Академический Документы
Профессиональный Документы
Культура Документы
Essentials
Version 1.0.2 - November 16, 2015
by Christian Brli
www.macparc.ch/ccna
Table of Contents
1
2
3
13 Dynamic Routing ................................................................................................................................................................ 32
13.1 Check for Dynamic Routing Protocols ............................................................................................................ 32
13.2 Enable RIP or RIPv2 (IPv4) ................................................................................................................................. 33
13.3 Enable RIPng (IPv6) ............................................................................................................................................... 34
14 Single-Area OSPFv2 (IPv4) ............................................................................................................................................ 35
14.1 Router ID ..................................................................................................................................................................... 35
14.2 Enable OSPF on Interfaces ................................................................................................................................... 36
14.3 Propagating a Default Static Route in OSPF ................................................................................................. 38
14.4 OSPF Cost .................................................................................................................................................................... 39
14.5 Secure OSPF with MD5 Authentication .......................................................................................................... 42
14.6 Verify OSPF ................................................................................................................................................................. 43
15 Single-Area OSPFv3 (IPv6) ............................................................................................................................................ 46
15.1 Differences between OSPFv2 and OSPFv3 ................................................................................................... 46
15.2 Steps to Configure OSPFv3 .................................................................................................................................. 46
15.3 Configure Link-Local Addresses ....................................................................................................................... 47
15.4 OSPFv3 Router ID .................................................................................................................................................... 48
15.5 Enable OSPFv3 on Interfaces ............................................................................................................................. 49
15.6 Modify OSPFv3 Hello and Dead Intervals ..................................................................................................... 50
15.7 Propagating a Default Static Route in OSPFv3 ............................................................................................ 51
15.8 Verify OSPFv3 ........................................................................................................................................................... 52
16 Multiarea OSPF .................................................................................................................................................................... 54
16.1 Configure Multiarea OSPFv2 .............................................................................................................................. 54
16.2 OSPF Route Summarization ................................................................................................................................ 55
16.3 Configure Multiarea OSPFv3 .............................................................................................................................. 56
16.4 Verify Multiarea OSPF ........................................................................................................................................... 57
17 EIGRP for IPv4 ..................................................................................................................................................................... 59
17.1 Router ID ..................................................................................................................................................................... 59
17.2 The network Command ........................................................................................................................................ 60
17.3 Passive Interfaces .................................................................................................................................................... 61
17.4 Automatic Summarization ................................................................................................................................... 62
17.5 Manual Summarization ......................................................................................................................................... 64
17.6 Propagating a Default Static Route .................................................................................................................. 65
17.7 Fine-tuning EIGRP Interfaces ............................................................................................................................. 66
17.8 MD5 Authentication ............................................................................................................................................... 67
17.9 Troubleshoot EIGRP ............................................................................................................................................... 69
17.10
Verify EIGRP for IPv4 ....................................................................................................................................... 70
18 EIGRP for IPv6 ..................................................................................................................................................................... 73
18.1 Configure IPv6 Link-local Adresses ................................................................................................................. 73
18.2 Configure EIGRP for IPv6 ..................................................................................................................................... 73
18.3 Enable EIGRP for IPv6 on Interfaces ............................................................................................................... 74
18.4 Passive Interfaces .................................................................................................................................................... 74
18.5 Manual Summarization ......................................................................................................................................... 75
18.6 Propagating a Default Static Route .................................................................................................................. 76
18.7 Fine-tuning EIGRP Interfaces ............................................................................................................................. 77
18.8 MD5 Authentication ............................................................................................................................................... 78
18.9 Troubleshoot EIGRP ............................................................................................................................................... 78
18.10
Verify EIGRP for IPv6 ....................................................................................................................................... 79
19 Access Control Lists (ACLs) ........................................................................................................................................... 81
19.1 Numbered and Named ACLs ............................................................................................................................... 81
19.2 Wildcard Bit Mask Abbrevations ...................................................................................................................... 81
19.3 The Implied "Deny All Traffic" Criteria Statement ................................................................................... 81
19.4 Standard ACLs (IPv4) ............................................................................................................................................ 82
19.5 Extended ACLs (IPv4) ............................................................................................................................................ 87
19.6 IPv6 ACLs .................................................................................................................................................................... 91
19.7 Verify ACLs ................................................................................................................................................................. 93
20 DHCP ........................................................................................................................................................................................ 95
20.1 Basic DHCPv4 Configuration .............................................................................................................................. 95
20.2 Verify DHCPv4 .......................................................................................................................................................... 96
20.3 DHCPv4 Relay ........................................................................................................................................................... 97
20.4 Configure a Router as DHCP Client .................................................................................................................. 97
20.5 Verify DHCPv4 Relay & Services ....................................................................................................................... 98
20.6 Debug DHCPv4 .......................................................................................................................................................... 98
20.7 DHCPv6 ........................................................................................................................................................................ 99
21 NAT for IPv4 ....................................................................................................................................................................... 105
21.1 Static NAT ................................................................................................................................................................. 105
21.2 Dynamic NAT ........................................................................................................................................................... 107
21.3 PAT (NAT Overload) ............................................................................................................................................ 109
21.4 Port Forwarding (Tunneling) ........................................................................................................................... 111
21.5 Troubleshoot NAT ................................................................................................................................................. 112
22 Spanning Tree .................................................................................................................................................................... 113
22.1 Default Switch STP Settings .............................................................................................................................. 113
22.2 Configure and Verify the Bridge ID (BID)/Priority ................................................................................ 113
22.3 Configure and Verify Port Cost ........................................................................................................................ 114
22.4 PortFast and BPDU Guard .................................................................................................................................. 115
22.5 PVST+ Load Balancing ......................................................................................................................................... 116
22.6 Rapid PVST+ ............................................................................................................................................................ 117
22.7 Analyzing the STP Topology ............................................................................................................................. 118
22.8 STP Status Overview ............................................................................................................................................ 118
22.9 First Hop Redundancy Protocols (FHRP) ................................................................................................... 119
23 EtherChannel ..................................................................................................................................................................... 121
23.1 Link Aggregation Control Protocol (LACP) ................................................................................................ 121
23.2 Port Aggregation Protocol (PagP) .................................................................................................................. 122
23.3 Verify EtherChannel ............................................................................................................................................. 123
24 Point-to-Point Connections ......................................................................................................................................... 125
24.1 Configure HDLC Encapsulation ....................................................................................................................... 125
24.2 Verify a Serial Interface ...................................................................................................................................... 125
24.3 Configure PPP Encapsulation ........................................................................................................................... 127
24.4 Verify PPP Configuration/Encapsulation ................................................................................................... 131
25 Frame Relay ........................................................................................................................................................................ 133
25.1 Basic Frame Relay Configuration ................................................................................................................... 133
25.2 Configure a Static Frame Relay Map ............................................................................................................. 134
25.3 Configure Point-to-Point Subinterfaces ....................................................................................................... 136
25.4 Local Management Interface (LMI) ............................................................................................................... 137
25.5 Verify Frame Relay ............................................................................................................................................... 138
25.6 Troubleshoot Frame Relay ................................................................................................................................ 140
26 PPPoE Client Configuration for DSL ......................................................................................................................... 141
27 Virtual Private Networks (VPNs) .............................................................................................................................. 142
27.1 GRE Tunnel ............................................................................................................................................................... 142
28 Monitoring the Network ............................................................................................................................................... 144
28.1 Syslog .......................................................................................................................................................................... 144
28.2 Simple Network Management (SNMP) ........................................................................................................ 148
28.3 NetFlow ...................................................................................................................................................................... 150
29 Troubleshooting the Network .................................................................................................................................... 154
29.1 Data Collection for Documentation ............................................................................................................... 154
29.2 Gather Symptoms .................................................................................................................................................. 155
29.3 Troubleshooting IP Connectivity .................................................................................................................... 156
30 IOS Images & Licensing ................................................................................................................................................. 163
30.1 Display the IOS Image .......................................................................................................................................... 163
30.2 IOS Backup ............................................................................................................................................................... 164
30.3 Select Boot System ................................................................................................................................................ 165
30.4 IOS Licensing ........................................................................................................................................................... 166
IOS Shortcuts ................................................................................................................................................................................ 172
4
console 0
logging synchronous
password cisco
login
exit
S1(config)# line
S1(config-line)#
S1(config-line)#
S1(config-line)#
vty 0 4
password cisco
login
exit
S1(config)# line
S1(config-line)#
S1(config-line)#
S1(config-line)#
aux 0
password cisco
login
exit
Restore a switch into its factory default condition with 1 default VLAN
Switch# delete flash:vlan.dat
Switch# erase startup-config
Switch# reload
console 0
logging synchronous
password cisco
login
exit
R1(config)# line
R1(config-line)#
R1(config-line)#
R1(config-line)#
vty 0 4
password cisco
login
exit
R1(config)# line
R1(config-line)#
R1(config-line)#
R1(config-line)#
aux 0
password cisco
login
exit
Resetting Router Configuration
Router# erase startup-config
Router# reload
3 Verification Commands
or
5 Switch Management Interface Configuration
6.2 Auto-MDIX
S1# configure terminal
S1(config)# interface FastEthernet 0/1
S1(config-if)# duplex auto
S1(config-if)# speed auto
S1(config-if)# mdix auto
S1(config-if)# end
S1# copy running-config startup-config
Verify Auto-MDIX
S1# show controllers ethernet-controller fa 0/1 phy | include Auto-MDIX
10
Configure the IP domain
S1# configure terminal
S1(config)# ip domain-name cisco.com
Generate RSA key pairs
S1(config)# crypto key generate rsa
The name for the keys will be S1.cisco.com
(Deleting RSA key pairs)
S1(config)# crypto key zeroize rsa
Configure user authentication
S1(config)# username admin secret ccna
Configure the vty lines
S1(config)# line
S1(config-line)#
S1(config-line)#
S1(config-line)#
vty 0 15
transport input ssh
login local
exit
Enable SSH version 2
S1(config)# ip ssh version 2
S1(config)# exit
11
S1(config-if)# shutdown
Configure a range of ports
Enable DHCP snooping for specific VLANs
S1(config)# ip dhcp snooping vlan 10,20
Defining the trusted ports
S1(config)# interface FastEthernet0/1
S1(config-if)# ip dhcp snooping trust
Limit the rate at which bogus DHCP requests can continually be sent through untrusted ports
S1(config)# interface FastEthernet0/2
S1(config-if)# ip dhcp snooping limit rate 5
12
7.4.2
7.4.3 Sticky Secure MAC Addresses
To convert dynamically learned MAC addresses to sticky secure MAC addresses
S1(config)# interface FastEthernet 0/1
S1(config-if)# switchport mode access
S1(config-if)# switchport port-security
S1(config-if)# switchport port-security maximum 50
S1(config-if)# switchport port-security mac-address sticky
Manually defined sticky secure MAC addresses
S1(config-if)# switchport port-security mac-address sticky mac-address
Disable sticky learning
S1(config-if)# no switchport port-security mac-address sticky
13
7.6.2
7.6.3
NTP client
R2(config)# ntp server 10.0.0.1
7.7.2
Verify NTP
R2# show ntp status
14
8 VLANs
Good practice, but not necessary: Normal Range VLANs (11005) are saved to vlan.dat (flash
memory).
S1# copy running-config startup-config
Create a series of VLAN IDs
S1(config)# vlan 100,125,130,140-159
Deleting the entire vlan.dat file (reset to factory default VLAN configuration)
S1# delete flash:vlan.dat
or
S1# delete vlan.dat
15
16
9 Trunks
Return Port to Access Mode
Permanent nontrunking mode, regardless of whether the neighboring interface is a trunk interface.;
negotiates to convert the link into a nontrunk link.
S1(config-if)# switchport mode dynamic auto
Default switchport mode for all Ethernet interfaces.
The interface is able to convert the link to a trunk link if the neighboring interface is set to trunk or
desirable mode.
S1(config-if)# switchport mode dynamic desirable
Able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring
interface is set to trunk or desirable mode.
S1(config-if)# switchport mode trunk
Permanent trunking mode, even if the neighboring interface is not a trunk interface; negotiates to
convert the neighboring link into a trunk link.
17
9.3.2 DTP Configuration Matrix
Results of the DTP configuration options on opposite ends of a trunk link
9.3.3 Disable DTP
E.g. to enable trunking from a Cisco switch to a device that does not support DTP
S1(config-if)# switchport nonegotiate
Prevents the interface from generating DTP frames. You can use this command only when the interface
switchport mode is access or trunk. You must manually configure the neighboring interface as a
trunk interface to establish a trunk link.
9.3.4
18
Step 1: Use the show vlan command to check whether the port belongs to the expected VLAN.
If the port is assigned to the wrong VLAN, use the switchport access vlan command
to correct the VLAN membership.
Use the show mac address-table command to check which addresses were learned
on a particular port of the switch and to which VLAN that port is assigned.
Step 2: If the VLAN to which the port is assigned is deleted, the port becomes inactive.
Use the show vlan or show interfaces switchport command.
Examples:
S1# show interfaces FastEthernet 0/1 switchport
19
Step 1: Use the show interfaces trunk command to check whether the local and peer native
VLANs match. If the native VLAN does not match on both sides, VLAN leaking occurs.
Step 2: Use the show interfaces trunk command to check whether a trunk has been
established between switches.
Statically configure trunk links whenever possible. Cisco Catalyst switch ports use DTP
by default and attempt to negotiate a trunk link.
Example:
20
10.4.2 Disable Protected Port
10.4.3 Verify the PVLAN Edge Configuration
21
11 Inter-VLAN Routing
11.1.1 Switch Configuration
vlan 10
vlan 10
vlan 30
vlan 30
11.1.2 Router Configuration
R1(config)# interface g0/0
R1(config-if)# ip address 172.17.10.1 255.255.255.0
R1(config-if)# no shutdown
R1(config)# interface g0/1
R1(config-if)# ip address 172.17.30.1 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# end
22
11.2.1 Switch Configuration
S1(config)# vlan 10
S1(config-vlan)# vlan 30
S1(config-vlan)# interface f0/5
S1(config-if)# switchport mode trunk
S1(config-if)# end
11.2.2 Router Configuration
R1(config)# interface g0/0.10
R1(config-subif)# encapsulation dot1q 10
R1(config-subif)# ip address 172.17.10.1 255.255.255.0
R1(config-subif)# interface g0/0.30
R1(config-subif)# encapsulation dot1q 30
R1(config-subif)# ip address 172.17.30.1 255.255.255.0
R1(config-subif)# interface g0/0
R1(config-if)# no shutdown
R1(config-if)# end
Verify Subinterfaces:
R1# show vlan
R1# show ip route
Verify Routing:
PC1> ping 172.17.30.23
PC1> tracert 172.17.30.23
23
11.3.2 Inter-VLAN Routing with Routed Ports
S1(config)# interface fastethernet 0/1
S1(config-if)# no switchport
S1(config-if)# ip address 172.17.10.1 255.255.255.0
S1(config-if)# no shutdown
S1(config-if)# exit
S1(config)# interface fastethernet 0/3
S1(config-if)# no switchport
S1(config-if)# ip address 172.17.30.1 255.255.255.0
S1(config-if)# no shutdown
S1(config-if)# exit
S1(config)# ip routing
24
11.3.3 Static Routing on a Cisco Catalyst 2960 Switch
Check setting template
Enable the routing functionality on the Cisco 2960 Layer 2 switch
Full-featured multilayer switches (e.g. Cisco Catalyst 3560 Series) support the EIGRP, OSPF, and BGP
routing protocols.
S1(config)# sdm prefer lanbase-routing
S1(config)# do reload
S1(config)# interface fastethernet 0/6
S1(config-if)# switchport access vlan 2
S1(config-if)# interface vlan 1
S1(config-if)# ip address 192.168.1.1 255.255.255.0
S1(config-if)# interface vlan 2
S1(config-if)# ip address 192.168.2.1 255.255.255.0
S1(config-if)# no shutdown
S1(config)# ip routing
Configure default route
Configure a static route to the remote network 192.168.2.0/24 (VLAN 2) on the Router R1
R1(config)# ip route 192.168.2.0 255.255.255.0 g0/1
25
26
12 Static Routing
The distance parameter is used to create a floating static route by setting an administrative distance
that is higher than a dynamically learned route.
Common Examples:
Next-hop address:
R1(config)# ip route 172.16.1.0 255.255.255.0 172.16.2.2
Exit interface:
R1(config)# ip route 172.16.1.0 255.255.255.0 serial 0/0/0
Fully specified:
R1(config)# ip route 172.16.1.0 255.255.255.0 G0/1 172.16.2.2
Verifying
R1#
R1#
R1#
R1#
R1#
R1#
ping 192.168.2.2
traceroute 192.168.2.10
show ip route
show ip route static | begin Gateway
show ip route 192.168.2.1
show running-config | section ip route
27
Common Examples:
Next-hop address:
R1(config)#
Exit interface:
R1(config)#
Fully specified:
R1(config)#
Verifying:
R1# show ip route
12.3 IPv4 Summary Static Route
Example:
The four static route entries could be reduced to 172.20.0.0/14 entry. The four static route entries can
be removed and replaced by a summary static route.
R1(config)# no ip route 172.20.0.0 255.255.0.0 serial 0/0/0
R1(config)# no ip route 172.21.0.0 255.255.0.0 serial 0/0/0
R1(config)# no ip route 172.22.0.0 255.255.0.0 serial 0/0/0
R1(config)# no ip route 172.23.0.0 255.255.0.0 serial 0/0/0
R1(config)#
R1(config)# ip route 172.20.0.0 255.252.0.0 serial 0/0/0
28
By default, static routes have an administrative distance of 1, making them preferable to routes
learned from dynamic routing protocols.
For example, the administrative distances of some common dynamic routing protocols are:
EIGRP = 90
IGRP = 100
OSPF = 110
IS-IS = 115
RIP = 120
The administrative distance of a static route can be increased to make the route less desirable than
that of another static route or a route learned through a dynamic routing protocol. In this way, the
static route floats and is not used when the route with the better administrative distance is active.
Verification shows that the default route to R2 is installed in the routing table. Note that the backup
route to R3 is not present in the routing table.
29
(extended ping)
12.6 IPv6 Static Route
Enable IPv6 Routing: R1(config)# ipv6 unicast-routing
Verifying:
R1# show ipv6 route
Common Examples:
Next-hop address:
R1(config)# ip route 2001:db8:acad:2::/64 2001:db8:acad:4::2
Exit interface:
R1(config)# ip route 2001:db8:acad:2::/64 s0/0/0
Fully specified:
R1(config)# ip route 172.16.1.0 255.255.255.0 s0/0/0 fe80::2
Verifying
R1#
R1#
R1#
R1#
R1#
R1#
ping 192.168.2.2
traceroute 192.168.2.10
show ipv6 route
show ipv6 route static
show ipv6 route 2001:db8:acad:3::
show running-config | section ipv6 route
30
Common Examples:
Next-hop address:
Exit interface:
Verify:
31
13 Dynamic Routing
Verify the IPv4 routing protocol settings currently configured
R1# show ip protocols respectively R1# show ipv6 protocols
32
Disable and eliminate RIP
R1(config)# no router rip
Configure which locally connected networks should be advertised
R1(router-config)# network network-address
Example:
R1(config)# router rip
R1(router-config)# network 192.168.1.0
R1(router-config)# network 192.168.2.0
Enable RIPv2
R1(config)# router rip
R1(router-config)# version 2
Disable automatic network number summarization
R1(router-config)# no auto-summary
(RIPv2 must be enabled before automatic summarization is disabled.)
Configure passive interfaces (stop routing updates out of specified interfaces)
R1(router-config)# passive-interface intf
Examples:
R1(config)# router rip
R1(router-config)# passive-interface serial 0/0/0
Stop routing updates out of all interfaces
R1(router-config)# passive-interface default
Re-enable routing updates out of a specified interface
R1(router-config)# no passive-interface gigabitethernet 0/1
Propagate a default route (configured on the edge router)
33
Example:
R1(config)# ipv6 unicast-routing
R1(config)#
R1(config)# interface g0/1
R1(config-if)# ipv6 rip RIP-AS enable
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
R1(config)# interface s0/0/1
R1(config-if)# ipv6 rip RIP-AS enable
R1(config-if)# no shutdown
Propagate a default route (configured on the edge router)
Display (only) the RIP routes from the IPv6 routing table
R1# show ipv6 route rip
34
Example:
R3(config)# router ospf 10
The process-id value represents a number between 1 and 65,535 and is selected by the network
administrator. The process-id value is locally significant, which means that it does not have to be the
same value on the other OSPF routers to establish adjacencies with those neighbors.
14.1 Router ID
14.1.1 Configure & Verify Router ID
Example:
R1# clear ip ospf process
Reset ALL OSPF processes? [no]: y
Verify (only Router ID section)
14.1.3 Using a Loopback Interface as the Router ID
R3(config)# interface loopback 0
R3(config-if)# ip address 3.3.3.3 255.255.255.255
R3(config-if)# end
35
Example:
36
14.2.4 Modify OSPFv2 Hello and Dead Intervals
R1(config-if)# ip ospf hello-interval seconds
R1(config-if)# ip ospf dead-interval seconds
Reset to default values (Hello = 10 s; Dead = 40 s):
Verify OSPF intervals:
Verify OSPF timer activity:
R1# show ip ospf neighbor
37
14.2.5 Configure Passive Interfaces
Example:
R1(config-router)# passive-interface GigabitEthernet 0/0
All interfaces can be made passive: R1(config-router)# passive-interface default
Re-enabled interface: R1(config-router)# no passive-interface GigabitEthernet 0/1
14.3 Propagating a Default Static Route in OSPF
To propagate a default route, the edge router aka the entrance, gateway, or autonomous system
boundary router (ASBR) - must be configured with:
A default static route using the ip route 0.0.0.0 0.0.0.0 {ip-address | exit-intf}
command.
The default-information originate router configuration mode command instructs the router
to be the source of the default route information and propagate the default static route in OSPF
updates.
38
39
14.4.3 Verify Link Cost
14.4.4 Adjust Interface Bandwith Setting
Use the show interfaces command to view the interface bandwidth setting.
On Cisco routers, the default bandwidth on most serial interfaces is set to 1.544 Mb/s.
Adjust the interface bandwidth:
R1(config)# intf
R1(config-if)# bandwidth kilobits
Restore to the default value:
40
R1(config-if)# no bandwidth [kilobits]
14.4.5 Manually Setting the OSPF Cost
As an alternative to setting the default interface bandwidth, the cost can be manually configured on an
interface.
R1(config)# intf
R1(config-if)# ip ospf cost value
Both the bandwidth interface command and the ip ospf cost interface command achieve the same
result, which is to provide an accurate value for use by OSPF in determining the best route.
An advantage of configuring a cost over setting the interface bandwidth is that the router does not
have to calculate the metric when the cost is manually configured. In contrast, when the interface
bandwidth is configured, the router must calculate the OSPF cost based on the bandwidth. The ip
ospf cost command is useful in multi-vendor environments where non-Cisco routers may use a
metric other than bandwidth to calculate the OSPF costs.
41
14.5.2 Enable OSPF MD5 Authentication on a Per-Interface basis
R1(config-if)# ip ospf message-digest-key key md5 password
R1(config-if)# ip ospf authentication message-digest
42
FULL state means that the router and its neighbor have identical OSPF LSDBs. On multiaccess
networks such as Ethernet, two routers that are adjacent may have their states displayed as 2WAY.
The dash indicates that no DR or BDR is required because of the network type.
Two routers may not form an OSPF adjacency if:
The subnet masks do not match, causing the routers to be on separate networks.
OSPF Hello or Dead Timers do not match.
OSPF Network Types do not match.
There is a missing or incorrect OSPF network command.
14.6.2 Verify OSPF Protocol Settings
The show ip protocols is a quick way to verify vital OSPF configuration information. This includes
the OSPF process ID, the router ID, networks the router is advertising, the neighbors the router is
receiving updates from, and the default administrative distance (default is 110 for OSPF).
R1# show ip protocols
43
14.6.3 Verify OSPF Process Information
The show ip ospf command displays the OSPF area information and the last time the SPF algorithm
was calculated.
R1# show ip ospf
44
14.6.4 Verify OSPF Interface Settings
14.6.5 Verify the OSPF Learned Routes
Display only the OSPF learned routes in the routing table.
R1# show ip route ospf
14.6.6 Verify OSPF MD5 authentication
45
46
47
Example:
Example:
15.4.2 Modify OSPFv3 Router ID
48
49
Reset to default values (Hello = 10 s; Dead = 40 s):
Verify OSPF intervals:
Verify OSPF timer activity:
50
To propagate a default route, the edge router aka the entrance, gateway, or autonomous system
boundary router (ASBR) - must be configured with:
A default static route using the ipv6 route ::/0 {ipv6-address | exit-intf} command.
The default-information originate router configuration mode command instructs the router
to be the source of the default route information and propagate the default static route in OSPF
updates.
51
15.8.2 Verify OSPFv3 Protocol Settings
R1# show ipv6 protocols
15.8.3 Verify OSPF Process Information
R1# show ipv6 ospf
52
15.8.4 Verify OSPFv3 Interface Settings
15.8.5 Verify the IPv6 Routing Table
R1# show ipv6 route ospf
53
16 Multiarea OSPF
A router simply becomes an Area Border Router (ABR) when it has two network statements in
different areas.
54
Interarea route summarization occurs on Area Border Routers (ABRs) and applies to routes from
within each area. It does not apply to external routes injected into OSPF via redistribution.
55
56
Commands that verify specific multiarea information include:
show ip protocols
show ip ospf interface brief
57
show ip ospf database
Note: For the equivalent OSPFv3 command, simply substitute ip with ipv6.
58
Example:
R1(config)# router eigrp 1
The autonomous-system argument can be assigned to any 16-bit value between the number 1 and
65,535. All routers within the EIGRP routing domain must use the same autonomous system number.
Remove the EIGRP routing process: no router eigrp autonomous-system
17.1 Router ID
17.1.1 Configure & Verify Router ID
17.1.2 Using a Loopback Interface as the Router ID
R3(config)# interface loopback 0
R3(config-if)# ip address 3.3.3.3 255.255.255.255
R3(config-if)# end
59
60
To configure EIGRP to advertise specific subnets only, use the wildcard-mask option with the
network command:
R1(config-router)# network network-address [wildcard-mask]
Some IOS versions also let you enter the subnet mask instead of a wildcard mask. However, if the
subnet mask is used, the IOS converts the command to the wildcard-mask format within the
configuration.
To configure all interfaces as passive, use the passive-interface default command. To disable an
interface as passive, use the no passive-interface interface-type interface-number
command.
61
17.4.2 Verify Auto-Summary
62
EIGRP for IPv4 automatically includes a Null0 summary route whenever the following conditions exist:
There is at least one subnet that was learned via EIGRP.
There are two or more network EIGRP router configuration mode commands.
Automatic summarization is enabled.
The Null0 interface is a virtual IOS interface that is a route to nowhere, commonly known as "the bit
bucket." Packets that match a route with a Null0 exit interface are discarded.
The purpose of the Null0 summary route is to prevent routing loops for destinations that are included
in the summary, but do not actually exist in the routing table.
63
Note: Summary routes have to be configured on all interfaces that send EIGRP packets.
64
17.6.2 Verify Default Static Route in EIGRP
65
17.7.2 Hello Intervals and Hold Timers
17.7.3 Load Balancing
Cisco IOS, by default, allows load balancing using up to four equal-cost paths; however, this can be
modified - up to 32 equal-cost routes can be kept in the routing table.
R1(config-router)# maximum-paths value
66
a) In global configuration mode, create the keychain.
b) Specify the key ID which is used to identify an authentication key within a keychain. The range of
keys is from 0 to 2,147,483,647. It is recommended that the key number be the same on all routers in
the configuration.
c) Specify the key string for the key. The key string is similar to a password. Routers exchanging
authentication keys must be configured using the same key string.
Step 2: Configure EIGRP authentication using keychain and key
a) In global configuration mode, specify the interface on which to configure EIGRP message
authentication.
b) Enable EIGRP message authentication. The md5 keyword indicates that the MD5 hash is to be used
for authentication.
c) Specify the keychain that should be used for authentication. The name-of-chain argument specifies
the keychain that was created in Step 1.
67
Verify EIGRP MD4 authentication:
Adjacencies are only formed when both connecting devices have authentication configured,. To verify
that the correct EIGRP adjacencies were formed after being configured for authentication, use the
show ip eigrp neighbors command on each router.
After EIGRP message authentication is configured on one router, any adjacent neighbors that have not
yet been configured for authentication are no longer EIGRP neighbors - the following IOS message
appears:
%DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.3.2 (Serial0/0/0) is down:
authentication mode changed
When the adjacent interface is configured, the adjacency is re-established and the following IOS
message will be displayed:
%DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.3.2 (Serial0/0/0) is up: new
adjacency
68
69
17.10.2 Examine the IPv4 Routing Table
70
17.10.3 Examine Routing Protocol Processes
Default Administrative Distances:
71
17.10.4 Examine Topology Table
All links can be displayed using the show ip eigrp topology all-links command.
72
Verify link-local addresses:
73
74
18.5.2 Verify Manual Summary
75
18.6.2 Verify Default Static Route in EIGRP
76
18.7.2 Hello Intervals and Hold Timers
R1(config-if)# ipv6 hello-interval eigrp as-number seconds
R1(config-if)# ipv6 hold-time eigrp as-number seconds
77
Example:
78
18.10.2 Examine IPv6 Routing Protocol Processes
79
18.10.3 Examine the IPv6 Routing Table
80
81
Examples:
Remove ACL (from router):
R1(config)# no access-list 1
82
19.4.2 Apply Standard ACL to Interfaces
R1(config-if)# ip access-group { access-list-number | access-list-name }
{ in | out }
Remove ACL (from interface):
R1(config-if)# no ip access-group 1
19.4.3 Named Standard ACL
Example:
83
19.4.4 Commenting ACLs
R1(config-std-nacl)# remark remark
Remove remark:
R1(config-std-nacl)# no remark remark
84
19.4.5 Edit Standard Numbered ACL
Edit Numbered ACL using a text editor:
Edit Numbered ACL using a text editor:
85
19.4.6 Edit Standard Named ACL
Add a line to a named ACL:
86
Examples:
87
Generating port numbers:
19.5.2 Apply Extended ACL to Interfaces
88
19.5.3 Filter Traffic with Extended ACL
The example shown denies FTP traffic from subnet 192.168.11.0 going to subnet 192.168.10.0, but
permits all other traffic.
FTP uses TCP ports 20 and 21; therefore the ACL requires both port name keywords ftp and ftp-data
to deny FTP.
FTP uses TCP ports 20 and 21; therefore the ACL requires both ports ftp and ftp-data to deny FTP.
If using port numbers instead of port names, the commands would be written as:
access-list 101 deny tcp 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255 eq 20
access-list 101 deny tcp 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255 eq 21
To prevent the implied deny any statement at the end of the ACL from blocking all traffic, the permit
ip any any statement is added.
89
19.5.4 Named Extended ACL
Remove ACL from router:
R1(config)# no ip access-list extended name
Remove Named Extended ACL from interface:
R1(config-if)# no ip access-group name
90
91
Examples:
19.6.3 Apply IPv6 ACL to Interfaces
92
Clear counter: R1# clear access-list counters access-list_number
R1# show ip interface interface
93
94
20 DHCP
Configuring a DHCPv4 pool:
Configuring specific tasks (in DHCPv4 configuration mode):
Example:
Re-enable (disable) DHCP
95
96
By default, the ip helper-address command forwards the following eight UDP services:
Time (Port 37)
TACACS (Port 49)
DNS (Port 53)
DHCP/BOOTP client (Port 67)
DHCP/BOOTP server (Port 68)
TFTP (Port 69)
NetBIOS name service (Port 137)
NetBIOS datagram service (Port 138)
97
In the figure, the show running-config | include no service dhcp command verifies that the
DHCPv4 service is enabled since there is no match for no service dhcp.
If the service had been disabled, the no service dhcp command would be displayed in the output.
Verify that the router is receiving DHCPv4 requests from clients.
This troubleshooting step involves configuring an ACL for debugging output.
The figure shows an extended ACL permitting only packets with UDP destination ports of 67 or 68
(used by DHCPv4 clients and servers).
The extended ACL is used with the debug ip packet command to display only DHCPv4 messages.
Another useful command for troubleshooting DHCPv4 operation is the debug ip dhcp server
events command which reports server events, like address assignments and database updates. It is
also used for decoding DHCPv4 receptions and transmissions.
98
20.7 DHCPv6
DHCPv6 messages from the server to the client use UDP destination port 546.
The client sends DHCPv6 messages to the server using UDP destination port 547.
20.7.1 Stateless Address Autoconfiguration (SLAAC)
RA messages are configured on an individual interface of a router. To re-enable an interface for SLAAC
that might have been set to another option, the M and O flags need to be reset to their initial values of
0.
R1(config-if)# no ipv6 nd managed-config-flag
R1(config-if)# no ipv6 nd other-config-flag
99
20.7.2 Stateless DHCPv6 (Router as Server)
Example:
20.7.3 Stateless DHCPv6 (Router as Client)
R1(config-if)# ipv6 enable
100
20.7.4 Verify Stateless DHCPv6 Server
R1# show ipv6 dhcp pool
101
20.7.5 Stateful DHCPv6 (Router as Server)
Example:
20.7.6 Stateful DHCPv6 (Router as Client)
R1(config-if)# ipv6 enable
R1(config-if)# ipv6 address dhcp
102
20.7.7 Verify Stateful DHCPv6 Server
R1# show ipv6 dhcp pool
103
20.7.8 DHCPv6 Relay
20.7.9 Troubleshoot/Verify DHCPv6
Troubleshooting issues with DHCPv4 and DHCPv6, involves the same tasks:
Resolve address conflicts
Verify physical connectivity
Test connectivity using a static IP address
Verify switch port configuration
Test operation on the same subnet or VLAN
R1# show ipv6 dhcp conflict
R1# show ipv6 interface interface
R1# debug ipv6 dhcp detail
104
105
21.1.2 Verify Static NAT
106
Example:
107
21.2.2 Verify Dynamic NAT
108
Example:
109
21.3.2 Configure PAT with Single Address
21.3.3 Verify PAT
110
Example:
Similar to static NAT, the show ip nat translations command can be used to verify the port
forwarding.
111
debug ip nat detailed generates more overhead than debug ip nat, but it can provide the detail
* (asterisk) - The asterisk next to NAT indicates that the translation is occurring in the fast-switched
path. The first packet in a conversation is always process-switched, which is slower. The remaining
packets go through the fast-switched path if a cache entry exists.
112
22 Spanning Tree
113
Configure Port Cost:
S1(config)# interface interface-id
S1(config-if)# spanning-tree cost value
Reset Port Cost (to Default): S1(config-if)# no spanning-tree cost
Verify Port Cost:
114
Enable PortFast on all nontrunking interfaces:
Enable BPDU guard on all PortFast-enabled ports:
Verify PortFast and BPDU Guard:
115
S3(config)# spanning-tree vlan 20 root primary
S3(config)# spanning-tree vlan 10 root secondary
S1(config)# spanning-tree vlan 10 root primary
S1(config)# spanning-tree vlan 20 root secondary
Alternatively:
Verify:
116
Example:
Verify:
117
118
22.9.1 Hot Standby Router Protocol (HSRP)
Active Router:
Standby Router:
Disable HSRP:
Verify HSRP:
119
22.9.2 Gateway Load Balancing Protocol (GLBP)
R1(config-if)# glbp [group-number] priority priority
R1(config-if)# glbp [group-number] preempt [delay {minimum | reload | sync}
seconds]
R1(config-if)# glbp [group-number] ip ip-address [secondary]
Active Router:
Standby Router:
Disable GLBP:
Verify GLBP:
glbp
glbp
glbp
glbp
1
1
1
1
priority 150
(default priority is 100)
preempt
ip 192.168.1.254
load-balancing round-robin
120
R1(config-if)#
R1(config-if)#
R1(config-if)#
R1(config-if)#
23 EtherChannel
Step 1: Specify the interfaces that compose the EtherChannel group
S1(config)# interface range interface
Step 2: Create the port channel interface
Example:
121
Step 1: Specify the interfaces that compose the EtherChannel group
S1(config)# interface range interface
Step 2: Create the port channel interface
S1(config-if-range)# channel-group identifier mode desirable
Example:
S1(config)# interface range f0/1 - 2
S1(config-if-range)# channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1
S1(config-if-range)# no shut
S2(config)# interface range f0/1 - 2
S2(config-if-range)# channel-group 1 mode auto
Creating a port-channel interface Port-channel 1
S2(config-if-range)# no shut
122
123
124
24 Point-to-Point Connections
Cisco HDLC (cHDLC) is the default encapsulation method used by Cisco devices on synchronous serial
lines. If connecting non-Cisco devices, use synchronous PPP.
125
126
24.3.1 PPP Compression
127
24.3.2 Link Quality Monitoring
R1(config)# interface serial 0/0/0
R1(config-if)# encapsulation ppp
R1(config-if)# ppp quality 80
The ppp quality percentage command ensures that the link meets the quality requirement set;
otherwise, the link closes down.
Disable LQM:
R1(config-if)# no ppp quality
128
24.3.3 Multilink PPP
Step 1: Create a multilink bundle.
The interface multilink number command creates the multilink interface.
In interface configuration mode, an IP address is assigned to the multilink interface.
The interface is enabled for multilink PPP.
The interface is assigned a multilink group number.
Step 2: Assign interfaces to the multilink bundle. Each interface that is part of the multilink group:
Is enabled for PPP encapsulation.
Is enabled for multilink PPP.
Is bound to the multilink bundle using the multilink group number configured in Step 1.
To disable PPP multilink, use the no ppp multilink command.
129
24.3.4 PPP Authentication
To specify the order in which the CHAP or PAP protocols are requested on the interface, use the ppp
authentication interface configuration command, as shown in the figure. Use the no form of the
command to disable this authentication.
PAP:
CHAP:
130
131
Turn off debug mode:
132
25 Frame Relay
Step 1: Set the IP address on the interface
Step 2: Configure encapsulation
encapsulation frame-relay [cisco | ietf]
The cisco encapsulation type is the default Frame Relay encapsulation enabled on supported
interfaces. Use this option if connecting to another Cisco router.
Use the ietf encapsulation option if connecting to a non-Cisco router.
Step 3: Set the bandwidth
Step 4: Set the LMI type (optional)
Verify configuration: show interfaces serial
133
Use the keyword ietf when connecting to a non-Cisco router.
Verify:
134
A primary tool of Frame Relay is Inverse Address Resolution Protocol (ARP). Whereas ARP translates
Layer 3 IPv4 addresses to Layer 2 MAC addresses, Inverse ARP does the opposite. The corresponding
Layer 3 IPv4 addresses must be available before VCs can be used.
An example of using static address mapping is a situation in which the router at the other side of the
Frame Relay network does not support dynamic Inverse ARP for a specific network protocol. To
provide connectivity, a static mapping is required to complete the remote network layer address to
local DLCI resolution.
Another example is on a hub-and-spoke Frame Relay network. Use static address mapping on the
spoke routers to provide spoke-to-spoke reachability. Because the spoke routers do not have direct
connectivity with each other, dynamic Inverse ARP would not work between them. Dynamic Inverse
ARP relies on the presence of a direct point-to-point connection between two ends. In this case,
dynamic Inverse ARP only works between hub and spoke, and the spokes require static mapping to
provide reachability to each other.
Verify:
135
Example:
136
Display the LMI type:
Starting with the Cisco IOS software Release 11.2, the default LMI autosense feature detects the LMI
type supported by the directly connected Frame Relay switch. Based on the LMI status messages it
receives from the Frame Relay switch, the router automatically configures its interface with the
supported LMI type acknowledged by the Frame Relay switch. If it is necessary to set the LMI type, use
the frame-relay lmi-type [cisco | ansi | q933a] interface configuration command.
Configuring the LMI type disables the autosense feature.
137
Use the show frame-relay pvc [interface interface] [dlci] command to view PVC and
traffic statistics.
After the statistics are gathered, use the clear counters command to reset the statistics counters.
138
To clear dynamically created Frame Relay maps that are created using Inverse ARP, use the clear
frame-relay inarp command.
To confirm whether the frame-relay inverse-arp command resolved a remote IPv4 address to a
local DLCI, use the show frame-relay map command to display the current map entries:
When an Inverse ARP request is made, the router updates its map table with three possible PVC
connection states:
ACTIVE - Indicates a successful end-to-end (DTE to DTE) circuit.
INACTIVE - Indicates a successful connection to the switch (DTE to DCE) without a DTE detected
on the other end of the PVC. This can occur due to incorrect configuration on the switch.
DELETED - Indicates that the DTE is configured for a DLCI that the switch does not recognize as
valid for that interface.
139
LMI exchange messages:
out is an LMI status message sent by the router.
in is a message received from the Frame Relay switch.
A full LMI status message is a type 0.
An LMI exchange is a type 1.
dlci 102, status 0x2 means that the status of DLCI 102 is active.
The possible values of the status field are as follows:
0x0 - The switch has this DLCI programmed, but for some reason it is not usable. The reason could
possibly be the other end of the PVC is down.
0x2 - The Frame Relay switch has the DLCI and everything is operational.
0x4 - The Frame Relay switch does not have this DLCI programmed for the router, but that it was
programmed at some point in the past. This could also be caused by the DLCIs being reversed on
the router, or by the PVC being deleted by the service provider in the Frame Relay cloud.
140
To create a PPP tunnel, the configuration uses a dialer interface. A dialer interface is a virtual
interface. The PPP configuration is placed on the dialer interface, not the physical interface. The
dialer interface is created using the interface dialer number command. The client can
configure a static IP address, but will more likely be automatically assigned a public IP address by
the ISP.
2.
The PPP CHAP configuration usually defines one-way authentication; therefore, the ISP
authenticates the customer. The hostname and password configured on the customer router must
match the hostname and password configured on the ISP router. Notice in the figure that the
CHAP username and password match the settings on the ISP router.
3.
The physical Ethernet interface that connects to the DSL modem is then enabled with the
command pppoe enable that enables PPPoE and links the physical interface to the dialer
interface. The dialer interface is linked to the Ethernet interface with the dialer pool and
pppoe-client commands, using the same number. The dialer interface number does not have to
match the dialer pool number.
4.
The maximum transmission unit (MTU) should be set down to 1492, versus the default of 1500, to
accommodate the PPPoE headers.
R1(config)# interface dialer 2
R1(config-if)# encapsulation ppp
R1(config-if)# ip address negotiated
R1(config-if)# ppp chap hostname Fred
R1(config-if)# ppp chap password Barney
R1(config-if)# ip mtu 1492
R1(config-if)# dialer pool 1
R1(config-if)# no shutdown
R1(config-if)# interface g0/1
R1(config-if)# no ip address
R1(config-if)# pppoe enable
R1(config-if)# pppoe-client dial-pool-number 1
R1(config-if)# no shutdown
R1(config-if)# exit
141
142
27.1.2 Verify GRE Tunnel
To determine whether the tunnel interface is up or down, use the show ip interface brief
command; to verify the state of a GRE tunnel, use the show interface tunnel command.
If OSPF has also been configured to exchange routes over the GRE tunnel, verify that an OSPF
adjacency has been established over the tunnel interface using the show ip ospf neighbor
command.
143
28.1 Syslog
28.1.1 Service Timestamp
To enhance real-time debugging and management, log messages can be time-stamped and the source
address of syslog messages can be set.
To display the amount of time since the device last booted on logged events, enter:
R1(config)# service timestamps log uptime
Force each logged event to display the date and time associated with the event (more useful):
R1(config)# service timestamps log datetime
When using the datetime keyword, the clock on the networking device must be set. This can be
accomplished in one of two ways:
Manually set, using the clock set command
Automatically set, using the Network Time Protocol (NTP):
A network device can be configured as either an NTP server, thereby allowing other devices to
synchronize off of its time, or as an NTP client.
144
28.1.2 Default Logging
By default, Cisco routers and switches send log messages for all severity levels to the console. On some
IOS versions, the device also buffers log messages by default. To enable these two settings, use the
following commands:
R1(config)# logging console
R1(config)# logging buffered
The show logging command displays the default logging service settings on a Cisco router:
28.1.3 Syslog Severity Level
145
28.1.4 Configure Syslog
Step 1: Configure the destination hostname or IP address of the syslog server:
R1(config)# logging 192.168.1.3
Step 2: Control the messages that will be sent to the syslog server with the logging trap level
global configuration mode command.
For example, to limit the messages to levels 4 and lower (0 to 4), use one of the two equivalent
commands:
R1(config)# logging trap 4
R1(config)# logging trap warning
Step 3: Optionally, configure the source interface with the logging source-interface
interface-type interface number global configuration mode command.
This specifies that syslog packets contain the IPv4 or IPv6 address of a specific interface,
regardless of which interface the packet uses to exit the router.
For example, to set the source interface to g0/0, use the following command:
R1(config)# logging source-interface g0/0
A loopback interface is created, then shut down, and then brought back up. The console output reflects
these actions.
The only messages that appear on the syslog server are those with severity level of 4 or lower (more
severe).
The messages with severity level of 5 or higher (less severe) appear on the router console output, but
do not appear on the syslog server output.
146
28.1.5 Verify Syslog
Use the show logging command to view any messages that are logged. When the logging buffer is
large, it is helpful to use the pipe option (|) with the show logging command. The pipe option allows
to specifically state which messages should be displayed.
E.g. issuing the show logging | include changed state to up command ensures that only
interface notifications stating that the interface has changed to state up will be displayed.
Issuing the show logging | begin June 12 22:35 command displays the contents of the logging
buffer that occurred on or after June 12.
147
By default, SNMP does not have any traps set. Without this command, SNMP managers must poll for all
relevant information.
148
28.2.2 Verify SNMP
To verify the SNMP configuration, use any of the variations of the show snmp privileged EXEC mode
command. The most useful command is simply the show snmp command, as it displays the
information that is commonly of interest when examining the SNMP configuration.
The show snmp command output does not display information relating to the SNMP community string
or, if applicable, the associated ACL.
Using the show snmp community command, the SNMP community string and ACL information will be
displayed:
149
28.3 NetFlow
28.3.1 Configure NetFlow
Step 1: Configure NetFlow data capture - NetFlow captures data from ingress (incoming) and egress
(outgoing) packets.
Step 2: Configure NetFlow data export - The IP address or hostname of the NetFlow collector must be
specified and the UDP port to which the NetFlow collector listens.
Step 3: Verify NetFlow, its operation and statistics - After configuring NetFlow, the exported data can
be analyzed on a workstation running an appropriate application. Minimally, one can rely on
the output from a number of show commands on the router itself.
A NetFlow flow is unidirectional. This means that one user connection to an application exists as two
NetFlow flows, one for each direction. To define the data to be captured for NetFlow in interface
configuration mode:
Capture NetFlow data for monitoring incoming packets on the interface using the ip flow
ingress command.
Capture NetFlow data for monitoring outgoing packets on the interface using the ip flow
egress command.
To enable the NetFlow data to be sent to the NetFlow collector, there are several items to configure on
the router in global configuration mode:
NetFlow collectors IP address and UDP port number - Use the ip flow-export
destination ip-address udp-port command. Some common UDP ports allocated are 99,
2055, and 9996.
(Optional) NetFlow version to follow when formatting the NetFlow records sent to the
collector - Use the ip flow-export version version command. NetFlow exports data in
one of five formats (1, 5, 7, 8, and 9). Version 9 is the most versatile export data format, but not
backward compatible. Version 1 is the default version, it should be used only when it is the
only NetFlow data export format version that is supported by the NetFlow collector software.
(Optional) Source interface to use as the source of the packets sent to the collector - Use the ip
flow-export source typenumber command.
150
28.3.2 Verify NetFlow
To display a summary of the NetFlow accounting statistics, as well as which protocol uses the highest
volume of the traffic, and to see between which hosts this traffic flows, use the show ip cache flow
command.
The output at the top of the display confirms that the router is collecting data. The first highlighted
entry lists a count of 178,617 packets monitored by NetFlow. The end of the output shows statistics
about three flows, the highlighted one corresponding to an active HTTPS connection between the
NetFlow collector and R1. It also shows the source port (SrcP) and destination port (DstP) in
hexadecimal. (Hexadecimal 01BB is equal to decimal 443, the well-known TCP port for HTTPS.)
Significant fields in the flow switching cache lines:
151
Significant fields in the activity by protocol lines:
Significant fields in the NetFlow record lines:
152
Although the output of the show ip cache flow command confirms that the router is collecting
data, to ensure that NetFlow is configured on the correct interfaces in the correct directions, use the
show ip flow interface command:
To check the configuration of the export parameters, use the show ip flow export command.
The first highlighted line shows that NetFlow is enabled with Version 5 export format. The last
highlighted lines show that 1764 flows have been exported in the form of 532 UDP datagrams to the
NetFlow collector at 192.168.1.3 via port 2055.
153
154
155
29.3.2 Step 2: Check for Duplex Mismatches
156
29.3.3 Step 3: Verify Layer 2 and Layer 3 Addressing on the Local Network
Verify mappings between destination IP addresses and Layer 2 Ethernet addresses on the PC:
Verify the neighbor table on the Cisco IOS router:
A switch forwards a frame only to the port where the destination is connected. To do this, the switch
consults its MAC address table. The MAC address table lists the MAC address connected to each port.
157
Example: Missing default gateway on PC
Example: VLAN mismatch
158
29.3.4 Step 4: Verify Default Gateway
Missing IPv4 gateway:
R1 has a default route via router R2, but notice the ipconfig command reveals the absence of an IPv6
global unicast address and an IPv6 default gateway.
Using the show ipv6 interface GigabitEthernet 0/0 command , it can be seen that although
the interface has an IPv6 address, it is not a member of the All-IPv6-Routers multicast group FF02::2.
This means the router is not sending out ICMPv6 RAs on this interface.
159
29.3.5 Step 5: Verify Correct Path
To verify that the current IPv6 path matches the desired path to reach destinations, use the show ipv6
route command on a router to examine the routing table.
160
29.3.6 Step 6: Verify the Transport Layer
Two of the most common issues that affect transport layer connectivity include ACL configurations
and NAT configurations. A common tool for testing transport layer functionality is the Telnet utility.
Successful Telnet connection:
Testing the transport layer over IPv6 using port 80 (HTTP) from a PC:
Successul router Telnet connection over IPv6:
Testing the transport layer over IPv6 using port 80 (HTTP) from a router:
161
29.3.7 Step 7: Verify ACLs
Use the show ipv6 access-list and show ipv6 interfaces command to show the contents of all
IPv6 ACLs configured on a router.
29.3.8 Step 8: Verify DNS
When you configure DNS on the device, you can substitute the hostname for the IP address:
Use the ip host command to enter name to IPv4 mapping to the switch or router. The ipv6 host
command is used for the same mappings using IPv6.
To display the name-to-IP-address mapping information on the Windows-based PC, use the nslookup
command.
162
30.1.1 IOS 12.4 Software Image Name
30.1.2 IOS 15.2 Software Image Name
The memory location can include f (flash), m (RAM), r (ROM) or l (relocatable).
The compression format can be either z (zip) or x (mzip).
163
Step 2: Verify that the TFTP server has sufficient disk space to accommodate the Cisco IOS Software
image. Use the show flash0: command on the router to determine the size of the Cisco IOS
image file.
Step 3: Copy the image to the TFTP server using the copy source-url destination-url
command.
(Copy an image from a TFTP server:)
164
Specify the flash device as the source of the Cisco IOS image:
Specify the TFTP server as a source of Cisco IOS image:
If there are no boot system commands in the configuration, the router defaults to loading the first
valid Cisco IOS image in flash memory and running it.
After the router has booted, to verify the new image has loaded, use the show version command.
165
Step 1: Purchase the software package or feature to install.
Step 2: Obtain a license.
Step 3: Install the license.
Use the license install stored-location-url privileged exec mode command to install a
license file. Then reload the router using the privileged exec command reload.
166
30.4.2 License verification
Use the show license feature command to view the technology package licenses and feature
licenses supported on the router.
167
30.4.3 Activate an Evaluation Right-To-Use License
An Evaluation license is good for a 60 day evaluation period. After the 60 days, this license
automatically transitions into an Evaluation Right-To-Use license (RTU). These licenses are available
on the honor system and require the customers acceptance of the EULA.
Use the show flash0: command to verify that the licenses have been saved.
Saved licenses are restored by using the license install command.
168
30.4.5 Uninstall a License
Step 1: Disable the technology package.
Disable the active license with the command:
R1(config)# license boot module module-name technology-package package-name
disable
Reload the router using the reload command. A reload is required to make the software package
inactive.
Step 2: Clear the license.
Clear the technology package license from license storage:
R1# license clear feature-name
Clear the license boot module module-name technology-package package-name disable command
used for disabling the active license:
R1(config)# no license boot module module-name technology-package package-name
disable
Some licenses, such as built-in licenses, cannot be cleared. Only licenses that have been added by using
the license install command are removed. Evaluation licenses are not removed.
169
170
171
IOS Shortcuts
Down Arrow / Ctrl-N
Up Arrow / Ctrl-P
Tab
Ctrl-A
Ctrl-E
Ctrl-R
Redisplays a line
Ctrl-Z
Ctrl-C
Ctrl-Shift-6
172