Cisco IOS Manual Routing and switching

IOSEssentialsVersion1.0.2-November16,2015byChristianBrliwww.macparc.ch/ccna

2

TableofContents1 BasicSwitchConfiguration...............................................................................................................................................62 BasicRouterConfiguration...............................................................................................................................................73 VerificationCommands......................................................................................................................................................83.1 VariousshowCommands........................................................................................................................................83.2 OutputFilters...............................................................................................................................................................84 CommandHistoryFeature................................................................................................................................................95 SwitchManagementInterfaceConfiguration...........................................................................................................95.1 ConfigureSwitchManagementInterface.........................................................................................................95.2 ConfigureSwitchDefaultGateway.....................................................................................................................95.3 VerifySwitchManagementInterfaceConfiguration...................................................................................95.4 VLANCreationandAssociationtoaSwitchPort.........................................................................................96 ConfigureSwitchPorts....................................................................................................................................................106.1 DuplexandSpeed....................................................................................................................................................106.2 Auto-MDIX..................................................................................................................................................................107 Switch&PortSecurity.....................................................................................................................................................117.1 ConfigureSSHforRemoteManagement.......................................................................................................117.2 Secure/DisableUnusedPorts............................................................................................................................127.3 DHCPSnooping.........................................................................................................................................................127.4 ConfigurePortSecurity.........................................................................................................................................137.5 ConfigureViolationMode....................................................................................................................................137.6 VerifyPortSecurity................................................................................................................................................147.7 ConfigureNetworkTimeProtocol(NTP).....................................................................................................148 VLANs......................................................................................................................................................................................158.1 CreateVLAN(s).........................................................................................................................................................158.2 AssigningPortstoVLANs....................................................................................................................................158.3 RemoveVLANAssignment..................................................................................................................................158.4 DeletingVLANs.........................................................................................................................................................158.5 DisplayVLANInformation..................................................................................................................................168.6 DisplayInterfaceVLAN(orTrunk)Configuration....................................................................................169 Trunks.....................................................................................................................................................................................179.1 TrunkConfiguration...............................................................................................................................................179.2 ResettingTrunk........................................................................................................................................................179.3 DynamicTrunkProtocol(DTP)........................................................................................................................1710 TroubleshootVLANsandTrunks................................................................................................................................1910.1 MissingVLAN............................................................................................................................................................1910.2 TroubleshootingTrunks.......................................................................................................................................2010.3 CommonProblemswithTrunks.......................................................................................................................2010.4 SecurityProtectPortswithPVLANEdge..................................................................................................2111 Inter-VLANRouting..........................................................................................................................................................2211.1 LegacyInter-VLANRouting................................................................................................................................2211.2 Router-on-a-StickInter-VLANRouting..........................................................................................................2311.3 MultilayerSwitchInter-VLANRouting..........................................................................................................2411.4 TroubleshootInter-VLANRouting...................................................................................................................2612 StaticRouting.......................................................................................................................................................................2712.1 IPv4StaticRoute......................................................................................................................................................2712.2 IPv4DefaultStaticRoute.....................................................................................................................................2812.3 IPv4SummaryStaticRoute................................................................................................................................2812.4 IPv4FloatingStaticRoute....................................................................................................................................2912.5 TroubleshootIPv4StaticRouteConfiguration...........................................................................................3012.6 IPv6StaticRoute......................................................................................................................................................3012.7 IPv6DefaultStaticRoute.....................................................................................................................................3112.8 IPv6SummaryStaticRoute................................................................................................................................31

3

13 DynamicRouting................................................................................................................................................................3213.1 CheckforDynamicRoutingProtocols............................................................................................................3213.2 EnableRIPorRIPv2(IPv4).................................................................................................................................3313.3 EnableRIPng(IPv6)...............................................................................................................................................3414 Single-AreaOSPFv2(IPv4)............................................................................................................................................3514.1 RouterID.....................................................................................................................................................................3514.2 EnableOSPFonInterfaces...................................................................................................................................3614.3 PropagatingaDefaultStaticRouteinOSPF.................................................................................................3814.4 OSPFCost....................................................................................................................................................................3914.5 SecureOSPFwithMD5Authentication..........................................................................................................4214.6 VerifyOSPF.................................................................................................................................................................4315 Single-AreaOSPFv3(IPv6)............................................................................................................................................4615.1 DifferencesbetweenOSPFv2andOSPFv3...................................................................................................4615.2 StepstoConfigureOSPFv3..................................................................................................................................4615.3 ConfigureLink-LocalAddresses.......................................................................................................................4715.4 OSPFv3RouterID....................................................................................................................................................4815.5 EnableOSPFv3onInterfaces.............................................................................................................................4915.6 ModifyOSPFv3HelloandDeadIntervals.....................................................................................................5015.7 PropagatingaDefaultStaticRouteinOSPFv3............................................................................................5115.8 VerifyOSPFv3...........................................................................................................................................................5216 MultiareaOSPF....................................................................................................................................................................5416.1 ConfigureMultiareaOSPFv2..............................................................................................................................5416.2 OSPFRouteSummarization................................................................................................................................5516.3 ConfigureMultiareaOSPFv3..............................................................................................................................5616.4 VerifyMultiareaOSPF...........................................................................................................................................5717 EIGRPforIPv4.....................................................................................................................................................................5917.1 RouterID.....................................................................................................................................................................5917.2 ThenetworkCommand........................................................................................................................................6017.3 PassiveInterfaces....................................................................................................................................................6117.4 AutomaticSummarization...................................................................................................................................6217.5 ManualSummarization.........................................................................................................................................6417.6 PropagatingaDefaultStaticRoute..................................................................................................................6517.7 Fine-tuningEIGRPInterfaces.............................................................................................................................6617.8 MD5Authentication...............................................................................................................................................6717.9 TroubleshootEIGRP...............................................................................................................................................6917.10 VerifyEIGRPforIPv4.......................................................................................................................................7018 EIGRPforIPv6.....................................................................................................................................................................7318.1 ConfigureIPv6Link-localAdresses.................................................................................................................7318.2 ConfigureEIGRPforIPv6.....................................................................................................................................7318.3 EnableEIGRPforIPv6onInterfaces...............................................................................................................7418.4 PassiveInterfaces....................................................................................................................................................7418.5 ManualSummarization.........................................................................................................................................7518.6 PropagatingaDefaultStaticRoute..................................................................................................................7618.7 Fine-tuningEIGRPInterfaces.............................................................................................................................7718.8 MD5Authentication...............................................................................................................................................7818.9 TroubleshootEIGRP...............................................................................................................................................7818.10 VerifyEIGRPforIPv6.......................................................................................................................................7919 AccessControlLists(ACLs)...........................................................................................................................................8119.1 NumberedandNamedACLs...............................................................................................................................8119.2 WildcardBitMaskAbbrevations......................................................................................................................8119.3 TheImplied"DenyAllTraffic"CriteriaStatement...................................................................................8119.4 StandardACLs(IPv4)............................................................................................................................................8219.5 ExtendedACLs(IPv4)............................................................................................................................................8719.6 IPv6ACLs....................................................................................................................................................................9119.7 VerifyACLs.................................................................................................................................................................93

4

20 DHCP........................................................................................................................................................................................9520.1 BasicDHCPv4Configuration..............................................................................................................................9520.2 VerifyDHCPv4..........................................................................................................................................................9620.3 DHCPv4Relay...........................................................................................................................................................9720.4 ConfigureaRouterasDHCPClient..................................................................................................................9720.5 VerifyDHCPv4Relay&Services.......................................................................................................................9820.6 DebugDHCPv4..........................................................................................................................................................9820.7 DHCPv6........................................................................................................................................................................9921 NATforIPv4.......................................................................................................................................................................10521.1 StaticNAT.................................................................................................................................................................10521.2 DynamicNAT...........................................................................................................................................................10721.3 PAT(NATOverload)............................................................................................................................................10921.4 PortForwarding(Tunneling)...........................................................................................................................11121.5 TroubleshootNAT.................................................................................................................................................11222 SpanningTree....................................................................................................................................................................11322.1 DefaultSwitchSTPSettings..............................................................................................................................11322.2 ConfigureandVerifytheBridgeID(BID)/Priority................................................................................11322.3 ConfigureandVerifyPortCost........................................................................................................................11422.4 PortFastandBPDUGuard..................................................................................................................................11522.5 PVST+LoadBalancing.........................................................................................................................................11622.6 RapidPVST+............................................................................................................................................................11722.7 AnalyzingtheSTPTopology.............................................................................................................................11822.8 STPStatusOverview............................................................................................................................................11822.9 FirstHopRedundancyProtocols(FHRP)...................................................................................................11923 EtherChannel.....................................................................................................................................................................12123.1 LinkAggregationControlProtocol(LACP)................................................................................................12123.2 PortAggregationProtocol(PagP)..................................................................................................................12223.3 VerifyEtherChannel.............................................................................................................................................12324 Point-to-PointConnections.........................................................................................................................................12524.1 ConfigureHDLCEncapsulation.......................................................................................................................12524.2 VerifyaSerialInterface......................................................................................................................................12524.3 ConfigurePPPEncapsulation...........................................................................................................................12724.4 VerifyPPPConfiguration/Encapsulation...................................................................................................13125 FrameRelay........................................................................................................................................................................13325.1 BasicFrameRelayConfiguration...................................................................................................................13325.2 ConfigureaStaticFrameRelayMap.............................................................................................................13425.3 ConfigurePoint-to-PointSubinterfaces.......................................................................................................13625.4 LocalManagementInterface(LMI)...............................................................................................................13725.5 VerifyFrameRelay...............................................................................................................................................13825.6 TroubleshootFrameRelay................................................................................................................................14026 PPPoEClientConfigurationforDSL.........................................................................................................................14127 VirtualPrivateNetworks(VPNs)..............................................................................................................................14227.1 GRETunnel...............................................................................................................................................................14228 MonitoringtheNetwork...............................................................................................................................................14428.1 Syslog..........................................................................................................................................................................14428.2 SimpleNetworkManagement(SNMP)........................................................................................................14828.3 NetFlow......................................................................................................................................................................15029 TroubleshootingtheNetwork....................................................................................................................................15429.1 DataCollectionforDocumentation...............................................................................................................15429.2 GatherSymptoms..................................................................................................................................................15529.3 TroubleshootingIPConnectivity....................................................................................................................15630 IOSImages&Licensing.................................................................................................................................................16330.1 DisplaytheIOSImage..........................................................................................................................................16330.2 IOSBackup...............................................................................................................................................................16430.3 SelectBootSystem................................................................................................................................................16530.4 IOSLicensing...........................................................................................................................................................166IOSShortcuts................................................................................................................................................................................172

6

1 BasicSwitchConfigurationSwitch> enable Switch# configure terminal Switch(config)# hostname S1 S1(config)# no ip domain-lookup S1(config)# enable secret class S1(config)# line console 0 S1(config-line)# logging synchronous S1(config-line)# password cisco S1(config-line)# login S1(config-line)# exit S1(config)# line vty 0 4 S1(config-line)# password cisco S1(config-line)# login S1(config-line)# exit S1(config)# line aux 0 S1(config-line)# password cisco S1(config-line)# login S1(config-line)# exit S1(config)# service password-encryption R1(config)# banner motd #Authorized Personnel Only!# S1(config)# interface vlan 1 S1(config-if)# description VLAN 1 S1(config-if)# ip address 172.16.5.2 255.255.255.0 S1(config-if)# no shutdown S1(config-if)# exit S1(config)# ip default-gateway 172.16.5.1 S1(config)# end S1# write Building configuration [OK] Restoreaswitchintoitsfactorydefaultconditionwith1defaultVLANSwitch# delete flash:vlan.dat Switch# erase startup-config Switch# reload

7

2 BasicRouterConfigurationRouter> enable Router# configure terminal Router(config)# hostname R1 R1(config)# no ip domain-lookup R1(config)# enable secret class R1(config)# line console 0 R1(config-line)# logging synchronous R1(config-line)# password cisco R1(config-line)# login R1(config-line)# exit R1(config)# line vty 0 4 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# exit R1(config)# line aux 0 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# exit R1(config)# service password-encryption R1(config)# banner motd #Authorized Personnel Only!# R1(config)# interface g0/0 R1(config-if)# description Link to LAN 1 R1(config-if)# ip address 172.16.5.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# exit R1(config)# interface g0/1 R1(config-if)# description Link to LAN 2 R1(config-if)# ip address 192.168.5.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# exit R1(config)# interface serial 0/0/0 R1(config-if)# description Link to R2 R1(config-if)# ip address 209.10.5.1 255.255.255.0 R1(config-if)# clock rate 128000 R1(config-if)# no shutdown R1(config-if)# exit R1(config)# interface loopback 0 R1(config-if)# ip address 10.0.0.1 255.255.255.0 R1(config-if)# end R1# writeResettingRouterConfigurationRouter# erase startup-config Router# reload

8

3 VerificationCommands3.1 VariousshowCommandsDisplayinterfacestatus S1# show interfaces interface-idDisplaycurrentstartupconfiguration S1# show startup-configDisplaycurrentoperationconfiguration S1# show running-configDisplaycommandsconfiguredonaspecifiedint S1# show running-config interface interface-id Displayinformationaboutflashfilesystem S1# show flashDisplaysystemhardwareandsoftwarestatus S1# show versionDisplayhistoryofcommandsentered S1# show historyDisplayIPinformationforallinterfaces R1# show ip interface [ brief ]DisplayIPinformationaboutaninterface R1# show ip interface-idDisplaycontentsoftheIPv4routingtable(RAM) R1# show ip routeDisplaysconfiguredroutingprotocols R1# show ip protocolsDisplaysinfoaboutlearnedOSPFneighbors R1# show ip ospf neighborDisplaysinfoabouttheenabledroutedprotocol R1# show protocolsDisplaysinfoondirectlyconnecteddevices R1# show cdp neighborsDisplaytheMACaddresstable S1# show mac-address-table or S1# show mac address-table3.2 OutputFiltersToenablethefilteringcommand,enterapipe(|)characteraftertheshowcommandandthenenterafilteringparameterandafilteringexpression.Example:S1# show ip interface brief | exclude unassignedFilteringparametersthatcanbeconfiguredafterthepipe:section Showsentiresectionthatstartswiththefilteringexpressioninclude Includesalloutputlinesthatmatchthefilteringexpressionexclude Excludesalloutputlinesthatmatchthefilteringexpressionbegin Showsalltheoutputlines,startingwiththelinethatmatchesthefilteringexpression

9

4 CommandHistoryFeatureTorecallthemostrecentcommandinthehistorybuffer,pressCtrl+PortheUp Arrow key.Toreturntomorerecentcommandsinthehistorybuffer,pressCtrl+NortheDown Arrow key.Showcommandhistorybuffer: R1# show historyBydefault,commandhistoryisenabledandthesystemcapturesthelast10commandlinesinitshistorybuffer.Commandtoincreaseordecreasethesizeofthebuffer(forthecurrentterminalsession):R1# terminal history size 100

5 SwitchManagementInterfaceConfiguration5.1 ConfigureSwitchManagementInterfaceS1# configure terminal S1(config)# interface vlan 99 S1(config-if)# ip address 192.168.1.2 255.255.255.0 S1(config-if)# no shutdown S1(config-if)# end S1# copy running-config startup-config 5.2 ConfigureSwitchDefaultGatewayS1# configure terminal S1(config)# ip default-gateway 192.168.1.1 S1(config)# end S1# copy running-config startup-config 5.3 VerifySwitchManagementInterfaceConfigurationS1# show ip interface brief 5.4 VLANCreationandAssociationtoaSwitchPortTheSVIforVLAN99willnotappearas"up/up"untilVLAN99iscreatedandthereisadeviceconnectedtoaswitchportassociatedwithVLAN99.TocreateaVLANwiththevlan_idof99,andassociateittoaninterface,usethefollowingcommands:S1# configure terminal S1(config)# vlan vlan_id S1(config-vlan)# name vlan_name S1(config-vlan)# exit S1(config)# interface interface-id S1(config-if)# switchport access vlan vlan_id

10

6 ConfigureSwitchPorts6.1 DuplexandSpeedS1# configure terminal S1(config)# interface FastEthernet 0/1 S1(config-if)# duplex full S1(config-if)# speed 100 S1(config-if)# end S1# copy running-config startup-config 6.2 Auto-MDIXS1# configure terminal S1(config)# interface FastEthernet 0/1 S1(config-if)# duplex auto S1(config-if)# speed auto S1(config-if)# mdix auto S1(config-if)# end S1# copy running-config startup-config VerifyAuto-MDIXS1# show controllers ethernet-controller fa 0/1 phy | include Auto-MDIX

11

7 Switch&PortSecurity7.1 ConfigureSSHforRemoteManagementVerifySSHsupportS1# show ip ssh ConfiguretheIPdomainS1# configure terminal S1(config)# ip domain-name cisco.com GenerateRSAkeypairsS1(config)# crypto key generate rsa The name for the keys will be S1.cisco.com How many bits in the modulus [512]: 1024 (DeletingRSAkeypairs)S1(config)# crypto key zeroize rsa ConfigureuserauthenticationS1(config)# username admin secret ccna ConfigurethevtylinesS1(config)# line vty 0 15 S1(config-line)# transport input ssh S1(config-line)# login local S1(config-line)# exit EnableSSHversion2S1(config)# ip ssh version 2 S1(config)# exit

12

7.2 Secure/DisableUnusedPortsS1(config-if)# shutdown ConfigurearangeofportsS1(config)# interface range FastEthernet0/5 24 S1(config-if-range)# shutdown 7.3 DHCPSnoopingEnableDHCPsnoopingS1(config)# ip dhcp snooping EnableDHCPsnoopingforspecificVLANsS1(config)# ip dhcp snooping vlan 10,20 DefiningthetrustedportsS1(config)# interface FastEthernet0/1 S1(config-if)# ip dhcp snooping trust LimittherateatwhichbogusDHCPrequestscancontinuallybesentthroughuntrustedportsS1(config)# interface FastEthernet0/2 S1(config-if)# ip dhcp snooping limit rate 5

13

7.4 ConfigurePortSecurity7.4.1 StaticSecureMACAddressesS1(config-if)# switchport port-security mac-address mac-address 7.4.2 DynamicSecureMACAddressesS1(config)# interface FastEthernet 0/1 S1(config-if)# switchport mode access S1(config-if)# switchport port-security 7.4.3 StickySecureMACAddressesToconvertdynamicallylearnedMACaddressestostickysecureMACaddressesS1(config)# interface FastEthernet 0/1 S1(config-if)# switchport mode access S1(config-if)# switchport port-security S1(config-if)# switchport port-security maximum 50 S1(config-if)# switchport port-security mac-address sticky ManuallydefinedstickysecureMACaddressesS1(config-if)# switchport port-security mac-address sticky mac-address DisablestickylearningS1(config-if)# no switchport port-security mac-address sticky 7.5 ConfigureViolationModeS1(config-if)# switchport port-security violation {protect | restrict | shutdown}

14

7.6 VerifyPortSecurity7.6.1 VerifyPortSecuritySettingsS1# show port-security [interface interface-id] 7.6.2 VerifystickyMACRunningConfigS1# show run | begin FastEthernet 0/5 7.6.3 VerifySecureMACAddressesS1# show port-security address 7.7 ConfigureNetworkTimeProtocol(NTP)7.7.1 ConfiguringNTPonaRouterNTPserverR1(config)# ntp master 1 NTPclientR2(config)# ntp server 10.0.0.1 7.7.2 VerifyNTPR2# show ntp associations R2# show ntp status

15

8 VLANs8.1 CreateVLAN(s)S1# configure terminal S1(config)# vlan vlan-id S1(config-vlan)# name vlan-name S1(config-vlan)# end Goodpractice,butnotnecessary:NormalRangeVLANs(11005)aresavedtovlan.dat(flashmemory).S1# copy running-config startup-config CreateaseriesofVLANIDsS1(config)# vlan 100,125,130,140-159 8.2 AssigningPortstoVLANsS1# configure terminal S1(config)# interface [range] interface-id S1(config-if)# switchport mode access S1(config-if)# switchport access vlan vlan-id S1(config-if)# end 8.3 RemoveVLANAssignmentS1# configure terminal S1(config)# interface [range] interface-id S1(config-if)# no switchport access vlan S1(config-if)# end 8.4 DeletingVLANsS1# configure terminal S1(config)# no vlan vlan-id S1(config)# end Deletingtheentirevlan.datfile(resettofactorydefaultVLANconfiguration)S1# delete flash:vlan.dat orS1# delete vlan.dat

17

9 Trunks9.1 TrunkConfigurationS1# configure terminal S1(config)# interface interface-id S1(config-if)# switchport mode trunk S1(config-if)# switchport trunk native vlan vlan-id S1(config-if)# switchport trunk allowed vlan vlan-list S1(config-if)# end 9.2 ResettingTrunkS1# configure terminal S1(config)# interface interface-id S1(config-if)# no switchport trunk allowed vlan S1(config-if)# no switchport trunk native vlan S1(config-if)# end ReturnPorttoAccessModeS1(config-if)# switchport mode access 9.3 DynamicTrunkProtocol(DTP)9.3.1 NegotiatedInterfaceModesS1(config-if)# switchport mode access Permanentnontrunkingmode,regardlessofwhethertheneighboringinterfaceisatrunkinterface.;negotiatestoconvertthelinkintoanontrunklink.S1(config-if)# switchport mode dynamic auto DefaultswitchportmodeforallEthernetinterfaces.Theinterfaceisabletoconvertthelinktoatrunklinkiftheneighboringinterfaceissettotrunkordesirablemode.S1(config-if)# switchport mode dynamic desirable Abletoconvertthelinktoatrunklink.Theinterfacebecomesatrunkinterfaceiftheneighboringinterfaceissettotrunkordesirablemode.S1(config-if)# switchport mode trunk Permanenttrunkingmode,eveniftheneighboringinterfaceisnotatrunkinterface;negotiatestoconverttheneighboringlinkintoatrunklink.

18

9.3.2 DTPConfigurationMatrixResultsoftheDTPconfigurationoptionsonoppositeendsofatrunklink

9.3.3 DisableDTPE.g.toenabletrunkingfromaCiscoswitchtoadevicethatdoesnotsupportDTPS1(config-if)# switchport nonegotiate PreventstheinterfacefromgeneratingDTPframes.Youcanusethiscommandonlywhentheinterfaceswitchportmodeisaccessortrunk.Youmustmanuallyconfiguretheneighboringinterfaceasatrunkinterfacetoestablishatrunklink.9.3.4 DeterminetheCurrentDTPModeS1# show dtp interface interface-id

19

10 TroubleshootVLANsandTrunks10.1 MissingVLAN

Step1:Usetheshow vlancommandtocheckwhethertheportbelongstotheexpectedVLAN.IftheportisassignedtothewrongVLAN,usetheswitchport access vlancommandtocorrecttheVLANmembership.Usetheshow mac address-tablecommandtocheckwhichaddresseswerelearnedonaparticularportoftheswitchandtowhichVLANthatportisassigned.Step2:IftheVLANtowhichtheportisassignedisdeleted,theportbecomesinactive.Usetheshow vlanorshow interfaces switchportcommand.Examples:S1# show mac-address-table interface FastEthernet 0/1 S1# show interfaces FastEthernet 0/1 switchport

20

10.2 TroubleshootingTrunks

Step1:Usetheshow interfaces trunkcommandtocheckwhetherthelocalandpeernative VLANsmatch.IfthenativeVLANdoesnotmatchonbothsides,VLANleakingoccurs.Step2:Usetheshow interfaces trunkcommandtocheckwhetheratrunkhasbeen establishedbetweenswitches.Staticallyconfiguretrunklinkswheneverpossible.CiscoCatalystswitchportsuseDTPbydefaultandattempttonegotiateatrunklink.Example:S1# show interfaces FastEthernet 0/1 trunk 10.3 CommonProblemswithTrunks

21

10.4 SecurityProtectPortswithPVLANEdgeThePVLANEdgefeaturehasthefollowingcharacteristics: Aprotectedportdoesnotforwardanytraffic(unicast,multicast,orbroadcast)toanyotherportthatisalsoaprotectedport,exceptforcontroltraffic.DatatrafficcannotbeforwardedbetweenprotectedportsatLayer2. Forwardingbehaviorbetweenaprotectedportandanonprotectedportproceedsasusual. Protectedportsmustbemanuallyconfigured.10.4.1 ConfiguringthePVLANEdgeFeatureS1(config-if)# switchport protected 10.4.2 DisableProtectedPortS1(config-if)# no switchport protected 10.4.3 VerifythePVLANEdgeConfigurationS1# show interfaces interface-id switchport

22

11 Inter-VLANRouting11.1 LegacyInter-VLANRouting

11.1.1 SwitchConfigurationS1# configure terminal S1(config)# vlan 10 S1(config-vlan)# vlan 30 S1(config-vlan)# interface f0/11 S1(config-if)# switchport access vlan 10 S1(config-if)# interface f0/4 S1(config-if)# switchport access vlan 10 S1(config-if)# interface f0/6 S1(config-if)# switchport access vlan 30 S1(config-if)# interface f0/5 S1(config-if)# switchport access vlan 30 S1(config-if)# end 11.1.2 RouterConfigurationR1(config)# interface g0/0 R1(config-if)# ip address 172.17.10.1 255.255.255.0 R1(config-if)# no shutdown R1(config)# interface g0/1 R1(config-if)# ip address 172.17.30.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# end

23

11.2 Router-on-a-StickInter-VLANRouting

11.2.1 SwitchConfigurationS1(config)# vlan 10 S1(config-vlan)# vlan 30 S1(config-vlan)# interface f0/5 S1(config-if)# switchport mode trunk S1(config-if)# end 11.2.2 RouterConfigurationR1(config)# interface g0/0.10 R1(config-subif)# encapsulation dot1q 10 R1(config-subif)# ip address 172.17.10.1 255.255.255.0 R1(config-subif)# interface g0/0.30 R1(config-subif)# encapsulation dot1q 30 R1(config-subif)# ip address 172.17.30.1 255.255.255.0 R1(config-subif)# interface g0/0 R1(config-if)# no shutdown R1(config-if)# end VerifySubinterfaces: R1# show vlan R1# show ip routeVerifyRouting:PC1> ping 172.17.30.23 PC1> tracert 172.17.30.23

24

11.3 MultilayerSwitchInter-VLANRouting11.3.1 Inter-VLANRoutingwithSwitchVirtualInterfaces(SVI)S1(config)# interface vlan 10 S1(config-if)# ip address 172.17.10.1 255.255.255.0 S1(config-if)# no shutdown S1(config-if)# exit S1(config)# interface vlan 30 S1(config-if)# ip address 172.17.30.1 255.255.255.0 S1(config-if)# no shutdown S1(config-if)# exit S1(config)# ip routing 11.3.2 Inter-VLANRoutingwithRoutedPortsS1(config)# interface fastethernet 0/1 S1(config-if)# no switchport S1(config-if)# ip address 172.17.10.1 255.255.255.0 S1(config-if)# no shutdown S1(config-if)# exit S1(config)# interface fastethernet 0/3 S1(config-if)# no switchport S1(config-if)# ip address 172.17.30.1 255.255.255.0 S1(config-if)# no shutdown S1(config-if)# exit S1(config)# ip routing

25

11.3.3 StaticRoutingonaCiscoCatalyst2960Switch

ChecksettingtemplateS1(config)# show sdm prefer EnabletheroutingfunctionalityontheCisco2960Layer2switchFull-featuredmultilayerswitches(e.g.CiscoCatalyst3560Series)supporttheEIGRP,OSPF,andBGProutingprotocols.S1(config)# sdm prefer lanbase-routing S1(config)# do reload S1(config)# interface fastethernet 0/6 S1(config-if)# switchport access vlan 2 S1(config-if)# interface vlan 1 S1(config-if)# ip address 192.168.1.1 255.255.255.0 S1(config-if)# interface vlan 2 S1(config-if)# ip address 192.168.2.1 255.255.255.0 S1(config-if)# no shutdown S1(config)# ip routing ConfiguredefaultrouteS1(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.254Configureastaticroutetotheremotenetwork192.168.2.0/24(VLAN2)ontheRouterR1R1(config)# ip route 192.168.2.0 255.255.255.0 g0/1

26

11.4 TroubleshootInter-VLANRoutingTheissuescommontolegacyinter-VLANroutingandrouter-on-a-stickinter-VLANroutingarealsomanifestedinthecontextofLayer3switching.Totroubleshootissues,thefollowingitemsshouldbecheckedforaccuracy:VLANs: VLANsmustbedefinedacrossalltheswitches.VLANsmustbeenabledonthetrunk ports.PortsmustbeintherightVLANs.SVIs: SVIsmusthavethecorrectIPaddressorsubnetmask.SVIsmustbeup.SVIsmust matchwiththeVLANnumber.Routing: Routingmustbeenabled.Eachinterfaceornetworkshouldbeaddedtotherouting protocol.Hosts: HostsmusthavethecorrectIPaddressorsubnetmask.Hostsmusthaveadefault gatewayassociatedwithanSVIorroutedport.

27

12 StaticRouting12.1 IPv4StaticRouteAstaticroutecanbeconfiguredtoreachaspecificremotenetwork.R1(config)# ip route network-address subnet-mask {next-hop-ip | exit-intf

[ip-adress]} [ distance ] [ name name ] [ permanent ] [ tag tag ]

Thedistanceparameterisusedtocreateafloatingstaticroutebysettinganadministrativedistancethatishigherthanadynamicallylearnedroute.CommonExamples:Next-hopaddress: R1(config)# ip route 172.16.1.0 255.255.255.0 172.16.2.2Exitinterface: R1(config)# ip route 172.16.1.0 255.255.255.0 serial 0/0/0Fullyspecified: R1(config)# ip route 172.16.1.0 255.255.255.0 G0/1 172.16.2.2VerifyingR1# ping 192.168.2.2 R1# traceroute 192.168.2.10 R1# show ip route R1# show ip route static | begin Gateway R1# show ip route 192.168.2.1 R1# show running-config | section ip route

28

12.2 IPv4DefaultStaticRouteAdefaultstaticrouteissimilartoadefaultgatewayonahost.Thedefaultstaticroutespecifiestheexitpointtousewhentheroutingtabledoesnotcontainapathforthedestinationnetwork.R1(config)# ip route 0.0.0.0 0.0.0.0 {next-hop-ip | exit-intf}

CommonExamples:Next-hopaddress: R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.6.2Exitinterface: R1(config)# ip route 0.0.0.0 0.0.0.0 serial 0/0/0Fullyspecified: R1(config)# ip route 0.0.0.0 0.0.0.0 serial 0/0/0 192.168.6.2Verifying: R1# show ip route static

12.3 IPv4SummaryStaticRouteExample:

Thefourstaticrouteentriescouldbereducedto172.20.0.0/14entry.Thefourstaticrouteentriescanberemovedandreplacedbyasummarystaticroute.R1(config)# no ip route 172.20.0.0 255.255.0.0 serial 0/0/0R1(config)# no ip route 172.21.0.0 255.255.0.0 serial 0/0/0R1(config)# no ip route 172.22.0.0 255.255.0.0 serial 0/0/0R1(config)# no ip route 172.23.0.0 255.255.0.0 serial 0/0/0 R1(config)#R1(config)# ip route 172.20.0.0 255.252.0.0 serial 0/0/0

29

12.4 IPv4FloatingStaticRouteFloatingstaticroutesarestaticroutesthathaveanadministrativedistancegreaterthantheadministrativedistanceofanotherstaticrouteordynamicroutes.Theyareveryusefulwhenprovidingabackuptoaprimarylink.

Bydefault,staticrouteshaveanadministrativedistanceof1,makingthempreferabletorouteslearnedfromdynamicroutingprotocols.Forexample,theadministrativedistancesofsomecommondynamicroutingprotocolsare: EIGRP=90 IGRP=100 OSPF=110 IS-IS=115 RIP=120Theadministrativedistanceofastaticroutecanbeincreasedtomaketheroutelessdesirablethanthatofanotherstaticrouteoraroutelearnedthroughadynamicroutingprotocol.Inthisway,thestaticroutefloatsandisnotusedwhentheroutewiththebetteradministrativedistanceisactive.

VerificationshowsthatthedefaultroutetoR2isinstalledintheroutingtable.NotethatthebackuproutetoR3isnotpresentintheroutingtable.

30

12.5 TroubleshootIPv4StaticRouteConfigurationCommonIOStroubleshootingcommandsinclude: ping target-ip-address source { ip-address | exit-intf } (extendedping) traceroute show ip route show ip interface brief show cdp neighbors [detail]

12.6 IPv6StaticRouteEnableIPv6Routing: R1(config)# ipv6 unicast-routingR1(config)# ipv6 route ipv6-prefix/prefix-length { ipv6-address | exit-intf }

Verifying: R1# show ipv6 routeCommonExamples:Next-hopaddress: R1(config)# ip route 2001:db8:acad:2::/64 2001:db8:acad:4::2Exitinterface: R1(config)# ip route 2001:db8:acad:2::/64 s0/0/0Fullyspecified: R1(config)# ip route 172.16.1.0 255.255.255.0 s0/0/0 fe80::2VerifyingR1# ping 192.168.2.2 R1# traceroute 192.168.2.10 R1# show ipv6 route R1# show ipv6 route static R1# show ipv6 route 2001:db8:acad:3:: R1# show running-config | section ipv6 route

31

12.7 IPv6DefaultStaticRouteEnableIPv6Routing: R1(config)# ipv6 unicast-routingR1(config)# ipv6 route ::/0 { ipv6-address | exit-intf }

CommonExamples:Next-hopaddress: R1(config)# ipv6 route ::/0 2001:db8:acad:4::2Exitinterface: R1(config)# ipv6 route ::/0 serial 0/0/0Verify:R1# show ipv6 route static12.8 IPv6SummaryStaticRouteExample:Thefourstaticrouteentriescouldbereducedto2001:db8:acad::/61entry.Thefourstaticrouteentriescanberemovedandreplacedbyasummarystaticroute.R1(config)# no ipv6 route 2001:db8:acad:1::/64 2001:db8:feed:1::2R1(config)# no ipv6 route 2001:db8:acad:2::/64 2001:db8:feed:1::2R1(config)# no ipv6 route 2001:db8:acad:3::/64 2001:db8:feed:1::2R1(config)# no ipv6 route 2001:db8:acad:4::/64 2001:db8:feed:1::2R1(config)#R1(config)# ipv6 route 2001:db8:acad::/61 2001:db8:feed:1::2

32

13 DynamicRouting13.1 CheckforDynamicRoutingProtocolsDeterminewhichroutingprotocolsaresupportedbytheIOSR1(config)# router ?respectivelyR1(config)# ipv6 router ?

VerifytheIPv4routingprotocolsettingscurrentlyconfiguredR1# show ip protocolsrespectivelyR1# show ipv6 protocols

33

13.2 EnableRIPorRIPv2(IPv4)R1(config)# router rip DisableandeliminateRIPR1(config)# no router rip ConfigurewhichlocallyconnectednetworksshouldbeadvertisedR1(router-config)# network network-address Example:R1(config)# router rip R1(router-config)# network 192.168.1.0 R1(router-config)# network 192.168.2.0 EnableRIPv2R1(config)# router rip R1(router-config)# version 2 DisableautomaticnetworknumbersummarizationR1(router-config)# no auto-summary (RIPv2mustbeenabledbeforeautomaticsummarizationisdisabled.)Configurepassiveinterfaces(stoproutingupdatesoutofspecifiedinterfaces)R1(router-config)# passive-interface intf Examples:R1(config)# router rip R1(router-config)# passive-interface serial 0/0/0 StoproutingupdatesoutofallinterfacesR1(router-config)# passive-interface default Re-enableroutingupdatesoutofaspecifiedinterfaceR1(router-config)# no passive-interface gigabitethernet 0/1 Propagateadefaultroute(configuredontheedgerouter)R1(config)# ip route 0.0.0.0 0.0.0.0 serial 0/0/0 192.168.6.2R1(config)# router rip R1(router-config)# default-information originate

34

13.3 EnableRIPng(IPv6)R1(config-if)# ipv6 rip domain-name enable Example:R1(config)# ipv6 unicast-routing R1(config)# R1(config)# interface g0/1 R1(config-if)# ipv6 rip RIP-AS enable R1(config-if)# no shutdown R1(config-if)# exit R1(config)# R1(config)# interface s0/0/1 R1(config-if)# ipv6 rip RIP-AS enable R1(config-if)# no shutdown Propagateadefaultroute(configuredontheedgerouter)R1(config)# ipv6 route 0::/0 2001:db8:feed:1::1R1(config)# interface s0/0/1 R1(config-if)# ipv6 rip RIP-AS default-information originate Display(only)theRIProutesfromtheIPv6routingtableR1# show ipv6 route rip

35

14 Single-AreaOSPFv2(IPv4)EnterrouterOSPFconfigurationmodeR1(config)# router ospf process-idExample: R3(config)# router ospf 10Theprocess-idvaluerepresentsanumberbetween1and65,535andisselectedbythenetworkadministrator.Theprocess-idvalueislocallysignificant,whichmeansthatitdoesnothavetobethesamevalueontheotherOSPFrouterstoestablishadjacencieswiththoseneighbors.14.1 RouterID14.1.1 Configure&VerifyRouterIDR1(config-router)# router-id rid R1# show ip protocolsExample: R3(config-router)# router-id 3.3.3.314.1.2 ModifyRouterIDModifyrouterIDbyclearingtheroutingprocess

R1# clear ip ospf process Reset ALL OSPF processes? [no]: yVerify(onlyRouterIDsection)R1# show ip protocols | section Router ID14.1.3 UsingaLoopbackInterfaceastheRouterIDR3(config)# interface loopback 0 R3(config-if)# ip address 3.3.3.3 255.255.255.255 R3(config-if)# end

36

14.2 EnableOSPFonInterfaces14.2.1 AssigningInterfacestoanOSPFAreaR1(config-router)# network network-address wildcard-mask area area-idExample: R1(config-router)# network 172.16.1.0 0.0.0.255 area 0 R1(config-router)# network 10.10.10.0 0.0.0.3 area 0 R1(config-router)# network 10.10.10.4 0.0.0.3 area 014.2.2 AssigningInterfacestoanOSPFAreawithaQuadZeroAsanalternative,OSPFv2canbeenabledusingtheinterfaceIPv4addresswithaquad0wildcardmask.R1(config-router)# network intf-ip-address 0.0.0.0 area area-idExample: R1(config-router)# network 172.16.1.1 0.0.0.0 area 0 R1(config-router)# network 10.10.10.1 0.0.0.0 area 0 R1(config-router)# network 10.10.10.5 0.0.0.0 area 0Theadvantageofspecifyingtheinterfaceisthatthewildcardmaskcalculationisnotnecessary.OSPFv2usestheinterfaceaddressandsubnetmasktodeterminethenetworktoadvertise.14.2.3 ChangetheOSPFInterfacePriorityTheOSPFDRandBDRelectiondecisionisbasedonthefollowingcriteria:Step1:TheroutersinthenetworkelecttherouterwiththehighestinterfacepriorityastheDR.The routerwiththesecondhighestinterfacepriorityiselectedastheBDR.Theprioritycanbe configuredtobeanynumberbetween0255.Thehigherthepriority,thelikeliertherouter willbeselectedastheDR.Ifthepriorityissetto0,therouterisnotcapableofbecomingthe DR.Thedefaultpriorityofmultiaccessbroadcastinterfacesis1.Therefore,unlessotherwise configured,allroutershaveanequalpriorityvalueandmustrelyonanothertiebreaking methodduringtheDR/BDRelection.Step2:Iftheinterfaceprioritiesareequal,thentherouterwiththehighestrouterIDiselectedtheDR. TherouterwiththesecondhighestrouterIDistheBDR.

37

14.2.4 ModifyOSPFv2HelloandDeadIntervalsR1(config-if)# ip ospf hello-interval seconds R1(config-if)# ip ospf dead-interval seconds

Resettodefaultvalues(Hello=10s;Dead=40s):R1(config-if)# no ip ospf hello-interval R1(config-if)# no ip ospf dead-interval VerifyOSPFintervals: R1# show ip ospf interface interface

R1# show ip ospf interface interface | include Timer

VerifyOSPFtimeractivity: R1# show ip ospf neighbor

38

14.2.5 ConfigurePassiveInterfacesR1(config-router)# passive-interface intfExample: R1(config-router)# passive-interface GigabitEthernet 0/0Allinterfacescanbemadepassive: R1(config-router)# passive-interface defaultRe-enabledinterface: R1(config-router)# no passive-interface GigabitEthernet 0/1

14.3 PropagatingaDefaultStaticRouteinOSPF

Topropagateadefaultroute,theedgerouterakatheentrance,gateway,orautonomoussystemboundaryrouter(ASBR)-mustbeconfiguredwith: Adefaultstaticrouteusingtheip route 0.0.0.0 0.0.0.0 {ip-address | exit-intf}command. Thedefault-information originaterouterconfigurationmodecommandinstructstheroutertobethesourceofthedefaultrouteinformationandpropagatethedefaultstaticrouteinOSPFupdates.

39

14.4 OSPFCost14.4.1 VerifyCostofaRoute(Metric)

14.4.2 AdjustReferenceBandwithOSPFusesareferencebandwidthof100Mb/s(cost=1)foranylinksthatareequaltoorfasterthanafastEthernetconnection.ToassistOSPFinmakingthecorrectpathdetermination,thereferencebandwidthmustbechangedtoahighervaluetoaccommodatenetworkswithlinksfasterthan100Mb/s.GigabitEthernet: R1(config-router)# auto-cost reference-bandwidth 100010GigabitEthernet: R1(config-router)# auto-cost reference-bandwidth 10000Returntodefault: R1(config-router)# auto-cost reference-bandwidth 100OSPFcostifthereferencebandwidthissettoGigabitEthernet:

40

14.4.3 VerifyLinkCost

14.4.4 AdjustInterfaceBandwithSettingUsetheshow interfacescommandtoviewtheinterfacebandwidthsetting.

OnCiscorouters,thedefaultbandwidthonmostserialinterfacesissetto1.544Mb/s.Adjusttheinterfacebandwidth:R1(config)# intf R1(config-if)# bandwidth kilobits

Restoretothedefaultvalue: R1(config-if)# no bandwidth [kilobits]

41

14.4.5 ManuallySettingtheOSPFCostAsanalternativetosettingthedefaultinterfacebandwidth,thecostcanbemanuallyconfiguredonaninterface.R1(config)# intf R1(config-if)# ip ospf cost value

Boththebandwidthinterfacecommandandtheip ospf costinterfacecommandachievethesameresult,whichistoprovideanaccuratevalueforusebyOSPFindeterminingthebestroute.Anadvantageofconfiguringacostoversettingtheinterfacebandwidthisthattherouterdoesnothavetocalculatethemetricwhenthecostismanuallyconfigured.Incontrast,whentheinterfacebandwidthisconfigured,theroutermustcalculatetheOSPFcostbasedonthebandwidth.Theip ospf costcommandisusefulinmulti-vendorenvironmentswherenon-CiscoroutersmayuseametricotherthanbandwidthtocalculatetheOSPFcosts.

42

14.5 SecureOSPFwithMD5Authentication14.5.1 EnableOSPFMD5AuthenticationGloballyR1(config)# area area-id authentication message-digest R1(config-if)# ip ospf message-digest-key key md5 password

14.5.2 EnableOSPFMD5AuthenticationonaPer-InterfacebasisR1(config-if)# ip ospf message-digest-key key md5 password R1(config-if)# ip ospf authentication message-digest

43

14.6 VerifyOSPF14.6.1 VerifyOSPFNeighborsR1# show ip ospf neighbor

FULLstatemeansthattherouteranditsneighborhaveidenticalOSPFLSDBs.OnmultiaccessnetworkssuchasEthernet,tworoutersthatareadjacentmayhavetheirstatesdisplayedas2WAY.ThedashindicatesthatnoDRorBDRisrequiredbecauseofthenetworktype.TworoutersmaynotformanOSPFadjacencyif: Thesubnetmasksdonotmatch,causingtherouterstobeonseparatenetworks. OSPFHelloorDeadTimersdonotmatch. OSPFNetworkTypesdonotmatch. ThereisamissingorincorrectOSPFnetworkcommand.14.6.2 VerifyOSPFProtocolSettingsTheshow ip protocolsisaquickwaytoverifyvitalOSPFconfigurationinformation.ThisincludestheOSPFprocessID,therouterID,networkstherouterisadvertising,theneighborstherouterisreceivingupdatesfrom,andthedefaultadministrativedistance(defaultis110forOSPF).R1# show ip protocols

44

14.6.3 VerifyOSPFProcessInformationTheshow ip ospfcommanddisplaystheOSPFareainformationandthelasttimetheSPFalgorithmwascalculated.R1# show ip ospf

45

14.6.4 VerifyOSPFInterfaceSettingsR1# show ip ospf interface [brief]

R1# show ip ospf interface interface

14.6.5 VerifytheOSPFLearnedRoutesDisplayonlytheOSPFlearnedroutesintheroutingtable.R1# show ip route ospf14.6.6 VerifyOSPFMD5authenticationR1# show ip ospf interface interfaceR1# show ip ospf interface | include Message

46

15 Single-AreaOSPFv3(IPv6)15.1 DifferencesbetweenOSPFv2andOSPFv3

15.2 StepstoConfigureOSPFv3

47

15.3 ConfigureLink-LocalAddressesUnlessconfiguredmanually,Ciscorouterscreatethelink-localaddressusingFE80::/10prefixandtheEUI-64process.EUI-64involvesusingthe48-bitEthernetMACaddress,insertingFFFEinthemiddleandflippingtheseventhbit.Forserialinterfaces,CiscousestheMACaddressofanEthernetinterface.Configuringthelink-localaddressmanuallyprovidestheabilitytocreateanaddressthatisrecognizableandeasiertoremember.Aswell,arouterwithseveralinterfacescanassignthesamelink-localaddresstoeachIPv6interface.Thisisbecausethelink-localaddressisonlyrequiredforlocalcommunications.R1(config)# interface GigabitEthernet 0/0R1(config-if)# ipv6 address FE80::1 link-localR1(config-if)# exitR1(config)# interface Serial 0/0/0R1(config-if)# ipv6 address FE80::1 link-localR1(config-if)# exitR1(config)# interface Serial 0/0/1R1(config-if)# ipv6 address FE80::1 link-localR1(config-if)# exit

48

15.4 OSPFv3RouterIDEnterrouterOSPFv3configurationmodeR1(config)# ipv6 router ospf process-idExample: R3(config)# ipv6 router ospf 1015.4.1 Configure&VerifyOSPFv3RouterIDR1(config-rtr)# router-id rid R1# show ipv6 protocolsExample:

15.4.2 ModifyOSPFv3RouterIDR1# ipv6 router ospf 10 R1(config-rtr)# router-id 1.1.1.1 R1(config-rtr)# end R1# clear ipv6 ospf process Reset ALL OSPF processes? [no]: yR1# show ipv6 protocols

49

15.5 EnableOSPFv3onInterfacesOSPFv3usesadifferentmethodtoenableaninterfaceforOSPF.Insteadofusingthenetworkrouterconfigurationmodecommandtospecifymatchinginterfaceaddresses,OSPFv3isconfigureddirectlyontheinterface.R1(config-if)# ipv6 ospf process-id area area-id

50

15.6 ModifyOSPFv3HelloandDeadIntervalsR1(config-if)# ipv6 ospf hello-interval seconds R1(config-if)# ipv6 ospf dead-interval seconds

Resettodefaultvalues(Hello=10s;Dead=40s):R1(config-if)# no ipv6 ospf hello-interval R1(config-if)# no ipv6 ospf dead-interval VerifyOSPFintervals: R1# show ipv6 ospf interface interface

R1# show ipv6 ospf interface interface | include TimerVerifyOSPFtimeractivity: R1# show ipv6 ospf neighbor

51

15.7 PropagatingaDefaultStaticRouteinOSPFv3

Topropagateadefaultroute,theedgerouterakatheentrance,gateway,orautonomoussystemboundaryrouter(ASBR)-mustbeconfiguredwith: Adefaultstaticrouteusingtheipv6 route ::/0 {ipv6-address | exit-intf}command. Thedefault-information originaterouterconfigurationmodecommandinstructstheroutertobethesourceofthedefaultrouteinformationandpropagatethedefaultstaticrouteinOSPFupdates.

52

15.8 VerifyOSPFv315.8.1 VerifyOSPFv3NeighborsR1# show ipv6 ospf neighbor

15.8.2 VerifyOSPFv3ProtocolSettingsR1# show ipv6 protocols

15.8.3 VerifyOSPFProcessInformationR1# show ipv6 ospf

53

15.8.4 VerifyOSPFv3InterfaceSettingsR1# show ipv6 ospf interface [brief]

R1# show ipv6 ospf interface serial 0/0/115.8.5 VerifytheIPv6RoutingTableR1# show ipv6 route ospf

54

16 MultiareaOSPF16.1 ConfigureMultiareaOSPFv2

AroutersimplybecomesanAreaBorderRouter(ABR)whenithastwonetworkstatementsindifferentareas.

55

16.2 OSPFRouteSummarization16.2.1 InterareaRouteSummarization

InterarearoutesummarizationoccursonAreaBorderRouters(ABRs)andappliestoroutesfromwithineacharea.ItdoesnotapplytoexternalroutesinjectedintoOSPFviaredistribution.

16.2.2 ExternalRouteSummarizationExternalroutesummarizationisspecifictoexternalroutesthatareinjectedintoOSPFviarouteredistribution.Again,itisimportanttoensurethecontiguityoftheexternaladdressrangesthatarebeingsummarized.Generally,onlyAutonomousSystemBoundaryRouters(ASBRs)summarizeexternalroutes.ExternalroutesummarizationisconfiguredonASBRsusingthesummary-address address maskrouterconfigurationmodecommand.R2(config-router)# summary-address 172.16.0.0 255.255.224.0

56

16.3 ConfigureMultiareaOSPFv3

57

16.4 VerifyMultiareaOSPFThesameverificationcommandsusedtoverifysingle-areaOSPFalsocanbeusedtoverifythemultiareaOSPFtopology: show ip ospf neighbor show ip ospf show ip ospf interface Commandsthatverifyspecificmultiareainformationinclude: show ip protocols

show ip ospf interface brief

58

show ip route ospf

show ip ospf database

Note:FortheequivalentOSPFv3command,simplysubstituteipwithipv6.

59

17 EIGRPforIPv4R1(config)# router eigrp autonomous-systemExample: R1(config)# router eigrp 1Theautonomous-systemargumentcanbeassignedtoany16-bitvaluebetweenthenumber1and65,535.AllrouterswithintheEIGRProutingdomainmustusethesameautonomoussystemnumber.RemovetheEIGRProutingprocess: no router eigrp autonomous-system17.1 RouterID17.1.1 Configure&VerifyRouterIDR1(config-router)# eigrp router-id ipv4-addressR1# show ip protocols

17.1.2 UsingaLoopbackInterfaceastheRouterIDR3(config)# interface loopback 0 R3(config-if)# ip address 3.3.3.3 255.255.255.255 R3(config-if)# end

60

17.2 ThenetworkCommand EnablesanyinterfaceonthisrouterthatmatchesthenetworkaddressinthenetworkrouterconfigurationmodecommandtosendandreceiveEIGRPupdates. ThenetworkoftheinterfacesisincludedinEIGRProutingupdates.

61

ToconfigureEIGRPtoadvertisespecificsubnetsonly,usethewildcard-maskoptionwiththenetworkcommand:R1(config-router)# network network-address [wildcard-mask]

SomeIOSversionsalsoletyouenterthesubnetmaskinsteadofawildcardmask.However,ifthesubnetmaskisused,theIOSconvertsthecommandtothewildcard-maskformatwithintheconfiguration.

17.3 PassiveInterfacesTherearetwoprimaryreasonsforenablingthepassive-interfacecommand: Tosuppressunnecessaryupdatetraffic,suchaswhenaninterfaceisaLANinterface,withnootherroutersconnected Toincreasesecuritycontrols,suchaspreventingunknownrogueroutingdevicesfromreceivingEIGRPupdatesR1(config)# router eigrp as-number R1(config-router)# passive-interface interface-type interface-number

Toconfigureallinterfacesaspassive,usethepassive-interface defaultcommand.Todisableaninterfaceaspassive,usetheno passive-interface interface-type interface-numbercommand.

62

17.4 AutomaticSummarization17.4.1 ConfigureEIGRPAutomaticSummarizationR1(config)# router eigrp as-number R1(config-router)# auto-summary

17.4.2 VerifyAuto-Summary

63

EIGRPforIPv4automaticallyincludesaNull0summaryroutewheneverthefollowingconditionsexist: ThereisatleastonesubnetthatwaslearnedviaEIGRP. TherearetwoormorenetworkEIGRProuterconfigurationmodecommands. Automaticsummarizationisenabled.TheNull0interfaceisavirtualIOSinterfacethatisaroutetonowhere,commonlyknownas"thebitbucket."PacketsthatmatcharoutewithaNull0exitinterfacearediscarded.ThepurposeoftheNull0summaryrouteistopreventroutingloopsfordestinationsthatareincludedinthesummary,butdonotactuallyexistintheroutingtable.

64

17.5 ManualSummarization17.5.1 ConfigureEIGRPManualSummarizationR1(config)# router eigrp as-number R1(config-if)# ip summary-address eigrp as-number network-address subnet-mask

Note: SummaryrouteshavetobeconfiguredonallinterfacesthatsendEIGRPpackets.17.5.2 VerifyManualSummary

65

17.6 PropagatingaDefaultStaticRoute17.6.1 ConfigureaDefaultStaticRouteinEIGRP

17.6.2 VerifyDefaultStaticRouteinEIGRP

66

17.7 Fine-tuningEIGRPInterfaces17.7.1 EIGRPBandwidthBydefault,EIGRPusesonlyupto50percentofaninterfacesbandwidthforEIGRPinformation.ThispreventstheEIGRPprocessfromover-utilizingalinkandnotallowingenoughbandwidthfortheroutingofnormaltraffic.R1(config-if)# ip bandwidth-percent eigrp as-number percent

17.7.2 HelloIntervalsandHoldTimersR1(config-if)# ip hello-interval eigrp as-number secondsR1(config-if)# ip hold-time eigrp as-number seconds

17.7.3 LoadBalancingCiscoIOS,bydefault,allowsloadbalancingusinguptofourequal-costpaths;however,thiscanbemodified-upto32equal-costroutescanbekeptintheroutingtable.R1(config-router)# maximum-paths value

67

17.8 MD5AuthenticationStep1:Createakeychainandkey

a)Inglobalconfigurationmode,createthekeychain.b)SpecifythekeyIDwhichisusedtoidentifyanauthenticationkeywithinakeychain.Therangeofkeysisfrom0to2,147,483,647.Itisrecommendedthatthekeynumberbethesameonallroutersintheconfiguration.c)Specifythekeystringforthekey.Thekeystringissimilartoapassword.Routersexchangingauthenticationkeysmustbeconfiguredusingthesamekeystring.Step2:ConfigureEIGRPauthenticationusingkeychainandkey

a)Inglobalconfigurationmode,specifytheinterfaceonwhichtoconfigureEIGRPmessageauthentication.b)EnableEIGRPmessageauthentication.Themd5keywordindicatesthattheMD5hashistobeusedforauthentication.c)Specifythekeychainthatshouldbeusedforauthentication.Thename-of-chainargumentspecifiesthekeychainthatwascreatedinStep1.

68

VerifyEIGRPMD4authentication:Adjacenciesareonlyformedwhenbothconnectingdeviceshaveauthenticationconfigured,.ToverifythatthecorrectEIGRPadjacencieswereformedafterbeingconfiguredforauthentication,usetheshow ip eigrp neighborscommandoneachrouter.

AfterEIGRPmessageauthenticationisconfiguredononerouter,anyadjacentneighborsthathavenotyetbeenconfiguredforauthenticationarenolongerEIGRPneighbors-thefollowingIOSmessageappears:%DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.3.2 (Serial0/0/0) is down: authentication mode changed Whentheadjacentinterfaceisconfigured,theadjacencyisre-establishedandthefollowingIOSmessagewillbedisplayed:%DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.3.2 (Serial0/0/0) is up: new adjacency

69

17.9 TroubleshootEIGRP

70

17.10 VerifyEIGRPforIPv417.10.1 ExamineNeighbors

17.10.2 ExaminetheIPv4RoutingTable

71

17.10.3 ExamineRoutingProtocolProcesses

DefaultAdministrativeDistances:

72

17.10.4 ExamineTopologyTable

Alllinkscanbedisplayedusingtheshow ip eigrp topology all-linkscommand.

73

18 EIGRPforIPv618.1 ConfigureIPv6Link-localAdresses

Verifylink-localaddresses:

18.2 ConfigureEIGRPforIPv6R1(config)# ipv6 router eigrp autonomous-systemR1(config-rtr)# eigrp router-id ipv4-addressR1(config-rtr)# no shutdown

74

18.3 EnableEIGRPforIPv6onInterfacesR1(config-if)# ipv6 eigrp autonomous-system

18.4 PassiveInterfaces

75

18.5 ManualSummarizationNote: AutosummarizationisnotavailableforEIGRPIPv6networks.18.5.1 ConfigureEIGRPManualSummarizationR1(config-if)# ipv6 summary-address eigrp as-number prefix/prefix-length

18.5.2 VerifyManualSummary

76

18.6 PropagatingaDefaultStaticRoute18.6.1 ConfigureaDefaultStaticRouteinEIGRP

18.6.2 VerifyDefaultStaticRouteinEIGRP

77

18.7 Fine-tuningEIGRPInterfaces18.7.1 EIGRPBandwidthBydefault,EIGRPusesonlyupto50percentofaninterfacesbandwidthforEIGRPinformation.R1(config-if)# ipv6 bandwidth-percent eigrp as-number percent

18.7.2 HelloIntervalsandHoldTimersR1(config-if)# ipv6 hello-interval eigrp as-number seconds R1(config-if)# ipv6 hold-time eigrp as-number seconds

78

18.8 MD5AuthenticationThealgorithmsandtheconfigurationtoauthenticateEIGRPforIPv6messagesarethesameasEIGRPforIPv4.Theonlydifferenceistheinterfaceconfigurationmodecommandsuseipv6,insteadofip.R1(config-if)# ipv6 authentication mode eigrp as-number md5 R1(config-if)# ipv6 authentication key-chain eigrp as-number name-of-chainExample:

18.9 TroubleshootEIGRPThefollowingcommandsareusedwithEIGRPforIPv6: R1# show ipv6 eigrp neighbors R1# show ipv6 route R1# show ipv6 protocols

79

18.10 VerifyEIGRPforIPv618.10.1 ExamineNeighbors

18.10.2 ExamineIPv6RoutingProtocolProcesses

80

18.10.3 ExaminetheIPv6RoutingTable

81

19 AccessControlLists(ACLs)19.1 NumberedandNamedACLs

19.2 WildcardBitMaskAbbrevationsThehostkeywordsubstitutesforthe0.0.0.0mask.ThismaskstatesthatallIPv4addressbitsmustmatchoronlyonehostismatched.Example:Insteadofentering192.168.10.10 0.0.0.0,youcanusehost 192.168.10.10.TheanyoptionsubstitutesfortheIPaddressand255.255.255.255mask.ThismasksaystoignoretheentireIPv4addressortoacceptanyaddresses.Example:Insteadofentering0.0.0.0 255.255.255.255,youcanusethekeywordany.19.3 TheImplied"DenyAllTraffic"CriteriaStatementBydefault,thereisanimplieddenyattheendofallACLsfortrafficthatwasnotmatchedtoaconfiguredentry.Asingle-entryACLwithonlyonedenyentryoranACLwithoutanyentryhastheeffectofdenyingalltraffic.AtleastonepermitACEmustbeconfiguredinanACLoralltrafficisblocked.AlthoughallACLsendwithanimplicitdenystatement,werecommendtheuseofanexplicitdenystatement.Youcandisplaythecountofpacketsdeniedbyissuingtheshow access-listcommand.Becauseonlypacketsdeniedbyexplicitdenystatementsarecounted,youwillfindoutmoreinformationaboutwhoyouraccesslistisdisallowingifanexplicitdenystatementexists.StandardACL: R1(config)# access-list 1 deny anyExtendedACL: R1(config)# access-list 100 deny ip any anyIPv6ACL: R1(config-ipv6-acl)# access-list 100 deny ip any any

82

19.4 StandardACLs(IPv4)19.4.1 ConfigureStandardACLR1(config)# access-list access-list-number { deny | permit | remark } source [ source-wildcard ][ log ]

Examples:R1(config)# access-list 1 remark Permit hosts from the 192.168.10.0 LANR1(config)# access-list 1 permit 192.168.10.0 0.0.0.255R1(config)# access-list 1 deny 192.168.0.0 0.0.255.255RemoveACL(fromrouter):R1(config)# no access-list 1

83

19.4.2 ApplyStandardACLtoInterfacesR1(config-if)# ip access-group { access-list-number | access-list-name }

{ in | out }

RemoveACL(frominterface):R1(config-if)# no ip access-group 119.4.3 NamedStandardACLR1(config)# ip access-list [standard | extended] nameR1(config-std-nacl)# [deny | permit | remark ] {source [source-wildcard]} [log] R1(config-if)# ip access-group name [in | out]Example:

84

19.4.4 CommentingACLsR1(config)# access-list access-list_number remark remarkR1(config-std-nacl)# remark remark

Removeremark:R1(config)# no access-list access-list_number remark remarkR1(config-std-nacl)# no remark remark

85

19.4.5 EditStandardNumberedACLEditNumberedACLusingatexteditor:

EditNumberedACLusingatexteditor:

86

19.4.6 EditStandardNamedACLAddalinetoanamedACL:

19.4.7 UsingaStandardACLtoSecureVTYAccessIftheCiscoIOSsoftwareonyourrouterdoesnotsupportSSH,youcanimprovethesecurityofadministrativelinesbyrestrictingVTYaccess(definewhichIPaddressesareallowedTelnetaccesstotherouter).YoucanalsousethistechniquewithSSHtofurtherimproveadministrativeaccesssecurity.

87

19.5 ExtendedACLs(IPv4)19.5.1 ConfigureExtendedACLR1(config)# access-list access-list-number {deny | permit | remark} protocol source [source-wildcard]} [operator oparand] [port port-number or name] destination [destination-wildcard] [operator oparand]

[port port-number or name] [established]

Examples:

88

Generatingportnumbers:R1(config)# access-list 100 permit tcp any any eq ?

19.5.2 ApplyExtendedACLtoInterfacesR1(config-if)# ip access-group { access-list-number | access-list-name }

{ in | out }

89

19.5.3 FilterTrafficwithExtendedACLTheexampleshowndeniesFTPtrafficfromsubnet192.168.11.0goingtosubnet192.168.10.0,butpermitsallothertraffic.FTPusesTCPports20and21;thereforetheACLrequiresbothportnamekeywordsftpandftp-datatodenyFTP.

FTPusesTCPports20and21;thereforetheACLrequiresbothportsftpandftp-datatodenyFTP.Ifusingportnumbersinsteadofportnames,thecommandswouldbewrittenas:access-list 101 deny tcp 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255 eq 20 access-list 101 deny tcp 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255 eq 21 TopreventtheimplieddenyanystatementattheendoftheACLfromblockingalltraffic,thepermit ip any anystatementisadded.

90

19.5.4 NamedExtendedACLR1(config)# ip access-list [standard | extended] nameR1(config-ext-nacl)# [deny | permit | remark ] {source [source-wildcard]} [log] R1(config-if)# ip access-group name [in | out]

RemoveACLfromrouter: R1(config)# no ip access-list extended nameRemoveNamedExtendedACLfrominterface: R1(config-if)# no ip access-group name19.5.5 EditExtendedACL

91

19.6 IPv6ACLs19.6.1 DefaultIPv6ACLStatementsIPv6includesanimplicit"DenyAllTraffic"statementattheendofeachACL(similartoeveryIPv4standardorextendedACL):deny ipv6 any anyThedifferenceisIPv6alsoincludestwootherimplicitstatementsbydefault:permit icmp any any nd-napermit icmp any any nd-nsThesetwostatementsallowtheroutertoparticipateintheIPv6equivalentofARPforIPv4.RecallthatARP(Layer2)isusedinIPv4toresolveLayer3addressestoLayer2MACaddresses.IPv6usesICMPNeighborDiscovery(ND,Layer3)messagestoaccomplishthesamething.NDusesNeighborSolicitation(NS)andNeighborAdvertisement(NA)messages.19.6.2 ConfigureIPv6ACL

92

Examples:R1(config)# ipv6 access-list NO-R3-LAN-ACCESSR1(config-ipv6-acl)# deny ipv6 2001:db8:cafe:30::/64 anyR1(config-ipv6-acl)# permit ipv6 any anyR1(config-ipv6-acl)# endR1(config)# ipv6 access-list NO-FTP-TO-LAN-11R1(config-ipv6-acl)# deny tcp any 2001:db8:cafe:11::/64 eq ftpR1(config-ipv6-acl)# deny tcp any 2001:db8:cafe:11::/64 eq ftp-dataR1(config-ipv6-acl)# permit ipv6 any anyR1(config-ipv6-acl)# exitR1(config)# interface g0/0R1(config-if)# ipv6 traffic-filter NO-FTP-TO-LAN-11 inR1(config-if)# end19.6.3 ApplyIPv6ACLtoInterfacesR1(config-if)# ipv6 traffic-filter access-list-name { in | out }

93

19.7 VerifyACLsR1# show access-lists

Clearcounter: R1# clear access-list counters access-list_numberR1# show ip interface interface

94

R1# show ipv6 interface interface

R1# show running-config

95

20 DHCP20.1 BasicDHCPv4ConfigurationExcludespecificaddressrange(forrouters,servers,printers,etc.):R1(config)# ip dhcp excluded-address low-address [high-address]ConfiguringaDHCPv4pool:R1(config)# ip dhcp pool pool-nameConfiguringspecifictasks(inDHCPv4configurationmode):

Example:

Re-enable(disable)DHCPR1(config)# (no) service dhcp

96

20.2 VerifyDHCPv4R1# show running-config | section dhcp

R1# show ip dhcp bindingR1# show ip dhcp server statistics

97

20.3 DHCPv4RelayR1(config-if)# ip helper-address dhcp-server-address

Bydefault,theip helper-addresscommandforwardsthefollowingeightUDPservices: Time(Port37) TACACS(Port49) DNS(Port53) DHCP/BOOTPclient(Port67) DHCP/BOOTPserver(Port68) TFTP(Port69) NetBIOSnameservice(Port137) NetBIOSdatagramservice(Port138)20.4 ConfigureaRouterasDHCPClientR1(config-if)# ip address dhcp

98

20.5 VerifyDHCPv4Relay&ServicesR1# show running-config | section interface interface-id

Inthefigure,theshow running-config | include no service dhcpcommandverifiesthattheDHCPv4serviceisenabledsincethereisnomatchforno service dhcp.Iftheservicehadbeendisabled,theno service dhcpcommandwouldbedisplayedintheoutput.20.6 DebugDHCPv4

VerifythattherouterisreceivingDHCPv4requestsfromclients.ThistroubleshootingstepinvolvesconfiguringanACLfordebuggingoutput.ThefigureshowsanextendedACLpermittingonlypacketswithUDPdestinationportsof67or68(usedbyDHCPv4clientsandservers).TheextendedACLisusedwiththedebug ip packet commandtodisplayonlyDHCPv4messages.AnotherusefulcommandfortroubleshootingDHCPv4operationisthedebug ip dhcp server eventscommandwhichreportsserverevents,likeaddressassignmentsanddatabaseupdates.ItisalsousedfordecodingDHCPv4receptionsandtransmissions.

99

20.7 DHCPv6DHCPv6messagesfromtheservertotheclientuseUDPdestinationport546.TheclientsendsDHCPv6messagestotheserverusingUDPdestinationport547.20.7.1 StatelessAddressAutoconfiguration(SLAAC)

RAmessagesareconfiguredonanindividualinterfaceofarouter.Tore-enableaninterfaceforSLAACthatmighthavebeensettoanotheroption,theMandOflagsneedtoberesettotheirinitialvaluesof0.R1(config-if)# no ipv6 nd managed-config-flagR1(config-if)# no ipv6 nd other-config-flag

100

20.7.2 StatelessDHCPv6(RouterasServer)

R1(config-if)# ipv6 nd other-config-flagExample:

20.7.3 StatelessDHCPv6(RouterasClient)R1(config-if)# ipv6 enableR1(config-if)# ipv6 address autoconfig

101

20.7.4 VerifyStatelessDHCPv6ServerR1# show ipv6 dhcp pool

R1# show ipv6 interface interface-id

R1# debug ipv6 dhcp detail

102

20.7.5 StatefulDHCPv6(RouterasServer)

R1(config-if)# ipv6 nd managed-config-flagExample:

20.7.6 StatefulDHCPv6(RouterasClient)R1(config-if)# ipv6 enableR1(config-if)# ipv6 address dhcp

103

20.7.7 VerifyStatefulDHCPv6ServerR1# show ipv6 dhcp pool

R1# show ipv6 dhcp dhcp binding

R1# show ipv6 interface interface-id

104

20.7.8 DHCPv6RelayR1(config-if)# ipv6 dhcp relay destination dhcpv6-server-address

20.7.9 Troubleshoot/VerifyDHCPv6TroubleshootingissueswithDHCPv4andDHCPv6,involvesthesametasks: Resolveaddressconflicts Verifyphysicalconnectivity TestconnectivityusingastaticIPaddress Verifyswitchportconfiguration TestoperationonthesamesubnetorVLANR1# show ipv6 dhcp conflictR1# show ipv6 interface interfaceR1# debug ipv6 dhcp detail

105

21 NATforIPv421.1 StaticNAT21.1.1 ConfigureStaticNAT

106

21.1.2 VerifyStaticNAT

107

21.2 DynamicNAT21.2.1 ConfigureDynamicNAT

Example:

108

21.2.2 VerifyDynamicNAT

109

21.3 PAT(NATOverload)21.3.1 ConfigurePATwithAddressPool

Example:

110

21.3.2 ConfigurePATwithSingleAddress

21.3.3 VerifyPAT

111

21.4 PortForwarding(Tunneling)

Example:

SimilartostaticNAT,theshow ip nat translationscommandcanbeusedtoverifytheportforwarding.

112

21.5 TroubleshootNAT

R1# debug ip nat [detailed]debug ip nat detailedgeneratesmoreoverheadthandebug ip nat,butitcanprovidethedetailthatmaybeneededtotroubleshootaNATissue.

*(asterisk)-TheasterisknexttoNATindicatesthatthetranslationisoccurringinthefast-switchedpath.Thefirstpacketinaconversationisalwaysprocess-switched,whichisslower.Theremainingpacketsgothroughthefast-switchedpathifacacheentryexists.

113

22 SpanningTree22.1 DefaultSwitchSTPSettings

22.2 ConfigureandVerifytheBridgeID(BID)/PriorityMethod1: S1(config)# spanning-tree vlan vlan-id root primary S2(config)# spanning-tree vlan vlan-id root secondary Method2: S3(config)# spanning-tree vlan vlan-id priority value

S1# show spanning-tree

114

22.3 ConfigureandVerifyPortCostDefaultPortCosts

ConfigurePortCost: S1(config)# interface interface-id S1(config-if)# spanning-tree cost value

ResetPortCost(toDefault): S1(config-if)# no spanning-tree costVerifyPortCost:

115

22.4 PortFastandBPDUGuardWhenaswitchportisconfiguredwithPortFastthatporttransitionsfromblockingtoforwardingstateimmediately,bypassingtheusual802.1DSTPtransitionstates(thelisteningandlearningstates).YoucanusePortFastonaccessportstoallowthesedevicestoconnecttothenetworkimmediately.PortFastisusefulforDHCP.WithoutPortFast,aPCcansendaDHCPrequestbeforetheportisinforwardingstate,denyingthehostfromgettingausableIPaddressandotherinformation.InavalidPortFastconfiguration,BridgeProtocolDataUnits(BPDU)shouldneverbereceived,becausethatwouldindicatethatanotherswitch(orbridge)isconnectedtotheport,potentiallycausingaspanningtreeloop.WhenBPDUguardisenabled,itputstheportinanerror-disabledstateonreceiptofaBPDU.Thiswilleffectivelyshutdowntheport.S1(config)# interface interface-idS1(config-if)# spanning-tree portfastS1(config-if)# spanning-tree bpduguard enable

EnablePortFastonallnontrunkinginterfaces:S1(config)# spanning-tree portfast defaultEnableBPDUguardonallPortFast-enabledports:S1(config)# spanning-tree portfast bpduguard defaultVerifyPortFastandBPDUGuard:

S1# show running-config | begin spanning-tree

116

22.5 PVST+LoadBalancingExample:

S3(config)# spanning-tree vlan 20 root primary S3(config)# spanning-tree vlan 10 root secondary S1(config)# spanning-tree vlan 10 root primary S1(config)# spanning-tree vlan 20 root secondary Alternatively: S3(config)# spanning-tree vlan 20 priority 4096 S3(config)# spanning-tree vlan 10 priority 8192 S1(config)# spanning-tree vlan 10 priority 4096 S1(config)# spanning-tree vlan 20 priority 8192Verify:


117

22.6 RapidPVST+

Example:

Verify:


118

22.7 AnalyzingtheSTPTopology

22.8 STPStatusOverviewS1# show spanning-treeS1# show spanning-tree vlan vlan_id

119

22.9 FirstHopRedundancyProtocols(FHRP)

22.9.1 HotStandbyRouterProtocol(HSRP)R1(config-if)# standby [group-number] priority priority R1(config-if)# standby [group-number] preempt [delay {minimum | reload | sync} seconds] R1(config-if)# standby [group-number] ip ip-address [secondary] ActiveRouter: R1(config-if)# standby 1 priority 150 (defaultpriorityis100) R1(config-if)# standby 1 preempt R1(config-if)# standby 1 ip 192.168.1.254 StandbyRouter: R2(config-if)# standby 1 ip 192.168.1.254DisableHSRP: R1(config-if)# no standby 1VerifyHSRP: R1# show standby [all] [brief]

R1# show standby type number [group-number | all] [brief]

120

22.9.2 GatewayLoadBalancingProtocol(GLBP)R1(config-if)# glbp [group-number] priority priority R1(config-if)# glbp [group-number] preempt [delay {minimum | reload | sync} seconds] R1(config-if)# glbp [group-number] ip ip-address [secondary] ActiveRouter: R1(config-if)# glbp 1 priority 150 (defaultpriorityis100) R1(config-if)# glbp 1 preempt R1(config-if)# glbp 1 ip 192.168.1.254 R1(config-if)# glbp 1 load-balancing round-robin StandbyRouter: R2(config-if)# glbp 1 ip 192.168.1.254 R2(config-if)# glbp 1 load-balancing round-robin DisableGLBP: R1(config-if)# no glbp [group-number] ip ip-address [secondary]VerifyGLBP: R1# show glbp [all] [brief]

121

23 EtherChannel23.1 LinkAggregationControlProtocol(LACP)

Step1:SpecifytheinterfacesthatcomposetheEtherChannelgroupS1(config)# interface range interfaceStep2:CreatetheportchannelinterfaceS1(config-if-range)# channel-group identifier mode activeExample:

122

23.2 PortAggregationProtocol(PagP)

Step1:SpecifytheinterfacesthatcomposetheEtherChannelgroup S1(config)# interface range interfaceStep2:Createtheportchannelinterface S1(config-if-range)# channel-group identifier mode desirableExample:S1(config)# interface range f0/1 - 2 S1(config-if-range)# channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 S1(config-if-range)# no shut S2(config)# interface range f0/1 - 2 S2(config-if-range)# channel-group 1 mode auto Creating a port-channel interface Port-channel 1 S2(config-if-range)# no shut

123

23.3 VerifyEtherChannelS1# show etherchannel summary

S1# show etherchannel port-channel

124

S1# show interface port-channel channel-number

S1# show interfaces interface etherchannel

S1# show run | begin interface port channel

125

24 Point-to-PointConnections24.1 ConfigureHDLCEncapsulation

CiscoHDLC(cHDLC)isthedefaultencapsulationmethodusedbyCiscodevicesonsynchronousseriallines.Ifconnectingnon-Ciscodevices,usesynchronousPPP.24.2 VerifyaSerialInterface

127

24.3 ConfigurePPPEncapsulationR1(config)# interface serial 0/0/0 R1(config-if)# encapsulation ppp

24.3.1 PPPCompressionR1(config)# interface serial 0/0/0 R1(config-if)# encapsulation ppp R1(config-if)# compress [ predictor | stac ]

128

24.3.2 LinkQualityMonitoringR1(config)# interface serial 0/0/0 R1(config-if)# encapsulation ppp R1(config-if)# ppp quality 80

Theppp quality percentagecommandensuresthatthelinkmeetsthequalityrequirementset;otherwise,thelinkclosesdown.DisableLQM: R1(config-if)# no ppp quality

129

24.3.3 MultilinkPPPStep1:Createamultilinkbundle. Theinterface multilink numbercommandcreatesthemultilinkinterface. Ininterfaceconfigurationmode,anIPaddressisassignedtothemultilinkinterface. TheinterfaceisenabledformultilinkPPP. Theinterfaceisassignedamultilinkgroupnumber.Step2:Assigninterfacestothemultilinkbundle.Eachinterfacethatispartofthemultilinkgroup: IsenabledforPPPencapsulation. IsenabledformultilinkPPP. IsboundtothemultilinkbundleusingthemultilinkgroupnumberconfiguredinStep1.

TodisablePPPmultilink,usetheno ppp multilinkcommand.

130

24.3.4 PPPAuthenticationTospecifytheorderinwhichtheCHAPorPAPprotocolsarerequestedontheinterface,usetheppp authenticationinterfaceconfigurationcommand,asshowninthefigure.Usethenoformofthecommandtodisablethisauthentication.

PAP:

CHAP:

131

24.4 VerifyPPPConfiguration/Encapsulation

132

Turnoffdebugmode: R1# undebug all (short:un alloru all)

133

25 FrameRelay25.1 BasicFrameRelayConfiguration

Step1:SettheIPaddressontheinterface Step2:Configureencapsulation encapsulation frame-relay [cisco | ietf] TheciscoencapsulationtypeisthedefaultFrameRelayencapsulationenabledonsupported interfaces.UsethisoptionifconnectingtoanotherCiscorouter.Usetheietfencapsulationoptionifconnectingtoanon-Ciscorouter.Step3:SetthebandwidthStep4:SettheLMItype(optional)

Verifyconfiguration: show interfaces serial

134

25.2 ConfigureaStaticFrameRelayMapR1(config-if)# frame-relay map protocol protocol-address dlci [broadcast] [ietf] [cisco]

Usethekeywordietfwhenconnectingtoanon-Ciscorouter.

Verify:

135

AprimarytoolofFrameRelayisInverseAddressResolutionProtocol(ARP).WhereasARPtranslatesLayer3IPv4addressestoLayer2MACaddresses,InverseARPdoestheopposite.ThecorrespondingLayer3IPv4addressesmustbeavailablebeforeVCscanbeused.AnexampleofusingstaticaddressmappingisasituationinwhichtherouterattheothersideoftheFrameRelaynetworkdoesnotsupportdynamicInverseARPforaspecificnetworkprotocol.Toprovideconnectivity,astaticmappingisrequiredtocompletetheremotenetworklayeraddresstolocalDLCIresolution.Anotherexampleisonahub-and-spokeFrameRelaynetwork.Usestaticaddressmappingonthespokerouterstoprovidespoke-to-spokereachability.Becausethespokeroutersdonothavedirectconnectivitywitheachother,dynamicInverseARPwouldnotworkbetweenthem.DynamicInverseARPreliesonthepresenceofadirectpoint-to-pointconnectionbetweentwoends.Inthiscase,dynamicInverseARPonlyworksbetweenhubandspoke,andthespokesrequirestaticmappingtoprovidereachabilitytoeachother.

Verify:

136

25.3 ConfigurePoint-to-PointSubinterfacesSubinterfacesaddressthelimitationsofFrameRelaynetworksbyprovidingawaytosubdivideapartiallymeshedFrameRelaynetworkintoanumberofsmaller,fullymeshed,orpoint-to-point,subnetworks.Eachsubnetworkisassigneditsownnetworknumberandappearstotheprotocolsasifitwerereachablethroughaseparateinterface.

Example:

137

25.4 LocalManagementInterface(LMI)Basically,theLMIisakeepalivemechanismthatprovidesstatusinformationaboutFrameRelayconnectionsbetweentherouter(DTE)andtheFrameRelayswitch(DCE).Every10secondsorso,theenddevicepollsthenetwork,eitherrequestingadumbsequencedresponseorchannelstatusinformation.Ifthenetworkdoesnotrespondwiththerequestedinformation,theuserdevicemayconsidertheconnectiontobedown.WhenthenetworkrespondswithaFULL STATUSresponse,itincludesstatusinformationaboutDLCIsthatareallocatedtothatline.Theenddevicecanusethisinformationtodeterminewhetherthelogicalconnectionsareabletopassdata.

DisplaytheLMItype:

StartingwiththeCiscoIOSsoftwareRelease11.2,thedefaultLMIautosensefeaturedetectstheLMItypesupportedbythedirectlyconnectedFrameRelayswitch.BasedontheLMIstatusmessagesitreceivesfromtheFrameRelayswitch,therouterautomaticallyconfiguresitsinterfacewiththesupportedLMItypeacknowledgedbytheFrameRelayswitch.IfitisnecessarytosettheLMItype,usetheframe-relay lmi-type [cisco | ansi | q933a]interfaceconfigurationcommand.ConfiguringtheLMItypedisablestheautosensefe

Documents

Cisco IOS Manual Routing and switching