Академический Документы
Профессиональный Документы
Культура Документы
Chris Bryant
The Computer Certification
Bulldog:
Udemy:
https://www.udemy.com/u/chrisb
Over 38,000 happy students
have made me the #1
individual instructor on Udemy,
and that link shows you a full
list of my free and almost-free
Video Boot Camps! (Use the
discount code BULLDOG60 to
join my 27-hour CCNA Video
Boot Camp for just $44!)
YouTube :
http://www.youtube.com/user/cc
(Over 325 free training videos!)
Website:
http://www.thebryantadvantage.
(New look and easier-to-find
tutorials in Dec. 2013!
Facebook:
http://on.fb.me/nlT8SD
Twitter:
https://twitter.com/ccie12933
Mechanicsville, VA 23116
Contents
1 default act
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10,
1002 fddi-default
1003 token-ring-default
1004 fddinet-default
1005 trnet-default
VLAN0001
Spanning tree enabled protoco
Root ID Priority 32769
Address 000b.be2c.5180
Cost 19
Port 11 (Fa
Hello Time 2 sec
15 sec
VLAN0001
Spanning tree enabled protoco
Root ID Priority 3276
Address 000b.be2c.5180
This bridge is the root
Hello Time 2 sec
SW1: 000f.90e2.2540
SW2: 0022.91bf.5c80
SW3: 0022.91bf.bd80
10 Mbps: 100
100 Mbps: 19
1 Gbps: 4
10 Gbps: 2
SW2(config)#spanning-tree vlan
SW2(config)#spanning-tree vlan
SW2(config)#spanning-tree vlan
primary Configure this switch
secondary Configure switch as
SW3(config)#spanning vlan 20 r
SW3#show spanning vlan 20
VLAN0020 Spanning tree enab
Root ID Priority 24596
Address 0011.9375
This bridge is the root
Bridge ID
Priority 24596 (priority 24576
Address 0011.9375.de00
SW1(config)#spanning vlan 20 r
SW1#show spanning vlan 20
VLAN0020 Spanning tree enab
Root ID Priority 24596
Address 0011.9375.de00
Bridge ID
Priority 28692 (priority 28672
Address 0019.557d.8880
SW2(config)#spanning-tree vlan
<061440> bridge priority in i
The STP Timers
Switch(config)#spanning vlan ?
WORD vlan range, example: 1,
Switch(config)#spanning vlan 1
forward-time Set the forwar
hello-time Set the hello
max-age Set the max ag
priority Set the bridge
root Configure swit
<cr>
Switch(config)#spanning vlan 1
<430> number of seconds for t
Switch(config)#spanning vlan 1
<110> number of seconds betwe
Switch(config)#spanning vlan 1
<640> maximum number of secon
Switch(config)#spanning vlan 1
SW2(config-if)#spanning cost 1
SW2(config-if)#spanning vlan ?
WORD vlan range, example: 1,
SW2(config-if)#spanning vlan 1
cost Change an in
port-priority Change an in
SW2(config-if)#spanning vlan 1
<1200000000> Change an inte
SW2(config-if)#spanning vlan 1
SW1(config)#interface range fa
SW1(config-if-range)#channel-g
Creating a port-channel interf
00:33:57: %LINK-3-UPDOWN: Inte
00:33:58: %LINEPROTO-5-UPDOWN:
changed state to up
SW2(config)#int range fast 0/1
SW2(config-if-range)#channel-g
Creating a port-channel interf
00:47:36: %LINK-3-UPDOWN: Inte
00:47:37: %LINEPROTO-5-UPDOWN:
After configuring an
Etherchannel on each router
with the interface-level
command channel-group, the
output of commands show
interface trunk and show
spanning vlan 1 verifies that
STP now sees the three
physical links as one logical link
-- the virtual interface port-
channel 1 (Po1).
Note the Etherchannels cost is
9 instead of 19. This lower cost
reflects the increased
bandwidth of the Etherchannel
as compared to a single
FastEthernet physical
connection.
Number of channel-groups in us
Number of aggregators: 1
SW1(config-if)#spanning-tree b
disable Disable BPDU guard for
enable Enable BPDU guard for t
SW1(config-if)#spanning-tree b
SW1(config)#spanning-tree port
R1(config)#int s1
R1(config-if)#ip address 172.1
R1(config-if)#no shut
R3(config)#int s1
R3(config-if)#ip address 172.1
R3(config-if)#no shut
R1#show int s1
Serial1 is up, line protocol i
R3#show int s1
Serial1 is up, line protocol i
R3(config)#int s1
R3(config-if)#clockrate 56000
19:13:42: %LINEPROTO-5-UPDOWN:
R1#show int s1
Serial1 is up, line protocol i
R3#show int s1
Serial1 is up, line protocol i
Hardware is HD64570
Internet address is 172.12.13
MTU 1500 bytes, BW 1544 Kbit,
reliability 255/255, txload 1
Encapsulation HDLC, loopback
R1#ping 172.12.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
R3#ping 172.12.13.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
R3(config)#int s1
R3(config-if)#encapsulation ?
frame-relay Frame Relay netwo
hdlc Serial HDLC synchronous
ppp Point-to-Point protocol
R3(config-if)#encapsulation pp
A few seconds later, the line
protocol goes down on R3.
Authentication through
the use of the Password
Authentication Protocol
(PAP) and the Challenge-
Handshake Authentication
Protocol (CHAP)
Support for error
detection and error
recovery features
Multiprotocol support
(which Ciscos HDLC does
offer, but the original
HDLC does not)
R1(config)#int s1
R1(config-if)#encap ppp
19:37:20: %LINEPROTO-5-UPDOWN:
R1#show int s1
Serial1 is up, line protocol i
Encapsulation PPP, loopback n
R3#show int s1
Serial1 is up, line protocol i
Encapsulation PPP, loopback n
R1(config)#int s1
R1(config-if)#ppp authen chap
Success!
When all is well with CHAP
authentication, this is the
debug output. First, a set of
challenges from each router,
then a set of responses from
each, and then two success
messages.
Now that we know what the
debug output is when things
are great, lets see what
happens when the
authentications off a bit. Ill
remove the database entry
from R1 and replace it with one
using ccna for the password
instead of the upper-case
CCNA. Ill then reset the
interface to trigger
authentication.
20:31:43: %LINK-3-
UPDOWN: Interface
Serial1, changed state to
down 20:31:45: %LINK-3-
UPDOWN: Interface
Serial1, changed state to
up 20:31:57: %LINK-3-
UPDOWN: Interface
Serial1, changed state to
down 20:31:59: %LINK-3-
UPDOWN: Interface
Serial1, changed state to
up
Success!
Thats why you want to practice
with debugs in a lab
environment when things are
working properly. You see
exactly whats going on behind
the command and it gives you
a HUGE leg up when real-world
troubleshooting time comes
around.
If you get the username wrong,
the output of that debug will be
slightly different. Ill remove the
working username/password
entry and replace it with one
that has the right password but
a mistyped username.
R1(config)#int s1
R1(config-if)#ppp authenticati
R3(config)#int s1
R3(config-if)#ppp authenticati
Heres the result of the debug
2d05h: Se1 PAP: I AUTH-REQ id
2d05h: Se1 PAP: O AUTH-REQ id
2d05h: Se1 PAP: Authenticating
2d05h: Se1 PAP: O AUTH-ACK id
2d05h: Se1 PAP: I AUTH-ACK id
With PAP, there is no series of
challenges.
Im always reminding you to
use IOS Help even when you
dont need to, just to see what
other options a given command
has. I used it at the end of ppp
authentication pap, and here
are the results:
R3(config-if)#ppp authenticati
callback Authenticate remote
callin Authenticate remote on
callout Authenticate remote o
chap Challenge Handshake Auth
ms-chap Microsoft Challenge H
optional Allow peer to refuse
<cr>
According to IOS Help, we can
still enter CHAP in this
command, even though weve
already specified PAP as the
authentication protocol to use.
Now thats interesting!
Both of the following
commands are actually legal:
R1(config-if)#ppp authenticati
R3(config-if)#ppp authenticati
R3(config-if)#ppp authenticati
R1(config-if)#encapsulation fr
R1(config-if)#frame-relay lmi-
cisco
ansi
q933a
R1#show int s0
Serial0 is up, line protocol i
Internet address is 172.12.12
MTU 1500 bytes, BW 1544 Kbit,
reliability 255/255, txload 1/
Encapsulation FRAME-RELAY, lo
Keepalive set (10 sec)
Now that we know how things
look when the LMI matches,
lets set the LMI type on the
router to ansi and see what
happens.
R1(config)#int serial0
R1(config-if)#frame lmi-type a
About 30 seconds later, the li
R1(config)#int serial0
R1(config-if)#frame lmi-type a
R1(config-if)#
3d04h: %LINEPROTO-5-UPDOWN: Li
R1#show int s0
Serial0 is up, line protocol i
R1#undebug all
All possible debugging has bee
R1#show int s0
Serial0 is up, line protocol i
Internet address is 172.12.12
Encapsulation FRAME-RELAY, lo
Keepalive set (10 sec)
LMI enq sent 180, LMI stat re
LMI enqrecvd 0, LMI stat sent
LMI DLCI 1023 LMI type is CISC
R1(config)#int s0
R1(config-if)#encap frame ?
ietf Use RFC1490/RFC2427 encap
<cr>
R1(config)#int s0
R1(config-if)#no frame-relay i
R1(config)#int s0
R1(config-if)#frame inverse-ar
R1(config)#int s0
R1(config-if)#ip address 172.1
R1(config-if)#encap frame
R1(config-if)#no frame inverse
R1(config-if)#frame map ?
appletalk AppleTalk
bridge Bridging
decnetDECnet
ip IP
ipx Novell IPX
llc2 llc2
R1(config-if)#frame map ip ?
A.B.C.D Protocol specific add
R1(config-if)#frame map ip ?
A.B.C.D Protocol specific add
R1(config-if)#frame map ip 172
The next value needed is the D
R1(config-if)#frame map ip 172
<161007> DLCI
R2(config)#int s0
R2(config-if)#ip address 172.1
R2(config-if)#encap frame
R2(config-if)#no frame inverse
R2(config-if)#frame map ip 172
R2(config-if)#frame map ip 172
R2(config-if)#no shutdown
00:21:27: %SYS-5-CONFIG_I: Con
00:21:28: %LINK-3-UPDOWN: Inte
00:21:38: %FR-5-DLCICHANGE: In
00:21:39: %LINEPROTO-5-UPDOWN:
R3(config)#int serial0
R3(config-if)#ip address 172.1
R3(config-if)#encap frame
R3(config-if)#no frame inver
R3(config-if)#frame map ip 172
R3(config-if)#frame map ip 172
R3(config-if)#no shutdown
00:24:38: %LINEPROTO-5-UPDOWN:
R3#show frame map
Serial0 (up): ip 172.12.123.1
CISCO, status defined, activ
Serial0 (up): ip 172.12.123.2
R1#ping 172.12.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
R1#ping 172.12.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
R1(config)#int s0
R1(config-if)#no ip split-hori
R1(config)#int s0
R1(config-if)#ip split eigrp 1
R1(config)#int s0.12 ?
multipoint Treat as a multipo
point-to-point Treat as a poi
R1(config)#int s0
R1(config-if)#encap frame
R1(config-if)#no frame inverse
R1(config)#int s0.12
R1(config-subif)#frame map ip
FRAME-RELAY INTERFACE-DLCI com
R2(config)#int s0
R2(config-if)#ip address 172.1
R2(config-if)#encap frame
R2(config-if)#no frame inverse
R2(config-if)#frame map ip 172
R3:
R3(config)#int s0
R3(config-if)#encap frame
R3#ping 2.2.2.2
Active Inactive
Local 2 0
Switched 0 0
Unused 0 0
active
inactive
deleted
R3(config)#int s0
R3(config-if)#shut
Active Inactive
Local 1 1
Switched 0 0
Unused 0 0
DLCI = 123, DLCI USAGE = LOCAL
input pkts 159 output pkts
out bytes 0 dropped pk
in BECN pkts 0 out FECN pkt
in DE pkts 0 out DE pkts
out bcast bytes 0
http://en.wikipedia.org/wiki/T-
carrier
Its worth a read!
http://www.cisco.com/en/US/pro
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Co
IP Address: 192.168.1.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
128 64 32 16 8 4 2
192 1 1
128 64 32 16 8 4 2
192 1 1 0 0 0 0 0
Class A: 1 126
Class B: 128 191
Class C: 192 223
The following classes are
reserved and cannot be
assigned to hosts:
Class B:
Network mask:
255.255.0.0
Number of network bits:
16
Number of host bits: 16
Class C:
Network mask:
255.255.255.0
Number of network bits:
24
Number of host bits: 8
Class A: 10.0.0.0
10.255.255.255
Class B: 172.16.0.0
172.31.255.255
Class C: 192.168.0.0
192.168.255.255
Class A: 10.0.0.0
255.0.0.0, or 10.0.0.0 /8
Class B: 172.16.0.0
255.240.0.0, or
172.16.0.0 /12
Class C: 192.168.0.0
255.255.0.0, or
192.168.0.0 /16
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Co
IP Address: 192.168.1.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
R1#show ip route
Codes: C connected, S stat
R1#show ip route
Codes: C connected, S stat
Gateway of last resort is not
C 20.0.0.0/8 is directly con
C 10.0.0.0/8 is directly con
R1#show ip route
Codes: C connected, S stat
C 20.0.0.0/8 is directly con
C 10.0.0.0/8 is directly con
S 30.0.0.0/8 is directly con
128 64 32 16 8 4 2
1st
0 0 0 0 0 0 0
Octet:
2nd
0 0 0 0 0 0 0
Octet:
3rd
0 0 0 0 0 0 0
Octet:
4th
1 1 1 1 1 1 1
Octet:
Converted to dotted decimal,
the wildcard mask is 0.0.0.255.
Watch that on your exam. Dont
choose a network mask of
255.0.0.0 for an ACL when you
mean to have a wildcard mask
of 0.0.0.255.
I grant you that this is an easy
wildcard mask to determine
without writing everything out.
Youre going to run into plenty
of wildcard masks that arent as
obvious, so practice this
method until youre totally
comfortable with this process.
We also use wildcard masks in
EIGRP and OSPF configurations.
Consider a router with the
following interfaces:
serial0: 172.12.12.12 /28 (or in
dotted decimal,
255.255.255.240)
serial1: 172.12.12.17 /28
The two interfaces are on
different subnetworks. Serial0
is on the 172.12.12.0 /28
subnet, where Serial1 is on the
172.12.12.16 /28 subnet. If we
wanted to run OSPF on serial0
but not serial1, using a wildcard
mask makes this possible.
The wildcard mask will require
the first 28 bits to match
172.12.12.0; the mask doesnt
care what the last 4 bits are.
R2#ping 172.12.23.3
R3#ping 172.12.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
Success rate is 100 percent (5
R2(config)#router ospf 1
R2(config-router)#network 172.
R3(config)#router ospf 1
R3(config-router)#network 172.
A few minutes after entering
that configuration, I ran show
ip ospf neighbor on R2 and
saw nothing.
R2(config)#int e0
R2(config-if)#ip address 172.1
R2(config)#router ospf 1
R2(config-router)#no network 1
R2(config-router)#network 172.
We do!
Lets now switch focus to the
other two values you saw in
that debug command the
Hello and Dead timers.
Neighbor Value #3 & 4: The
Hello And Dead Timers
These timers have vastly
different roles, but they are
bound together in one very
important way.
The Hello timer defines how
often OSPF Hello packets will
be multicast to 224.0.0.5, while
the Dead timer is how long an
OSPF router will wait to hear a
Hello from an existing neighbor.
When the Dead timer expires,
the adjacency is dropped! Note
in the previous example that
show ip ospf neighbor shows
the dead time for each
neighbor.
The default dead time for OSPF
is four times the hello time,
which makes it 40 seconds for
Ethernet links and 120 seconds
for non-broadcast links. The
OSPF dead time adjusts
dynamically if the hello time is
changed. If you change the
hello time to 15 seconds on an
Ethernet interface, the dead
time will then be 60 seconds.
Lets see that in action. The
command show ip ospf
interface will show us a wealth
of information, including the
Hello and Dead timer values for
a given interface. Given the
defaults mentioned earlier,
what timers should we expect
to see on the Ethernet
interface?
R2(config)#int e0
R2(config-if)#no ip ospf hello
R2(config-if)#^Z
R2#
00:56:19: %SYS-5-CONFIG_I: Con
00:56:19: OSPF: Rcv hello from
00:56:19: OSPF: End of hello p
R2#
00:56:27: OSPF: Rcv DBD from 1
00:56:27: OSPF: 2 Way Communic
00:56:27: OSPF: Neighbor chang
00:56:27: OSPF: DR/BDR electio
00:56:27: OSPF: Elect BDR 0.0.
00:56:27: OSPF: Elect DR 172.1
00:56:27: OSPF: Elect BDR 172.
00:56:27: OSPF: Elect DR 172.1
00:56:27: DR: 172.12.23.3 (Id)
172.12.23.3 1 FULL/DR
R2#undebug all
All possible debugging has bee
I would know those Hello and
Dead timers like the back of my
hand for both the exam room
and working with production
networks.
Before we start our first OSPF
network (and I have a feeling
well be practicing some
troubleshooting, too!), lets
take a closer look at the Link
State Advertisements.
LSA vs. LSU?
Autonomous System
Border Router (ASBR): A
router that is performing
route redistribution.
Redistribution into OSPF,
that is!
R2(config)#int s0.123
R2(config-subif)#ip ospf prior
R3(config)#int s0.31
R3(config-subif)#ip ospf prior
R1(config)#router ospf ?
<165535> Process ID
R1(config)#router ospf 1
R1(config)#router ospf 1
R1(config-router)#network 172.
R1(config-router)#network 1.1.
R2(config)#router ospf 1
R2(config-router)#network 172.
R2(config-router)#network 2.2.
R3(config)#router ospf 1
R3(config-router)#network 172.
Lets check the adjacencies on
R1.
R1#
R1(config)#router ospf 1
R1(config-router)#neighbor 172
R1(config-router)#neighbor 172
About 30 seconds later, we get
this message from the console:
R2(config)#router ospf 1
R2(config-router)#network 172.
R3(config)#router ospf 1
R3(config-router)#network 172.
Heres the result:
R1(config-router)#exit R1(conf
R1(config-router)#router-id ?
A.B.C.D OSPF router-id in IP
R1(config-router)#router-id 11
Reload or use clear ip ospf p
Heres a rarity, at least with
Cisco. For the new RID to take
effect, you must either reload
the router or clear the OSPF
processes. Thats a fancy way
of saying All existing OSPF
adjacencies will be torn down.
The router will warn you of this
when you run that command.
R1#show ip ospf
Routing Process ospf 1 with
11.11.11.11 1 FULL/DR
R1(config)#router ospf 1
R1(config)#
03:10:09: %OSPF-4-NORTRID: OSP
R1(config)#router ospf 1
R1(config-router)#default-info
R1(config)#router ospf 1
R1(config-router)#default-info
always Always advertise d
metric OSPF default metr
metric-type OSPF metric type
route-map Route-map referen
R3(config)#router ospf 1
R3(config-router)#default-info
always Always advertise d
metric OSPF default met
metric-type OSPF metric type
route-map Route-map refere
R3(config-router)#default-info
100,000 / Interface
speed in Kbps
100,000 / 10,000 =
10
Yep!
This formula needed no real
tweaking until we started
getting interfaces on our
routers that were faster than
Fast Ethernet.
Why was more speed a bad
thing for this formula? Fast
Ethernets bandwidth is exactly
100,000 Kbps, so when OSPF
ran the formula
100,000 / 100,000 =
1
R1(config-router)#?
Router configuration commands:
area OSPF area parameter
auto-cost Calculate OSPF inte
(The rest of the OSPF commands
R1(config-router)#auto-cost ?
reference-bandwidth Use refere
<cr>
R1(config-router)#auto-cost re
<14294967>The reference bandw
Recommended settings:
Highest post speed is 1 Gig
Ethernet = Ref. bandwidth 1000
Mbps
Highest port speed is 10 Gig
Ethernet = Ref. bandwidth
10000 Mbps
Highest port speed is 100 Gig
Ethernet = Ref. bandwidth
100000 Mbps
Each of those scenarios would
give your fastest ports an OSPF
cost of 1.
I dont have to reload the
router or clear the OSPF
processes to make this
command take effect, but I do
get an interesting message
from the router after entering
this command:
R1(config-router)#auto-cost re
% OSPF: Reference bandwidth is
Please ensure reference bandwi
R1(config)#int s0
R1(config-if)#ip ospf cost ?
<165535> Cost
R1(config-if)#ip ospf cost 64
R1#show ip ospf int s0
Serial0 is up, line protocol i
Internet Address 172.12.123.1
Process ID 1, Router ID 1.1.1
R1(config)#int s0
R1(config-if)#?
Interface configuration comman
access-expression Bu
appletalk Ap
arp Se
autodetect Au
backup Mo
bandwidth Se
While it would be great if the
bandwidth command allowed
us to add additional bandwidth
at the press of a button, thats
not what this command does.
Its really the interface
equivalent of the auto-cost
reference-bandwidth command,
except the bandwidth
command is used by protocols
and features other than OSPF.
R1(config-if)#bandwidth ?
<110000000> Bandwidth in ki
R3(config)#router ospf 1
R3(config-router)#passive-inte
Ethernet IEEE 802.3
Loopback Loopback interface
Null Null interface
Serial Serial
default Suppress routing upda
<cr>
R3(config-router)#passive-inte
22:26:21: %OSPF-5-ADJCHG: Proc
R3#show ip protocols
Routing Protocol is ospf 1
Outgoing update filter list f
Incoming update filter list f
Router ID 3.3.3.3
It is an area border router
Number of areas in this route
Maximum path: 4
Routing for Networks:
3.3.3.3 0.0.0.0 area 3
172.12.123.0 0.0.0.255 area 0
172.23.23.0 0.0.0.255 area 23
Passive Interface(s):
Ethernet0
Routing Information Sources:
Gateway Distance Last
4.4.4.4 110 00:0
2.2.2.2 110 00:3
1.1.1.1 110 00:0
3.3.3.3 110 00:0
172.23.23.3 110 13:4
Distance: (default is 110)
A hybrid of distance
vector and link state
protocols
A super-duper advanced
distance vector protocol
(okay, maybe just
advanced)
None or both of the above
I personally think the hybrid
term is the most accurate,
since EIGRP does act a little
like a distance vector protocol
and a little like a link state
protocol, and in this section
youll see those DV and LS
behaviors demonstrated.
EIGRP also used to be called
Cisco-proprietary, since Cisco
kept EIGRP to itself other
vendors routers couldnt run it.
Thats no longer the case, and
thats a big change from the
last version of the CCNA exam!
Cisco-proprietary or not, EIGRP
brings a lot to the table, as well
as major advantages over RIP
and IGRP. (IGRP was the
original version of EIGRP, and
IGRP is now obsolete and not
supported on current Cisco
IOSes.)
As an EIGRP-enabled router
learns about the network, the
router will put the best route to
a given destination in its
routing table. EIGRP keeps the
best routes along with all loop
free, valid routes in the
topology table. EIGRP actually
calculates these backup routes
before a failure occurs, making
convergence after a failure
pretty darn quick.
The EIGRP term for the best
route is the Successor. Any
valid alternate route is referred
to as the Feasible Successor.
Well see both route types and
all three tables in action during
our lab work, but first, we need
to see how a route becomes a
Feasible Successor. What
exactly do we mean by a route
being valid but less desirable?
To get the right answer, we
have to ask the right question
and in this case, thats the
EIGRP Feasible Successor
Question, or Feasible Successor
Condition.
The EIGRP Feasible Successor
Condition:
The router asks itself, Is the
Reported Distance (RD) for this
route lower than the Feasible
Distance (FD)?
Hmm. Sounds like our question
has led to more questions!
What the heck is a Feasible
Distance and a Reported
Distance?
Some of the most convoluted
explanations in the history of
history have been given for
these two terms, and Im happy
to cut through all of that and
tell you.
The local routers metric for
a path is the Feasible
Distance
The next-hop routers
metric for the same path is
the Reported Distance
P 172.23.0.0/16, 2 successors,
via 172.12.123.2 (2195456/2816
via 172.12.123.3 (2195456/2816
P 3.0.0.0/8, 1 successors, FD
Successor: FD 5, RD 4
Possible Feasible Successor #1
Possible Feasible Successor #2
Possible Feasible Successor #3
R1#
04:09:16: %DUAL-5-NBRCHANGE: I
04:09:19: %DUAL-5-NBRCHANGE: I
172.12.123.2 and 172.12.123.3,
have formed adjacencies with
R1. Show ip eigrp neighbors
gives us the details, and Ive
removed some of the fields so
we can pay attention to the
really important stuff.
H Address Interfac
(sec)
1 172.12.123.2 Se0
0 172.12.123.3 Se0
172.23.0.0/27 is subnetted, 1
D 172.23.23.0 [90/2195456]
[90/2195456] via 172.12.123.
R2#show ip route eigrp
1.0.0.0/32 is subnetted, 1 su
D 1.1.1.1 [90/2297856] via
D 3.3.3.3 [90/409600] via 1
P 3.3.3.3/32, 1 successors, FD
via 172.12.123.3 (2297856/1282
via 172.12.123.2 (2323456/4096
P 2.2.2.2/32, 1 successors, FD
via 172.12.123.2 (2297856/1282
via 172.12.123.3 (2323456/4096
P 1.1.1.1/32, 1 successors, FD
via Connected, Loopback0
P 172.23.23.0/27, 2 successors
via 172.12.123.3 (2195456/2816
via 172.12.123.2 (2195456/2816
P 172.12.123.0/24, 1 successor
via Connected, Serial0
P 3.3.3.3/32, 1 successors, FD
via 172.12.123.3 (2297856/1282
via 172.12.123.2 (2323456/4096
P 2.2.2.2/32, 1 successors, FD
via 172.12.123.2 (2297856/1282
via 172.12.123.3 (2323456/4096
3.0.0.0/32 is subnetted, 1 su
D 3.3.3.3 [90/2297856] via 1
172.23.0.0/27 is subnetted, 1
D 172.23.23.0 [90/2195456] v
[90/2195456] via 172.12.123.
The metrics for those routes
are very close, so close that its
a good idea for us to use both
of them for load balancing. We
can use the variance command
here to configure unequal-cost
load balancing.
2297856 x 2 = 4595712
3.0.0.0/32 is subnetted, 1 su
D 3.3.3.3 [90/2297856] via 1
[90/2323456] via 172.12.123.
172.23.0.0/27 is subnetted, 1
D 172.23.23.0 [90/2195456] v
[90/2195456] via 172.12.123.
P 2.2.2.2/32, 1 successors, FD
via 172.12.123.2 (2
via 172.13.13.3 (40
via 172.12.123.3 (2
Autosummarization One
Default Youll Want To
Change
EIGRP and RIP version 2
perform autosummarization by
default, which is the act of
summarizing network routes
when those routes are sent
across a network boundary
that is, when they are
advertised via an interface that
is not part of the network being
summarized.
In the earlier lab, I disabled
autosummarization
immediately, but I will not do
so here.
To illustrate, well use a hub-
and-spoke network where both
spokes have subnets of
20.0.0.0/8. The Serial
interfaces are all on the
172.12.123.0 /24 network, with
the router number serving as
the final octet. All interfaces
will be placed into EIGRP AS
100.
Here are the current
configurations. I did not
configure the auto-summary
command -- its on by default
and will appear in the router
configuration.
R1:
router eigrp 100
network 172.12.123.0 0.0.0.255
auto-summary
R2:
R3:
R1#ping 20.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!U!.!
Success rate is 60 percent (3/
R1#ping 20.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
U!.!U
Success rate is 40 percent (2/
R1#ping 20.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
U!.!U
Success rate is 40 percent (2/
R1#ping 20.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!U!.!
Success rate is 60 percent (3/
00:26:09: %DUAL-5-NBRCHANGE: I
After configuring no auto-
summary on both R2 and R3
and waiting for the adjacencies
to reform, R1 now has a much
more accurate routing table.
R1(config)#int s0
R1(config-if)#ip hello-interva
eigrp Enhanced Interior Gatew
R1(config-if)#ip hello-interva
<165535> Autonomous system nu
R1(config-if)#ip hello-interva
<165535> Seconds between hell
R1(config-if)#ip hello-interva
<cr>
R1(config-if)#ip hello-interva
R1(config)#int s0
R1(config-if)#ip hold-time ?
eigrp Enhanced Interior Gatew
R1#show int s0
Serial0 is up, line protocol i
Hardware is HD64570
Internet address is 172.12.12
MTU 1500 bytes, BW 1544 Kbit
R1(config)#int s1
R1(config-if)#bandwidth ?
<110000000> Bandwidth in kilo
R1(config-if)#bandwidth 56
R3(config)#int s1
R3(config-if)#bandwidth 56
R1(config)#int s0
R1(config-if)#delay ?
<116777215> Throughput delay
R1(config)#int s0
R1(config-if)#ip eigrp ?
% Unrecognized command
R1(config-if)#ip hello-interva
eigrp Enhanced Interior Gatew
R1(config-if)#ip hello-interva
<165535> Autonomous system nu
R1(config-if)#ip hello-interva
<165535> Seconds between hell
R1(config-if)#ip hello-interva
R1(config-if)#ip hold-time eig
<165535> Seconds before neigh
R1(config)#snmp-server ?
chassis-id String to uniq
community Enable SNMP; s
R1(config)#snmp-server communi
WORD SNMP community string
R1(config)#snmp-server communi
<199> Std IP accesslist
<13001999> Expanded IP acces
string
WORD Access-list na
ipv6 Specify IPv6 N
ro Read-only acce
rw Read-write acc
view Restrict this
<cr>
2d03h: %LINEPROTO-5-UPDOWN: Li
Almost everything there is self-
explanatory, but thats an odd
timestamp in the front. Two
days and three hours since
what?
More about that when were
done with Syslog!
The number in the middle of
the message (in this case, the
5 in SYS-5-CONFIG_I) is the
severity level of the message.
We can use the severity
number or the severity level
name to filter the message we
see at the console or have sent
to another device. Heres a full
list of the numbers, the
corresponding level names, and
the IOS Help description of
each level.
7: Debugging (Debugging
Messages cant argue with
that.)
6: Informational
(Informational Messages
ditto.)
5: Notification (Normal but
significant conditions. Probably
the most common of the levels,
weve seen this on events from
line protocols going up and
down to EIGRP adjacencies
doing the same.)
4: Warning (Warning
Condition)
3: Error (Error Conditions)
2: Critical (Critical Conditions)
1: Alert (Immediate Action
Needed uh oh)
0: Emergency (System Is
Unusable)
R1#show logging
Syslog logging: enabled (0 mes
0 overruns)
Console logging: level debugg
Monitor logging: level debugg
Buffer logging: level debuggi
Logging Exception size (4096
Trap logging: level informati
R1(config)#logging ?
Hostname or A.B.C.D IP addres
buffered Set buffe
console Set conso
exception Limit siz
facility Facility
history Configure
host Set syslo
monitor Set termi
on Enable lo
rate-limit Set messa
source-interface Specify i
transacti
trap Set syslo
R1(config)#logging buffered ?
<07> Logging sev
<40962147483647> Logging buf
alerts Immediate
critical Critical
debugging Debugging
emergencies System is
errors Error con
informational Informati
notifications Normal bu
warnings Warning c
R1(config)#logging buffered 5
R1(config)#logging ?
Hostname or A.B.C.D IP addres
2d03h: %LINEPROTO-5-UPDOWN: Li
R1(config)#service timestamps
debug Timestamp debug mes
log Timestamp log messa
<cr>
R1(config)#service timestamps
datetime Timestamp with date
uptime Timestamp with sy
<cr>
R1(config)#service timestamps
localtime Use local time z
msec Include millis
show-timezone Add time zone
<cr>
R1(config)#service timestamp
msec Include
show-timezone Add tim
<cr>
R1(config)#service timestamps
R1(config)#service sequence-nu
R1(config)#^Z
000156: Sep 8 12:05:58: %SYS-5
or without.
R1(config-if)#ip flow-export ?
% Unrecognized command whoop
R1(config-if)#exit
R1(config)#ip flow-export ?
destination Specify the
interface-names Export inte
source Specify the
template Specify the
version Specify the
SrcIfSrcIPaddressDstIfDstIPadd
Fa0/0 0.0.0.0 Null 255.2
Authentication Header
(AH), which defines a
method for authentication
and securing data
Encapsulating Security
Payload (ESP), which
defines a method for
authenticating, securing,
and encrypting data
Internet Key Exchange
(IKE), which negotiates the
security parameters and
authentication keys
A secondary router to
handle the load
immediately if the
primary goes down.
A protocol to have the
network use that
secondary router quickly
and transparently.
R2(config)#interface ethernet0
R2(config-if)#standby 5 ip 172
R3(config)#interface ethernet0
R3(config-if)#standby 5 ip 172
R2#show standby
Ethernet0 Group 5
Local state is Standby, prior
Hellotime 3 sec, holdtime 10
Next hello sent in 0.776
Virtual IP address is 172.12.
Active router is 172.12.23.3,
Standby router is local
1 state changes, last state ch
R3#show standby
Ethernet0 Group 5
Local state is Active, priori
Hellotime 3 sec, holdtime 10
Next hello sent in 2.592
Virtual IP address is 172.12.
Active router is local
Standby router is 172.12.23.2
Virtual mac address is 0000.0
2 state changes, last state ch
R3 is in Active state, R2 is in
Standby. When you see Active
router is local in this
command, youre on the Active
router!
The hosts are using
172.12.123.10 as their
gateway, but R3 is actually
handling the workload. R2 will
take over if R3 becomes
unavailable, and that cutover
will be transparent to the hosts.
Most importantly, no reconfig of
the hosts default gateway
setting is necessary it stays
at 172.12.123.10.
An IP address was assigned to
the virtual router during the
config, but not a MAC address.
However, there is a MAC
address under the show
standby output on R3, the
active router. How did the HSRP
process arrive at a MAC of 00-
00-0c-07-ac-05 for a router that
doesnt physically exist?
The MAC address 00-00-0c-07-
ac-xx is HSRPs well-known
virtual MAC address, with xx
being the HSRP group number
in hex.
The group number is 5, which is
expressed as 05 with a two-bit
hex character. If the group
number had been 17, wed see
11 at the end of the MAC
address (one unit of 16, one
unit of 1).
The output of the show standby
command tells us the HSRP
speakers are sending Hellos
every 3 seconds, with a 10-
second holdtime. These values
can be changed with the
standby command, but HSRP
speakers in the same group
should have the same timers.
You can even tie down the
hello time to the millisecond,
but its realllly doubtful youll
ever need to do that.
R3(config-if)#standby 5 timers
<1254> Hello interval in se
msec Specify hello interv
R3(config-if)#standby 5 timers
<5255> Hold time in seconds
R3(config-if)#standby 5 timers
R2#show standby
Ethernet0 Group 5
Local state is Active, priori
Hellotime 4 sec, holdtime 12
Next hello sent in 1.844
Virtual IP address is 172.12.
Active router is local
Standby router is 172.12.23.3
Virtual mac address is 0000.0
2 state changes, last state c
R2(config-if)#standby 5 mac-ad
1d12h: %STANDBY-6-STATECHANGE:
R2#show standby
Ethernet0 Group 5
Local state is Active, priori
Hellotime 4 sec, holdtime 12
Next hello sent in 3.476
Virtual IP address is 172.12.
Active router is local
Standby router is 172.12.23.3
Virtual mac address is 0000.1
4 state changes, last state c
1d12h: %STANDBY-6-STATECHANGE:
int e0
ip address 172.12.23.2 255.255
standby 11 ip 172.12.23.11 pre
standby 22 ip 172.12.23.22 pre
standby 11 priority 99
R3:
int e0
ip address 172.12.23.3 255.255
standby 11 ip 172.12.23.11 pre
standby 22 priority 99
standby 22 ip 172.12.23.22 pre
R1#show standby
FastEthernet0/0 Group 1
State is Active
2 state changes, last state c
Virtual IP address is 172.12.
Active virtual MAC address is
Local virtual MAC address is
Hello time 3 sec, hold time 1
Next hello sent in 2.872 secs
Preemption disabled
Active router is local
Standby router is unknown
Priority 100 (default 100)
IP redundancy name is hsrp-F
FastEthernet0/0 Group 5
State is Init (virtual IP in
Virtual IP address is 172.12.
Active virtual MAC address is
Local virtual MAC address is
Hello time 3 sec, hold time 1
Preemption disabled
Active router is unknown
Standby router is unknown
Priority 75 (default 100)
IP redundancy name is hsrp-F
VRRPs equivalent to
HSRPs Active router is the
Master router. (Some
VRRP documentation
refers to this router as the
IP Address Owner.) This is
the router that has the
virtual routers IP address
as a real IP address on
the interface it will
receive packets on.
The physical routers in a
VRRP Group combine to
form a Virtual Router. The
VRRP Virtual Router uses
an IP address already
configured on a router in
its group, as opposed to
how the HSRP router is
assigned a separate IP
address.
VRRP Advertisements are
multicast to 224.0.0.18.
VRRPs equivalent to
HSRPs Standby router
state is the Backup state.
The MAC address of VRRP
virtual routers is 00-00-
5e-00-01-xx, and xx is
the group number in
hexadecimal.
preempt is a default
setting for VRRP routers.
Now on to our third option for
router redundancy!
Gateway Load Balancing
Protocol (GLBP)
V6ROUTER1(config)#ipv6 unicast
V6ROUTER1(config)#int fast 0/0
V6ROUTER1(config-if)#ipv6 addr
( 8, 4, 2, 1 for
11 = 0001 0001
result is 13
V6ROUTER1(config-if)#ipv6 addr
WORD General
X:X:X:X::X IPv6 lin
X:X:X:X::X/<0128> IPv6 pre
autoconfig Obtain a
V6ROUTER1(config-if)#ipv6 addr
anycast Configure as an anyca
eui-64 Use eui-64 interface i
<cr>
V6ROUTER1(config-if)#ipv6 addr
Verify the global unicast
address creation with show ip6
interface.
Thats it!
Now back to our Neighbor
Solicitations and
Advertisements!
When last we left our IPv6
host, now named Host A, it
was sending a Neighbor
Solicitation to the solicited-note
multicast address that
corresponds with the IPv6
address of the destination host,
Host B.
You can see how this cuts down
on overhead when compared to
IPv4s ARP. This initial request
for information is a multicast
thats going to be processed by
a very few hosts on the link,
where an IPv4 ARP Request
was a broadcast that every
host on the link had to stop and
take a look at.
After all that, its time for a
Neighbor Advertisement! Host
B answers the NS with an NA,
and that NA contains Host Bs
link-local address. Host A pops
that address into its Neighbor
Discovery Protocol neighbor
table (the equivalent of IPv4s
ARP cache), and were done!
DHCP In IPv6
V6ROUTER1(config-if)#ipv6 dhcp
destination Configure relay d
V6ROUTER1(config-if)#ipv6 dhcp
X:X:X:X::X IPv6 address
V6ROUTER1(config-if)#$elay des
The dollar sign appears at the
far left of the input, since this
command is too long for the
screen.
As a result of this command,
the router will relay the DHCP
Solicit to the destination we
specify. When the router sees
return messages from the
DHCP server, the router will
relay those messages to Host
A.
Verify the router is a now a
member of the All DHCP
Servers and Agents multicast
group with the show ipv6
interface command. The
interface with the relay agent
config will show FF02::1:2
under Joined Group
Address(es).
R3:
V6ROUTER1#ping 2001:1111:2222:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
or the extended command, usi
V6ROUTER1#ping
Protocol [ip]: ipv6
Target IPv6 address: 2001:1111
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands? [no]:
Sweep range of sizes? [no]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
V6ROUTER1#traceroute 2001:1111
1 2001:1111:2222:1:20E:D7FF:F
I dont want to overwhelm you
with show ip v6 commands,
since there are quite a few in
the IOS (about 40 of them
when I looked today), but there
is one more I want to introduce
you to in this course show
ipv6 neighbors.
You can look at all of your
routers neighbors, or you can
identify the local routers
interface to filter the output.
http://www.cisco.com/en/US/doc
xml/ios/ipv6/command/ipv6-
s4.html#wp1680937550
Interface refers to the local
interface through which the
neighbor is reached.
Speaking of local, lets spend
a little time with our IPv6 route
types and protocols.
With both IPv4 and v6, there
are no routes in the routing
table by default. With IPv4,
after we put IP addresses on
the interfaces and then open
them, we expect to see only
connected routes. With IPv6,
were going to see connected
routes and a new route type,
the local route.
For clarity, Im going to delete
the route codes from the table
unless were actually talking
about that route type.
V6ROUTER1(config)#ipv6 route 2
Dialer Dialer interf
FastEthernet FastEthernet
Loopback Loopback inte
MFR Multilink Fra
Multilink Multilink-gro
Null Null interfac
Port-channel Ethernet Chan
Serial Serial
X:X:X:X::X IPv6 address
V6ROUTER1#ping 2001:2222:3333:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
Success, indeed!
Lets run the exact same lab
but with a default static route.
First, well remove the previous
route by using our up arrow
and then ctrl-a to go to front of
the lonnnng command, and
enter the word no:
V6ROUTER1(config)#ipv6 route :
V6ROUTER1#ping 2001:2222:3333:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
Ta da!
When checking your V6 routing
table, be sure to give it a twice-
over its really easy to scan
right past the routing table
entry for the default static
route.
R1 (config-router) #router-id
V6ROUTER1(config-if)#ipv6 ospf
area Set the OSPF area ID
V6ROUTER1(config-if)#ipv6 ospf
<04294967295> OSPF area ID
A.B.C.D OSPF area
V6ROUTER1(config-if)#ipv6 ospf
R3:
3.3.3.3 1 FULL/BDR
V6ROUTER3(config)#int loopback
V6ROUTER3(config-if)#ipv6 ospf
V6ROUTER1#show ipv6 route
IPv6 Routing Table 4 entries
Codes: C Connected, L Loca
O OSPF intra, OI OS
ON1 OSPF NSSA ext 1,
C 2001:1111:2222:1::/64 [0/0
via ::, FastEthernet0/0
L 2001:1111:2222:1:20C:31FF:
via ::, FastEthernet0/0
OI 2001:2222:3333:1:20E:D7FF:
via FE80::20E:D7FF:FEA4:F
L FF00::/8 [0/0]
via ::, Null0
V6ROUTER1#ping 2001:2222:3333:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
3.3.3.3 1 FULL/BDR
FastEthernet0/0
One of my favorite
troubleshooting commands,
show protocols, got quite the
overhaul with IPv6. Heres the
output of that command at the
end of that last lab.
R1#ping 2001:1111:2222:13:3::
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
R3#ping 2001:1111:2222:13:1::
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
R3(config)#int s1/2
R3(config-if)#ipv6 eigrp 100
R1(config)#int s0/1
R1(config-if)#ipv6 eigrp 100
There we go!
Now that weve taken care of
that, lets look at this
fundamental EIGRPv6 config
WITH the no shutdown
command!
ipv6 unicast-routing
interface Serial0/1
no ip address
ipv6 address 2001:1111:2222:1
ipv6 eigrp 100
!
ipv6 router eigrp 100
no shutdown
A few notes and
troubleshooting comments on
this config:
IPv6 routing is enabled with the
ipv6 unicast-routing command.
If you leave that out and jump
straight to your IPv6 config,
heres the result:
R1(config)#ipv6 unicast-routin
If we leave the router-ID out,
and you have no IPv4
addresses on the router, were
going to get some attitude from
EIGRPv6 -- and not necessarily
when you actually configure the
routing protocol.
R1(config)#int s0/1
R1(config-if)#ipv6 eigrp 100
R1(config)#int s0/1
R1(config-if)#ipv6 eigrp 100
R1(config-rtr)#router-id 1.1.1
EIGRPv6 Similarities and
Differences with EIGRPv4
R1(config-if)#ipv6 hold-time e
<165535> Seconds before neigh
R3(config-rtr)#redistribute co
metric Metric for redist
route-map Route map referen
<cr>
R3(config-rtr)#redistribute co
<14294967295> Bandwidth met
R3(config-rtr)#redistribute co
<04294967295> EIGRP delay m
R3(config-rtr)#redistribute co
<0255> EIGRP reliability m
R3(config-rtr)#redistribute co
<1255> EIGRP Effective ban
R3(config-rtr)#redistribute co
<165535> EIGRP MTU of the pa
R3(config-rtr)#redistribute co
Theres no auto-summary
command with EIGRPv6! If
youve been working with
EIGRPv4, dont freak out when
you try to use this command
with EIGRPv6 and get this
message:
R3(config)#ipv6 unicast-routin
R3(config-rtr)#router-id 3.3.3
No reload or clearing of OSPF
processes is necessary here,
since the OSPF process hasnt
actually started yet.
R3#show ipv6 ospf Routing
Process ospfv3 1 with ID
3.3.3.3
Then place your interfaces into
the appropriate OSPF process.
Another gentle reminder: The
first number in this command is
the process ID, which is locally
significant only, and the second
number is the area number.
R3(config)#int s1/2
R3(config-if)#ipv6 ospf ?
<165535> Process ID
R3(config-if)#ipv6 ospf 1 area
%OSPFv3-5-ADJCHG: Process 5, N
R2:
ipv6 unicast-routing
interface Serial0/1
no ip address
ipv6 address 2001:1111:2222:2
ipv6 ospf 1 area 23
R3:
R1(config)#int s0/1
R1(config-if)#ipv6 ospf hello-
R1#show ipv6 ospf neigh
*Aug 5 07:17:24.504: %OSPFv3-5
R1(config)#int s0/1
R1(config-if)#no ipv6 ospf hel
%OSPFv3-5-ADJCHG: Process 5, N
The overall OSPF neighbor
discovery process via Hello
packets is the same.
Both versions use the
maximum-paths command to
control how many paths OSPF
uses for equal-cost load
balancing.
Both versions use the default-
information originate command
to advertise a default route,
and yes, that all-important
always option is still there!
Etc.
And now some differences
between the two!
128 64 32 16 8 4 2 1
1st 0 1 1 0 0 0 1 0
There are ones in the column
for 64, 32, and 2. Just add
them up, and that is the
decimal value for the first octet
-- 98. Repeat the process for
each octet, and you quickly
have the dotted decimal
equivalent of the binary string
in this case, 98.60.252.85.
128 64 32 16 8 4 2
1st
0 1 1 0 0 0 1
Octet:
2nd
0 0 1 1 1 1 0
Octet:
3rd 1 1 1 1 1 1 0
Octet:
4th
0 1 0 1 0 1 0
Octet:
128 64 32 16 8 4 2 1
1st 0 0 0 0 0 0 0 0
2nd 0 0 0 0 0 0 0 0
3rd 0 0 0 0 0 0 0 0
4th 1 1 1 1 1 1 1 1
Answer: 240.53.51.254.
128 64 32 16 8 4 2 1
1st 0 0 0 0 1 1 1 1
2nd 0 1 1 0 1 1 1 1
3rd 0 0 0 1 1 1 0 0
4th 0 0 1 1 0 0 0 1
Answer: 15.111.28.49.
128 64 32 16 8 4 2 1
1st 1 1 1 0 0 0 1 0
2nd 0 0 0 0 0 0 0 1
3rd 1 1 0 0 1 0 1 0
4th 0 1 1 1 0 1 1 0
Answer: 226.1.202.118.
128 64 32 16 8 4 2 1
1st 0 1 0 1 0 1 0 1
2nd 1 1 1 1 1 1 0 1
3rd 1 1 1 1 0 0 1 0
4th 0 0 0 1 0 1 0 1
Answer: 85.253.242.21.
128 64 32 16 8 4 2 1
1st 1 1 0 0 1 0 0 1
2nd 0 1 0 1 1 1 1 1
3rd 0 1 1 1 1 1 1 1
4th 1 1 1 1 1 1 1 0
Answer: 2.249.55.63.
128 64 32 16 8 4 2 1
1st 0 0 0 0 0 0 0 0
2nd 0 0 0 0 0 0 0 0
3rd 0 0 0 0 0 0 0 0
4th 1 1 1 1 1 1 1 1
Answer: 201.95.127.254
128 64 32 16 8 4 2 1
1st 1 1 1 1 1 0 0 0
2nd 0 0 0 0 0 1 1 1
3rd 1 1 1 1 1 0 0 1
4th 0 1 1 0 0 1 1 0
Answer: 248.7.249.102.
128 64 32 16 8 4 2 1
1st 0 0 1 1 1 1 1 0
2nd 1 1 1 1 1 1 1 1
3rd 0 1 0 1 1 0 1 0
4th 0 1 1 1 1 1 1 0
Answer: 62.255.90.126.
128 64 32 16 8 4 2 1
1st 1 1 0 0 1 1 0 1
2nd 1 1 1 1 0 0 0 0
3rd 0 0 0 0 1 1 1 1
4th 1 0 1 1 1 1 1 1
Answer: 205.240.15.191
128 64 32 16 8 4 2 1
1st 1 0 0 1 1 0 0 1
2nd 1 1 1 1 0 0 0 0
3rd 0 1 1 1 1 1 1 1
4th 0 0 1 0 0 1 0 1
Answer: 153.240.127.37
128 64 32 16 8 4 2 1
1st 1 1 0 1 1 1 1 1
2nd 0 1 1 1 0 1 1 0
3rd 1 1 0 0 0 0 1 1
4th 0 0 1 1 1 1 1 1
Answer: 223.118.195.63.
128 64 32 16 8 4 2 1
1st 0 0 0 0 0 1 0 0
2nd 0 0 0 0 0 1 1 1
3rd 0 0 0 0 1 1 1 1
4th 0 0 0 0 0 0 0 1
Answer: 4.7.15.1.
128 64 32 16 8 4 2 1
1st 1 1 0 0 0 0 0 0
2nd 0 0 0 0 0 0 1 1
3rd 1 1 0 1 1 0 1 1
4th 0 0 1 0 0 1 0 1
Answer: 192.3.219.37.
128 64 32 16 8 4 2 1
1st 1 0 0 0 0 0 0 0
2nd 0 1 1 1 1 1 1 1
3rd 0 0 1 1 0 0 1 1
4th 1 0 0 0 0 0 1 1
Answer: 128.127.51.131
128 64 32 16 8 4 2 1
1st 1 1 1 1 1 0 1 1
2nd 1 1 1 1 0 1 1 1
3rd 1 1 1 1 1 1 0 0
4th 1 1 1 1 1 0 0 0
Answer: 251.247.252.248.
Great work!
128 64 32 16 8 4 2
217
128 64 32 16 8 4 2
217
128 64 32 16 8 4 2
217 1
128 64 32 16 8 4 2
217 1 1
128 64 32 16 8 4 2
217 1 1 0
128 64 32 16 8 4 2
217 1 1 0 1
128 64 32 16 8 4 2
217 1 1 0 1 1
128 64 32 16 8 4 2
217 1 1 0 1 1 0 0
128 64 32 16 8 4 2
217 1 1 0 1 1 0 0
128 64 32 16 8 4 2
100 0 1 1 0 0 1 0
10 0 0 0 0 1 0 1
1 0 0 0 0 0 0 0
200 1 1 0 0 1 0 0
128 64 32 16 8 4 2
190 1 0 1 1 1 1 1
4 0 0 0 0 0 1 0
89 0 1 0 1 1 0 0
23 0 0 0 1 0 1 1
128 64 32 16 8 4 2
10 0 0 0 0 1 0 1
255 1 1 1 1 1 1 1
18 0 0 0 1 0 0 1
244 1 1 1 1 0 1 0
128 64 32 16 8 4 2
240 1 1 1 1 0 0 0
17 0 0 0 1 0 0 0
23 0 0 0 1 0 1 1
239 1 1 1 0 1 1 1
Answer: 11110000 00010001
00010111 11101111.
128 64 32 16 8 4 2
217 1 1 0 1 1 0 0
34 0 0 1 0 0 0 1
39 0 0 1 0 0 1 1
214 1 1 0 1 0 1 1
128 64 32 16 8 4 2
20 0 0 0 1 0 1 0
244 1 1 1 1 0 1 0
182 1 0 1 1 0 1 1
69 0 1 0 0 0 1 0
128 64 32 16 8 4 2
198 1 1 0 0 0 1 1
3 0 0 0 0 0 0 1
148 1 0 0 1 0 1 0
245 1 1 1 1 0 1 0
128 64 32 16 8 4 2
14 0 0 0 0 1 1 1
204 1 1 0 0 1 1 0
71 0 1 0 0 0 1 1
250 1 1 1 1 1 0 1
Answer: 00001110 11001100
01000111 11111010.
128 64 32 16 8 4 2
7 0 0 0 0 0 1 1
209 1 1 0 1 0 0 0
18 0 0 0 1 0 0 1
47 0 0 1 0 1 1 1
128 64 32 16 8 4 2
249 1 1 1 1 1 0 0
74 0 1 0 0 1 0 1
65 0 1 0 0 0 0 0
43 0 0 1 0 1 0 1
128 64 32 16 8 4 2
150 1 0 0 1 0 1 1
50 0 0 1 1 0 0 1
5 0 0 0 0 0 1 0
55 0 0 1 1 0 1 1
128 64 32 16 8 4 2
128 0 0 0 1 0 0 1
201 1 1 0 0 1 0 0
45 0 0 1 0 1 1 0
194 1 1 0 0 0 0 1
Answer: 00010011 11001001
00101101 11000010.
128 64 32 16 8 4 2
43 0 0 1 0 1 0 1
251 1 1 1 1 1 0 1
199 1 1 0 0 0 1 1
207 1 1 0 0 1 1 1
128 64 32 16 8 4 2
42 0 0 1 0 1 0 1
108 0 1 1 0 1 1 0
93 0 1 0 1 1 1 0
224 1 1 1 0 0 0 0
128 64 32 16 8 4 2
180 1 0 1 1 0 1 0
9 0 0 0 0 1 0 0
34 0 0 1 0 0 0 1
238 1 1 1 0 1 1 1
128 64 32 16 8 4 2
243 1 1 1 1 0 0 1
79 0 1 0 0 1 1 1
68 0 1 0 0 0 1 0
30 0 0 0 1 1 1 1
Answer: 11110011 01001111
01000100 00011110.
Class A Class B
1st
Octet 1126 128191
Range
Network
255.0.0.0 255.255.0.
Mask
# of
Network 8 16
Bits
# of
Host 24 16
Bits
2nd 3rd
1st Octet
Octet Oc
Class
A
11111111 00000000 000
NW
Mask
SN
11111111 11110000 000
Mask
15.0.0.0 /13
222.10.1.0 / 30
145.45.0.0 /25
20.0.0.0 255.192.0.0
130.30.0.0 255.255.224.0
128.10.0.0 /19
99.0.0.0 /17
222.10.8.0 /28
20.0.0.0 255.254.0.0
210.17.90.0 /29
130.45.0.0 /26
200.1.1.0 /26
45.0.0.0 255.240.0.0
222.33.44.0 255.255.255.248
23.0.0.0 255.255.224.0
Number Of Valid Subnets
Questions and Answers
Note: The NW mask and SN
mask are written out for each
question. You dont have to
write them out if youre
comfortable with the quicker
method.
15.0.0.0 /13
Class A, 8 network bits. Subnet
mask listed is /13. 13 8 = 5,
and 2 to the 5th power is 32 =
32 valid subnets.
NW
11111111 00000000 00
Mask
SN
11111111 11111000 00
Mask
222.10.1.0 /30
Class C, 24 network bits. 30
24 = 6, 2 to the 6th power = 64
valid subnets.
NW
11111111 11111111 111
Mask
SN
11111111 11111111 111
Mask
145.45.0.0 /25
Class B, 16 network bits. 25
16 = 9, 2 to the 9th power =
512 valid subnets.
NW
11111111 11111111 00
Mask
SN
11111111 11111111 11
Mask
20.0.0.0 255.192.0.0
Class A, 8 network bits. Subnet
mask converts to /10 in prefix
notation. 10 8 = 2, 2 to the
2nd power = 4 valid subnets.
NW
11111111 00000000 00
Mask
SN
11111111 11000000 00
Mask
130.30.0.0 255.255.224.0
Class B, 16 network bits.
Subnet mask converts to /19 in
prefix notation. 19 16 = 3, 2
to the 3rd power = 8 valid
subnets.
NW 11111111 11111111 00
Mask
SN
11111111 11111111 11
Mask
128.10.0.0 /19
Class B, 16 network bits. 19
16 = 3, 2 to the 3rd power = 8
valid subnets.
NW
11111111 11111111 00
Mask
SN
11111111 11111111 11
Mask
99.0.0.0 /17
Class A, 8 network bits. 17 8
= 9. 2 to the 9th power = 512
valid subnets.
NW
11111111 00000000
Mask
SN
11111111 11111111
Mask
222.10.8.0 /28
Class C, 24 subnet bits. 28 24
= 4. 2 to the 4th power = 16
valid subnets.
NW
11111111 11111111 111
Mask
SN
11111111 11111111 111
Mask
20.0.0.0 255.254.0.0
Class A, 8 network bits. Mask
converts to /15 in prefix
notation. 15 8 = 7. 2 to the
7th power = 128 valid subnets.
NW
11111111 00000000 0
Mask
SN 11111111 11111110 0
Mask
210.17.90.0 /29
Class C, 24 network bits. 29
24 = 5. 2 to the 5th power = 32
valid subnets.
NW
11111111 111111111 11
Mask
SN
11111111 11111111 11
Mask
130.45.0.0 /26
Class B, 16 network bits. 26
16 = 10. 2 to the 10th power =
1024 valid subnets.
NW
11111111 11111111 00
Mask
SN
11111111 11111111 11
Mask
200.1.1.0 /26
Class C, 24 network bits. 26
24 = 2. 2 to the 2nd power = 4
valid subnets.
NW 11111111 11111111 111
Mask
SN
11111111 11111111 111
Mask
45.0.0.0 255.240.0.0
Class A, 8 network bits. SN
mask converts to /12 in prefix
notation. 12 8 = 4. 2 to the
4th power = 16 valid subnets.
NW
11111111 00000000 00
Mask
SN
Mask 11111111 11110000 00
222.33.44.0 255.255.255.248
Class C, 24 network bits. SN
mask converts to /29 in prefix
notation. 29 24 = 5. 2 to the
5th power = 32 valid subnets.
NW
11111111 11111111 111
Mask
SN
11111111 11111111 111
Mask
23.0.0.0 255.255.224.0
Class A, 8 network bits. SN
mask converts to /19. 19 8 =
11. 2 to the 11th power = 2048
valid subnets.
NW
11111111 00000000
Mask
SN
11111111 11111111
Mask
129.15.0.0 /21
Subtract the mask length from
32. That gives us 11.
2 to the 11th power equals
2048. Subtract 2 from that and
2046 valid host addresses
remain.
222.22.2.0 /30
Subtract the mask length from
32. That gives us 2.
2 to the 2nd power equals 4.
Subtract 2 from that and 2 valid
host addresses remain.
212.10.3.0 /28
Subtract the mask length from
32. That gives us 4.
2 to the 4th power equals 16.
Subtract 2 from that and 14
valid host addresses remain.
14.0.0.0 /20
Subtract the mask length from
32, and we have 12.
2 to the 12th power is 4096;
subtract 2 from that and 4094
valid host addresses remain.
221.10.78.0 255.255.255.224
Subtract the mask length from
32. That mask has its first 27
bits set to 1, so in prefix
notation thats /27. 32 27 =
5.
2 to the 5th power is 32;
subtract 2 from that, and 30
valid host addresses remain.
143.34.0.0 255.255.255.192
Subtract the mask length from
32. This mask has its first 26
bits set to 1, so thats 32 26
= 6. 2 to the 6th power is 64;
subtract 2 from that, and 62
valid host addresses remain.
128.12.0.0 255.255.255.240
This mask converts to /28. 32
28 = 4.
2 to the 4th power is 16.
Subtract 2 from that, and 14
valid host addresses remain.
125.0.0.0 /24
32 24 = 8. 2 to the 8th power
is 256. Subtract 2 from that,
and 254 valid host addresses
remain.
221.10.89.0 255.255.255.248
In prefix notation, thats a /29
mask. 32 29 = 3.
2 to the 3rd power is 8; subtract
2 from that, and 6 valid host
addresses remain.
134.45.0.0 /22
32 22 = 10, so we have 10
host bits.
2 to the 10th power is 1024;
subtract 2 from that and 1022
valid host addresses remain.
217.17.23.200 /27
24.194.34.12 /10
190.17.69.175
111.11.126.5 255.255.128.0
210.12.23.45 255.255.255.248
222.22.11.199 /28
111.9.100.7 /17
122.240.19.23 /10
184.25.245.89 /20
99.140.23.140 /10
10.191.1.1 /10
222.17.32.244 /28
Answers and explanations:
210.17.23.200 /27
24.194.34.12 /10
24.194.34.12 = 000110001100001
190.17.69.175 /22
111.11.126.5 255.255.128.0
222.22.11.199 /28
111.9.100.7 /17
122.240.19.23 /10
184.25.245.89 /20
10.191.1.1 /10
222.17.32.244 /28
Onward!
Determining Broadcast
Addresses & Valid IP
Address Ranges For A Given
Subnet
222.23.48.64 /26
140.10.10.0 /23
10.200.0.0 /17
198.27.35.128 /27
132.12.224.0 /27
211.18.39.16 /28
10.1.2.20 /30
144.45.24.0 /21
10.10.128.0 255.255.192.0
221.18.248.224 /28
123.1.0.0 /17
203.12.17.32 /27
Time for answers and
explanations!
222.23.48.64 /26
Octet 1 Oc
222.23.48.64 11011110 00
255.255.255.192 11111111 11
Octet 1 Octet 2
140.10.10.0 10001100 000010
/23 11111111 111111
Octet 1 Octet 2
10.200.0.0 00001010 1100100
/17 11111111 1111111
Octet 1 Octet
198.27.35.128 11000110 0001
/27 11111111 1111
Octet 1 Octet
132.12.224.0 10000100 00001
/27 11111111 11111
Octet 1 Octet
211.18.39.16 11010011 00010
/28 11111111 11111
Octet 1 Octet 2
10.1.2.20 00001010 00000001
/30 11111111 11111111
Octet 1 Octet 2
144.45.24.0 10010000 001011
/21 11111111 111111
Octet 1 Octe
10.10.128.0 00001010 0000
255.255.192.0 11111111 1111
Octet 1 Oct
221.18.248.224 11011101 000
/28 11111111 111
Octet 1 Octet 2
123.1.0.0 01111011 00000001
/17 11111111 11111111
Octet 1 Octet
203.12.17.32 11001011 00001
/27 11111111 11111
Great work!
Now lets put this ALL together
and tackle some real-world
subnetting situations that just
might be CCENT and CCNA
subnetting situations as well!
On to the next section!
Meeting Stated Design
Requirements
NW
11111111 11111111
Bits
SN
111
Bits
Host
Bits
NW
11111111 11111111 111
Bits
SN
Bits
Host
Bits
2 x 2 x 2 x 2 x 2 = 32 subnets
This would leave three host
bits. Does this meet the other
requirement?
2 x 2 x 2 = 8 2 = 6 hosts.
NW
11111111 11111111
Bits
SN
Bits
Host
000
Bits
You must have at least 250
subnets, and eight subnet bits
would give us that (256, to be
exact). That leaves eight host
bits, giving us 254 hosts, so the
resulting mask of
255.255.255.0 meets both
requirements.
NW
11111111 11111111 111
Bits
SN
Bits
Host
Bits
NW
11111111 11111111 111
Bits
SN
Bits
Host
000
Bits
NW
11111111 11111111 111
Bits
SN
Bits
Host
Bits
NW
11111111 11111111 111
Bits
SN
Bits
Host
Bits
Youre working with 37.0.0.0.
Your manager requests that
you allow for at least 500 hosts
per subnet; however, he wants
as many subnets as possible
without exceeding 1000
subnets. What is the best
subnet mask to use?
Network 37.0.0.0 is a Class A
network, so we have 24 host
bits to work with.
Before subnetting: Class A
network mask 255.0.0.0
NW
Bits 11111111
SN
Bits
Host
00000000 000
Bits
NW
11111111 11111111
Bits
SN
Bits
Host
000
Bits
NW
11111111 11111111
Bits
SN 111
Bits
Host
Bits
3rd
1st Octet 2nd Octet
Octe
NW
11111111 11111111
Bits
SN
111
Bits
Host
Bits
Answer: 85.226.106.74
Determining Broadcast
Addresses and Valid IP Address
Ranges
For each of the following,
identify the valid IP address
range and the broadcast
address for that subnet.
100.100.45.32 /28
208.72.109.8 /29
190.89.192.0 255.255.240.0
101.45.210.52 /30
90.34.128.0 /18
205.186.34.64 /27
175.24.36.0 255.255.252.0
10.10.44.0 /25
120.20.240.0 /21
200.18.198.192 /26