Network Interface Card (NIC)
· NIC is the interface between the computer and the network.
· It is also known as the LAN card or Ethernet card.
· Ethernet card have a unique 48-bit address called as MAC (Media Access Control) address
o Mac address is also called as Physical Address or Hardware address
o The 48-bit MAC Address is represented as Hexadecimal digits
o Example: 0016.D3FC.603F
· Network cards are available at different speeds.
o Ethernet (10 Mbps)
o Fast Ethernet (100 Mbps)
o Gigabit Ethernet (1000 Mbps)
ARP - Address Resolution Protocol
· With the help of ARP, MAC addresses are stored.
· Source and destination have ARP table
· In ARP table contain Source MAC address, IP address, destination IP, Broadcast (FFFF:FFFF:FFFF)
Switch
· Aging time of switch is 5 min/300 sec
· Static don’t have aging time. Only Dynamic will have an aging time.
· Vlan | MAC add | Type | Port
Router
· Console port (RJ45 — RS232)
· RAM stores Running configuration (temp)
· NvRAM stores startup configuration (permanent)
· Flash stores IOS [Internetworking Operating System]
Cisco Packet Tracer
· Ctrl + “obj”
· To exit from setup mode to user mode ⇒ ctrl + C
· Shift + ? — to know commands
· ‘Enable’ cmd to go to Privilege
· Router> — user — ‘enable’ or ‘en’ (use to enter Privilege mode)
· Router# — Privilege Mode
· Router(config)# — Global Configuration Mode
· User mode, Setup Mode & Rommon Mode
o User mode – NO
o Setup Mode – Yes
o Rommon Mode
o Ctrl + Pause break (real time)
o Ctrl + C (cisco package tracer)
o Rommon mode is use to recover IOS
o IOS is stored in Flash Memory
o Rommon mode is used for Recovery (password, IOS recovery) & reset
Introduction of Router
Router:
· It is an Internetworking device.
· It enables communication between two or more different Logical Networks.
· It is a Network Layer (layer 3) device.
· It comes from the word “Route”. Hence it is also a device that finds the best route (path) for networks.
· The IP of Router is the Default Gateway for all devices in LAN.
Types of Router:
· There are two types of Routers
1. Hardware Router: Cisco, Juniper, Multicom, HP, Dlinks, Maipu etc,
2. Software Router: Microsoft Server, Linux Server
Types of Hardware Router:
1. Fixed Router (Non - Modular):
o Fixed Routers are non-upgradable, cannot add or remove the Ethernet or Serial Ports.
o Does not have any slot
o It has fixed routers and the ports are integrated on the Motherboard. (fixed on Motherboard)
2. Modular Router:
o Modular Routers are Upgradeable, can add or remove the interfaces as per our requirement.
o No.of slots available depends on the series of the router.
o Can add LAN and WAN cards.
Cisco Router Category:
1. Branch Routers
2. Network Edge and Aggregation Routers.
3. Service provider Routers.
Branch Routers (SOHO):
· Routers used by Small Organization and Branch Offices.
· Router Series – Models
1. 800 Series
2. 1900 Series
3. 2600 Series
4. 2800 series
5. 2900 series
Network Edge and Aggregation Routers:
· Routers that are used at large organizations / Campus and head office.
· Routers Series – Models
1. 1000 Series
2. 5000 series
3. 5500 series
Service Provider Router: (ISP)
· Routers that are used by the Service providers
· Router Series
1. 6000 series
2. 9000 series
External Components of Router
LAN Interfaces: RJ - 45 Ports:
· Routers have RJ - 45 ports to connect the router to the LAN.
· The speed of the RJ - 45 ports can be
1. 10 Mbps Ethernet
2. 10 / 100 Mbps Fast Ethernet
3. 10 / 100 / 1000 Mbps Gigabit Ethernet
Serial Port:
· Serial port is used for WAN connectivity
· Serial port is available as
o 60 pin female connectors
o Smart serial 26 pin female connectors
HWIC:
· High - speed WAN interface cards (HWICs) provide connectivity to a Wide Area Network.
Console Port:
· It is a Local Administrative port.
· It is a RJ - 45 port. (RJ - Registered Jack)
· It is used for Initial Configuration and Advance Troubleshooting.
Note: It is the most important and sensitive port on the Router. Console cable is blue in color
Auxiliary port:
· It is a Remote Administrative Port used for Remote Administration / Configuration.
· It's an RJ - 45 port. (RJ - Registered Jack)
· A Console / Rollover cable is used to connect the Auxiliary port to a dial up modem.
Interfaces of a Router:
· LAN interface
o RJ 45 Ethernet / Fast Ethernet / Gigabit Ethernet
· WAN Interface
o Normal Serial Interface
o smart Serial Interface
· Administrative Interface
o Console
o Auxiliary
Internal Components of Router
ROM (Read Only Memory)
o It contains a Bootstrap program which searches and loads the O.S
o It is similar to the BIOS of a PC.
o It also contains a ROMMAN for advance troubleshooting.
Flash Memory:
o The Internetwork Operating System (IOS) is stored here.
o IOS is a Cisco proprietary operating system.
NvRAM (Non - Volatile Random Access Memory):
o NvRAM is similar to a hard disk.
o It is also known as permanent storage.
o The startup configuration is stored here.
RAM (Random Access Memory)
o It is also called the Main Memory.
o It is a Temporary Storage.
o The Running Configuration is stored here.
Boot Sequence:
 |
|
➢ Console wire ⇒ RJ 45 — RS 232 [RJ - Registered Jack, Recommended Standard 232] ➢ Rollover wire end point ⇒ RJ 45 — RJ 45 + DB 9 converter use for connection pc for Router configuration. ➢ Rollover wire end point ⇒ RJ 45 — RJ 45 + DB 25 converter used for connection modem for Router configuration. |
Initial Configuration of Router
Access Router through Console:
o Cisco Routers and Switches do not have any default IP address or Configuration, hence its required to use the console port for initial configuration.
o Require physical connection between the Cisco Router/Switch and PC via Console Cable.
Emulation Software:
o Windows:
o Hyper - Terminal / Putty / Teraterm
o Linux
o Minicom -s
Modes of the Router:
o Setup Mode
o User Mode
o Privileged Mode
o Global Configuration Mode
o Interface Mode
o Line Mode
Setup Mode:
o The
Router enters into the Setup Mode if the NvRAM is Empty.
---
System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
User Mode:
· Only
some basic monitoring and limited show commands work in this mode.
Example of commands: enable, Ping, Traceroute, etc.
Router>
Privilege Mode:
· Monitoring,
Troubleshooting and Verification commands work in this mode.
Example of Commands: Show, configure terminal, write, etc
Router#
Global Configuration Mode:
· Configuration
changes made in this mode affects the operation of the device as a whole.
Example of commands: hostname, etc.
Router (config)#
- Terminal - 9600 (more than 9600)
- Ctrl + C - Close
- ? = terminal help
- ‘Enable’ to enter privilege mode
- Router# - ‘configure terminal’ to enter global mode
- Router(config)# “Interface fastEthernet 0/0” command to Enter - interface mode
- CTRL + Z - exit
·
To
check OS in Router:
# show flash:
- To check Router all Interface in
Details
#show ip interface brief
- To check Running Configuration:
#show running-config
- To check Startup Configuration:
# show startup-config
- To change Hostname
Router(config) #hostname HYD
- ‘Write’ to save the configuration
#write
(or)
#copy running-config startup-config
|
➢ COM1 port = Serial Port |
To Configure IP address on FastEthernet:
AMP(config)# interface fastEthernet 0/0
AMP(config-if)# ip address 192.168.1.254 255.255.255.0
AMP(config-if)# no shutdown
To Check CAM table in switch:
switch# show mac-address-table
To Delete Startup Configuration
Router# erase startup-config
Interface Mode:
Commands given in this mode will apply to a specific
network interface.
I.e. Fastethernet 0/0 or Serial 0/0
Exa: ip address, no shutdown etc
Router(config-if)#
==> Line Mode:
● Commands given in this mode will apply to specific Physical or Virtual lines.
○ I.e. console, Auxiliary or VTY
○ Example of Commands: Password, no shutdown etc.
■ Router(config-line)#
|
➢ Ctrl + Z to go to privilege mode ➢ ‘Reload’ - restart router |
➔ Wan Connectivity Representation
➔ Device Classification
|
DCE |
DTE |
|
Data Communication Equipment |
Data Termination Equipment |
|
Generate clock (i.e. Speed) |
Accept Clocking (i.e. speed) |
|
Master |
Slave |
|
Example of DCE: CSU/DSU |
Example of DTE: Router |
➔ Serial-back-to-back cable:
◆ When the distance between two Routers is short, a special V.35 Back-to-Back cable is used to replace the copper wire, CSU/DSU and MUX.
◆ For data communication using Back-to-Back serial cable, one end has to be a DCE and the other has to be a DTE
IP Routing
➔ IP Routing
◆ Routing is the process of moving IP Packets from one network to another network.
◆ Routing involves two basic activities:
● Determining the Best paths.
● Forwarding Packets through these best paths.
➔ Conditions for IP Routing:
◆ The HO (head office) Router FastEthernet IP address should be in the same network as the HO LAN and similarly the BO (branch office) Router FastEthernet IP address should belong to the same network as the BO LAN.
◆ The Serial interface IP between the HO and the BO should be in the same IP network.
◆ HO LAN and BO LAN should be on different IP networks.
◆ All interfaces of a Router should be in a different IP network.
➔ Types of Routing:
1. Static Routing
2. Dynamic Routing
3. Default Routing
|
➢ Serial cable is used to connect with Router to Router |
Static Routing
➔ Static Routing:
◆ Static routes are configured, maintained and updated by network administrator manually
◆ Administrator should know the destination IP network for configuration.
◆ Administrative distance for Static Route is 1.
● Administrative Distance (AD) is the “reliability” of the routing protocol AD range is 0-255, lesser the administrative distance, higher the Priority.
➔ Enabling Routing on IPv4 Network - Verification:
◆ Verify the Routing table
● Router# show ip route
➔ Static Routing on IPv4 Network - Configuration:
◆ Router(config)# IP Route <Destination Network ID> < Destination Subnet Mask> <Next Hop IP address>
➔ Static Routing on IPv4 Network - Verification:
◆ Verify the routing table:
● Router# show IP route
◆ Note: Static Routing only, we need to advertise Indirectly Network.
➔ 
Router 0
ip route 192.168.2.0 255.255.255.0
10.0.0.2
ip
route 192.168.3.0 255.255.255.0 10.0.0.2
ip route 23.0.0.0 255.0.0.0 10.0.0.2
Router
1
ip route 192.168.1.0
255.255.255.0 10.0.0.1
ip
route 192.168.3.0 255.255.255.0 23.0.0.25
Router
2
ip route 192.168.2.0
255.255.255.0 23.0.0.24
ip
route 192.168.1.0 255.255.255.0 23.0.0.24
ip route 10.0.0.0 255.0.0.0 23.0.0.24
DHCP
Dynamic Host Configuration Protocol (DHCP):
· DHCP is a network management protocol used to dynamically assign IP addresses to devices on a network.
· DHCP automatically assigns IP addresses and other network configuration parameters to each device on a network, allowing them to communicate efficiently.
· It operates at the Application Layer (Layer 7) of the OSI model.
· Ports:
Server: Uses UDP port 67.
Client: Uses UDP port 68.
A DHCP Server is a network server that automatically assigns IP addresses and other network configuration parameters to devices (clients) on a network, allowing them to communicate with other IP networks.
DHCP Scope is the range of valid host addresses from which DHCP provides IP Address to the client Computer.
|
R1(config)#ip dhcp pool Jetking R1(dhcp-config)#network 192.168.1.0 255.255.255.0 R1(dhcp-config)#default-router 192.168.1.1 R1(dhcp-config)#exit |
DHCP Reservation:
|
➢ Ip dhcp ? ➢ Ip dhcp exclude-address 192.168.1.2 192.168.1.10 ➢ Dns-server 8.8.8.8 (we can add dns to dhcp) |
TELNET
➔ It is an Application Layer Protocol of OSI model.
➔ It uses port no. 23 TCP base service.
➔ used for Remote Login.
➔ It is a Secure Service because it needs administrative login and password.
TELNET
CONFIGURATION:
o
R1(config)#enable
secret cisco
R1(config)#line vty 0 2
R1(config-line)#password 12345
R1(config-line)#login
R1(config-line)#exit
o
Note: For Telnet configuration we need to set Privilege
Password. Then we can Access Remotely.
For Access Router: Go to any PC in Command Prompt Type: telnet 192.168.1.254
(Router IP)
|
➢ “No ip address” — to remove ip address ➢ Ip config
/relese ➢ Tcp - protocol no: 6 ➢ Udp - protocol no: 17 |
➢ To set Console Port Password:
○ R3
(config) #line console 0
R3(config-line)# password CCNA
R3(config-line)# login
R3(config-line)#exit
➢ To Remove Console Port Password:
○ R3(config)#line
console 0
R3(config-line)# no password
R3(config-line)#no login
➢ To set privilege mode password:
○ R3(config)#enable password 123
➢ To Remove Privilege Mode Password
○ R3(config)#No
Enable Password
➢ To Set Privilege Mode Secret
○ R3(config)#Enable secret 12345
➢ To remove privilege mode secret:
○ R3(config)#no enable secret
➢ To Enable password Encryption for all:
○ R1(config)# service password-encryption
➢ Disable password Encryption for all:
○ R1(config)#No services password-encryption
Default Routing
● A default route or gateway of last resort, allows traffic to be forwarded, even without a specific route to a particular network.
● The default route is identified by all zeros in both the network & subnet mask (0.0.0.0 0.0.0.0).
● It is generally configured for accessing the internet, where destination is unknown.
● It is the least preferred route in the routing table.
➔ Default routing on IPv4 network - configuration
◆ Router(config)#ip route <destination network ID> <Destination subnet mask> <Exit interface type> <exit interface No>
◆ Ex: IP route 0.0.0.0 (dip destination ip) 0.0.0.0 (destination subnet mask) Net hope ip address
Router 0
ip route 0.0.0.0 0.0.0.0 10.0.0.2
Router
1
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip
route 0.0.0.0 0.0.0.0 23.0.0.25
Router
2
ip route 0.0.0.0 0.0.0.0 23.0.0.24
SSH (Secure Shell)
● It uses a cryptographic algorithm to encrypt sessions.
● It is used by TCP, port no. 22.
● It
is more secure than Telnet.
● SSH CONFIGURATION
○ R1#show
users (For Check Users)
R1(config)#enable secret cisco
R1(config)#ip domain name jet.com
R1(config)#crypto key generate rsa (usually 1024 or 2048 bits)
R1(config)#username imran password 123 (For Create Users)
R1(config)#line vty 0 1
R1(config-line)#login local
R1(config-line)#transport input ssh
For Access Router: Go To Any Pc in Command Prompt:-
Type: ssh -l imran 192.168.1.254 (Router IP)
- Enable Secret Password:
R1(config)#enable secret cisco
· This command sets the enable secret password to “cisco”. This password is used to access privileged EXEC mode.
- Set Domain Name:
R1(config)#ip domain name jet.com
· This command sets the domain name of the router to “jet.com”. The domain name is required for generating the RSA keys.
- Generate RSA Keys:
R1(config)#crypto key generate rsa
· This command generates the RSA key pair, which is necessary for SSH encryption. You’ll be prompted to specify the key size (usually 1024 or 2048 bits).
- Create a Local User:
R1(config)#username imran password 123
· This command creates a local user with the username “imran” and the password “123”. This user will be used for SSH login.
- Configure VTY Lines:
R1(config)#line vty 0 1
· This command enters the configuration mode for virtual terminal lines 0 and 1. VTY lines are used for remote access.
- Enable Local Login:
R1(config-line)#login local
· This command tells the router to use the local user database for login authentication on the VTY lines.
- Enable SSH Input:
R1(config-line)#transport input ssh
· This command restricts the VTY lines to accept only SSH connections, enhancing security by disabling Telnet access.
BANNER
o Banner(1)motd
(msg of the day)
DELHI(config)#banner motd #Welcome To Delhi Router#
DELHI(config)#banner login #Authorized Person Only!!!!!!!!#
o Note:
Login Banner will Work With Telnet
Motd Banner Will Show When We Will Connect Physically.
Dynamic Routing
➔ Overview of Routing Protocol:
◆ Purpose of Routing protocol includes the following functions:
● Discover the neighbor, finding the best paths
● Maintaining the up-to-date routing information
● Choosing the best path in available paths.
● Whenever the best path is going down, finding the new path and forwarding the data through that path.
➔ Advantages of Dynamic Routing:
● Automatic updates.
● Changes in the network topology are updated dynamically.
● Only the directly connected network information is required for the configuration.
● Less Administrative work.
● Selecting the best path to destination networks.
● Finding the second-best path if the best path is no longer available.
● More Scalable
● Used for medium and large Networks.
➔ Types of Dynamic Routing Protocols:
➔ Classful v/s Classless Routing Protocol:
|
Classful Routing Protocol |
Classless Routing Protocol |
|
Do not send the subnet mask in the update |
Carries the subnet mask in the update |
|
Doesn’t support subnetting |
Supports subnetting |
|
Ex: RIP v1, IGRP |
Ex: RIP v2, EIGRP, OSPF |
Routing Information Protocol (RIP)
➔ RIP Characteristics:
◆ Distance Vector Protocol.
◆ Open standard
◆ Uses Bellman Ford Algorithm
◆ Classless routing protocol
◆ Metric = Hop Count
◆ Maximum hop count is 15.
◆ Updates are sent through the multicast address 224.0.0.9
◆ RIP sends periodic updates for every 30 seconds.
◆ RIP supports equal cost load balancing by default 4 paths (maximum upto 16 paths)
◆ Complete routing table is sent as update
◆ Each update can contain a maximum of 25 routes.
◆ Administrative distance is 120.
◆ Uses the UDP port no: 520
◆ Also known as “Routing by Rumor”.
➔ Loopback Interface:
◆ A Loopback interface is a virtual interface that resides on a router.
◆ Loopback interfaces are very useful because they will never go down, unless the entire router goes down.
◆ By default, the router doesn’t have any loopback interface (loopback interfaces are not enabled by default), but they can easily be created.
➔ Loopback Interface - Configuration:
◆ Router(config)# interface loopback <interface no.>
◆ Router(config-if)# ip address <ip address> <subnet mask>
◆ Router(config-if)# end
➔ 
➔ RIP on IPv4 Network - Configuration:
◆ Router(config)#
ip routing
Router(config)# router rip
Router(config-router)# version 2
Router(config-router)# network <Network ID>
➔
➔ 
➔ RIP on IPv4 Network - Configuration
|
CHE |
HYD-1 |
BAN |
|
CHE(config)# ip routing CHE (config-router)# network 192.168.201.0 CHE (config-router)# network 172.16.0.0 CHE (config-router)# network 172.18.0.0 CHE (config-router)# end |
HYD-1(config)# ip routing HYD-1(config-router)# network 192.168.202.0 HYD-1(config-router)# network 172.16.0.0 HYD-1(config-router)# network 172.17.0.0 HYD-1(config-router)# end |
BAN(config)# ip routing BAN(config-router)# network 192.168.203.0 BAN(config-router)# network 172.17.0.0 BAN(config-router)# network 172.18.0.0 BAN(config-router)# end |
◆
➔ RIP on IPv4 Network - Verification
◆ Verify
the routing table
Router#
show ip route
◆ To
verify the protocols
Router#
show ip protocols
➔ RIP Timer
◆ Update Timer: 30 sec
◆ Invalid Timer: 180 sec
◆ Flush Timer: 240 sec
➔ RIP Updates
◆ To verify the RIP Timers
● Router# show ip protocols
◆ Verify RIP Update Packets
● Router# terminal monitor
● Router# debug ip rip
➔ Change RIP Timers
◆ Router
(config)# router rip
Router (config-router)# timers basic <update timer> <invalid timer>
<holddown time> <flush timer>
◆ HYD-1
(config)# router rip
HYD-1 (config-router)# timer basic 15 30 90 90
HYD-1 (config-router)# end
➔ Passive interface
◆ Passive interface is configured to stop the updates to exit out of the interface.
◆ If a passive interface is configured between the routers no updates will be exchanged.
➔ Configure Passive interface
◆ Router(config)#
router rip
Router(config-router)# passive-interface <interface type><no.>
◆ HYD-1
(config)# router rip
HYD-1 (config-router)# passive-interface FastEthernet0/0
HYD-1 (config-router)# end
➔ Summarization
◆ Combining the continuous networks in one full network and advertising to the neighboring router is called a summarization.
◆ Advantages of summarization
● Less number of updates
● Reducing the size of the routing table.
➔ Disable Auto-summary
◆ Router(config)#
router rip
Router(config)# no auto-summary
Router(config-router)# end
 |
To Take Backup of Startup Configuration on TFTP Server
TFTP Server IP: 192.168.1.200
➔ Copy Startup Configuration
◆ R1#Copy
Startup-config TFTp:
Address or name of remote host []? 192.168.1.200
Destination filename [R1-confg]?
Writing startup-config...!!
[OK - 1344 bytes]
➔ Delete Startup Configuration
◆ R1#erase Startup-config
◆ Note: Restart Router All Configuration Will be Erased.
➔ For Startup Configuration Restore from TFTP Server
◆ Note: We Need to Establish Connection Configure IP Address of Serial 0/1/0 OR Fa0/0
◆ Router(config)#interface
fastethernet 0/0
Router(config-if)#ip address 192.168.1.5 255.255.255.0
Router(config-if)#no shutdown
Router#ping 192.168.1.200
Router#copy tftp: startup-config
Address or name of remote host []? 192.168.1.200
Source filename []? R1-confg
Destination filename [startup-config]?
Accessing tftp://192.168.1.200/R1-confg…
Loading R1-confg from 192.168.1.200: !
[OK - 1024 bytes]
◆ Note:
We Can Copy Startup Configuration into RAM
(Router#copy startup-config running-config)
Otherwise Restart Router. Router Will Load Startup Configuration From NVRAM.
ROUTER IOS BACKUP & RECOVERY FROM TFTP SERVER
 |
➔ Copy Flash to Tftp server
R1#show
flash: (To Check IOS)
2800nm-advipservicesk9-mz.151-4.M4.bin
R1#copy flash: tftp: (To
Copy)
Source filename []? 2800nm-advipservicesk9-mz.151-4.M4.bin (IOS Name in flash)
Address or name of remote host []? 192.168.2.200 (TFTP Server IP)
Destination filename [2800nm-advipservicesk9-mz.151-4.M4.bin]?
Writing 2800nm-advipservicesk9-mz.151-4.M4.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 33591768 bytes]
➔ How To Delete IOS
R1#delete flash:
Delete filename []?2800nm-advipservicesk9-mz.151-4.M4.bin
Delete flash:/2800nm-advipservicesk9-mz.151-4.M4.bin? [confirm]
R1#show flash:
No IOS is There.............
Note: if You Will Restart Router Then It
Will Boot From rommon Mode.
R1#reload (to restart a router)
➔ How To Recover IOS/ROMAN From TFTP Server
Note:
We Need to Use Cross Cable to Connect Router to TFTP Server. Connect Fa
0/0 to the TFTP server directly.
rommon 1 >
tftpdnld
rommon 2 > IP_ADDRESS=192.168.2.20 (assign a IP Address to
router)
rommon 3 > IP_SUBNET_MASK=255.255.255.0 (Assign a Subnet Mask)
rommon 4 > DEFAULT_GATEWAY=192.168.2.200 (Assign TFTP Server IP as Default
Gateway)
rommon 5 > TFTP_SERVER=192.168.2.200 (TFTP Server IP Address)
rommon 6 > TFTP_FILE=2811.bin (Router IOS File name)
rommon 7 > tftpdnld
Do you wish to
continue? y/n: [n]: y
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
rommon 8 > reset
◆ 
|
When Restoring a Router using TFTP Server, we need to Connect the Router directly to the TFTP Server |
PASSWORD RECOVERY
● It is 16-bit value, represent in the form of hexadecimal
● It is stored in the NvRAM
● It tells the Booting Behavior of Router.
● By default, Register Value is 0x2102
Step 1:
● Power off / On Router
● Press CTRL + Break key (CTRL + C)
● Rommon 1> confreg 0x2142
● Rommon 2> reset
● Router# copy startup-config running-config
● R1(config)# line console 0
● R1(config-line)# no login
● R1 (config-line)# no password
● R1 (config-line)# exit
● R1 (config)# no enable password
● R1
(config)# exit
R1 (config)# write
After that we have to change config register value to boot from NvRAM
● R1(config)#config-register 0x2102
|
Note: |
RIP-V2
RIP-V2 Configuration
|
R1 side |
|
Router>enable Router#configure terminal Router(config)#hostname R1 R1(config)#interface fastethernet 0/0 R1(config-if)#ip address 192.168.1.1 255.255.255.192 R1(config-if)#no shutdown R1(config-if)#exit R1(config-if)#ip dhcp pool R1 R1(dhcp-config)#network 192.168.1.0 255.255.255.192 R1(dhcp-config)#default-router 192.168.1.1 R1(dhcp-config)#exit R1(config)#interface serial 0/1/0 R1(config-if)#ip address 11.0.0.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface serial 0/2/0 R1(config-if)#ip address 10.0.0.2 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit |
|
R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 192.168.1.0 R1(config-router)#network 10.0.0.0 R1(config-router)#network 11.0.0.0 R1(config-router)#no auto-summary |
|
R2 side |
|
Router>enable Router#configure terminal Router(config)#hostname R2 R1(config)#interface fastethernet 0/0 R1(config-if)#ip address 192.168.1.65 255.255.255.192 R1(config-if)#no shutdown R1(config-if)#exit R1(config-if)#ip dhcp pool R2 R1(dhcp-config)#network 192.168.1.64 255.255.255.192 R1(dhcp-config)#default-router 192.168.1.65 R1(dhcp-config)#exit R1(config)#interface serial 0/2/0 R1(config-if)#ip address 11.0.0.2 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface serial 0/1/0 R1(config-if)#ip address 12.0.0.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit |
|
R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 192.168.1.64 R1(config-router)#network 11.0.0.0 R1(config-router)#network 12.0.0.0 R1(config-router)#no auto-summary |
|
R3 side |
|
Router>enable Router#configure terminal Router(config)#hostname R3 R1(config)#interface fastethernet 0/0 R1(config-if)#ip address 192.168.1.129 255.255.255.192 R1(config-if)#no shutdown R1(config-if)#exit R1(config-if)#ip dhcp pool R3 R1(dhcp-config)#network 192.168.1.128 255.255.255.192 R1(dhcp-config)#default-router 192.168.1.129 R1(dhcp-config)#exit R1(config)#interface serial 0/2/0 R1(config-if)#ip address 12.0.0.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface serial 0/2/0 R1(config-if)#ip address 10.0.0.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit |
|
R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 192.168.1.128 R1(config-router)#network 12.0.0.0 R1(config-router)#network 10.0.0.0 R1(config-router)#no auto-summary |
==> RIP V2 Configuration Networks:
|
Subnet |
V.H |
N.A |
S.M |
FVH LVH |
|
Subnet -1 |
(PC-62) |
192.168.1.0 |
255.255.255.192 |
192.168.1.1 To 192.168.1.62 |
|
Subnet -2 |
(PC-62) |
192.168.1.64 |
255.255.255.192 |
192.168.1.65 To 192.168.1.126 |
|
Subnet -3 |
(PC-62) |
192.168.1.128 |
255.255.255.192 |
192.168.1.129 To 192.168.1.190 |
|
Subnet -4 |
(PC-62) |
192.168.1.192 |
255.255.255.192 |
192.168.1.193 To 192.168.1.254 |
=====================================================
Subnet:-1 192.168.1.1/26
DHCP 192.168.1.0/26
DG 192.168.1.1
Subnet:-2 192.168.1.65/26
DHCP 192.168.1.64/26
DG 192.168.1.65
Subnet:-3 192.168.1.129/26
DHCP 192.168.1.128/26
DG 192.168.1.129
==> RIP v2 Configuration <==========
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 192.168.1.0
R1(config-router)#network 10.0.0.0
R1(config-router)#network 11.0.0.0
R1(config-router)#no auto-summary
Enhanced Interior Gateway Routing Protocol (EIGRP)
● Advance Distance Vector Routing Protocol.
● Open standard was Cisco proprietary.
● Diffusing update algorithm (Dual)
● Classless Routing Protocol
● Metric = Composite Metric + Bandwidth, load, Delay, Reliability, MTU (Maximum Transmission Unit)
● Updates are sent as Multicast (224.0.0.10) or Unicast
● The EIGRP protocol alone supports equal and unequal cost load balancing.
● Default of 4 paths and maximum of 16 paths.
EIGRP Characteristics:
● Administrative Distance is 90.
● Maximum Hop count is 255 (Default 100)
● Hello timer - 5 seconds, Hold on timer - 15 seconds
● Supports Multiple Routed Protocols - IP, IPX, APPLETALK.
● EIGRP Protocol number 88.
==> EIGRP Table:
● Neighbor Table:
○ Contains information about directly connected neighbors.
● Topology Table:
○ Contains entries for all destinations, along with feasible distance and the advertised distance.
○ Contains the successors.
○ Contains feasible successor if any
● Routing Table:
○ Entries with the best path for each destination from the topology table are moved into the Routing table.
==> Autonomous Systems:
● The Autonomous System is a collection of routers under one common administration.
● Autonomous system is identified by numbers.
● Autonomous systems range from 0 - 65535
○ Public: 1 - 64511
○ Private: 64512 - 65535
==> Routing Protocol Classification:
|
IGP |
EGP |
|
Interior Gateway Protocol |
Exterior Gateway Protocol |
|
Routing protocols used within an Autonomous System |
Routing protocol used between different Autonomous Systems |
|
Ex: RIP, IGRP, EIGRP, OSPF, IS-IS |
Ex: Border Gateway Protocol is extensively used as EGP |
==> EIGRP Metric:
● EIGRP uses the default metric as Bandwidth and Delay
●
●
|
Interface |
Bandwidth (kbps) |
Delay (𝛍s) |
|
Serial |
1544 |
20000 |
|
Ethernet |
10000 |
1000 |
|
FastEthernet |
100000 |
100 |
|
Gigabit Ethernet |
1000000 |
10 |
==> Router ID:
● The Router - ID is used to identify the router in EIGRP.
○ First preference is given to the Router-Id command.
○ Second preference is given to the highest loopback interfaces configured on the router.
○ Third preference is given to the highest physical IP Address.
==> To find a Wildcard Mask.
#Router EIGRP
#Router EIGRP 100
#Network 192.168.1.0 0.0.0.63
#Network 10.0.0.0 0.0.0.255
#Network 12.0.0.0 0.0.0.255
==> EIGRP Configuration:
|
⇒ Power cycle ⇒ show ip route |
|
R1 side |
|
Router>enable Router#configure terminal Router(config)#hostname R1 R1(config)#interface fastEthernet 0/0 R1(config-if)#ip address 192.168.1.254 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#ip dhcp pool R1 R1(dhcp-config)#network 192.168.1.0 255.255.255.0 R1(dhcp-config)#default-router 192.168.1.254 R1(dhcp-config)#exit R1(config)#interface serial 0/1/0 R1(config-if)#ip address 11.0.0.1 255.0.0.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface serial 0/2/0 R1(config-if)#ip address 10.0.0.2 255.0.0.0 R1(config-if)#no shutdown R1(config-if)#exit |
|
R1(config)#Router Eigrp 100 R1(config-router)#Network 192.168.1.0 0.0.0.255 R1(config-router)#Network 10.0.0.0 0.255.255.255 R1(config-router)#Network 11.0.0.0 0.255.255.255 |
|
R2 side |
|
Router>enable Router#configure terminal Router(config)#hostname R2 R1(config)#interface fastEthernet 0/0 R1(config-if)#ip address 192.168.2.254 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#ip dhcp pool R2 R1(dhcp-config)#network 192.168.2.0 255.255.255.0 R1(dhcp-config)#default-router 192.168.2.254 R1(dhcp-config)#exit R1(config)#interface serial 0/2/0 R1(config-if)#ip address 11.0.0.2 255.0.0.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface serial 0/1/0 R1(config-if)#ip address 12.0.0.1 255.0.0.0 R1(config-if)#no shutdown R1(config-if)#exit |
|
R1(config)#Router Eigrp 100 R1(config-router)#Network 192.168.2.0 0.0.0.255 R1(config-router)#Network 11.0.0.0 0.255.255.255 R1(config-router)#Network 12.0.0.0 0.255.255.255 |
|
R3 side |
|
Router>enable Router#configure terminal Router(config)#hostname R3 R1(config)#interface fastEthernet 0/0 R1(config-if)#ip address 192.168.3.254 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#ip dhcp pool R3 R1(dhcp-config)#network 192.168.3.0 255.255.255.0 R1(dhcp-config)#default-router 192.168.3.254 R1(dhcp-config)#exit R1(config)#interface serial 0/2/0 R1(config-if)#ip address 12.0.0.2 255.0.0.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface serial 0/1/0 R1(config-if)#ip address 10.0.0.1 255.0.0.0 R1(config-if)#no shutdown R1(config-if)#exit |
|
R1(config)#Router Eigrp 100 R1(config-router)#Network 192.168.3.0 0.0.0.255 R1(config-router)#Network 10.0.0.0 0.255.255.255 R1(config-router)#Network 12.0.0.0 0.255.255.255 |
Port Security
Port
Security Configuration
o S1
Side:
Note:
Send Packet All PC Then Mac-Table Will Be Update.
S1(config)#interface range fastEthernet 0/1-9
S1(config-if-range)#switchport port-security
Command rejected: FastEthernet0/1 is a dynamic port.
Command rejected: FastEthernet0/2 is a dynamic port.
Command rejected: FastEthernet0/3 is a dynamic port.
Command rejected: FastEthernet0/4 is a dynamic port.
Command rejected: FastEthernet0/5 is a dynamic port.
Command rejected: FastEthernet0/6 is a dynamic port.
Command rejected: FastEthernet0/7 is a dynamic port.
Command rejected: FastEthernet0/8 is a dynamic port.
Command rejected: FastEthernet0/9 is a dynamic port.
Note: We Need To Convert Access Port Then
We Can Configure Port Security.
S1(config-if-range)#switchport mode access
o S1(config-if-range)#switchport
port-security mac-address sticky
S1(config-if-range)#switchport port-security maximum 1
S1(config-if-range)#switchport port-security violation shutdown
o
 |
S1#show port-security
o S1#show port-security address
o
 |
S1#show port-security interface fastEthernet 0/9 ( Check Port Security Selected Interface)
o
 |
S1#show port-security
o S1#show ip interface brief
o Again
UP Interface
S1(config)#interface fastEthernet 0/9
S1(config-if)#shutdown
S1(config-if)#no shutdown
Note: Now Connect Previous PC And Get IP
Address... It Will Work....
o Remove
Port Security
S1(config)#interface range fastEthernet 0/1-9
S1(config-if-range)#no switchport port-security
OSPF (Open Shortest Path First)
· It is the Link State Protocol.
· It is Open Standard.
· OSPF is the successor of RIP.
· It works with Dijkstra SPF (Shortest Path First) Algorithm.
· Classless Routing Protocol.
· Update are sent through Multicast IP Address 224.0.0.5 and 224.0.0.6
- OSPF sends Incremental / Triggered Updates.
- OSPF Hello Packets are sent every 10 sec and Hold Timer is 40 sec.
- Administrative Distance (AD) is 110.
- Load Balancing via 4 equal cost paths by default (unequal cost load balancing not supported).
- Unlimited Hop Count.
- Faster Convergence.
- Hierarchical network design.
- One area has to be designated as Area 0.
- Area 0 is called the backbone area.
- Maintains a similar database on all the routers within an area.
- Router ID is used to identify each router.
Router ID:
- Router ID is used to identify the router.
- Router ID is 32 Bit Address.
- The highest IP assigned to an active physical interface is the Router ID.
- More preference is given to logical interfaces (if configured).
- If a logical interface is configured then the highest IP Assign to a logical interface (Loopback) is the router ID.
- Highest Preference is given to Router ID
Command.
OSPF Metric Calculation:
- The OSPF metric is not defined in standards.
- Every vendor uses a different formula to calculate metric.
- OSPF Metric in
- Ex:
|
Serial Link |
64 Kbps |
Cost = 1562 |
|
1544 Kbps |
Cost = 64 |
|
|
2000 Kbps |
Cost = 48 |
|
|
Ethernet Link |
10 Mbps |
Cost = 10 |
|
Fast Ethernet Link |
100 Mbps |
Cost = 1 |
|
Gigabit Ethernet Link |
1000 Mbps |
Cost = 1 |
OSPF Packets Type:
- Hello Packet
- Database Description (DBD)
- Link - State Request (LSR)
- Link - State Update (LSU)
- Link - State Ack
OSPF Packets Types:
- Hello Packet:
- Hello packets are OSPF Packet Type 1.
- These packets are multicast periodically to 224.0.0.5 multicast addresses on all interfaces.
- Discovers neighbors and builds adjacencies between them.
- It helps to discover the Neighbor.
- Database Description (DBD) Packet:
- The DBD packets are OSPF Packet Type 2.
- Link-state routing protocol, it is required that the link-state databases for all routers remain synchronized. The synchronization starts as soon as the adjacency is formed between neighbors. OSPF uses Database Descriptor (DBD) packets for this purpose.
- DBD Packet Checks for database synchronization between routers.
- DBD Helps to check the LSDB (Link-State Database) between the neighbors are the same.
- Link-State Request (LSR) Packet:
- The Link State Request (LSR) Packet is an OSPF packet Type 3.
- After the DBD (Database Description) packets exchange process, the router may find it does not have an up-to-date database. The LSR (Link-State Request) packet is used to request pieces of the neighbor database that is more up-to-date.
- LSR (Link-State Request) Packets Requests Specific link-state records from Neighbor.
- Link-State Update (LSU)
- packets are OSPF packet Type 4.
- Packet sends specifically requested link-state records.
- Packet Reply to the link-state request.
- Link-State Acknowledge (LSAck):
- packets are OSPF packets Type 5.
- OSPF requires acknowledgement for the receipt of each LSA (Link-State Advertisement). Multiple Link-State Advertisements (LSAs) can be acknowledged in a single Link-State Acknowledge (LSAck) packet.
- OSPF is a reliable Protocol, so it needs to be Acknowledged.
Neighbor:
- Neighbors are discovered by Hello Packets.
- To become neighbors the following should match.
- Area ID.
- Network ID
- MTU (Maximum Transmission Unit) packets
- Hello and Dead Intervals.
- Authentication (if configured).
Adjacencies:
- Adjacencies are formed once neighbor relation is established.
- In Adjacencies the database details are exchanged.
OSPF Tables
- It maintains three tables.
- Neighbor Table
- Neighbor table contains information about the directly connected OSPF neighbors forming adjacency.
- Also known as the adjacency database.
- Contains list of recognized neighbors.
- Database Table
- Database table contains information about the entire view of the topology with respect to each router.
- Typically referred to as LSDB (Link-State Database)
- Contains information about all routers and their attached links in the area or networks.
- Routing Table:
- Routing table contains information about the best path calculated by the shortest path first algorithm in the database table.
- Commonly named as forwarding database.
- Contains list of best paths to each destination.
 |
 |
The Solution: OSPF Hierarchical Routing:
- Link-state routing can have Hierarchical network design.
- Maintains a similar database on all the routers within an area.
- Minimizes routing update traffic.
- Minimizes routing table entries.
- Localizes the impact of a topology change within an area.
- This two-level hierarchy consists of the following:
- Transit area (backbone or area 0)
- Regular area (non-backbone areas)
 |
Practicle:
|
Note: ● Area number should be the same in all networks. ● Process ID can be change ● Backbone should be Zero (0) |
==> Physical Configuration of Router:
● Putty or Mobaxterm
○ Putty: serial → open
● Control panel → Program & features → turn on windows features → telnet client (install)
Switching
Ethernet:
o A technology originated by the University of Hawaii, later adopted by Xerox corporation.
o Ethernet is the most popular physical layer LAN technology.
o Ethernet standard known as IEEE Standard 802.3
o Ethernet speed is 10 Mbps
o Types of Ethernets
§ Ethernet
§ FastEthernet
§ GigabitEthernet
§ 10 GigabitEthernet
FastEthernet:
o The Fast Ethernet standard (IEEE 802.3u) has been established for Ethernet networks that need higher transmission speeds.
o FastEthernet speed is 100 Mbps
Gigabit
Ethernet
o Gigabit Ethernet was developed for faster communication networks with applications such as multimedia and Voice over IP (VoIP)
o Gigabit Ethernet standards are IEEE 802.3ab and IEEE 802.3z (optical fiber)
o Gigabit Ethernet speed is 1000 Mbps i.e 1Gbps
10
Gigabit Ethernet
o 10 Gigabit Ethernet is the fastest and most recent of the Ethernet standards i.e. IEEE 802.3ae.
o 10 Gigabit Ethernet is based entirely on the use of optical fiber connections.
o 10 Gigabit Ethernet speed is 10000 Mbps i.e. 10 Gbps
Broadcast
Domain:
o A broadcast domain is a set of network devices for which a broadcast frame sent by one device is received by all other devices in the LAN segment.
Collision
Domain:
o A collision domain is a set of network devices for which a frame sent by one device could result in a collision with a frame sent by any other device in the same LAN segment.
Types
of Switches:
◆ Manageable Switches:
● On a Manageable switch an IP address can be assigned and configurations can be made. It has a console port.
◆ Unmanageable switches
● On
an Unmanageable switch configuration cannot be made, an IP address cannot be
assigned as there is no console port.
Campus
Network
◆ Campus is a LAN network supporting larger buildings or multiple buildings close to a specific area.
◆ Cisco uses three terms to describe the role of each switch in a campus design.
● Access Layer
● Distribution Layer
● Core Layer
Cisco’s
Hierarchical design for switches:
◆ Access Layer Switches: Switches series: 1900, 2950, 2960
◆ Distribution Layer Switches: Switches Series:
● Fixed: 3550, 3560, 3750
● Modular: 4500, 5500
◆ Core Layer Switches: Switches Series: 6500
Initial Configuration of Switch
➔ Initial Configuration:
Duplex
and Speed:
o Switch automatically adjusts duplex mode and speed depending upon the remote device.
o We can set duplex mode and speed to match any of the supported modes.
Interface
Speed & Duplex – Configuration
o Switch (config)# interface <interface type><no.>
o Switch (config-if)# speed { 100 | 1000 | 10000 | auto }
o Switch (config)# interface <interface type><no.>
o Switch (config-if)# duplex { full | half }
➔ Methods of Switching:
◆ Cisco switches support three types of switching
● Store and forward
● Cut through
● Fragment free
➔ Store and Forward
◆ This is the basic mode of switching.
◆ Switch stores the entire frame into memory and performs CRC check, to ensure the frame is not corrupted.
◆ A frame less than 64 bytes and greater than 1518 bytes is invalid, only valid frames are processed, invalid are dropped.
◆ Latency is more
➔ Cut Through
◆ The switch reads only the first 6 bytes of frame that is the destination MAC address.
◆ This is the fastest method of switching.
◆ Invalid frames are processed.
➔ Fragment Free
◆ This is the best method for switching.
◆ Switch checks only the first 64 bytes of frames for error.
◆ It processes only those frames that have the first 64 bytes valid.
◆ Any frame less than 64 bytes is called a RUNT and this frame is invalid.
◆ Low latency.
Virtual LAN (VLAN)
➔ Virtual LAN
◆ Divides a Single Broadcast domain into Multiple Broadcast domains.
◆ VLANs group interfaces to create a smaller broadcast domain.
◆ It provides Layer 2 Security.
◆ By default, all ports of the switch are in VLAN1.
◆ VLAN1 is known as Administrative VLAN or Management VLAN.
◆ VLAN can be created from 2 - 1001
◆ VLAN information is stored in vlan.dat on the flash memory of the switch.
➔ VLAN - Configuration
◆ Creating VLAN
● Switch (config) # vlan < vlan number >
● Switch (config-vlan) # name < name >
● Switch (config-vlan)# exit
◆ Implementation of VLAN
● Switch (config)# interface <interface type> <interface no>
● Switch (config-if)# switchport mode access
● Switch (config-if)# switchport access vlan <vlan ID>
● Switch
(config-if)# exit
➔ 
|
Switch 1 |
Switch 2 |
|
SW1 (config)# vlan
10 SW1 (config-vlan)#exit SW1 (config)# vlan 20 SW1 (config-vlan)# name MKTG SW1 (config-vlan)# exit SW1 (config)# interface range fastethernet 0/1-2 SW1 (config-if-range)# switchport mode access SW1 (config-if-range)# switchport access vlan 10 SW1 (config-if-range)# exit SW1 (config)# interface range fastethernet 0/5-6 SW1 (config-if-range)# switchport mode access SW1 (config-if-range)# switchport access vlan 20 SW1 (config-if-range)# exit |
SW2 (config)# vlan 10 SW2 (config-vlan)#exit SW2 (config)# vlan 20 SW2 (config-vlan)# name MKTG SW2 (config-vlan)# exit SW2 (config)# interface range fastethernet 0/1-2 SW2 (config-if-range)# switchport mode access SW2 (config-if-range)# switchport access vlan 10 SW2 (config-if-range)# exit SW2 (config)# interface range fastethernet 0/5-6 SW2 (config-if-range)# switchport mode access SW2 (config-if-range)# switchport access vlan 20 SW2 (config-if-range)# exit |
➔ VLAN - Verification
◆ switch# show vlan
◆
 |
switch# show interface <interface type><interface no.> switchport
Trunk
Trunk:
o Trunk port allows multiple VLAN traffic to pass through a single physical connection by adding a header to Ethernet frame.
o Trunking protocols of two different types.
|
ISL (Inter Switch Link) |
802.1q |
|
Cisco proprietary |
Open standard |
|
30 bytes (Header + Trailer) |
4 bytes (Header) |
VLAN
Tagging
o VLAN Tagging is used when a link needs to carry traffic for more than one VLAN.
o Each frame has a tag that specifies the VLAN it belongs to.
o Tag is added to the frame when it goes on to the trunk and tag is removed when it leaves the trunk.
o
 |
Switch forwards the frame to a particular VLAN based on tag information.
 |
Trunk
- Configuration
o Switch
(config)# interface <interface type> <interface no.>
Switch (config)# switchport mode trunk
Switch (config-if)# switchport trunk allowed vlan <vlan id / all>
Switch (config-if)#end
|
Switch 1 |
Switch 2 |
|
SW1 (config)# interface range fastethernet 0/24 SW1 (config-if)# switchport mode trunk SW1 (config-if)# switchport trunk allowed vlan all
|
SW2 (config)# interface range fastethernet 0/24 SW2 (config-if)# switchport mode trunk SW2 (config-if)# switchport trunk allowed vlan all
|
Note: configuration of trunk on single switch is enough to make two switches communicate.
Trunk
– Verification
o Switch#
show interface trunk
Switch# show interface <interface type><interface no.>
switchport
Native
VLAN
o The native VLAN is the only VLAN whose frames are not tagged on a trunk, i.e. native VLAN frames are transmitted unchanged.
o By default VLAN 1 is native VLAN, we can configure another VLAN as native VLAN.
Native
VLAN – Configuration
o Switch
(config)# interface<interface type><interface
no.>
Switch (config-if)# switchport trunk native vlan <vlan id>
Switch (config-if)# end
Native
VLAN - Verification
o Switch # show interface trunk
Dynamic Trunking Protocol (DTP)
Dynamic
Trunking Protocol (DTP)
o DTP is a Cisco proprietary protocol.
o DTP is responsible for dynamically negotiating trunks between switches.
o DTP is enabled in all Cisco switches by default.
o DTP modes
● Dynamic desirable
● Dynamic auto
DTP
Modes
|
Command Option |
Description |
|
Access |
Always act as an access (Non-Trunk) port |
|
Trunk |
Always act as a Trunk port |
|
Dynamic Desirable |
Initiates negotiation messages and responds to negotiation messages to start using Trunking |
|
Dynamic Auto |
Passively waits to receive trunk negotiation messages |
DTP
Configuration
o Switch(config)#
interface<interface type><interface no.>
Switch(config-if)# switchport mode { dynamic auto | dynamic desirable }
Switch(config-if)# end
|
Switch 1 |
Switch 2 |
|
SW1 (config)# interface fastethernet 0/24 SW1 (config-if)# switchport mode dynamic desirable SW1 (config-if)# end |
SW2 (config)# interface fastethernet 0/24 SW2 (config-if)# switchport mode dynamic auto SW2 (config-if)# end |
DTP – Verification
Switch# show interface trunk
Switch# show interface <interface type><interface no.> switchport
VLAN Trunking Protocol [VTP]
o Cisco proprietary protocol created to maintain VLAN configuration consistency throughout the network.
o It provides accurate VLAN tracking and monitoring.
o Dynamic reporting of added VLANs.
o “Plug-and-play” configuration when adding new VLANs
o VTP
only works when trunking is configured on FastEthernet or higher ports.
Note:
Switches should be configured with the same Domain Name. Domain Names are Case
sensitive.
VTP
Modes
o Server
§ Default mode
§ Create, Modify and Delete VLANs
§ Forwards advertisements
§ Synchronizes
o Client
§ Cannot create, Modify or delete VLANs
§ Does not store VLAN Information in the NVRAM
§ Forwards advertisements
§ Synchronizes
o Transparent
§ Create, Modify and Delete local VLANs only
§ Forwards advertisements
§ Does not synchronize
➔ VTP - Configuration
o Switch (config)# vtp mode { server | client | transparent }
o Switch (config)# vtp domain <name>
o Switch (config)# vtp password <password>
|
SW1 |
SW2 |
|
SW1 (config)# vtp
domain ZOOM Setting device VLAN
database password to CCNA |
SW2 (config)# vtp domain ZOOM Setting device VLAN database password to CCNA
SW2 (config)# vtp mode client Setting device to VTP CLIENT mode. |
➔ VTP - Verification
o Switch#
show vtp status
Switch# show vtp password
|
Note: |
VTP
Configuration:
## S1 Side: ##
## VLAN Create: ##
Switch(config)#Hostname S1
S1(config)#VLan 2
S1(config-vlan)#Name HR
S1(config-vlan)#exit
S1(config)#VLan 3
S1(config-vlan)#Name IT
S1(config-vlan)#exit
S1(config)#VLan 4
S1(config-vlan)#Name SALE
S1(config-vlan)#exit
## VTP Server Configure ##
S1(config)#vtp domain Jetking.com
S1(config)#vtp mode server
S1(config)#vtp password ccna
S1(config)#interface fastEthernet 0/23
S1(config-if)#switchport mode trunk
## S2 Side ##
## VTP Client Configure ##
S2(config)#vtp domain Jetking.com
S2(config)#vtp mode client
S2(config)#vtp password ccna
S2(config)#interface fastEthernet 0/23
S2(config-if)#switchport mode trunk
## S3 Side ##
## VTP Transparent Configure ##
S3(config)#vtp domain Jetking.com
S3(config)#vtp mode transparent
S3(config)#vtp password ccna
S3(config)#interface fastEthernet 0/23
S3(config-if)#switchport mode trunk
## S4 Side ##
## VTP Client Configure ##
S4(config)#vtp domain Jetking.com
S4(config)#vtp mode client
S4(config)#vtp password ccna
## Assign Port Into Vlan ##
Note: Assign Ports into Vlan on S1,S2,S4.
S1(config)#INterface Range FastEthernet 0/1-2
S1(config-if-range)#SWitchport ACcess Vlan 2
S1(config-if-range)#EXit
S1(config)#INterface Range FastEthernet 0/3-4
S1(config-if-range)#SWitchport ACcess Vlan 3
S1(config-if-range)#EXit
S1(config)#INterface Range FastEthernet 0/5-6
S1(config-if-range)#SWitchport Access Vlan 4
S1(config-if-range)#
Inter-Vlan
Routing[IS1]
Inter-Vlan
Routing:
◆ Inter-vlan routing is a process of forwarding the traffic from one vlan to other vlan using a router.
◆ The port where the router is connected on switch should be configured as trunk to allow multiple vlan traffic.
◆ The physical interface on router is divided into multiple sub-interfaces
◆ Each subinterface is associated with one VLAN and one IP subnet.
◆ This is also called a Router on a stick.
Routing
Between VLANs
◆ Routing between VLANs can be done:
● Using multiple physical links called as legacy inter-vlan routing.
● Using a single link and creating sub-interfaces called “router on a stick”.
● Using the multilayer switch.
Router
on a Stick - Configuration
◆ Creating Sub Interface
● Router(config)#
interface Fastethernet 0/0.<no.>
Router (config-subif) # encapsulation dot1Q <vlan id>
Router (config-subif) # ip address <ip> <subnet mask>
Router (config-subif) # exit
◆ Enable IP Routing
● Router (config)# ip routing
|
Router |
|
Router (config)#
interface Fastethernet 0/0 Router(config-subif)#exit Router (config)#interface FastEthernet 0/0.2 Router (config-subif)#encapsulation
dot1Q 20 Router (config-subif)# exit Router (config)#ip routing |
Router
on Stick - Verification
◆ Router# show ip route
◆
|
Inter VLAN Routing Configuration |
|
Router side |
|
Router(config)#hostname R1 R1(config)#interface
fastethernet 0/0
R1(config)#interface fastEthernet
0/0.2
R1(config)#interface fastEthernet
0/0.3 |
|
R1(config)#ip dhcp
pool HR R1(dhcp-config)#default-router 192.168.1.254 R1(dhcp-config)#exit
R1(config)#ip dhcp pool IT R1(dhcp-config)#default-router 192.168.2.254 R1(dhcp-config)#exit
R1(config)#ip dhcp pool SALE R1(dhcp-config)#default-router 192.168.3.254 R1(dhcp-config)#exit |
|
Switch side (s1) |
|
S1(config)#interface fastEthernet 0/24 S1(config-if)#switchport mode trunk |
LAB
|
S1(config)#vlan 2 S1(config-vlan)#name HR S1(config-vlan)#vlan 3 S1(config-vlan)#name account S1(config-vlan)#vlan 4 S1(config-vlan)#name sales |
S2(config)#vlan 2 S2(config-vlan)#Vlan 3 S2(config-vlan)#name account S2(config-vlan)#Vlan 4 S2(config-vlan)#name sale |
|
|
S1(config)#interface fastethernet 0/1 S1(config-if)#switchport mode access S1(config-if)#switchport access vlan 2 S1(config-if)#interface fastethernet 0/2 S1(config-if)#switchport mode access S1(config-if)#switchport access vlan 3 S1(config-if)#interface fastethernet 0/3 S1(config-if)#switchport mode access S1(config-if)#switchport access vlan 4 |
|
|
|
S1(config)#interface fastethernet 0/23 S1(config-if)#switchport mode trunk S1(config-if)#interface fastethernet 0/24 S1(config-if)#switchport mode trunk |
S2(config)#interface
fastethernet 0/24 |
|
|
S1(config)#vtp domain imran S1(config)#vtp password sharif |
S2(config)#vtp mode transparent |
S3(config)#vtp mode client S3(config)#vtp domain imran S3(config)#vtp password sharif |
|
Router(config)#interface fastethernet 0/0 Router(config-if)#no shutdown
Router(config-if)#interface fastethernet 0/0.1 Router(config-subif)# encapsulation dot1Q 2 Router(config-subif)#ip address 192.168.1.254 255.255.255.0 Router(config-subif)#interface fastethernet 0/0.2 Router(config-subif)#encapsulation dot1Q 3 Router(config-subif)#ip address 192.168.2.254 255.255.255.0 Router(config-subif)#exit
Router(config)#ip dhcp pool account Router(dhcp-config)#network 192.168.2.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.2.254 Router(dhcp-config)#exit
Router(config)#ip dhcp pool hr Router(dhcp-config)#network 192.168.1.0 Router(dhcp-config)#network 192.168.1.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.1.254 |
||
Cisco Discovery Protocol (CDP)
Cisco
Discovery Protocol (CDP)
◆ It is a Cisco proprietary protocol.
◆ CDP is enabled by default in all Cisco devices.
◆ CDP advertisements are sent through all the ports by default.
◆ CDP Advertisements are sent every 60 seconds.
◆ CDP Advertisements are sent via multicast address 01:00:0c:cc:cc:cc.
Advantages
of CDP
◆ Once layer 1 is active CDP sends the information to its active neighbors.
◆ It can be used for layer 1, layer 2, layer 3 troubleshooting.
◆ Information advertised by CDP
● Logical address (if defined)
● Hostname
● Hardware Platform
● IOS Version
● Interface Type and Interface Number of local and remote devices connected.
CDP
- Configuration
◆ Switch (config)# cdp run
|
SW1 |
SW2 |
|
SW1 (config) # cdp run |
SW2 (config) # cdp run |
CDP
Verification
◆ Switch#
show cdp neighbors
Switch# show cdp neighbor detail
Disadvantages
of CDP
◆ CDP can be used only between Cisco devices.
◆ Information about only directly connected neighbors can be known.
Lab
◆ 
Link Layer Discovery Protocol (LLDP)
◆ Open Standard Protocol - IEEE 802.1AB
◆ LLDP is a neighbor discovery protocol used by devices for advertising information about themselves to other devices on the network.
◆ By default, it is disabled on cisco devices, we need to manually enable it on devices.
◆ LLDP Advertisements are sent every 30 seconds.
◆ LLDP Advertisements are sent via multicast address 01:80:c2:00:00:0e
LLDP
- Configuration
◆ Switch (config)# lldp run
LLDP
- Verification
◆ Switch#
show lldp neighbors
Switch# show lldp neighbor detail
Note:
◆ To run LLDP, first turn off the CDP (no cdp run)
|
● Show Spanning-tree
● No lldp run - to disable lldp
● Show cdp ? |
Access Control List [ACL]
An Access Control List (ACL) is a list of rules that control access to a system or network. ACLs are used to specify which users or processes can access resources, and what actions they can perform.
➔ Standard ACL
◆ Can be named or numbered.
◆ The access-list number range is 1 - 99
◆ Can block a Network, Host and Subnet. (not selected services)
◆ All services are blocked.
◆ Filtering is done based on only the source IP address.
➔ Extended ACL
◆ Can be named or numbered.
◆ The access-list number range is 100 - 199
◆ We can allow or deny a Network, Host, Subnet and Service.
◆ Selected services can be blocked.
◆ Filtering is done based on source IP, destination IP, protocol, port no.
➔ WildCard Mask for Single Host
◆ Default mask for one single host always = /32 = 255.255.255.255
◆ Global Subnet Mask - Subnet Mask = Wildcard mask
● 255.255.255.255 - 255.255.255.255 = 0.0.0.0
◆ WildCard Mask for a single Host will be always 0.0.0.0
◆ Router(config)# access-list <acl no> <permit/deny> <source address> <source Wild Card Mask>
|
R-2(config)# access-list 15 deny 192.168.1.1 0.0.0.0 R-2(config)# access-list 15 host 192.168.1.2 R-2(config)#access-list
15 deny 192.168.3.0 0.0.0.255 |
Source Destination Deny - 192.168.1.2 - 192.168.2.0 Deny - 192.168.3.0 - 192.168.2.0 Permit any |
➔ IP Protocol
◆ TCP
● HTTP 80
● Telnet 23
● FTP 20/21
● SMTP 25
◆ UDP
● DNS 53
● DHCP 67 server / 68 client
● TFTP 69
● SNMP 161
◆ ICMP
● Ping
● Tracert
➔ Operators used in Extended ACL
◆ = → Equal to = eq
◆ ≠ → Not Equal to = neq
◆ > → Greater than = gt
◆ < → lesser than = lt
===> Practical Access Control List [ACL]
==> Standard ACL Configuration:
➔ Access-list
(ACL-NO) Deny/Permit host (IP address)
Access-list(ACL-No) Deny/Permit <IP Address> <WildCard Mask>
Access-list(ACL-No) Permit any
➔ Task:
◆ Deny:
192.168.1.1 & 192.168.1.2 =====> 192.168.2.0
R2#Show Access-lists
R2(config)#access-list 10 deny 192.168.1.1 0.0.0.0
R2(config)#access-list 10 deny host 192.168.2.1
R2(config)#access-list 10 permit any
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip access-group 10 out
config# access-list 15 deny 192.168.2.1 0.0.0.0
◆ Permit:
192.168.1.2 - 192.168.2.0 Deny : Remaining
R2(config)#Access-list 10 Permit Host 192.168.1.2
R2(config)#Interface FastEthernet 0/0
R2(config-if)#IP Access-group 10 Out
R2#show access-lists (Check ACL)
◆ Remove
ACL
R2(config)#no access-list 10
R2#show access-lists (Check ACL)
Standard
Name ACL:
o # ip
access – list standard jet
# permit host 192.168.1.69
#exit
# interface fastethernet 0/0
# ip access-group jet out
o To
Remove Name Acl
# no ip access-list standard jet
|
➢ Note: ACL last statement will be “Deny All” so we need to end the ACL with “Permit” ➢ IP dhcp
pool <name> ➢ config# access-list 15 deny 192.168.2.1 0.0.0.255 (whole network is denied or block because of subnet mask, for denning single host use 0.0.0.0) ➢ IP dhcp pool ○ Dns-server 200.200.200.1 |
==> Extended ACL Configuration:
➔ Block
http Single PC
Router(config)#access-list 120 deny tcp host 192.168.2.3
host 200.200.200.2 eq www
Router(config)#access-list 120 permit ip any any
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 120 in
➔ Block
http Network :
Router(config)#access-list 150 deny tcp 192.168.2.0
0.0.0.255 host 200.200.200.2 eq 80
Router(config)#access-list 150 permit ip any any
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 150 in
➔ Block
FTP Protocol
Router(config)#access-list 120 deny tcp host 192.168.2.1 host 200.200.200.5 eq
21
Router(config)#access-list 120 permit ip any any
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 120 in
(block the use of FTP server)
➔ SMTP
Block
Router(config)#access-list 121 deny tcp host 192.168.1.3
host 200.200.200.3 eq 25
Router(config)#access-list 121 permit ip any any
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 121 in
➔ Incoming
Mail Block
Router(config)#access-list 100 deny tcp host 192.168.1.1 host 200.200.200.3
eq 110
Router(config)#access-list 100 permit ip any any
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 100 in
➔ ICMP
Block Between Two PC:
R2(config)#access-list 188 deny icmp host 192.168.1.1 host 192.168.2.1 echo
R2(config)#access-list 188 deny icmp host 192.168.1.1 host 192.168.2.1
echo-reply
R2(config)#access-list 188 permit ip any any
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip access-group 188 in
➔ Telnet
Block:
R2(config)#access-list 100 deny tcp host 192.168.1.1 host 200.200.200.254 eq 23
R2(config)#access-list 100 permit ip any any
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip access-group 100 in
➔ Allow
Telnet Single PC Remaining Block
R3(config)#access-list 110 permit tcp host 192.168.2.2
host 200.200.200.254 eq telnet
R3(config)#access-list 110 deny ip any any
R3(config)#interface fastEthernet 0/0
R3(config-if)#ip access-group 110 in
➔ Remove
ACL
R2(config)#no access-list 10
R2#show access-lists (
Check ACL )
=================================
===========: Completed :=============
-------------------------------------------------------------------------------------------
Notes:
➔ Ip Configuration for servers
➔ DNS Address: 200.200.200.1 for all devices
DNS server: → Services → DNS → DNS Service → ON
◆ Name: www.google.com
◆ Address: 200.200.200.4
● ADD
◆ Name: gmail
◆ Name: yahoo.com
◆ 
➔ GMAIL Server: → Services → Email → SMTP Service, POP3 Service → ON
◆ Domain name: gmail.com
◆ User: shivani
◆ Password: 12345
◆ User: Imran
◆ Password: 123456
◆ User: Krishna
◆ Password: 1234567
◆ 
➔ Yahoo Server: → Services → Email → SMTP Service, POP3 Service → ON
◆ Domain name: yahoo.com
◆ User: rajesh
◆ Password: 12345
◆ 
➔ Google
→ Services → HTTP → index.HTML (Edit)
➔ User(personal pc) - configure mail → userinfo → name, Email
◆ Your name: imran
◆ Email add: imran@gmail.com
◆ Server information
◆ Incoming mail server: gmail.com
◆ Outgoing mail server: gmail.com
◆ Username: imran
◆ Password: 123456
◆ 
➔ Extended
◆ #access-list
110 deny tcp host 192.168.1.1 host 200.200.200.4 eq www
(or)
#access-list 110 deny tcp host 192.168.1.1 host 200.200.200.4 eq 80
◆ #access-list
110 permit ip any any
Any - for destination
Any - for source
◆ Internet fastethernet 0/0
◆ Ip access-group 110 in
◆
|
Protocol |
Port NO |
|
http (TCP) |
80 |
|
https |
443 |
|
Smtp (TCP) |
25 |
|
telnet (TCP) |
23 |
|
ssh |
22 |
|
ftp (TCP) |
20, 21 |
|
Dhcp server |
67 |
|
Dhcp client |
68 |
|
pop3 |
110 |
|
ntp |
123 |
◆ Access-list 111 deny tcp 192.168.2.0 0.0.0.255
◆ Host 200.200.200.4 eq 80
◆
➔ FTP:
◆ Services → ON → Username:Imran, Password: 12345 → write, read, Delete, Rename, list
◆ Command prompt:
● Ftp <ip address>
● Username
● Password
◆ 
◆ #Access-list
112 deny tcp host 192.168.1.3 host 200.200.200.5 eq 21
#Access-list Permit ip any any
#interface fastethernet 0/0
#ip access-group 112 in
◆ #Access-list 150 deny tcp host 192.168.1.1 host 200.200.200.2 eq smtp
◆ #Access-list
120 deny tcp host <IP address> host <ip address> eq 110
Ip access 120 out
➔ Name ACL:
◆ #ip
access-list ?
#ip access-list Extended Telnet
R3(config-ext-nacl)# deny tcp host 192.168.2.3 host 200.200.200.254 eq 23
#permit ip any any
#interface fastethernet 0/0
#ip access-group Telnet in
◆ No ip access-list extended telnet
◆ No access-list 150
◆ Ip
access-list standard jetking
#deny host 192.168.1.1
#permit any
Interface fastethernet 0/0
Ip access-group jetking out
|
➢ FTP:
Port 20: Data transfer (active mode) ➢ SMTP:
sending messages ➢ Only one ACL at a Point of connection fastethernet/serial ➢ 110 to receiving mails ➢ ICMP → Ping ➢ |
Spanning Tree Protocol (STP)[IS2]
Redundant Topology
· To Eliminate single point of failure, backup links are used.
· This type of network is called a redundant topology.
|
States |
Forward Frames |
Learn Mac-Address |
BPDU |
Duration |
|
Blocking |
No |
No |
Receives |
20 seconds |
|
Listening |
No |
No |
Sent/receive |
15 seconds |
|
Learning |
No |
Yes |
Sent/receive |
15 seconds |
|
Forwarding |
Yes |
Yes |
Sent/receive |
- |
Problem in Redundant Topologies:
· Redundant topology causes
o Multiple frame copies
o MAC address table instability
o Broadcast storms
· The above problems are collectively called layer 2 switching loops.
Spanning Tree Protocol
· Spanning-tree protocol is used in switched networks to avoid switching loops.
· It uses a spanning-tree algorithm.
· STP blocks redundant paths that could cause a loop
· STP is an open standard (IEEE 802.1D)
STP Terminology
· Root Switch
o The switch with the best (lowest) Switch ID.
o Out of all the switches in the network, one switch is elected as a Root switch. This Root switch becomes the focal point of the network.
· Switch ID
o Each switch has a unique identifier called a Bridge ID or Switch ID.
o Bridge ID = Priority + MAC address of the switch.
o Default priority is 32768.
· Non-Root Switch
o All switches other than the Root switch are called Non-root switches.
· BPDU
o Switches exchange information using Bridge Protocol Data Units (BPDUs)
o BPDUs contain information that helps the switch to determine the topology
o BPDUs are sent every 2 sec.
STP Port states
➔ 
STP Terminology
· Root port
o Every Non-Root Switch must have a root port.
o Only one port per switch can be the Root port.
o All Root ports will be in forward state.
o A Switch’s Root port is the port closest to the Root Switch
§ The port with the least cost.
§ The port with the lowest Neighbor switch ID.
§ Lowest Physical Port Number.
IEEE Cost Values
|
Type |
Cost Value |
|
Ethernet |
100 |
|
Fast Ethernet |
19 |
|
Gigabit Ethernet |
4 |
|
10 Gigabit Ethernet |
2 |
Designated Port Election:
· Designated port
o For Every segment there will be a Designated port.
o A designated port will always be in forward state
§ The port with the least cost.
§ The port with the lowest Neighbor switch ID.
§ Lowest Physical Port Number
o All ports (Trunk ports) on the Root bridge are Designated ports
STP Terminology
· Non-Designated port
o The ports that are neither Root ports nor the Designated ports.
o These ports are blocked by STP
STP - Configuration
· To Configure a switch as a Root Switch
o Switch(config)#spanning-tree vlan 1 root { primary | secondary }
NAT & PAT
Network Address Translation
· Method of translation of private IP to Public IP address.
· In order to communicate with the internet, we must have registered a public IP address.
· Can be configured on Routers, firewalls, servers.
Types of NAT:
· Static NAT
· Dynamic NAT
· Port Address Translation (PAT)
Static NAT
· One to one Mapping done Manually.
· Every private IP needs one registered public IP address (one : one)
Dynamic NAT
· One to one mapping done automatically by NAT device.
· For every private IP needs on registered IP address (one : one)
Port Address Translation (Dynamic NAT Overload)
· Thousands of Private users - use single Public IP.
· Use port numbers mapped to single Public IP to differentiate connections.
· PAT
is the real reason we haven’t run out of valid IP addresses on the Internet.
STATIC, DYNAMIC & PAT CONFIGURATION
ISP ROUTER CONFIGURATION
ISP(config)#interface fastEthernet 0/0
ISP(config-if)#ip address 200.200.200.254 255.255.255.0
ISP(config-if)#no shutdown
ISP(config)#interface serial 0/3/0
ISP(config-if)#ip address 10.0.0.2 255.255.255.0
ISP(config-if)#no shutdown
ISP(config)#ip route 50.1.1.0 255.255.255.0 10.0.0.1
R1 ROUTER
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#no shutdown
R1(config)#ip dhcp pool Jetking
R1(dhcp-config)#network 192.168.1.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.1.254
R1(dhcp-config)#dns-server 8.8.8.8
R1#show ip interface brief
R1(config)#interface serial 0/1/0
R1(config-if)#ip address 10.0.0.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2
STATIC NAT CONFIGURATION
R1(config)#ip
nat inside source static <Private-IP> <Public-IP>
R1(config)#ip nat inside source static 192.168.1.1 50.1.1.1
R1(config)#ip nat inside source static 192.168.1.2 50.1.1.2
R1(config)#ip nat inside source static 192.168.1.3 50.1.1.3
===> Implementation <===
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip nat inside
R1(config)#interface serial 0/1/0
R1(config-if)#ip nat outside
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 50.1.1.1:10 192.168.1.1:10 200.200.200.10:10 200.200.200.10:10
icmp 50.1.1.1:11 192.168.1.1:11 200.200.200.10:11 200.200.200.10:11
icmp 50.1.1.1:8 192.168.1.1:8 200.200.200.10:8 200.200.200.10:8
icmp 50.1.1.1:9 192.168.1.1:9 200.200.200.10:9 200.200.200.10:9
#==========> Remove Static NAT Configuration <==========#
R1#clear ip nat translation *
R1(config)#no ip nat inside source static 192.168.1.1 50.1.1.1
R1(config)#no ip nat inside source static 192.168.1.2 50.1.1.2
R1(config)#no ip nat inside source static 192.168.1.3 50.1.1.3
==============================================================================
DYNAMIC NAT CONFIGURATION
|
R1(config)#Access-list <No>
Permit <Source> <Wildcardmask> |
R1(config)#Access-list 50 Permit 192.168.1.0 0.0.0.255
R1(config)#IP Nat Pool MCC 50.1.1.1 50.1.1.2 Netmask 255.255.255.0
R1(config)#IP Nat Inside Source List 50 Pool MCC
===> Implementation <===
R1(config)#Interface FastEthernet 0/0
R1(config-if)#IP Nat Inside
R1(config)#Interface Serial 0/1/0
R1(config-if)#IP Nat Outside
R1#SHow IP NAT Translations
Pro Inside global Inside local Outside local Outside global
icmp 50.1.1.1:1 192.168.1.3:1 200.200.200.10:1 200.200.200.10:1
icmp 50.1.1.1:2 192.168.1.3:2 200.200.200.10:2 200.200.200.10:2
icmp 50.1.1.1:3 192.168.1.3:3 200.200.200.10:3 200.200.200.10:3
icmp 50.1.1.1:4 192.168.1.3:4 200.200.200.10:4 200.200.200.10:4
=============================================================================
#==========> Remove Dynamic NAT Configuration <==========#
R1#clear ip nat translation *
R1(config)#no IP Nat Inside Source List 50 Pool MCC
R1(config)#no IP Nat Pool MCC 50.1.1.1 50.1.1.10 Netmask 255.255.255.0
R1(config)#no Access-list 50
==============================================================================
PAT CONFIGURATION
R1(config)#Access-list <No> Permit
<Source> <Wildcardmask>
R1(config)#ip nat pool <Name> <Start Pub-IP> <End-Pub-IP>
netmask <Subnet-Mask>
R1(config)#ip nat inside Source list <ACL-No> <Poolname> Overload
R1(config)#Access-list 50 Permit 192.168.1.0 0.0.0.255
R1(config)#IP Nat Pool Pune 50.1.1.1 50.1.1.1 netmask 255.255.255.255
R1(config)#ip nat inside source list 50 pool Pune overload
===> Implementation <===
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip nat inside
R1(config)#interface serial 0/1/0
R1(config-if)#ip nat outside
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 50.1.1.1:1024 192.168.1.2:1 200.200.200.11:1 200.200.200.11:1024
icmp 50.1.1.1:1025 192.168.1.2:2 200.200.200.11:2 200.200.200.11:1025
icmp 50.1.1.1:1026 192.168.1.2:3 200.200.200.11:3 200.200.200.11:1026
icmp 50.1.1.1:1027 192.168.1.2:4 200.200.200.11:4 200.200.200.11:1027
DHCP Snooping
R1: 192.168.1.254/24 DHCP Configure
R2: 192.168.2.254/24 DHCP Configure
Go To Switch And Configure DHCP Snooping:
S1#SHow IP Dhcp Snooping
Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
none
Insertion of option 82 is enabled
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Interface Trusted Rate limit (pps)
----------------------- ------- ----------------
S1(config)#INterface FastEthernet 0/24
S1(config-if)#IP DHcp SNooping
S1(config)#IP DHcp SNooping VLan 1
S1(config)#NO IP DHcp SNooping Information Option
S1(config)#INterface FastEthernet 0/24
S1(config-if)#IP DHcp SNooping Trust
S1#SHow IP DHcp SNooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:1
Insertion of option 82 is disabled
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Interface Trusted Rate limit (pps)
----------------------- ------- ----------------
FastEthernet0/24 yes unlimited
S1#
Note:- R2 Will Not Provide IP Address To The Client
========================================:COMPLETED:========================================
|
➢ Ping -t |
Border Gateway Protocol (BGP):
Border Gateway Protocol (BGP) is an essential protocol that helps manage how packets are routed across the internet by finding the best path between Autonomous Systems (AS).
Key Features:
- Path Vector Protocol: Unlike other routing protocols that use distance metrics, BGP maintains the path information it uses to reach networks, which helps in making informed routing decisions.
- Inter-Domain Routing: BGP is primarily used for routing between different autonomous systems (inter-domain routing), making it the backbone of the internet's routing infrastructure.
- Policy-Based Routing: BGP allows administrators to define routing policies based on various factors such as path attributes, ensuring more control over routing decisions.
- Scalability: BGP is designed to handle a large number of routes, making it suitable for the global internet.
### How BGP Works:
1. BGP Peers: BGP routers (also known as BGP speakers) form peer relationships (peering) with other BGP routers. These peers can be within the same AS (iBGP) or between different ASes (eBGP).
2. Route Advertisement: BGP peers exchange routing information by advertising network prefixes along with various path attributes.
3. Path Selection: BGP selects the best path to a destination based on path attributes such as AS path length, next-hop IP address, and various policy settings.
4. Route Propagation: Once the best path is selected, BGP propagates this route information to other peers, ensuring optimal routing decisions across the network.
### BGP Path Attributes:
- AS Path: A list of ASes that data must traverse to reach a destination. Shorter AS paths are preferred.
- Next Hop: The next hop IP address that should be used to reach a destination.
- Local Preference: Indicates the preferred path within AS. Higher values are preferred.
- Multi-Exit Discriminator (MED): Suggests a preferred entry point into an AS from a neighboring AS.
- Community: Allows tagging of routes with information that can be used for routing decisions.
### Use Cases:
- Internet Service Providers (ISPs): BGP is used by ISPs to manage the exchange of routing information between different networks.
- Enterprises: Large enterprises use BGP to connect their networks across multiple locations or to multiple ISPs for redundancy.
- Content Delivery Networks (CDNs): CDNs use BGP to optimize the delivery of content by selecting the best routes to reach end-users.
Challenges and Considerations:
- Complexity: BGP configuration and management can be complex due to its policy-based nature.
- Convergence Time: BGP can take longer to converge compared to other routing protocols, which may affect network stability.
- Security: BGP is vulnerable to various attacks such as route hijacking and spoofing. Secure BGP (SBGP) and Resource Public Key Infrastructure (RPKI) are used to address these issues.
BGP is a cornerstone of internet routing,
providing the scalability and flexibility needed to manage the vast and diverse
networks that make up the global internet.
BGP CONFIGURATION:
· ROUTER-1:
R1(config)#interface
fastEthernet 0/0
R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#no shutdown
R1(config)#interface serial 0/1/0
R1(config-if)#ip address 10.0.0..1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#clock rate 128000
R1(config-if)#exit
· ROUTER-2:
R2(config)#interface
fastEthernet 0/0
R2(config-if)#ip address 192.168.2.254 255.255.255.0
R2(config-if)#NO Shutdown
R2(config)#INterface Serial 0/2/0
R2(config-if)#IP ADDress 10.0.0.2 255.0.0.0
R2(config-if)#CLock Rate 128000
R2(config-if)#NO Shutdown
R2(config)#INterface Serial 0/1/0
R2(config-if)#IP ADDress 11.0.0.1 255.0.0.0
R2(config-if)#CLock Rate 128000
R2(config-if)#NO SHutdown
R2(config-if)#EXit
==========:-ROUTER-3:==========
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 192.168.3.254 255.255.255.0
R2(config-if)#NO SHutdown
R3(config)#INterface Serial 0/2/0
R3(config-if)#IP ADDress 11.0.0.2 255.0.0.0
R3(config-if)#NO SHutdown
R3(config-if)#EXIT
==========: BGP CONFIGURATION IN ALL ROUTER:==========
==========:-ROUTER-1:==========
R1(config)#router bgp 100
R1(config-router)#bgp router-id 1.1.1.1
R1(config-router)#NEIghbor 10.0.0.2 REmote-as 200
R1(config-router)#NETwork 192.168.1.0 Mask 255.255.255.0
R1(config-router)#NETwork 10.0.0.0 Mask 255.0.0.0
==========:-ROUTER-2:==========
R2(config)#ROUTer BGp 200
R2(config-router)#BGp ROuter-id 2.2.2.2
R2(config-router)#NEIghbor 10.0.0.1 Remote-as 100
R2(config-router)#NEIghbor 11.0.0.2 Remote-as 300
R2(config-router)#NETwork 192.168.2.0 Mask 255.255.255.0
R2(config-router)#NETwork 10.0.0.0 Mask 255.0.0.0
R2(config-router)#NETwork 11.0.0.0 Mask 255.0.0.0
==========:-ROUTER-3:==========
R3(config)#Router Bgp 300
R3(config-router)#BGp ROuter-id 3.3.3.3
R3(config-router)#NEIghbor 11.0.0.1 Remote-as 200
R3(config-router)#NETwork 192.168.3.0 Mask 255.255.255.0
R3(config-router)#NETwork 11.0.0.0 Mask 255.0.0.0
==========:For Checking:==========
R1#show ip bgp
BGP table version is 7, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0/8 0.0.0.0 0 0 32768 i
* 10.0.0.2 0 0 0 200 i
*> 11.0.0.0/8 10.0.0.2 0 0 0 200 i
*> 192.168.1.0/24 0.0.0.0 0 0 32768 i
*> 192.168.2.0/24 10.0.0.2 0 0 0 200 i
*> 192.168.3.0/24 10.0.0.2 0 0 0 200 300 i
R1#show ip bgp neighbors
========================================:COMPLETED:========================================
==> Switch Backup:
Switch#interface vlan1
Switch#ip address 192.168.1.254
Switch# ping <tftp server IP>
Switch# copy tftp: startup
==> Access Point:
Comments
Post a Comment