Академический Документы
Профессиональный Документы
Культура Документы
Standard Access List (Looks at the source IP) place close to destination
Stop the Accounting users from accessing the HR server attached to Lab B router but allow all other
users access to the LAN.
RouterB#config t
RouterB(config)#access-list 10 deny 192.168.10.128 0.0.0.31
RouterB(config)#access-list 10 permit any
RouterB(config)#interface Ethernet 0
RouterB(config-if)#ip access-group 10 out
192.168.10.129/27 = /24 +3 bits = 4th octet is the interesting octet 11100000 = 224,
Block size = 256 224 = 32
Net IDs 0, 32, 64, 96,128, 160
Host 192.168.10.129 is in the 128 subnet
so subnet = 192.168.10.128
Wildcard is 0.0.0.31, one less than the block size in the interesting octet.
Prevent SMTP traffic originating from the WANs from travelling over link A to an SMTP server with
destination 192.168.115.20 by putting an outbound extended IP access list on the Serial 0 interface
of RouterX.
Source
Destination
Example
HTTP, Telnet, Simple Mail Transfer Protocol (SMTP), POP3, and FTP traffic are permitted, and the
rest of the traffic sourced from Network B destined to Network A is denied.
Permit TCP traffic with destination port values matching WWW (port 80), Telnet (port 23), SMTP
(port 25), POP3 (port 110), FTP (port 21), or FTP data (port 20).
rtr(config)#access-list 102 permit
rtr(config)#access-list 102 permit
rtr(config)#access-list 102 permit
rtr(config)#access-list 102 permit
rtr(config)#access-list 102 permit
rtr(config)#access-list 102 permit
rtr(config)#interface ethernet0
rtr(config-if)#ip access-group 102
tcp
tcp
tcp
tcp
tcp
tcp
any
any
any
any
any
any
any
any
any
any
any
any
eq www
eq telnet
eq smtp
pop3
eq 21
eq 20
in
Notice an implicit deny all clause at the end of an ACL denies all other traffic, which does not
match the permit clauses.
This allows packets with a source address in the network 192.168.10.0/24 and a destination in the
network 192.168.200.0/24 access to Network A. There is the implicit deny all clause at the end of
the ACL which denies all other traffic through E0 inbound on R1.
Viewing ACLs
Router(config)#show access-lists (shows all access lists)
Router(config)#show access-list 101 (shows access list 101)
Router(config)#show ip interface (shows the access lists on the interface)
Removal of ACLs
Router(config)#no access-list 1
Configure an extended access list name it secure_LAN to allow pings from loopback 0 Router B to
loopback 0 Router A and also an access list to allow anyone to telnet into loopback 1 on Router A
only.
RouterA>enable
RouterA#config t
RouterA(config)#ip access-list extended secure_LAN
RouterA(config-ext-nacl)#permit icmp host 172.30.1.1 host 172.16.1.1
(source)
(destination)
RouterA(config-ext-nacl)#permit tcp any host 172.20.1.1 eq telnet
RouterA(config-ext-nacl)#exit
source
destination
RouterA(config)#int s0
RouterA(config-if)#ip access-group secure_LAN in
RouterA(config-if)#exit
RouterA(config)#exit
Confirm with the show ip access-lists command
RouterA#show ip access-lists
Extended ip access list secure_LAN
Permit icmp host 172.30.1.1 host 172.16.1.1
Permit tcp any host 172.20.1.1 eq telnet
Static NAT
Dynamic NAT
A router needs to be configured with NAT and it has 15 public addresses, 179.9.8.80 through
179.9.8.95 call this pool_1. On the inside network hosts use the private addresses of 10.1.0.0/16.
What is the NAT configuration on the router?
(config)#access-list 1 permit 10.1.0.0 0.0.255.255
(config)#ip nat pool POOL_1 179.9.8.80 179.9.8.95 netmask 255.255.255.0
public address pool
(config)#ip nat inside source list 1 pool POOL_1
(config)#int E0
(config-if)#ip nat inside
(config)#exit
(config)int S0
(config-if)#ip nat outside
Another Example
Router(config)#access-list 1 permit 10.0.0.0 0.0.0.255
Router(config)#ip nat pool cisco 179.2.2.65 179.2.2.90 netmask
255.255.255.224
Router(config)#ip nat inside source list 1 pool cisco
Router(config)#interface ethernet0
Router(config-if)#ip nat inside
Router(config)#interface serial0
Router(config-if)#ip nat outside
Global outside addresses 25, therefore block size 32, netmask 256 32 = 224
Configure PAT
A border router needs to be configured with NAT and will allow 6 public addresses, 198.18.131.65
through 70. On the inside network there are 63 hosts that use the private addresses of
192.168.10.129 through 190. What is the NAT configuration on the border router?
Answer
#ip nat pool Todd 198.18.131.65 198.18.131.70 netmask 255.255.255.248
#access-list 1 permit 192.168.10.128 0.0.0.63
#ip nat inside source list 1 pool Todd overload
Question Simulation 1
Configure a router to provide Internet access. The ISP has provided you with six public IP
addresses of 198.18.158.97, 198.18.158.98, 198.18.158.99, 198.18.158.100, 198.18.158.101, and
198.18.158.102. ABC.com has 62 hosts that need access to the Internet simultaneously. The hosts
in the ABC.com LAN have been assigned private space addresses in the range of 192.168.98.65 192.168.98.126. The following have already been configured on the router
1. The basic router configuration
2. The appropriate interfaces have been configured for NAT inside an NAT outside.
3. The appropriate static routes have also been configured (since the company will be a stub
network, no routing protocol will be required)
4. All passwords have been temporarily set to "Cisco" The task is to complete the NAT configuration
using all IP addresses assigned by the ISP to provide Internet access to the hosts in the ABC1 LAN.
Functionality can be tested by clicking on the host provided for testing.
Configuration information
Router name: ABC1 inside global addresses: 198.18.158.97 198.18.158.102/29
inside local addresses: 192.168.98.65 - 192.168.98.126/26 Number of inside hosts: 62
password Cisco
Answer
ABC1(config)#ip nat inside source list 1 pool nat-pool overload
ABC1(config)#access-list 1 permit 192.168.98.64 0.0.0.63
ABC1(config)#ip nat pool nat-pool 198.18.158.97 198.18.158.102 netmask
255.255.255.248
ABC1(config)#int Fa0/0
ABC1(config-if)#ip nat inside
ABC1(config-if)#exit
ABC1(config)#int s0
ABC1(config-if)#ip nat outside
ABC1(config-if)#end
ABC1#copy run start
Previously the ip nat pool nat-pool was configured with /26 which is 255.255.255.192 which is
incorrect because we are configuring inside global and it's /29 which is 255.255.255.248.
Explanation
Public ip addresses 198.18.158.97 102
5 addresses, block size 8, 256 8 = 248, netmask 255.255.255.248
Local inside addresses 192.168.98.65 126, 62 hosts = block size 8, 16, 32, 64, block size = 64
Start of local pool 192.168.98.65 lies in the 64 subnet = 192.168.98.64
So subnet and inverse mask 192.168.98.64 0.0.0.63
Question NAT SIM 2
A network associate is configuring a router for the weaver company to provide internet access. The
ISP has provided the company six public IP addresses of 198.18.184.105 - 198.18.184.110. The
company has 14 hosts that need to access the internet simultaneously. The hosts in the company
LAN have been assigned private space addresses in the range of 192.168.100.17
192.168.100.30
Weaver>enable
Weaver#configure terminal
Router(config)#hostname weaver
Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15
Weaver(config)#ip nat pool isp_adr 198.18.184.105 198.18.184.110 netmask
255.255.255.248
Weaver(config)#ip nat inside source list 10 pool isp_adr overload
Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15
Number inside hosts = 14, block size = 16, wildcard = 0.0.0.15
Start of local pool 192.168.100.17 lies in the 192.168.100.16 subnet
198.18.184.105 110, 5 addresses block size 8, 256 8 = 248, netmask = 255.255.255.248
Weaver(config)#ip nat inside source list 10 pool isp_adr overload
overload keyword is compulsory because the internal LAN address space is more then the ISP
provided public address range 6 public address for 14 private lan hosts which all need to access the
internet at the same time.
-------------------verify configuration
-------------------#clear ip nat translation *
#clear ip nat translation inside glob ip local ip [outside glob ip local
ip]
#show ip nat translations
#show ip nat statistics
Passwords
enable password (used to secure privileged mode)
enable secret the newer encrypted password that overrides the enable password
Router#config t
Router(config)#enable secret todd
Router(config)#enable password todd
Auxiliary Password
Router#config t
Router(config)#line aux 0
Router(config-line)#login
Router(config-line)#password todd
Console Password
Router#config t
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password todd1
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password todd2
In effect the only line that changes is the line config
Boots normally.
CDP
To see if cdp is running
R3#show cdp interface
Ethernet0 is up line protocol is up
Encapsulation ARPA
Sending CDP packets every 60s
Holdtime is 180s
To disable cdp on an interface
use no cdp enable cmd
R3#config t
R3(config)#int s0
R3(config-if)#no cdp enable
R3(config-if)#^Z
R3#config t
R3(config)#int s0
R3(config-if)#cdp enable
R3(config-if)#^Z
To disable CDP on the entire router use the no cdp run in global configuration mode.
When issuing a show cdp entry command, the following information is provided.
1. Neighbor device ID
2. Layer 3 protocol information (ie IP address)
3. Local interface and Port identifiers of the neighbors remote ports
4. The hold time in seconds
5. Devices capabilities
6. Device Platform
7. IOS type and version.
Platform
1900
2500
Port ID
2
Ser0
So the output shows directly connected to the 2509 router are a switch with a hostname of
1900Switch and a 2500B router.
#show cdp neighbors displays information about directly connected devices
1. Neighbor Device ID: The hostname of the neighbor device
2. Local Interface: The interface on which the cdp packet from the neighbor is heard
3. Capability: Capability of this neighboring device - R for router, S for switch, H for Host etc.
4. Platform: The neighbor device type (ie. 2500 router)
5. Port ID: The interface of the remote neighbor sending CDP information
6. Holdtime: Decremental hold time in seconds
But there's one vital piece of info missing - the neighbor's IP address.
You'll need to run show cdp neighbor detail to get that.
IP Addresses
Example 255.255.255.192/26
Subnetting 192.168.10.0 network address with 255.255.255.192 subnet mask
How many subnets?
/26 compared to /24 = 2 extra bits borrowed for the network address, 2^2 = 4
How many hosts per subnet? = 6 bits left for the host address 2^6 2 = 62 hosts
What are the valid subnets? 256 subnet mask = block size
256 192 = 64, so subnets are
0
64
128
192
Whats the broadcast address for each subnet 63
127
191
255
1-62
Question
You work as a network technician. You have subnetted the 201.105.13.0 network with a /26 mask.
Your boss asks you how many usable subnetworks and usable host addresses per subnet this will
provide. What should you tell her?
A. 64 networks and 4 hosts
B. 4 networks and 64 hosts
C. 2 networks and 62 hosts
D. 62 networks and 2 hosts
Answer C
/26, therefore 2 bits borrowed for network
Subnets= 2^2 - 2 = 4 - 2 = 2
2 bits for network portion therefore 6 bits left for number of hosts 2^6 - 2 = 64 2 = 62
Summarization
Question
In the network shown below, what is the most efficient summarization that R1 can use to advertise
its networks to R2?
A. 172.1.0.0/22
B. 172.1.0.0/21
C. 172.1.4.0/22
D. 172.1.4.0/25
172.1.4.128/25
172.1.5.0/24
172.1.6.0/24
172.1.7.0/24
E. 172.1.4.0/21
Answer C
172.1.4.0/22
Explanation: In large internetworks, hundreds, or even thousands, of network addresses can exist. It
is often problematic for routers to maintain this volume of routes in their routing tables. Route
summarization (also called route aggregation or supernetting) can reduce the number of routes that
a router must maintain, because it is a method of representing a series of network numbers in a
single summary address.
172.1.4.0
172.1.4.128
172.1.5.0
172.1.6.0
172.1.7.0
172.1 : 00000100.0
: 00000100.128
: 00000101.0
: 00000110.0
: 00000111.0
172.1 is the same for all networks 3rd octet changes therefore reduce to binary to find the remaining
common bits, which is the first 6 bits so /16 + /6 = /22
PPP
If we have a Cisco router and a non-Cisco router connected we must configure PPP HDLC wont
work. Authentication can be used with PPP
Left#config t
Left(config)#username Right password cisco
Left(config)#int s0
Left(config-if)#encapsulation ppp
Left(config-if)#ppp authentication chap
Left(config-if)#ppp authentication pap
Left(config-if)#^Z
Passwords must match on each router
Frame Relay
Interface
Corporate
Router>enable
Router#config t
Router(config)#hostname Corp
Corp(config)#interface serial 0
Corp(config-if)#encapsulation frame-relay
Corp(config-if)#frame-relay lmi-type cisco
Corp(config-if)#ip address 10.1.1.1 255.255.255.0
Corp(config-if)#frame-relay interface-dlci 100
Corp(config-if)#no shutdown
Corp(config-if)#exit
Corp(config)#exit
Corp#
No encapsulation method was specifically configured, the default is Cisco, which means that a
Cisco router is on both sides of the link.
If you have a Cisco router on one side of the link and a Nortel or other on the other side of the link,
then the configuration would be.
Corporate
Router>enable
Router#config t
Router(config)#hostname Corp
Corp(config)#interface serial 0
Corp(config-if)#encapsulation frame-relay ietf
Corp(config-if)#frame-relay lmi-type (ansi or Q.933A)
Corp(config-if)#ip address 10.1.1.1 255.255.255.0
Corp(config-if)#frame-relay interface-dlci 100
Corp(config-if)#no shutdown
Corp(config-if)#exit
Corp(config)#exit
The frame-relay interface-dlci command performs dynamic address mapping using Inverse ARP
to map the next-hop address to the local DLCI on the router.
Static Mapping
#config t
Router(config)#interface serial 0/0
Router(config)#no fame-relay inverse-arp
Router(config-if)#encapsulation frame-relay
Router(config-if)#ip address 192.168.0.5 255.255.255.0
Router(config-if)#frame-relay map ip 192.168.0.6 100 broadcast
Router(config-if)#no shutdown
Router(config-if)exit
frame-relay map ip can be configured multiple times to associate more than one DLCI to an
interface.
If the Cisco encapsulation (default) is configured on a serial interface then by default that applies to
all VCs on that serial interface unless configured otherwise to use IETF (non Cisco) encapsulation.
Router(config-if)#frame-relay map ip 192.168.1.1 103 broadcast
Router(config-if)#frame-relay map ip 172.16.1.1 102 broadcast ietf
Router#show frame-relay map
Serial0 (up): ip 192.168.1.1 dlci 103(0x7A,0x1CA0), static, broadcast,
CISCO, status defined, active
Serial0 (up): ip 172.16.1.1 dlci 102(0x7A,0x1CA0), static, broadcast,
IETF, status defined, active
Congestion Control
Forward Explicit Congestion Notification (FECN) bit is set to zero by default, and will be set to 1
if congestion was experienced by the frame in the direction in which the frame was travelling.
Backward Explicit Congestion Notification (BECN) will be set to 1 by a DCE in frames that are
being sent back to the source. If network congestion exists in the opposite direction in which the
frame was travelling,
Subinterfaces
Point-to-Point
Central
Router>enable
Router#config t
Router(config)#hostname Central
Central(config)#interface serial 0
Central(config-if)#encapsulation frame-relay
Central(config-if)#frame-relay lmi-type cisco
Central(config-if)#no shutdown
Central(config-if)#no ip address
Central(config-if)#interface serial 0/0.1 point-to-point
Central(config-subif)#ip address 10.20.1.1 255.255.255.0
Central(config-subif)#frame-relay interface-dlci 51
Central(config-if)#interface serial 0/0.2 point-to-point
Central(config-subif)#ip address 10.20.2.1 255.255.255.0
Central(config-subif)#frame-relay interface-dlci 52
Central(config-if)#interface serial 0/0.3 point-to-point
Central(config-subif)#ip address 10.20.3.1 255.255.255.0
Central(config-subif)#frame-relay interface-dlci 53
Central(config-if)#exit
Central(config)#exit
The no ip address cmd is configured under the major interface.
Each point-to-point subinterface must be on a separate subnet.
Multipoint
Router(config)#interface serial 1
Router(config-if)#no ip address
Router(config-if)#encapsulation frame-relay
Router(config-if)#exit
Router(config)#interface serial 1.2 multipoint
Router(config-subif)#ip address 172.16.1.1 255.255.0.0
Router(config-subif)#frame-relay interface-dlci 100 b
Router(config-subif)#frame-relay map ip 172.16.1.2 200 b
Router(config-subif)#frame-relay map ip 172.16.1.3 300 b
Router(config-subif)#frame-relay map ip 172.16.1.4 400 b
Router(config-subif)#exit
dynamic
static
The multipoint subinterface shares its subnet with each mapping static or dynamic. The no
ip address cmd is configured under the major interface.
The show frame map command displays the current Network layer-to-DLCI mappings and info
about the connection
Use the show frame-relay pvc [dlci] command to display the status of each configured
This command lists all PVCs, and what DLCI numbers their using also frames sent, received,
dropped, marked discard eligible, or with their Forward Explicit Congestion Notification (FECN) or
Backward-Explicit Congestion Notification (BECN) bit set.
ISDN
ISDN BRI is made up of two B channels of 64k each and one D channel of 16k
also referred to as 2 B + D Total bandwidth for ISDN BRI, is then 144k (64+64+16=144)
D channels work with LAPD at the Data Link Layer for reliable connections.
ISDN BRI routers come with either a U interface or an S/T interface
Question
What Channel is provided by ISDN BRI?
A.
2B+1D
B.
30B+1D
C.
23B+1D
D.
2D+1B
Answer A
Terminal Adapter (TA) enables ISDN for non-ISDN devices TE2 devices ie (PCs, analogue
phone/modem)
Terminal Equipment 1 (TE1) supports ISDN (routers with ISDN interfaces, ISDN telephones,
PCs).
Terminal Equipment 2 (TE2) A non-ISDN device, (serial interface on a router PC, analogue
phone/modem) they require a TA to connect to ISDN
Network Termination 1 (NT1) Attaches to ISDN BRI lines terminates the connection from the
Central Office (CO) converts BRI signals for ISDN line.
Network Termination 2 (NT2) Used with PRI
VLAN
ISL is a Cisco proprietary VLAN tagging method,
802.1q is an open VLAN tagging standard.
Configuring Trunk Links on a Switch
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk encapsulation [dot1q / isl]
Configuring VLAN encapsulation on a Router
Router(config-if)#encapsulation dot1q vlan-number
dot1q Example
switchport
You only use the switchport command on switchesnot routers.
You can configure an interface to be an access link
Switch(config-if)#switchport mode access
Or put a port in a certain VLAN
Switch(config-if)#switchport access vlan 101
To change trunking protocol
Switch(config-if)#switchport trunk encapsulation isl
Creating VLANs
S1#config t
S1(config)#vlan 2
S1(config-vlan)#name
S1(config-vlan)#vlan
S1(config-vlan)#name
S1(config-vlan)#vlan
S1(config-vlan)#name
S1(config-vlan)#^Z
Sales
3
Marketing
4
accounting
After you have created VLANs verify them with a show vlan command
show vlan
S1#show vlan
Question
You have hired a new salesperson. All sales associates are placed in VLAN5. You are adding a port
on your Catalyst 2950 switch to VLAN 5. Which commands accomplish this goal?
A. sw1(config-if)#switchport access vlan 5
B. sw1(config)#vlan-membership port vlan 5
C. sw1(config-if)#vlan-membership static 5
D. sw1(config) #port membership vlan 5
Answer A
You go to the particular interface/port you want to assign to VLAN 5 and enter the command
switchport access vlan (vlan#).
Question
What command will configure an interface on a Catalyst 2900 series switch to carry traffic from all
VLANs to another directly connected switch? (Choose two)
A. Switch(config-if)# vlan all
B. Switch(config-if)# switchport access vlan 30
C. Switch(config-if)# switchport access vlan all
D. Switch(config-if)# switchport mode trunk
E. Switch(config-if)# switchport trunk encapsulation dot1q
Answer C, E
Switch(config-if)# switchport access vlan all
Switch(config-if)# switchport trunk encapsulation dot1q
When a switch is configured as a VTP server, you must define a VTP domain before you can create
VLANs.
Question
Host A in the graphic is connected to a switch port assigned to VLAN 1. Which two settings on host
A are required to allow connectivity with Host B on VLAN 2? (Choose two)
A. IP address: 192.1.1.66 255.255.255.240
B. IP address: 192.1.1.130 255.255.255.192
C. IP address: 192.1.1.142 255.255.255.240
D. Default gateway: 192.1.1.129
E. Default gateway: 192.1.1.65
F. Default gateway: 192.1.1.1
Answer C, D
Explanation
Sub-interface Fast Ethernet 0/0.2 was created for VLAN 1via the "encapsulation dot1q 1" command.
C is correct as
Host A resides in VLAN 1 it must be configured with an IP address in the 192.1.1.128/28
subnet
VLAN 1 192.1.1.129 255.255.255.240 host range?
256 240 = 16 Block Size
0,16, 32, 48, 64, 80, 96, 112, 128, 144
129 is in the 128 subnet, valid hosts 129 - 142
D is correct as
Host A must be configured with the IP address of the default gateway, which is the IP address
assigned to the sub-interface of the router.
Question
Which of the following are valid configuration values for the hosts shown in the graphic? (choose
three)
Routing
Route
Connected
Static
EIGRP
IGRP
OSPF
RIP
Enhanced
EIGRP
Unknown
AD
0
1
90
100
110
120
170
255
D. They send the changes to the routing table to every router in the network.
Answer A
Distance-vector routing protocols send the entire routing table to directly connected neighbors.
B is incorrect, as the routers send the tables only to their directly connected neighbors. If a router
learns of another route from its neighbor, it then passes that information on to another neighbor.
Static Routing
Example
Say that you have two locations, connected by a WAN T1 circuit. On the LAN side of each of these
locations, you have a small Ethernet network.
The only way for the devices on Ethernet LAN 10.10.1.0 to communicate with devices on network
10.10.2.0, is to use routing. With such a simple network, static routing is a perfect solution. You can
enter one route on each router and be done with the configuration.
The static routes for this network,
San Diego#conf t
San Diego(config)#ip route 10.10.2.0 255.255.255.0 20.1.1.2
Destination mask
next hop
Chicago#conf t
Chicago(config)#ip route 10.10.1.0 255.255.255.0 20.1.1.1
The syntax is: ip route <destination> <netmask>
<next hop>
<admin distance>
or<exit interface>
Example
RouterB is connected to the networks 192.168.20.0, 192.168.30.0 and 192.168.40.0
We must configure the following static routes on RouterB
192.168.10.0
192.168.50.0
Default Route
A default route serves as a gateway of last resort. If there are no matches for a destination in the
routing table, the default route will be used.
R1(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2 (next-hop IP address)
R1(config)#ip route 0.0.0.0 0.0.0.0 serial0 (local exit interface)
The syntax is: ip route 0.0.0.0 0.0.0.0 <next hop> <admin distance>
<or exit interface>
To turn off default routing add no in front
R1(config)#no ip route 0.0.0.0 0.0.0.0 200.1.1.2
Question
You are configuring router Lon, and want to configure a gateway of last resort to router Man.
Router Lon will be sending this traffic out its interface serial0, which has an ip address of 172.1.1.1
Router Man will be receiving this traffic on its interface serial1, and this interface has an ip address
of 189.12.12.12
Which of the following statements will successfully configure a gateway of last resort?
A. ip route 0.0.0.0 0.0.0.0 189.12.12.12
B. ip route 0.0.0.0 0.0.0.0 serial1
C. ip route 0.0.0.0 0.0.0.0 serial0
D.
E.
F.
G.
H.
ip
ip
ip
ip
ip
route
route
route
route
route
255.255.255.255
255.255.255.255
255.255.255.255
255.255.255.255
0.0.0.0 0.0.0.0
255.255.255.255
255.255.255.255
255.255.255.255
255.255.255.255
172.1.1.1
172.1.1.1
serial1
189.12.12.12
serial0
Answer A, C
Explanation
These are the only two routes that will work
A. ip route 0.0.0.0 0.0.0.0 189.12.12.12 (next hop ip)
C. ip route 0.0.0.0 0.0.0.0 serial0 (exit interface)
RIP
RouterA(config)#router rip
RouterA(config-router)#network 192.168.10.0
RouterA(config-router)#network 192.168.20.0
RouterA(config-router)# ^Z
RIPv1 all devices in the network must use the same subnet mask. Classful routing.
RIPv2 sends subnet mask info with the route updates. This is Classless routing.
To disable RIP RouterA(config)#no router rip
To view route information do a show ip route from privileged mode or a do show ip route from
configuration mode
RouterA#show ip route
Codes: C connected etc
R 192.168.50.0
R 192.168.40.0
R 192.168.30.0
C 192.168.20.0
C 192.168.10.0
RouterA#
RIP Example
[120/2] via
[120/1] via
[120/1] via
is directly
is directly
Configure Router A, use the network ID of 192.168.164.0/28. The s0/0 interface of Router A will use
the last available IP address in the 8th subnet and fa0/0 will use the last available IP address in the
2nd subnet. Do not consider the zero subnet valid.
Answer
/28 = 255.255.255.240 mask
256 240 = 16 block size in the 4th octet
Since we have a block size of 16 our subnets are: (not starting at subnet zero)
16, 32, 48, 64, 80, 96,112,128,144 etc
The 8th subnet for the s0/0 interface is subnet 128
Valid host range is 129 142, 143 is the broadcast address
The 2nd subnet fa0/0 = subnet 32
Valid hosts 33 46, 47 as broadcast
If the passive interface command is enabled on the fa0/0 interface of Router E, which statements
are true? (Choose two.)
A. Router E will send all routing updates via interface fa0/0.
B. Router E will ignore all routing updates learned via interface fa0/0.
C. Router E will use routing updates learned via interface fa0/0.
D. Router E will not send routing updates via interface fa0/0.
Answer C, D
Router E will use routing updates learned via interface fa0/0.
Router E will not send routing updates via interface fa0/0.
RIPv2 is a classless routing protocol (even though it is configured as classful, like RIPv1 it sends
subnet mask information along with the route updates)
RouterC(config)#router rip
RouterC(config-router)#version 2
RouterC(config-router)#network 192.168.40.0
RouterC(config-router)#network 192.168.50.0
RIP version 2 default behavior is to autosummarize routes advertised across classful boundaries. To
disable this behavior, run the no auto-summary command under the RIP process.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 172.10.0.0
If you want to see only a certain protocol route from the entire routing table, run the
show ip route followed by the protocol or route type (static, for example).
R1#show ip route rip
R 2.0.0.0/8 [120/1] via 172.16.123.2, 00:00:26, Serial0
R 3.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
[120/1] via 172.16.123.3, 00:00:09, Serial0
R 10.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
The hold down timer for RIP is 180 sec. The flush timer for RIP is 240 sec.
It broadcasts it entire routing table every 30 seconds by default and it can be load balanced as
many as six equal cost paths (4 paths are the default).
Question
You are configuring the Ike router on the network shown in the figure below. You would like to use
the RIP routing protocol to propagate all the networks to the three routers shown. What
configuration would you apply to Ike to have it participate in this objective?
A. Ike(config)#router rip
Ike(config-router)#network 172.16.0.0
Ike(config-router)#network 192.168.45.0
B. Ike(config)#router rip
Ike(config-router)#network
Ike(config-router)#network
Ike(config-router)#network
Ike(config-router)#network
172.16.30.0
192.168.35.0
192.168.45.0
192.168.55.0
C. Ike(config)#router rip
Ike(config-router)#network
Ike(config-router)#network
Ike(config-router)#network
Ike(config-router)#network
172.16.0.0
192.168.35.0
192.168.45.0
192.168.55.0
D. Ike(config)#router rip
Ike(config-router)#network 172.16.0.0
Ike(config-router)#network 192.168.0.0
Answer A
RIP is considered a classful protocol. From a configuration standpoint, this means that networks
must be entered into the configuration using their default classes (Class A, B, or C). Because
172.16.0.0 is a class B network, it must be entered as if it had a class B subnet mask rather than
the subnet mask shown in the figure. In addition, you enter directly connected interfaces only into a
routing process
EIGRP
EIGRP is a classless, enhanced distance vector Cisco proprietary protocol.
It includes the subnet mask in its route updates
It doesnt send link state updates like OSPF but sends distance vector updates with info about
networks and the cost of reaching them. But like link state it synchronises routing tables between
neighbors at startup and when the topology changes
A Discontiguous Network
Here the subnets 172.16.10.0 and 172.16.20.0 are connected together with a 10.3.1.0 network. By
default each router thinks it has the only 172.16.0.0 classful network.
RouterA(config-router)#network 172.16.0.0
RouterA(config-router)#network 10.0.0.0
RouterA(config-router)#no auto-summary
RouterB#config t
RouterB(config)#router eigrp 100
RouterB(config-router)#network 172.16.0.0
RouterB(config-router)#network 10.0.0.0
RouterB(config-router)#no auto-summary
By using the no auto-summary command EIGRP will advertise all the subnets between the two
routers.
In the presence of discontiguous subnets automatic summarisation must be disabled for routing to
work.
EIGRP topology table
Routes with larger metrics to the network via other routers, is the Reported Distance (RD).
A Feasible Successor is a neighbor whose Reported Distance is less than the current Feasible
Distance.
The Successor for a particular route is the neighbour/peer with the lowest metric/distance to that
network and is the primary route to a desination.
Feasible Distance (FD) is the route with the lowest metric to a network.
Reported Distance (FD) is the distance advertised by a neighbour
OSPF supports VLSM, has no limitation of network reachability, it maintains neighbor relationships
using the IP multicast address of 224.0.0.5. After initialization, OSPF only sends updates on routing
table sections which have changed it does not send the entire routing table.
Router ID The Router ID (RID) is an IP address used to identify the router.
The Designated Router is elected by the Hello Protocol.
A router's Hello Packet contains its Router Priority. The router with the highest priority becomes
the designated router (DR). If the priorities are the same, then the router with the highest router
ID by (the highest IP address of all loopback interfaces). If no loop-back interfaces are
configured, OSPF will choose the highest IP address.
Priority areas are 0 to 255, when the priority of a router is 0, the router will not participate in
the election.
Configuring Priority
A router with the highest OSPF priority will win the election for DR.
R3#config t
R3(config)#interface f0/0
R3(config-if)#ip ospf priority 100
Note we have to reload or shutdown the routers for election to take place and priority take effect.
We can see Priority with show ip ospf interface
R3#show ip ospf interface
FastEthernet0/0 is up, line protocol is up
Internet Address 171.154.45.39 Area 0
Process ID 64999 Router ID 171.154.45.39 Network Type BROADCAST Cost 10
Transmit Delay is 1 sec State DR Priority 100
Designated Router (ID) 171.154.45.39, Interface address 192.168.50.1
If you don't want to use a Loopback interface, you can still force the router ID to use a particular IP
address with the router-id configuration command
Router5#configure terminal
Enter configuration commands, one per line.
Router5(config)#router ospf 87
Router5(config-router)#router-id 172.25.1.7
Router5(config-router)#end
Router5#
You can see what the RID for your router is with the following command:
Router5#show ip ospf
Routing Process "ospf 87" with ID 172.25.1.7
Supports only single TOS(TOS0) routes
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
Number of external LSA 5. Checksum Sum 0x28868
Number of DCbitless external LSA 0
Number of DoNotAge external LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Area BACKBONE(0)
Number of interfaces in this area is 2
Area has no authentication
If the area address ranges are nicely assigned (which also helps immensely when you have to start
summarizing), you can use a single network statement to cover the whole area. If, for example,
area 3 has address range 10.1.16.0/20,
use network 10.1.16.0 0.0.15.255 area 3
If the router has all interfaces in a single area, I would always use
network 0.0.0.0 255.255.255.255 area area-id
(unless there is an extremely good reason that some interfaces should not be seen by the OSPF)
To configure Man router with an ip address shown and loopback interface on Fa0/0 for ospf
Man#config terminal
Man(config)#interface fa0/0
Man(config-if)#ip address 192.168.1.1 255.255.255.0
Man(config-if)#no shutdown
Man(config-if)#interface loopback 0
Man(config-if)#ip address 192.168.31.11 255.255.255.255
Man(config)#router ospf 1
Man(config-router)#network 192.168.1.0 0.0.0.255 area 0
1 is the ospf process ID which is locally significant.
So use the show ospf neighbor command to see who won DR election
Layer 2 Switching
Forward/filter decisions When a frame is received on an interface, the switch looks at the
destination hardware address and finds the exit interface in the MAC database. The frame is only
forwarded out the specified destination port.
The destination MAC address is found in the MAC address table and is forwarded out the fa0/3
interface.
Root bridge This is the bridge with the lowest bridge ID.
Root port The port with the lowest path cost to the root bridge.
Used for communicating with the root bridge.
Designated port this has been determined as having the lowest cost. A designated port will be
marked as a forwarding port.
NonDesignated port has a higher cost than the designated port Nondesignated ports are put in
blocking mode.
Any port that is not either a root port or a designated port is placed into the blocking state.
Switch A is the root bridge because its the one with the lowest bridge ID. Switch B must shut down
one of its ports connected to Switch A to prevent a switching loop from occurring.
STP will shut down the link with the lowest bandwidth, here both links are 100Mbps so STP will shut
down the highest port number ie Fa0/12.
Wireless
The Service Set Identifier (SSID) all wireless devices in a WLAN must be configured with the same
SSID in order to communicate.
Ad-hoc
The simplest form of a wireless network is created by connecting two or more wireless clients
together in a peer-to-peer network. A wireless network established in this manner is known as an
ad-hoc network and does not include an AP.
All clients within an ad-hoc network are equal. The area covered by this network is known as an
Independent Basic Service Set (IBSS).
Infrastructure Mode
Larger networks require a single device that controls communications in the wireless cell, an AP
Access Point.
The area covered by a single AP is known as a Basic Service Set (BSS) or cell.
The Basic Service Set (BSS) is the smallest building block of a WLAN. The area of coverage of a
single AP is limited. To expand the coverage area, it is possible to connect multiple BSSs through a
Distribution System (DS). This forms an Extended Service Set (ESS). An ESS uses multiple APs.
Each AP is in a separate BSS.
In order to allow movement between the cells without the loss of signal, BSSs must overlap by
approximately 10%. This allows the client to connect to the second AP before disconnecting from
the first AP.
Most home and small business environments consist of a single BSS. However, as the required
coverage area and number hosts needing to connect increases it becomes necessary to create an
ESS.
Wi-Fi Protected Access (WPA). Specifies the use of dynamic encryption keys that change each time
a client establishes a connection. It includes authentication by PSK.
Question
You and a co-worker have established wireless communication directly between your wireless
laptops. What type of wireless topology has been created?
A. BSS
B. ESS
C. IBSS
D. SSID
Answer C
Explanation
Ad-hoc mode or Independent Basic Service Set [IBSS] is simply a group of computers talking
wirelessly to each other with no access point (AP).
IPv6
21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A or
21DA:D3:0:2F3B:2AA:FF:FE28:9C5A with the leading zeros removed
A contiguous sequence of 16-bit blocks set to 0 in the colon-hexadecimal format can be
compressed to ::
FE80:0:0:0:2AA:FF:FE9A:4CA2 can be compressed to FE80::2AA:FF:FE9A:4CA2.
FF02:0:0:0:0:0:0:2 can be compressed to FF02::2.
0000, may be replaced with two colons:: as long as there is only one double colon used in an
address
1234:0:0:0:ABCD:0:0:123
could be represented as
1234::ABCD:0:0:123
or
1234:0:0:0:ABCD::123
You can identify these and other IPv6 addresses by their initial bits
1111 111010 - Link Local prefix FE80::/10
1111 111011 a site-local address IPv6 unicast address prefix FEC0::/10
1111 1111 Multicast has a prefix of FF00::/8
6to4 is 2002::/16 - this is the transition systemthe structure that allows IPv6 packets to be
transmitted over an IPv4 network without the need to configure explicit tunnels.
Autoconfiguration
MAC-48: 00:01:03:69:8B:CF
EUI-64: 0201:03ff:fe69:8bcf
Example
Host Ethernet address is 00:30:48:23:58:df
Network prefix is 2001:db8:1:cafe::/64
Address is
2001:0db8:0001:cafe:0230:48ff:fe23:58df
The change in the top byte of the address from 00 to 02 comes from the global bit being set in the
translation from IEEE MAC-48 to EUI-64
A router that is running both IPv4 and IPv6 addressing on the same interface is known as
Dual-stack