480809login

!end

11


12/27

Router R2Current configuration : 1474 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname R2!boot-start-markerboot-end-marker!enable secret 5 $1$k7cB$tzf98Aglqnj2MJZdUhLFR1enable password 7 01100A05481846!no aaa new-modelmemory-size iomem 15no network-clock-participate wic 3!!ip cef !!no ip domain lookupip host R1 172.16.12.1ip host R3 172.16.23.3!!!interface Loopback0description network connected to routerip address 172.16.2.1 255.255.255.0

!interface Serial0/2/0ip address 172.16.12.2 255.255.255.0no fair-queue

!interface Serial0/2/1ip address 172.16.23.2 255.255.255.0clock rate 64000

!

router eigrp 1network 172.16.0.0no auto-summary

!!!ip http serverno ip http secure-server!

12


13/27

!!banner motd ^CC This is a secure system. Authorized Personnel Only! ^C!line con 0exec-timeout 0 0password 7 00071A150754logging synchronous

line aux 0line vty 0 4password 7 14141B180F0B6Alogin

!end

Router R3Current configuration : 2321 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname R3!boot-start-markerboot-end-marker!enable secret 5 $1$JIRS$AbZjQcNdIODnanFoCjzj70enable password 7 0205085A18154F!no aaa new-modelmemory-size iomem 15no network-clock-participate wic 3!!ip cef !!no ip domain lookupip host R4 172.16.34.4ip host R2 172.16.23.2!!crypto isakmp policy 10encr aes 256authentication pre-sharegroup 5lifetime 3600

crypto isakmp key cisco address 172.16.12.1

13


14/27

!crypto ipsec security-association lifetime seconds 1800!crypto ipsec transform-set 50 ah-sha-hmac esp-aes 256 esp-sha-hmac!crypto map MYMAP 10 ipsec-isakmpset peer 172.16.12.1set security-association lifetime seconds 900set transform-set 50set pfs group5match address 101

!!!!interface Loopback0description network connected to routerip address 172.16.3.1 255.255.255.0

!interface Serial0/2/0description Link to Router 4ip address 172.16.23.3 255.255.255.0no fair-queuecrypto map MYMAP

!interface Serial0/2/1description Link to Router 2ip address 172.16.34.3 255.255.255.0mpls ipno fair-queueclock rate 2000000

!!router eigrp 1network 172.16.0.0no auto-summary

!!!ip http serverno ip http secure-server!access-list 101 permit ip 172.16.4.0 0.0.0.255 172.16.1.0 0.0.0.255!!!!banner motd ^CC This is a secure system.

Authorized Personnel Only! ^C!

14


15/27

line con 0exec-timeout 0 0password 7 02050D4808094Flogging synchronous

line aux 0line vty 0 4password 7 03075218050061login

!scheduler allocate 20000 1000ntp clock-period 17179893ntp server 172.16.34.4!End

Router R4version 12.4service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname R4!boot-start-markerboot-end-marker!enable secret 5 $1$pKHY$Pilw1Ad7IjxaPuLSasSea0enable password 7 121A091601184C!no aaa new-modelmemory-size iomem 15no network-clock-participate wic 1!!ip cef !!no ip domain lookupip host R3 172.16.34.3!!!interface Loopback0description network connected to routerip address 172.16.4.1 255.255.255.0

!interface Serial0/2/0description Link to Router 3ip address 172.16.34.4 255.255.255.0mpls ip

1


16/27

no fair-queue!router eigrp 1network 172.16.0.0no auto-summary

!!!ip http serverno ip http secure-server!banner motd ^CC This is a secure system. Authorized Personnel Only! ^C!line con 0exec-timeout 0 0password 7 02050D4808094Flogging synchronous

line aux 0line vty 0 4password 7 13061E01080344login

!scheduler allocate 20000 1000ntp master 5!end

11. Testing Results

Router R1

R1#ping 172.16.12.2

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.12.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 msR1#ping 172.16.2.1


Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.23.2, timeout is 2 seconds:

16


17/27

!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 msR1#ping 172.16.23.3





Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.34.4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60 ms

R1#show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 7 subnetsD 172.16.34.0 [90/3193856] via 172.16.12.2, 03:35:47, Serial0/2/0D 172.16.23.0 [90/2681856] via 172.16.12.2, 03:42:18, Serial0/2/0C 172.16.12.0 is directly connected, Serial0/2/0D 172.16.4.0 [90/3321856] via 172.16.12.2, 03:35:46, Serial0/2/0C 172.16.1.0 is directly connected, Loopback0

1


18/27


19/27

local crypto endpt.: 172.16.12.1, remote crypto endpt.: 172.16.23.3path mtu 1500, ip mtu 1500, ip mtu idb Serial0/2/0current outbound spi: 0xBB8C7C26(3146546214)

inbound esp sas:spi: 0x348BD124(881578276)

transform: esp-256-aes esp-sha-hmac ,in use settings ={Tunnel, }conn id: 3004, flow_id: NETGX:4, crypto map: MYMAPsa timing: remaining key lifetime (k/sec): (4505698/146)IV size: 16 bytesreplay detection support: YStatus: ACTIVE

inbound ah sas:spi: 0x7EE5715A(2128965978)

transform: ah-sha-hmac ,in use settings ={Tunnel, }conn id: 3004, flow_id: NETGX:4, crypto map: MYMAPsa timing: remaining key lifetime (k/sec): (4505698/144)replay detection support: YStatus: ACTIVE

inbound pcp sas:

outbound esp sas:spi: 0xBB8C7C26(3146546214)


outbound ah sas:spi: 0xCC6044(13393988)


Router R2

R2#sh ip route

19


20/27

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route


172.16.0.0/24 is subnetted, 7 subnetsD 172.16.34.0 [90/2681856] via 172.16.23.3, 03:32:14, Serial0/2/1C 172.16.23.0 is directly connected, Serial0/2/1C 172.16.12.0 is directly connected, Serial0/2/0D 172.16.4.0 [90/2809856] via 172.16.23.3, 03:32:13, Serial0/2/1D 172.16.1.0 [90/2297856] via 172.16.12.1, 03:39:51, Serial0/2/0C 172.16.2.0 is directly connected, Loopback0D 172.16.3.0 [90/2297856] via 172.16.23.3, 03:38:44, Serial0/2/1

R2#sh ip eigrp neighIP-EIGRP neighbors for process 1H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num1 172.16.23.3 Se0/2/1 13 03:38:58 19 200 0 110 172.16.12.1 Se0/2/0 11 03:40:05 17 200 0 8

R2#ping 172.16.1.1




Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.23.3, timeout is 2 seconds:!!!!!

20


21/27

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 msR2#ping 172.16.34.4


Router R3

R3#sh mpls forwarding-tableLocal Outgoing Prefix Bytes tag Outgoing Next Hoptag tag or VC or Tunnel Id switched interface16 Untagged 172.16.12.0/24 1560 Se0/2/0 point2point17 Untagged 172.16.1.0/24 4088 Se0/2/0 point2point18 Untagged 172.16.2.0/24 0 Se0/2/0 point2point19 Pop tag 172.16.4.0/24 0 Se0/2/1 point2point

R3#show interfaces s0/2/1 accountingSerial0/2/1 Link to Router 2

Protocol Pkts In Chars In Pkts Out Chars OutOther 2 648 53 1272

IP 292 19601 310 21785CDP 11 3564 11 3564Tag 25 2700 0 0



IP 309 20721 332 23425CDP 12 3888 12 3888Tag 30 3240 0 0



IP 104 7065 113 8275CDP 5 1620 5 1620Tag 15 1620 0 0

R3#ping 172.16.4.1

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:

2


22/27

!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms



IP 123 8509 133 9785CDP 6 1944 6 1944Tag 15 1620 0 0

R3#sh crypto ipsec sa

interface: Serial0/2/0Crypto map tag: MYMAP, local addr 172.16.23.3

protected vrf: (none)local ident (addr/mask/prot/port): (172.16.4.0/255.255.255.0/0/0)remote ident (addr/mask/prot/port): (172.16.1.0/255.255.255.0/0/0)current_peer 172.16.12.1 port 500

PERMIT, flags={origin_is_acl,}#pkts encaps: 13, #pkts encrypt: 13, #pkts digest: 13#pkts decaps: 13, #pkts decrypt: 13, #pkts verify: 13#pkts compressed: 0, #pkts decompressed: 0#pkts not compressed: 0, #pkts compr. failed: 0#pkts not decompressed: 0, #pkts decompress failed: 0#send errors 2, #recv errors 0

local crypto endpt.: 172.16.23.3, remote crypto endpt.: 172.16.12.1path mtu 1500, ip mtu 1500, ip mtu idb Serial0/2/0current outbound spi: 0x348BD124(881578276)

inbound esp sas:spi: 0xBB8C7C26(3146546214)


inbound ah sas:spi: 0xCC6044(13393988)


22


23/27

inbound pcp sas:

outbound esp sas:spi: 0x348BD124(881578276)


outbound ah sas:spi: 0x7EE5715A(2128965978)


R3#show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP



172.16.0.0/24 is subnetted, 7 subnetsC 172.16.34.0 is directly connected, Serial0/2/1C 172.16.23.0 is directly connected, Serial0/2/0D 172.16.12.0 [90/2681856] via 172.16.23.2, 03:33:46, Serial0/2/0D 172.16.4.0 [90/2297856] via 172.16.34.4, 03:27:16, Serial0/2/1D 172.16.1.0 [90/2809856] via 172.16.23.2, 03:33:46, Serial0/2/0D 172.16.2.0 [90/2297856] via 172.16.23.2, 03:33:46, Serial0/2/0C 172.16.3.0 is directly connected, Loopback0

R3#show ip eigrp neighborsIP-EIGRP neighbors for process 1H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num1 172.16.34.4 Se0/2/1 10 03:29:37 5 200 0 30 172.16.23.2 Se0/2/0 13 03:36:07 21 200 0 19

R3#show ntp status

23


24/27

Clock is synchronized, stratum 6, reference is 172.16.34.4nominal freq is 250.0000 Hz, actual freq is 249.9996 Hz, precision is 2**18reference time is CA934B03.CB52988D (05:37:07.794 UTC Thu Sep 13 2007)clock offset is 0.1988 msec, root delay is 2.26 msecroot dispersion is 1.02 msec, peer dispersion is 0.79 msec

R3#show ntp associations

address ref clock st when poll reach delay offset disp*~172.16.34.4 127.127.7.1 5 49 64 377 2.3 0.20 0.8* master (synced), # master (unsynced), + selected, - candidate, ~ configured

R3#ping 172.16.4.1







24


25/27


Router R4

R4#ping 172.16.3.1






R4#sh mpls forwarding-table

2


26/27

Local Outgoing Prefix Bytes tag Outgoing Next Hoptag tag or VC or Tunnel Id switched interface16 Pop tag 172.16.3.0/24 0 Se0/2/0 point2point17 Pop tag 172.16.23.0/24 0 Se0/2/0 point2point18 18 172.16.2.0/24 0 Se0/2/0 point2point19 16 172.16.12.0/24 0 Se0/2/0 point2point20 17 172.16.1.0/24 0 Se0/2/0 point2point

R4#pingProtocol [ip]:

Target IP address: 172.16.1.1Repeat count [5]:Datagram size [100]:

Timeout in seconds [2]:Extended commands [n]: ySource address or interface: 172.16.4.1

Type of service [0]:Set DF bit in IP header? [no]:Validate reply data? [no]: yData pattern [0xABCD]:Loose, Strict, Record, Timestamp, Verbose[none]:Sweep range of sizes [n]:

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:Packet sent with a source address of 172.16.4.1Reply data will be validated!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 104/106/108 ms

R4#sh ntp associations

address ref clock st when poll reach delay offset disp*~127.127.7.1 127.127.7.1 4 53 64 377 0.0 0.00 0.0* master (synced), # master (unsynced), + selected, - candidate, ~ configured

R4#sh ntp statusClock is synchronized, stratum 5, reference is 127.127.7.1nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18reference time is CA9349DF.768D5947 (05:32:15.463 UTC Thu Sep 13 2007)clock offset is 0.0000 msec, root delay is 0.00 msecroot dispersion is 0.02 msec, peer dispersion is 0.02 msec

R4#sh ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP


26


27/27


172.16.0.0/24 is subnetted, 7 subnetsC 172.16.34.0 is directly connected, Serial0/2/0D 172.16.23.0 [90/21024000] via 172.16.34.3, 03:25:30, Serial0/2/0D 172.16.12.0 [90/21536000] via 172.16.34.3, 03:25:30, Serial0/2/0C 172.16.4.0 is directly connected, Loopback0D 172.16.1.0 [90/21664000] via 172.16.34.3, 03:25:30, Serial0/2/0D 172.16.2.0 [90/21152000] via 172.16.34.3, 03:25:30, Serial0/2/0D 172.16.3.0 [90/20640000] via 172.16.34.3, 03:25:30, Serial0/2/0

R4#sh ip eigrp neighIP-EIGRP neighbors for process 1H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num0 172.16.34.3 Se0/2/0 14 03:25:48 3 1140 0 12

R4#ping 172.16.1.1 Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60 ms

R4#show interface s0/2/0 accountingSerial0/2/0 Link to Router 3


IP 692 49415 704 48153CDP 26 8424 27 8748Tag 0 0 5 540

R4#ping 172.16.1.1


R4#show interface s0/2/0 accountingSerial0/2/0 Link to Router 3


IP 703 50323 711 48587CDP 26 8424 27 8748Tag 0 0 10 1080

2

Documents

CCNP2 CaseStudy1