CCNA

200-120 Prepared by Eng Adel el homidi Eng ahmed Nazmy Summary of eng Yasser al Fahid Some other references Organized and arranged by Walid ayada

 " "
! #" & $!% ' ( *) +,&) , -. / . 02! 60 4 ( . &, / 012 3++1 5 0 78+ / 0+ .) -. ( .9" CCNA 0 =812 > 8 200-120 :<; . 5 <,; ?; 0# # .9) A@ + / 0 8+ , * 0 + 0.( B C C<+ CD, *E 9 , 09 0 (+ . ;?+ /+ BA" F+B<" , 3+, 0 G" *... I H 0( / J! KI .9 , 9 . 0 )L !D,) All Cisco labs M ! 0+C" .

Walid ayada ayada@gtugs.org

Table of Contents
3..................................................................................................................................................Table of Contents 4...............................................................................................................................Introduction to Networking .1 4..................................... Network topologies 1.1 4............................................................. 4................................................................ Internetworking basics 1.2 4................................................................................................................................ OSI odel 1.3 #........................................................................................................................................................TC! "I! 1.4 1&.......................................................................................................................................I!%4 addressing 1.$ 11.........................................................................................................................................I!'4 Subnetting 1.# 1,.............................................................................................................(asic )outer * Switc+ Configuration.2 1,...............................................................................................................................2.1connecting b- Console 1......................................................................................................................................................... odes 2.2 1.............................................................................................................2.3(asic ad/inistrati'e configuration 2&.....................................................................................................................)outer and switc+ +ardware 2.4 21.............................................................................................................(oot process and break password 2.$ 22.............................................................................................................. Cisco disco'er protocol 0C1!2 3 2.# 22.............................................................. )outing basics 4 Static )oute 4 1efault )out4 1-na/ic routing 2., 32..............................................................................................................5irst 6op )edundanc- !rotocols 2.. 33...............................................................................................6ot7Standb- )outer !rotocol 06S)!2 2...1 3$...................................................................................%))! 0%irtual )outer )edundanc- !rotocol 2...2 3$........................................................................................89(! 08atewa- 9oad (alancing !rotocol 2...3 3#........................................................................................................................................ (ackup process 2.: 3.....................................................................................................Network Address Translation3 0NAT2 2.1& 3:............................................................................................................................................Securing 1e'ices .3 3:..........................................................................................................................................3.1Telnet and SS6 4&.............................................................................................Network securit-3 access control list 0AC92 3.2 44..............................................................................................................................................!ort Securit- 3.3 4#........................................................................................................................................................Switc+ing .4 4,...................................................................................................................Spanning tree protocol 0ST! 2 4.1 4..............................................................................................................................%irtual 9AN 0 %9AN 2 4.2 4:.........................................................................................................................................%9AN trunking 4.3 $1..................................................................................................... inter%lan 0sub interface on t+e router2 4.4 $2.............................................................................................................................................;t+erc+annel 4.$ $2....................................................................................................................................................port 5ast 4.# $3...........................................................................................................................<ide Area Network 0<AN2 .$ $3................................................................................................................................Introduction to <AN $.1 $4.........................................................................................................................................<AN protocols $.2 $4..............................................................................619C 06ig+ 9e'el 1ata 9ink Control protocol2 $.2.1 $4.....................................................................................................!!! 0 !oint = to = !oint !rotocol 2 $.2.2 $#...............................................................................................................................5ra/e rela- 05)23 $.2.3 #&........................................................................................................................ anage/ent Network 1e'ices.# #&..................................................................................... #.116C! 01-na/ic 6ost Configuration !rotocol2 #1.......................................................................................................................................................SN p #.2 #4.................................................................................................................NT! >Network Ti/e !rotocol? #.3 #4........................................................................................................................................................S-slog #.4 #$.....................................................................................................................................................Net5low #.$ ##..............................................................................................................................................8); Tunnel #.# #,..............................................................................................................................................Intro to %!N #.4 #...................................................................................................................................................................I!'#.,

1. Introduction to Networking 1.1 Network topologies

es+

1.2 Internetworking basics

Unicast: /eans send data for one of all recei'ers. Multicast: /eans send data for so/e recei'ers of all. Broadcast: /eans send data for all recei'ers. Techniques of LAN (Local Area Network):
17 ;t+ernet. 27 Taken )ing.

Techniques of WAN (Wide Area Network):

17 5). 05ra/e )ela-2 27 1S9 37 AT 47 IS1N @

Trans ission t!"es: 12 #ingle: trans/ission in one direction onl-. 22 $alf du"le%: trans/ission in t+e two directions but not at t+e sa/e ti/e. 32 &ull du"le%: trans/ission in t+e two directions at t+e sa/e ti/e. Note ISO is an O)8ANIAATION

1.' OSI Model 7 Contents of , la-ers. 7- Application layer:

7 It pro'ide user interface 0t+e person w+o is act wit+ t+e network2. 7 !rotocol3 6TT!4 I A!4 !O!4 SN !4 T;9N;T@

6- Presentation layer:
7 1efine +ow infor/ation is represented to t+e user. 7 !ut eBtension for t+e data.

5- Session layer:
akes establis+ aintaining and ter/inating t+e connection across t+e network.

4- Transport layer:
7 1i'ide t+e row of data strea/ into seg/ent. 7 anage flow control of data t+roug+ windowing4 Acknowledg/ent and error )eco'er-. (%. TC!4 C1!. 7 )e/e/ber as reliabilit-.

Note:
D TC! /akes Acknowledg/ent to be sure t+at t+e data is trans/itted or not4 but C1! donEt /ake t+at. D <indowing is a s-ste/4 w+ic+ /akes Acknowledg/ent after specific period.

3- Network layer:
7 )esponsible for end7to7end deli'er- of packet across t+e network. (%. I!4 I!F4 Apple talk. 0)outed2 )I!4 OS!54 (8! 0)outing2 7 )e/e/ber as 9ogical addressing.

Note:
7 )outed protocol is a deli'er-4 but routing protocol defines t+e direction onl-.

2- Data link layer:

7 )esponsible for p+-sical Addressing. 7 )e/e/ber as AC4 NIC 7 !ut trailer 5CS 0freGuenc- c+eck s-ste/2 to find if t+ereEs an error occurs or not

1- Physical layer:
7 )esponsible for /o'ing of bits between de'ices. (%. Cables4 signals4 edia.

)ata enca"sulation:* $

7 A t-pe of fra/e placed into anot+er t-pe of fra/e. !utting +eaders *trailer around t+e data. 7 ;ncapsulation occurs at t+e trans/itter.

)ata deca"sulation:* 7 T+e re'erse process of encapsulation. 7 Occurs at t+e recei'er.

1.+ TCP /IP ledo5 I#6

H !1C 0!rotocol 1ata Cnit23 t+e na/e of data at eac+ la-er. otor" )6) ,I 7 ,0T slocotor,
:tenlet :,T& :#,TT$ ,TT$ :,TNN :,T5#: ,A5I:,6, ,T66.:#N).,0$) :#&N:,5N# :reh"o8

re-al noitacilppA noitacilppA re-al noitatneser! re-al noisseS

ssecor!

o67ot7tso6
,50I

!1C " !CT

,58I ,9A

tropsnarT re-al tropsnarT tenretnI re-al krowteN !I ecafretni krowteN re-al knil ata1 9ACISI6! rO re-al lacis-+!

tenretnI

,9A9

krowteN

aide

re!al sseccA krowteN

,h!sical la!er: (,)-: .its)

7 1efine p+-sical properties of network co//unication. - Include3 t-pes of cables * Connectors Types of cables Copper cable ria! 1 7 detsiwT 72 1- Coaxial Cable 5iber cable

aiBaoC

ni+T 2 esa( &1

222 dee"# dna1 esa.341 :lacitcar, / 0onnector of 0oa%ial ca1le: .N0

kci+T $ esa(

&1
223

2* Twisted ,air 0a1les: #T, -T,

7 +a'e , categories. 1& (ase T

7 can carr- t+e signal for 1&&/ 0reco//ended 0standard22. 7 Connector of twisted pair3 )J 114 )J 4$. Types: ST! 0S+ielded Twisted !air24 CT! 0Cns+ielded Twisted !air2. * Fiber Cable: 5iber optic cable used to carr- t+e digital data signal in t+e for/ of pulses of lig+t. Disadvantages: 17 (reak easil-. 37 ;Bpensi'e. 7 T+e connector is 0sGuare connector2. Types: 7 Single /ode fiber 0S 52. 7 ulti /ode fiber 0 5 52. S 5 27 1ifficult to cut.

Cladding

Core

core3 :// * cladding3 12$//. core3 $&// * cladding3 12$//.

/ 6ther la!er 1 de;ices: 1) Repeater: 0+alf dupleB2 7 )ecei'e signals and retrans/it like t+eir original strengt+. 7 Trans/it all traffic in bot+ directions 02 parts2.

Note:
7 )epeaters do 0)egeneration but not a/plification2.
2) Hub: 0+alf dupleB2

7 6ub is a /ulti port repeater.

7 All users connected on t+e +ub are in t+e sa/e broadcast do/ain and in t+e sa/e collision do/ain.

H Collision domain: set of de'ices for w+ic+ t+eir traffic could collide.
/)ata link la!er: (,)-: &ra e)

T!e "#nctions: (1) Addressing:

7 ;nsures t+at t+e correct destination recei'e t+e data. 7 AC address.

(2) Arbitration:
7 1eter/ines w+en itEs appropriate to use p+-sical /edia.

7 CS A " C1. (3) Error Detection:

7 1isco'ers w+et+er bit errors occurred during t+e trans/ission of t+e fra/e 05CS2.

(4) Identify the encapsulated:

T+e data link la-er +as been di'ided to 2 sub la-ers.

99C AC

LL0: 09ogical 9ink Control2

7 ;ac+ /ac+ine +as a uniGue 7 7 AC address 4. bit. AC address represented in +eBa. AC address4 w+ic+ is burnt on t+e /ac+ine.

KK KK KK KK KK KK
OCI
6-I: 0OrganiLation CniGue Identif-24 Identif- b- I;;;. 7 ;ac+ 0K2 is a nu/ber in +eBa w+ic+ fro/ 0&3:2 or 0A3524 so t+e / .roadcast 5A0: && && && && && && AC address contents of 12H4M4. bits

Specific per user assigned b- %endor

7 Carrier senses /ultiple Accesses wit+ collision detection 0CS A"C12. 7 It used to send infor/ation o'er a s+ared /edia. CSM$/CD work like t!at: 17 Ad'ice wit+ a fra/e to send4 listen until t+e bus isnEt bus-. 27 <+en t+e bus is not bus-4 t+e sender begins sending t+e fra/e. 37 T+e sender listen to /ake sure t+at no collision occurred 09oop back circuit2. 47 Once t+e sender +ear t+e collision4 stop trans/ission of data sending * send a Ja/ signal to t+e all. $7 ;ac+ sender rando/iLes a ti/er and waits t+at long 0back of algorit+/2. #7 <+en eac+ ti/er eBpires4 t+e process starts o'er wit+ step 1.

(3) Error Detection: FRAME CHECK SEQUANCE

&0#: 5reGuenc- C+eck SeGuence.

. b-te !rea/ble

# b-te 1es AC

# b-te Src ac 6eader

2 b-te 9engt+

3 b-te 99C

1ata Trailer

4 b-te 5CS

7 T+e data is fro/ #4 to 1$&& b-te.

(4) Identify the user layer protocol (IP/IPX/Apple talk):

I!

8i'e t+e packet to t+e network la-er protocol

7 C+eck 5CS. 7 C+eck 1ST AC

I!F 99C

Apple talk

AC
.

T!e %ayer & devices: NIC N'T INT'()$C' C$(D 1- Bridge: FU

Learn &orward

AC table AC
AC in t+e fra/e. AC in t+e fra/e.

!U" #$

!ort

ode: t+roug+ c+ecking t+e Src ode: t+roug+ c+ecking 1ST

2- %&itc': FU

!U" #$

7 ItEs a /ultiport (ridge. 7 ;'er- port of t+e switc+ in a single collision do/ain. 7 All port of t+e switc+ in a single (roadcast do/ain. 7 Speed M Speed of one port H 2 H no. of ports. La!er ': Network la!er: (,)-: ,acket) Devices: ( T'e Router: Its "#nctions:
17 27 37 47 Inter networking co//unication. !acket switc+ing. !at+ Selection. !acket filtering.

0ollision do ain Hub %&itc' Router

Single ulti ulti

.roadcast do ain
Single Single ulti

Note:
ulti M !ri'ate4 Single M S+ared. 9atenc- M dela- 0NOPQR24 T+roug+put M !erfor/ance 0STUV2. H )outer4 Switc+ and (ridge decrease congestion 0WXYZ[T2 because t+e- are full dupleB * +a'e a buffer. /<: 0hoose de;ices: which seg ent the LAN: 7 6ub. 7 )epeater. 7 Switc+.\ 7 (ridge.\ 7 )outer.\

/ I((( standard 422 "ro=ect:

1& /bps I;;; .&2.3 ;t+ernet

1&& /bps 1&&& /bps

I;;; I;;; I;;; I;;;

.&2.3C .&2.3ab * L .&2.$ .&2.11

5ast ;t+ernet 8iga bit ;t+ernet Token )ing <ireless 0 <i = 5i 2

Network la!er: (I, addressing)

7 If a de'ice wants to co//unicate using TC!"I!4 it needs an I! address. 7 I! address is 327bit address written in doted deci/al. (%: 1:2.1#..1.1 Called Octet M b-te 0&32$$2

1.3 IP*+ addressing

> I, 0lasses: 1* 0lass A:
7 T+e 1st one octet represents t+e network part * t+e last 3 octet represent t+e +ost part. & 12,

2@@@@@@@
2 : )eser'ed for all networks. 12?: )eser'ed for loop back test.

&3 & & & & & & & & 12,3 & 1 1 1 1 1 1 1

7 Nu/ber of networks in class A M 12# 7 Nu/ber of +osts M 2$# H 2$# H 2$# = 2 M 7 1efault subnet /ask3 2$$.&.&.& 2* 0lass .
7 1st 2 octet represent t+e network part. 7 T+e last 2 octet represent t+e +ost part. 12. 1:1

24

72

12@@@@@@

12.3 1 & & & & & & & 1:13 1 & 1 1 1 1 1 1
2 2 1# 14 72

7 T+e nu/ber of networks M 01:1712.D12H2$#M 7 T+e nu/ber of +osts M 2$#H2$# = 2 M 7 1efault subnet /ask3 2$$.2$$.&.&

'* 0lass 0 7 T+e 1st 3 octet represent t+e network part * t+e last octet represents t+e +ost part. 7 T+e 1st octet 1:2 223 1&

112@@@@@

1:23 1 1 & & & & & & 2233 1 1 & 1 1 1 1 1

2 21 .

7 Nu/ber of networks M 022371:2D12 H2$# H2$# M 7 Nu/ber of +osts M 2$# = 2 M 7 1efault subnet /ask3 2$$.2$$.2$$.& +* 0lass ) (,ri;ate address) 7 )epresented t+e ulticast address. 2 72

7 1st octet 1112@@@@

3* 0lass (:

224

23: 2243 1 1 1 & & & & & 23:3 1 1 1 & 1 1 1 1

7 )epresents for eBperi/ental and testing.

7 1st octet

24&

2$$ 24&3 1 1 1 1 & & & & 2$$3 1 1 1 1 1 1 1 1

1111@@@@ 1st octet & 12, 12. 1:1 1:2 223 224 23: 24& 2$$ / 9ules:

Class A ( C 1 ;

(inar- for/ of t+e 1st octet &KKKKKKK 1&KKKKKK 11&KKKKK 111&KKKK 1111KKKK

12 To get network I! put all +osts bits M & 22 To get broadcast I! put all +ost bits M 1 32 T+e ot+ers are 'alid +osts I!s.

,-. IPv+ S#bnetting 7 Take a part of +ost bits * assign it to network part. 7 OriginN I!
#u1net ask: 6

Sub netting I!

SN

7 32 bits /ask t+at differentiate between +ost bits * network bits. 7 Continuous of 1Es followed b- continuous of &Es. 1: represent network bits. 2: represent +ost bits. 7 In t+e dotted deci/al for/. 11

Note:
D Iou can write it like t+at 2$$.&.&.& or ". D If we found it not ". or "1#... (ut "1& or "2&... So we now t+at itEs called Super Sub netting. * Solving sub-netting Problems: 12 1eter/ine /ask. 22 1eter/ine t+e interesting octet. 32 Subtract t+e interesting octet fro/ 2$# to get sub networks +ob 0 agic nu/ber2. 42 1eter/ine t+e /a]or network. $2 8et neBt subnets b- +opping on t+e interesting octet. #2 1eter/ine t+e 'alid +osts * broadcast address for eac+ subnet. * Private IP address: Class A Class ( Class C 1&.&.&.& 1,2.1#.&.& 1:2.1#..&.& 1&.2$$.2$$.2$$ 1,2.31.2$$.2$$ 1:2.1#..2$$.2$$

12

*Network layer utilities:

7 )A)!4 (oot ! and 16C!. 7 9A9,: )e'erse Address )esolution !rotocol. Client )A)! ser'er (oot p

A
1) RARP Broadcast: Src. A AC 1st. AC

(
)A)! 1ata I need I! I! AC 8.<

5555@@

2) RARP Replay: Src. ( AC 1st. A AC 1ata Iour I! is

)$0,3 1-na/ic 6ost Configuration !rotocol. 16C! ser'er

1- DHCP Discover: Src. A AC 1st. AC Src. I! &.&.&.& 1st. I! 2$$.2$$.2$$.2$$ data I need I! 55 55 55 55 55 55

2- DHCP offer message: Src. ( AC A 1st. AC 16C! I! Src. I! 1st. I! I! is data 2$$.2$$.2$$.2$$

3- DHCP Req est !essage: Src. A AC 1st. ( AC Src. I! &.&.&.& 1st. I! 16C! I! O^ data

13

"- DHCP Ac#$o%ledgme$t: Src. ( AC 1st. A AC Src. I! 16C! I! 1st. I! 2$$.2$$.2$$.2$$ O^ AC. data data data data data

1NS 01o/ain Na/e S-ste/23 )esol'e known na/e to unknown I!. A)! 0Address )esolution !rotocol23 )esol'e known I! to unknown Src. A Src. AC AC 1st. 1st. AC AC Src. I! Src. I! 1st. I! 1:2.1#..1.2 1st. I!

55 55 55 55 55 55 1:2.1#..1.1

Control Message Protocol): ( * ICMP (Internet A 1:2.1#..1.2 1:2.1#..1.1 7 To pro'ide infor/ation /essage concerning routing of I! datagra/. 7 T-pe of /essages3

1) )uery * Respo+se pair,

2) #rror -essage: )eGuest ti/e out

/ ,ing co and: 7 To test basic I! connecti'it-. 7 Cses t+e IC ! sending called an IC ! ec+o reGuest to anot+er I! address. 7 T+e co/puter wit+ I! address s+ould repla- wit+ an IC ! ec+o repla-. * race!oute or trace (on 9outer)" racert (on ,0) 7 To trace t+e +ops 0network la-er de'ices2 between 2 points on a network. 7 TT9 is incre/ental b- 1 in eac+ packet group. 7 ;'er- )outer decre/ents t+e TT9 b- 1. 7 If t+e )outer recei'es a packet TT9M14 /ust send a ti/e eBceeded error. ;c+o reGuest TT9 1
Ti e e%ceed error Ti e e%ceed error Ti e e%ceed error (cho re"la!

1estination unreac+able

TT9 2

TT9 4

14

TT9 3
Ti e e%ceed error

TT9 4
(cho re"la!

#rror message:
17 1estination unreac+able /essage pinging in unreac+able network. 27 )eGuest ti/e out pinging in I! +ot in t+e network.

/ Trans"ort La!er: (,)-: seg ent) 7 7 ain functions of transport la-er are seg/enting application data4 error reco'er- and flow control. ain protocols3 TC! " C1!

H Connection oriented !rotocol3 0as TC!2

7 )eGuire pre7establis+ed correlation between 2 ends before data transfer begins. 7 )eliable. 7 Consu/e /ore bandwidt+. 7 TC! uses a737wa- +and s+akes to setup a connection.

S-nc+roniLation S-n. " Ack. Acknowledge/ent 1ata transfer

/ 0onnectionless ,rotocol: (as -),)
7 1oesnEt reGuire pre7establis+ed correlation between 2 end points. 7 Non reliable. 7 Cse less bandwidt+.

/ ,o"ular T0,7-), a""lication: ,ort 42 ++' 21 23 2' 3' A? 1A1 AB A""lication $TT, $TT,# &T, #5T, telnet )N# )$0, #N5, T&T,

TC!

C1!

(rror 9eco;er!:
7 TC! pro'ides error reco'er- 0t+roug+ retrans/ission reGuest24 but /ore bandwidt+ consu/ing.

1$

7 7 7

Csing t+e seGuence and Ack. 5iel &111ds in t+e TC! +eader. C1! doesnEt do error reco'er- but less bandwidt+.

&low control:
7 7 7 <indowing 0/aBi/u/ of packets t+e sender can send wit+out recei'ing Ack. 5ro/ t+e recei'er2. T+e source can send F of seg/ents before +a'ing to wait for an Ack.

1&&& b-te

SeGuenceM1 SeGuenceM2 SeGuenceM3

Ack. 4

SeGuenceM4 SeGuenceM$ SeGuenceM#

& Port $ m'er:

Ack. $

SeGuenceM$

SeGuenceM# 7 !ort nu/ber enables t+e recei'er co/puter to know w+ic+ application to gi'e t+e data to. SeGuenceM, 7 Source !ort nu/ber _ 1&24 7 1estination port nu/ber 0&3 1&23 24 0well known port nu/ber2. & (CP )eader:

Src. port seGuence AC^

0a1le and connecti;it!: 1* #traight ca1le 3

1st. port

<indowing

7 Csed to connect 1T; to 1C;.

)T(: 1ata Ter/inal ;Guip/ent 0!C4 )outer2. )0(: 1ata Circuit 0or Co//unication2 ;Guip/ent 0Switc+4 6ub2.

TB1 TB2 )B3

)B1 )B2 TB3

)B#

2* 0ross o;er ca1le:

TB#

TB1 TB2

7 Csed to connect 1T; to 1T; or 1C; to 1C; TB1 TB2 )B3

)B1 )B2 TB3

)B1 )B2 TB3 1#

)B3

)B#

)B#

TB#

TB#

'* 9oll o;er ca1le: 7 Csed to Access C9I 0Co//and 9ine Interface2. 1 2 3 4 $ # , . . , # $ 4 3 2 1

Serial cable3 9outer anaging port Consol port auBiliar- port traffic port fast ;t+ernet port 5or 9AN connection serial port for <AN connection

2..asic 9outer C #witch 0onfiguration

&-,connecting by Console
1) ./% 0Internetwork Operating S-ste/23 7 T+at`s installed inside t+e router to /anage t+e +ardware its working on. 2) Co+figuratio+ file: 7 It`s a progra/ file t+at contains infor/ation for t+e router to tell it +ow to reac+ * respond. $ow to configure a routerD To access C9I4 use one of 3 /et+ods3 17 T+roug+ consol port3 7 1irectl- connected to !C. 27 T+roug+ t+e auBiliar- port3 37 T+roug+ t+e telnet co//and S1 secure de'ice /anager

!C

7 1ial up de'ice t+roug+ a /ode/ attac+ed to auBiliar- port.

!C

)outer
AuBiliarode/

Internet

Consol

Traffic

1,

2.2 Modes
1* #etu" 7 7 ode: 0b- default 1 using2
st

I!

5or Guick si/ple configuration 0I"N24 Guestion dialogue. To eBit it 0press ctrl D c2 or t-pe No. ode: 0t+e name of the router) ode: (enable /ode2

2* -ser )outer a

7 Si/ple /onitoring. '* ,ri;ileged

7 Include all co//ends in user /ode plus eBtra ad'anced /onitoring co//ends3
)outer a enable or 0en2 )outer b eBit )outer a +* 0onfiguration ode: ter/inal 0or press ctrl DL2 7 To define generic configuration on t+e router. )outer b configuration )outer 0config2 beBit )outer b

3* #u1 configuration

ode

9ine Sub config.

ode

Interface Sub config. b )outer 0config7if2

ode

)outer Sub config.

ode

b )outer 0config7line2

b )outer 0config7)outer2

Note:
7 ;Bit co//and to back one step but press ctrl D L back to pri'ilege /ode. )outer b s+ow run 0to display running configuration file2

Note:
aBi/u/ $ users can enter t+e router b- default in t+e sa/e ti/e b- telnet. NA5( )outer 0config2 b +ostna/e @@@ 0To set or change the name of the router2.

!assword
1.

&-/0asic administrative con"ig#ration * A host na e for the router. 0Config2 b +ostna/e NA5( @@@ * #et "assword to "ri;ilege )outer 0config2 b enable )outer 0config2 b enable ode. password secret

!assword @@@@@@..

!assword @@@@@@..

To make the password encrypted. Override the password command. * #et a "assword to consol "ort. )outer 0config2 b line con & )outer 0config = line2 b password )outer 0config = line2 b login

!assword @@@.
0to active the command2

Note: b 0No 2 * 0co//and2 auB 0to cancel the command2

* To login au%iliar!. )outer 0config2 b line & !assword )outer 0config7line2 b password @@@@@ )outer 0config7line2 b login
-To encrypt the password of consol, aux. and vty

)outer 0config2 b ser'ice )outer 0config2 b interface )outer 0config7if2 b no )outer 0config7if2 b no )outer 0config2 b no I!

password7encr-ption. 0To encrypt the password of consol, aux. and vty.2.

c6ow to assign I! address to an interface7

5ast ;t+ernet & or 0 s&4s14@..2 Subnet /ask I! )outer 0config7if2 b I! address @@@@ @@@@@@@ s+utdown. I! address. 0To cancel the IP2 0to stop the domain search2 do/ain7look up

Note:
Configuration /ode M global /ode )outer b s+ users )outer 0config2 bclear essage Nu/ber line @@@.. 0after sh Users to know the number front of IP of the PC2
1:

T+e co//and3 I!

subnet7Lero con &

0to use the first subnet

the last subnet after sub netting 2

)outer 0config2 b line )outer 0config2 b banner

)outer 0config7line2 b logging

s-nc+ronous 0to write the command in one line after ctrl!" 2 essage /otd H@@@@..H 0to make message of the day2

0H23 +elp features for IOS. 0c2 3 +elp for all co//ands a'ailable of t+is /ode. Co//and>c 3 TeBt +elp describing all t+e 1st para/eter obtains of t+e co//and. Cp arrow 0 23 recall t+e pre'ious co//and M 0ctrl D p2. )ig+t arrow 0 9eft arrow 0 23 /o'e t+e cursor forward in t+e current displaco//and wit+out deleting M 0ctrl D 52. 23 /o'e t+e cursor back in t+e current displa- co//and wit+out deleting M 0ctrl D b2. 0Ctrl Da23 to stop in t+e beginning of t+e line. )outer b s+ 'ersion

7 To display the version of the IO#. 7 To display the name of IO# file name. 7 Tell us about the router $%ow many serial, &thernet, '(), *lash, +,'()-. )outer b s+ )outer b s+ flas+ +istor0to show the content of the flash2. 0to show the last /0 commands wrote on the router2. 0to reload the router 1 restart2. C3d 5las+ 13d N%)A Configuratio n register OF 1# 7 bit 6ow to boat up I N T ; ) 5 A C ;
2&

)outer b )eload )O 6.< c+eck !ost

("ower of self test)

&-+ (o#ter and switc! !ardware )A IOS co//and IOS i/age file (ack up config. file 0 start up 2 17 flas+ 27 T5T! eBecuti'e Acti'e config. file
(9unning config.)

S-ste/ boot strap

( .ios )

)O

/on

buffers tables

( 9o

onitor )

37 )o/ /on

&F 21&2M1# bit

)outer b Cop)outer b write )outer b wr )outer b s+

)un /e/orstart

start

0to save from '() to +,'()2

0to show the content of +,'()2

&-1 0oot process and break password 7 )econfigure t+e register fro/ &F 21&2 to &F 2142. 7 Steps of password reco'er-3 17 Set t+e configuration register to b-pass t+e N%)A 27 <e will tr- to enter )o/ /on 0press ctrl D break2. 37 )o//on a confreg )o//on a reset 47 Iou will enter setup /ode4 press 0ctrl D c2 0 ake cop- start to run * edit to t+e password * /ake cop- run start2. $7 0Config2 b config7register
To reset t+e router 3 )outer b erase start

0 &F 2142 2.

&F 2142

&F 21&2

0to reput this value2.

0ack#p to ios

)outer b CopTo restore

flas+

T5T!

)outer b cop- tftp flas+ )outer b CopTo restore )outer b cop- tftp start b S+ I! ;ncapsulation Clock rate Ad/inistrati'e down down
Cp

start

T5T!

int br 0to display the status of the interfaces2. down down down
21

5ast ;t+ernet & Serial & Serial 1

Cp ;ncapsulation Clock rate

9outer E show controller * If we found it )0(. * If there is a "ro1le in the clock rate. rate A+222 9outer (config*if) E clock #2 or(s1)

Cp

(to know if its DTE or DCE)

We look at the third line and we will found )T( or )0( written.

(to configure the clock rate on the DCE)

Note:
Iou can access /ore t+an one router b- telnet and transfer or back b- press ctrlDs+iftD# and t+en press F. )outer b s+ sessions Nu/ber of a
session .............................

)outer b resu/e eCisco proprietar-a

&-. Cisco discover protocol 2CDP3 : 7 C1! disco'ers basic infor/ation about neig+borEs routers * switc+es. D Infor ation: 7 1e'ices Identifier 7 Capabilities list 7 !ort Identifier 7 !latfor/ 7 Address list )outer b s+ C1! >+ost na/e?. >w+at t-pe4 router or switc+ 0) or S2 > >9ocal interface * re/ote interface.? >t+e /odel of t+e de'ice?. >I! address?. nei 0to show the last information2

7 Sending C1! packet e'er- #& sec. 7 6old ti/e between 1.& sec * 12& sec. 7 $old ti e: T+e ti/e if t+e de'ices co/plete it wit+out recei'ing response fro/ t+e neig+bor4 t+e de'ice will re/o'e t+e neig+bor. TI5(

Note:
T+is ti/e decreases e'er- ti/e. )outerb s+ow C1! nei detail 0to show the information with the IP2
22

)outer 0config2 b no )outer 0config2 b C1! )outer 0config2 b C1!

C1!

run
TI5(

0to stop 23P2 0To change the timer2 0To change the hold time2. 04500 bps or multiple2. @@@.

TI5(@@.. ti/er

+old ti/e

)outer 0config = line2 speed ,ur"ose :

@@@.

&-4 (o#ting basics 5 Static (o#te 5 De"a#lt (o#t5 Dynamic ro#ting To direct datagra/ fro/ end7to7end on a network. )2 )1 )3

)4

)outing table

)outing table

)outing table

)outing table

9outing "rotocol F G# 9outed "rotocol

9outing "rotocol: 7 )esponsible for getting infor/ation about eBisting networks. 7 5inding t+e best pat+. ;B.3 )I!4 I8)!4 OS!54 ;I8)! @@@

9outed "rotocol:
7 )esponsible for data deli'er-4 encapsulation t+e data traffic. 7 assign logical addressing. ;B. 3 I!4 Apple talk4 I!F.

)outer b s+

I!

route

0to display the routing table2

* %tatic routi+g:
7 1irect connected 0 auto/atic wit+out configuration 2 t+e router learn t+e I! network address of its direct connected4 s-/bol in routing table f C g. * 0a+ual routi+g 1static): 0/anuall- configuration2 7 To define certain output interface4 t+e data can go t+roug+ to reac+ certain destination 4 s-/bol in routing table f S g .
)est. I, n7w

)outer 0config2 b I!
%tub +et&or2:

route

@@@@@ @@@@@@@@

#u1net

ask

6ut"ut interface

@@@@@@@@.

Network +as one router and one interface. !efault route: 23

To define certain output interface t+at data can go t+roug+ to reac+ an- unknown destination. 7 S-/bol in routing table fSH f

)outer 0config2 b I!

router

&.&.&.&

&.&.&.&Na @@@@@@@@@@.. e of the interface

6r i" of Ne%t ho"

I, of out"ut interface

Note:

8atewa- of last resort isn`t set b- default.

(%.: .8, (.order 8atewa! ,rotocol) )istance ;ectorLink state 9I, 6#,& I89, I#*I# $!1rid (I89,

)est.i"

#u1net

ask I, of out"ut interface

24

1-na/ic routing protocol

Interior 8atewa- protocol 0I8!2 6andless routing wit+in a single Autono/ous S-ste/ 0AS2
)istance ;ectorLink state 9I, 6#,& I89, I#*I# 3uto+o-ous %yste-: $!1rid (I89,

;Bterior 8atewa- protocol 0;8!2 6andless routing between a different Autono/ous S-ste/ 0AS2
(%.: .8, (.order 8atewa! ,rotocol)

Area or do/ain t+at works under single ad/inistrati'e control or using t+e sa/e routing protocol. 3d-i+istrati4e dista+ce: Nu/ber between & and 2$$ t+at indicates t+e belie'abilit- of t+e routing protocol. C3 & 0etric:1efine +ow good t+e route is. Routi+g table: 7 contain t+e best protocols and t+e best pat+. 7 5inding t+e best protocol 0+as t+e lowest ad/inistrati'e distance2. 7 5inding t+e best pat+ 0+as t+e lowest /etric2. )est.i" #u1net S3 0&3 direct interface4 13 neBt +op2 SH3 2$$

)outer 0config2 b I!
To c+ange t+e priorit-.

route

@@@. @@@@@ @@@@@@@.

ask I, of out"ut interface

A) 2 233 @@@@@@..

* !ista+ce 4ector routi+g:7 )I! 0)outing Infor/ation !rotocol2 1B2.1A4.12.2 1B2.1A4.11.2 1B2.1A4.12.2 1B2.1A4.1'.2

5&

S1

S&

S1

S&

5&

0 12 0 11

&2 #1

2 2

0 0

1 1 1 2 1 1 1 2

#2 2 #1 2

0 0

12 1'

#2 &2

2 2

12

&2 #1

2 2

0 0

#2 2 #1 2

0 0

12 1'

#2 &2

2 2 2$

0 11

9 11 9 12

#1 #1

1 1

9 9 9 9

1 2 1 1 1 2 1 '

#2 #2 #1 #1

1 1 1 1

9 9

11 12

#2 #2

1 1

7 )outers eBc+ange its infor/ation e'er- fiBed ti/e4 and send its infor/ation plus one +op. 7 )outers send full table update periodicall- on destination I! 2$$.2$$.2$$.2$$ out t+eir interfaces to ad'ertise t+e knowing routers. 7 Cse bell /an7 ford algorit+/ to calculate routing table. ?if 2 routers found4 put t+e best route 0lowest /etric2 in t+e routing table > * Co+4erge+ce : 7 It`s t+e state at w+ic+ a router understands t+e current topolog- of t+e network. )irect connected network * !isad4a+tages of dista+ce 4ector : 17 Slow con'ergence. 27 6ig+ bandwidt+ waste 0periodic update2. 37 Class full 0 t+e routing infor/ation does not include t+e subnet /ask2. 47 )outing 9oop. To sol4e t'e routi+g loop: 1) #"lit $oriHon: 7 )oute learns fra/e interface can`t be sent back on t+e sa/e interface. 2) 9oute "oisoning : 7 Instead of not ad'ertising t+e field route4 still ad'ertised4 but wit+ 'er- large /etric t+ose ot+er routers consider t+e /etric infinite and t+e route is in'alid. ') $old down ti er : 7 All routers ignore good routing infor/ation about t+at route until enoug+ ti/e is passing. +) Triggered u"date : 7 T+e router sends a new update as soon as a route fails. (9I,); 7 7 1

Class full protocol. 0 don`t care about t+e sub netting 2 (roadcast update o'er 3& sec. 2#

7 7 7 7 7 7

6old down period of 1.& sec. 0/aBi/u/ +op count M 1$2. )irect connected N7W I, etric M depend on +op count Support eGual load balancing 0load s+aring2. Ad/inistrati'e distance of )I! M 12& S-/bol in t+e routing table f) f. (9I,); 2

7 7 7 7 7 7 7

Class less protocol. Send update on /ulticast 224.&.&.: (roadcast update o'er 3& sec. 6old down period of 1.& sec. 0/aBi/u/ +op count M 1$2. Support eGual load balancing 0load s+aring2. Ad/inistrati'e distance of )I! M 12&

*0onfigurations of ri" I#! 1ol in the routing ta1le J9 J.

)outer 0config2 b )outer

)I!

)irect connected network

)outer 0config7router2 b network )outer 0config7 router2 b 'ersion )outer b s+ )outer b s+ I! I! route I! )I!

@@@@@@@@@@. 2
? to use 0)I!2'

0<e put t+is co//and to

>

e'er- connected network4 putting t+e /a]or network not t+e sub netting2.
2
, in this condition we can write the sub netting

0to show the routing table2. 0to show what happens2. 0to show what happens on the telnet2. 0to stop the debugging2.
1& 1$

protocols 0to show protocols2 /onitor

)outer b debug )outer b ter/inal )outer b C all

* .+terior gate&ay routi+g protocol 1.5R") 7 7 7 7 7 7 7 Class full protocol. (roadcast update e'er- :& sec. 6old down period of 2.& sec. etric M +ig+est (andwidt+ * lowest delaAd/inistrati'e distance M 1&&. aBi/u/ +op count M 2$$. Support eGual * non7eGual load s+aring.

0Cisco proprietar-2

2,

70onfiguration of (I89,).I#! 1ol in routing ta1le JI J.

)outer 0config2 b )outer I8)!
As nu 1er 1 to A33'3

)outer 0config7 router2 b network @@@@@@@@@@@

)irect connected N7W I,

@@@@@@@@.

)outer b debug /onitoring2 )outer b ter/inal

I!

I8)!

transactions.

0T+is command if we are on consol port for

/onitor 0this command plus the later command write if we are on telnet2

$dvantages o" distance vector: 17 Si/ple configuration. 27 9ow C!C utilit-. 37 9ow /e/or- usage.

%ink state ro#ting protocol:6

11 A

( 12 C 1$

9 11 12

S up up 1

A ( (

1:2.1#..1&.&

14

13

9 14 13

S up up

A 1 1 9S1( ( 12 11 C 1$ 13 12 1 13 14 A 11 1& 14 A 1& 14 ) 13 1$ 11 12 0

*1) Poi$t + to + Poi$t:

a) 3t start up:

17 ;ac+ router disco'ers its direct connected neig+bors using t+e 6ello protocol. 27 ;ac+ router will send 09SA2 9ink State Ad'ertise/ent to all its neig+bors telling t+e/ about its 9SA. 2.

37 ;'er- router recei'es t+e 9SA packet will take a cop- of it and send it to its neig+bors. 47 ;ac+ router will for/ a 9S1( 09ink State Ad'ertise/ent2 for all 9SAs. $7 ;'er- router will draw a link state treeh eac+ router will put itself as a root of t+e tree. #7 ;ac+ router will appl- S!5 0S+ortest !at+ 5irst2 to get t+e routing table.

Note:
At c+ange M a partial flas+ update. Open s!ortest pat! "irst 2OSP)3: 7 Classless protocol. 7 Ad/inistrati'e distance M 11& 7 . etric M 1& " (.< M cost.

7 Support +ierarc+al design 7 aBi/u/ +op count M unli/ited 7 Send update on /ulticast address 0224.&.&.$2. 7 9oop free topolog-. * "roble-s: 7 5lapping interface go up * down freGuentl- all routers will be bus- for rebuilding t+e trace. 7 So to confine t+e network in stabilit- OS!5 supports two +ierarc+al le'els3 !rocess I1 17 (ack bone area M area & 27 )egular area M 14 24 3@@@@.. 7 6ello inter'al e'er- 1& sec. 7 1ead inter'al e'er- 4& sec.
.Ack

N"w dest. I!

<ild card /ask

Note:
5or routers4 to be neig+bors /ust +a'e t+e sa/e3 12 area I1 *2) Broadcast ! ltiple Accesses *B!A): 4 22 6ello * dead inter'al.

* Designated router (DR) election: 7 1) is t+e router wit+ +ig+est3 Ip

@@@.

&3 2$$ 2:

17 !riorit- 0default M12 fra/e &3 2$$ 27 )outer I1 0)I12 a7 6ig+est loop back interface on t+e router 09ogical interface2.

)outer 0config2 b int loopback )outer 0config7if2 b I! address

* Router discovery:

@@@@ @@@@@
I!

Subnet /ask @@@@@@@@.

b7 6ig+est acti'e p+-sical interface on t+e router. 7 9inks are sent to t+e 1) * (1) 0backup 1)2 on /ulticast 224.&.&.# and 1) sent t+is to e'er- one else on seg/ent on 224.&.&.$
A#L 3.2.2.+22 kcA . Ack . kcA .Ack kcA . . kcA .

)1

3.2.2.+22 kcA

)1(
.

T+is router is failed / The configuration: )outer 0config2 b )outer OS!5 @@@@@.. N"w dest. I! <ild card /ask )outer 0config = router2 b network @@@@@@@. @@@@@@@. !ress I13 9ocal significant 013 #$$3$2
(1S9 ssecorp enO 1I !rocess I1

Area @@..

1(1S9

2(1S9

D Isolation on t+e sa/e router4 use 2 process I1 one for eac+ network I!. / Wild card )outer b s+ )outer b s+ ask: I! I! OS!5 OS!5 f&
&3 2$$

7 Continuous of &Es followed b- continuous of 1Es. nei int 0to s+ow t+e )I1 of t+e neBt neig+bor2. 0to displa- state of OS!54 1) or (1)2 @@@@. 0To c+ange t+e priorit-2.
3&

)outer 0config2 b int

)outer 0config7if2 b I! OS!5 prioritIp

@@@.

)outer 0config = router2 b router7id /6#,& ulti area:

A.9 (Area kRqTk{T T~s z}Ox Zj area z{T |}ZYR vOx interface vwZx Nm yV area ij klmn okZpj kRqTr oXYs tXm TuT (.order 9outer

)20config2brouter ospf 1 )20config7router2bnet 1&.&.&.& &.&.&.2$$ area & )20config7router2bnet 13.&.&.& &.&.&.2$$ area 2&
A.9 (Area .order kRqTk{T T~s t T~q os"f | N[TU XYx NTZ{T XY}q j Zj area ij klmT NT XUrT TuT (9outer Xj XT Nw vTx R TuT vn v SXYZnT q T P jq X kRqTr T~s tq area ij klmQ Rkj qT k kRqTr T~s yV .X}YO X}Ox XRnT X}Y} i{q iOZp{T iO A.9 router s ~{T 92 z kjnT T~s ~Y tnT

)2bs+ ip
os"f z O kq 11.&.&.& p{T ~s kq Nj os"f vT z y~{Tq k{T T~s q{T i} k

O O IA

11.&.&.& >11&"2&? 'ia 1&.&.&.14 &&34#3334 5ast;t+ernet&"&

q{T i} k{T T~s sXp 91 z kjnT XYx {q

13.&.&.& >11&"2&? 'ia 1&.&.&.34 &&34&31$4 5ast;t+ernet&"&

area ij klmT |x okZpj kRqTr yV 6#,& inter area ij kRqTr k kRqTk{T T~s tT z IA

)1bs+ow ip ospf neig+bor )1bs+ow ip protocol

rqX}{T kRqTk{T sXp}{ kjnT T~s N}{T mRk i XXO k{

)1bdebug ip ospf packet no v i{q kjnT Z T~s Xnq p{T i} XsTk |Z{T XXO{T TkZQ V Ow "acket NOpZ{ AS T~s [ ij XO Nj Xj Nmq wZ{T ~s XXO TkZn )1bs+ow ip ospf int f&"& mRk 1irect connected|RnT network ~OYZ I! vYOj wZx z $ello"acket X qT SX{T NPT ij )40config2bint f&"1 )40config7if2brouter ospf 3 mRk z{T [{T )40config7router2bpassi'e7interface f&"1 {q k[V kj Xl}{T T~s -Zxq WT Yx kjnT T~s SX{ {u qAd;ertise ent j x N}{Tq $ello"acket X ZO XYs .v Z}{T kRqTk{T xk}{ $ello {Xr Nk i{ X N vn O{T j NTZ{T ij kRqTk{T T~s i}Z ix kjnT T~s SX{ R A#.9 autono ous s!ste 1oundar! router

8NS3 kjTqnT ~s XZ {u N}{q |X kRqTk{ O[T{T Xp{T i Xjj v{ y~{T kRqTk{T sq

)20config2brouter ospf 1
31

)20config7router2barea 2& range ,&.&.&.& 2$$.2$$.2$$.& )20config7router2barea 2& range .&.&.&.& 2$$.2$$.2$$.&
Note t+at3 ,&.&.&.& and .&.&.&.& is t+e su//ar- of t+ese networks

'n!anced Interior gateway ro#ting protocol: 2'I7(P3

7 Cisco proprietar- protocol. 7 Send updates on /ulticast 224.&.&.1& 7 Class less * reliable. 7 Ad/inistrati'e distance M :& 7 5ast con'ergence3 use 1CA9. 7 )-AL: 1iffusion Cpdate Algorit+/. 7 S-/bol in routing table is 1. 7 Support /ultiple network la-er protocols 0I!4 I!B4 Apple talk2. 7 aBi/u/ +op count M 224. 7 Co/patible wit+ I8)!. / )-AL: 7 T+is algorit+/ store neig+bors routing infor/ation in local topolog- table. 7 If a pri/ar- routing fails4 1CA9 can take a back up route fro/ t+e topolog- table and place it in t+e routing table. / (I89, ter inolog!: 7 Neigh1or ta1le: table contains all neig+bors. 7 To"olog! ta1le: all route to all networks. 7 9outing ta1le: best routes to all networks. ( %uccessor 1%): 7 (est route 0in t+e routing table * topolog- table2. ( Feasible successor 1F%): 7 (ackup route 0in t+e topolog- table2.

/ 0onfiguration:

)outer 0config2 b )outer

/ Trou1le shooting:

AS @@@@. ;I8)!

)outer 0config7router2 b network )outer b s+ )outer b s+ I! I! eigrp eigrp nei

1irect connected network I!

@@@@..@@@@@@ 0to displa- neig+bors2 0to displa- S * 5S of topolog- table2 0to /ake it classless2.
32

topologauto7su//ar-

)outer 0config7router2 b no

(I89, KLMN OP QRSTUV MWXYT

Z 91 z{T s~Y XY{Xlj wx ... eigr" XO N}{T kRqTk{T iO XRnT kOpZ 9oute ,oisoning pj ij Z{

)outer0config2bke- c+ian a+/ed

k{T X}m ij kOlm U z yZwR tT i} ah ed X kOpR O SXpT |Y T~sq

)outer0config7ke-c+ain2bke- 1 k }m2 XZj qT SXpT2 )outer0config7ke-c+ain7ke-2bke-7string 1234 k }m2 XZj ij2 )outer0config7ke-c+ain7ke-2bint f&"& kpj XO XRnT Nq )outer0config7if2bip aut+entication /ode eigrp 1 /d$

klmT SXpT i} X}m 1234 tZ k{T }m

ke- 2 |Xl{T 0k{T }m2 XZ}{T t tT i}j XZ}{T XO N |{ kRqTk{T XwZ{T z{T s~ tnT

d3 Rk TZXq kRqTk{T z Nj eigr" ij klmT XY{ t tT i}j vn eigr"1 XRT z kOpZ{T Nx XYj

)outer0config7if2bip aut+entication ke-7c+ain eigrp 1 a+/ed

.X[TU |x |Z{T k{T }m q XRnT kOpZ{ ah ed Ow{T TZT vYj XY XYs { |Z{T XwZ{T O j XRnT x kpj v XRnT -T y~{T 91 kRqTk{T tT Y kRqTk{T O z kOpZ{T N { TuT XYs XO {q kRqTr kO z Xm TuT zZ su1net |x j |Z{T XwZ{T k vT yV ...su1net kO ijq kOpZ{T XO . kOpZ{T tT i}j vT z{T vZY XYsq #witch {X Z}{T XwZ{T z kOpZ{T q 91 z XYx X}m kOpZ{T vO Nq kRqTr N{ s~ tnT hosa T XsXYOT )3 |xq ali T XsXYOT 92 |xq ah ied Xm 91 |x lj k[T z{T kRqTr ij kOpZ{T X SX}V ZR .kOpZ{T X Nm |x X tR tT 012342 k{T }mq 0ke! 12 XZ}{T z{T Y{X i{q .kpj XRnT k}{T ~s i{q su1net ij O{ |Z{T XwZ{T j P ij XRnT UO Xs

)outerbs+ow ip eigrp interfaces detail Tq r kRqTk{T z kjnT T~s kR Y kOpZ{T O Tq kOpZ{T Xjq Rkj k[V vwZx wZx Nm k XYj |Z{Tq Xj}{T ~s XY{ k I!7;I8)! interfaces for process 1
F/it ueue ean !acing Ti/e ulticast !ending Interface !eers Cn")eliable S)TT Cn")eliable 5low Ti/er )outes 5a&"& 2 &"& #, &"2 2$# & 6ello inter'al is $ sec eNeBt B/it serial enone Cn"reliable /casts3 &"4 Cn"reliable ucasts3 .", cast eBceptions3 1 C) packets3 1 AC^s suppressed3 & )etrans/issions sent3 2 Out7of7seGuence rc'd3 & Aut+entication /ode is /d$4 ke-7c+ain is a+/ed Cse /ulticast 5a&"1 & &"& & &"2 & & 6ello inter'al is $ sec eNeBt B/it serial enone Cn"reliable /casts3 &"& Cn"reliable ucasts3 &"& cast eBceptions3 & C) packets3 & AC^s suppressed3 & )etrans/issions sent3 & Out7of7seGuence rc'd3 & Aut+entication /ode is not set Cse /ulticast

)irst 9op (ed#ndancy Protocols &-8

lj NAT mRqk O Njq p{T |x 0klmT i}j qT2)outer tXYT XY{ Xm TuT ... xXl qT rT |YR 9edundanc! }m v{ 9outer Nm X ... v} |Xl{T X}sT |x pj N TuXx N}{T iOjQR NPT ij {uq iOYnT z {X X |s RTUTTq T~sq X{ Zj getawa! tXYT XZ X{T |x km ij klmT { i~{T iOjZ}{T T~{ ... |Xl{T i Z I, iw {~{ N}{T pj yV |x N TuT vn k[ Tq getawa! z UX}ZnT {T Yq {u nq -Ow kO S| 33

vOPR ZO {~{ ... Zj i" v{ {X i{q qT kRqTk{T z{T vXpj {Xq TUTnT vO Nj |X 9outer z{T PXw |x Z XsYq 0Yj N{ XR wZx N{ Zji" v{ kRqTr Nm tX {T j2 ikRqTk{T m z{T Tq i" q k i vO{T iOjZ}{T sq iOYnT ij Tq kRqTr tjZ iOjZ}{T tT Nw y~{T XYsq ikRqTk{T N{ z}{T {T i" iOjZ}{T qkm t Ow 9edundanc! z} Xj T~sq k[nT kRqTk{T z OORXjRT r iOjZ}{T NwR ZO vOx pj N TuXx acti;e Xj i Z T~sq OORXjRT r k[nT NOZ {u ZOx qT |x pj Nw tT z{T NotActi;e k[Tq 0Acti;e2 Xx sT ij klmT2 qT kRqTk{T z T N} N TuT yV {T |x j t} ikRqTk{T tT |YR ~x Load .alance z} .X}{T vYj q k[nT kRqTk{T z T{T N}w{T |jk 0vZX 2 |s nmRqk{T ~sq sXTj |x O{T Z[nT j X kR vXpZj ORq O}{T ~s i {qj nRqk oXYs .x Tq mRqk NOR ... 0$#9, = G99, = 8L., 29ot6Standby (o#ter Protocol 29S(P &-8-, .Load.alancing n ... I!'# ...x 0isco mkp X[ sq X O klmTq |Ok{T sqLa!er ' mRqk sq N}Y X X XY}R Xj Nlj ip { wZx N{ UT tT Tq ip | p{T z TPk 92 q91 NYq kRqTr XY{ XY{Xlj |x ."ing N} k}ZO Ns kq X{T sq sT N q X j ikRqTk{T Nl} y~{T i" T~s z 9' ij "ing 91 z{T i" Uw tnT

)10config2bint f&"& )10config7if2bip add 1&.&.&.1 2$$.2$$.2$$.& )10config7if2bno s+

92 z{T i" Uw tnT

)10config2bint f&"& )10config7if2bip add 1&.&.&.2 2$$.2$$.2$$.& )10config7if2bno s+

9' z{T i" Uw tnT

)10config2bint f&"& )10config7if2bip add 1&.&.&.3 2$$.2$$.2$$.& )10config7if2bno s+ )10config2bint f&"& )10config7if2bstandb- 1 ip 1&.&.&.$&
.Ur z Nw vT kYq k[T z kRqTr yV ij "ing N}q k kjnT T~s XZmq 91 z{T Xs~{T k i 6S9! mRqk N tnT XYj XYPk[ XYm TuT wZ{T z {T

tT OX{T ~s vO NZ kRqTr Nm {~{ OX{T ~s |x okZpZ |Z{T TkRqTk{T Z |Z{T }}{T r z Tq r i" SX nq }}{T |x kRqTr Nm vOx okZpR y~{Tq iOjZ}{ z y~{T T~x i" XjT }}{T r |x t s~ tnTq 9edundanc! NOR R T~s ... G99, mRqk NOR {X |x nT p{T |x Zj i" qT kRqTr wZ X{T 12.2.2.32 z "ing N}q 9' z{T s~ tnT ... iOYnT z NOZ{T zZT Xsq {X vO T{T ~OYZ q 92 z{T X{T NOm R x N} y~{T s x Tq oXYs i{q ikRqTk{X X[ i" T~s ... {Xx OX{T ~s tR T~q Ur z NwYq N}{T ikRqTk{T z kjnT T~s ~Y |XOZnT Yj yTq X{T Yj yV xkj NPT ijq kXj r v} |XOZnT k[nT 3O{XZ{T XXO{T z NwYq OX{T ~s O

)1bs+ standb5ast;t+ernet&"& 7 8roup 1 }}{T r State is Acti'e X{T s vT XYs |YRq kRqTk{T {X 2 state c+anges4 last state c+ange &&3143$2 %irtual I! address is 1&.&.&.$& ikRqTk{T { XY ij SXT R Xj s T~sq Acti'e 'irtual AC address is &&&&.&c&,.ac&1
34

9ocal 'irtual AC address is &&&&.&c&,.ac&1 0'1 default2 6ello ti/e 3 sec4 +old ti/e 1& sec
Oj k[nT kZ |T 1& Ur Nw { TuTq }}{T |x vj ij pZ |{ s {Xr Nk |T 3 Nm vwj Nw sq

NeBt +ello sent in 1..32 secs !ree/ption disabled Acti'e router is local Standb- router is 1&.&.&.24 priorit- 1&& 0eBpires in :.#1# sec2 kRqTk{T wZ X{T i" s T~s !riorit- 1&& 0default 1&&2
zT k{T tXm X}x Acti;e s t tX zT {qT v{ ij z Uk} vO Nw k{T T~s ,riorit! rXOZ[X mRqk{T k{T ikRqTk{T |x Xm TuXx. 1&& OTkZxnT |s XYsq O{{qnT v{ Xm Acti;e X{T vqi" zXX

8roup na/e is +srp75a&"&71 0default2

|TkZxnT s XYsq }}{T T

3Xj}{T ~s XY{ kO kjnT X~q )2 z{T XYsu TuT XjT )2bs+ standb5ast;t+ernet&"& 7 8roup 1 State is StandbXx O{ yV UTZT {X |x s XYs 1 state c+ange4 last state c+ange &&31#324 %irtual I! address is 1&.&.&.$& Acti'e 'irtual AC address is &&&&.&c&,.ac&1 9ocal 'irtual AC address is &&&&.&c&,.ac&1 0'1 default2 6ello ti/e 3 sec4 +old ti/e 1& sec NeBt +ello sent in 2.:2. secs !ree/ption disabled Acti'e router is 1&.&.&.14 priorit- 1&& 0eBpires in :.1#4 sec2 X{T Standb- router is local !riorit- 1&& 0default 1&&2 8roup na/e is +srp75a&"&71 0default2

kRqTk{T tTY

z NT tT z{T |T 12 k[QZ 9' ij 12.2.2.32 z ping kjT ~Yq {X 91 k y~{T NO{T ~OYR [ ij {u k tT OZq Acti;e s 92 tO {u q Ur z Nw { TuT XskZY |Z{T }{T yV Ur #tand1!router is |s |Z{Tq XXO{T i} ij j}{T ~s kY {~mq ... 92 z shstand1! kjT .UTZT {X |x k[T kRqTr 0qkj kO2 Pn yV unknown wV {Xw{T tT Y s+ standb- kjT ~Yq 91 z{T X RkXj s~q #witch q 91 iOXj NO{T NOR O T~s U tT XUrT x ... Acti;e kj qT tXm Xj #tand1! z{T vwR R vT Y k[V kj kjnT ~Yq Speak wR XYO {~mq O{T ij zT vq,riorit! r kOOZ Acti;e X{T s rXPT rq X }TU 9outer kRqTk{T kO k[V kj UXq kZ{ j{T i ,riorit! zT X kRqTk{T R R TuT vT |YRq,ree "tion s X}YO Uwj OYj }{ N}{X SX{T vYj i{q X{T s -Oq j{T z{T UX vT tnT Xx s y~{T 3 91 z | X} {u N} NPT ij ... Acti;e r N}{T UqXO Xsq p{ j{T Xj}{T } ,ree "tion OX{ OYj{T }{T n qT Uw
3$

$#9, OX[ XO ~Y}{T wZ{T z {T

)10config2bint f&"& |Tl{X {T rTjq XOpR UTk}{T OX{T Xsq kRqTk{T T~s X{ |}ZY |Z{T }}{T r kmu )10config7if2bstandb- 1 pree/pt dela- /ini/u/ 2&& kjnT T~s ~OYR k i,riorit! s vR yuT |Xl{T S|p{T )10config7if2bstandb- 1 priorit- 11& k{T ij klmT k{T T~sq 11& z{T XskOOR R 1&& s y~{T |TkZxnT Np{T T~s z XwTq tTkOR ik oXYs kYq 91 z shstand1! kjT tnT ~Y !ree/ption enabled4 dela- /in 2&& secs N rXZnT q ij vYOOR R Xj T~sq XnT N}{ U{T enabled z{Tdisabled }m kOR q X}m !riorit- 11& 0configured 11&2 configured z{T default }m kOOR R {~mq 11& wVq !riorit- }O kOOR R XYsq
{u q #tand1! UO 92 U Yq Acti'e s 91 - #witch Z92 iO Xj NO{T tnT kZYO XsY91 k y~{T NO{T XPrX q Acti;e s )2 -O XsYq k[V kj 91 | N}{T NO{T z kjTqT ~OYR OZ {~m ... !riorit- zT X vn rXPT r Acti;e s 91 Uq OX 222 3Np{T T~q 92 z

)20config2bint f&"& )20config7if2bstandb- 1 pree/pt dela- /ini/u/ 2&& )20config7if2bstandb- 1 priorit- :& qnT

kRqTk{T ij NT }O XYOT

0{u Nn i{q2 |{XZ{T kjnT k i hold rXZnT j {~mq $ello {Xr Xrn {T |x kOOR i} {~m

)10config2bint f&"& )10config7if2bstandb- 1 ti/ers 1 $ n kO ij p{T XT z{T yUO T~sq ... |T $ |s hold jq OX 1 Nm 6ello tT XYj T~sq .kOlm NXr XrT k i
*((P 2*irt#al (o#ter (ed#ndancy Protocol &-8-& {~mq ;rr" Z stand1! XZm T Xj $#9, NOR k vOR k La!er' mRqk sq {Xr ... x 0isco O{ PT TV Nm z N} sq ...Acti;e 5aster X X{T kRqTk{T |} n ... I!'# n ...+old z{T iOj j v{ O{q OX 1 Nm 0XXO{Tq XlwZ{T Nm2Ad;ertise ent .Load.alancing &-8-/ 7%0P 27ateway %oad 0alancing Protocol jq OX 3 Nm $ello {Xr ... 0isco mkp X[ ... kRqTk{T z N} {u jq La!er 2 mRqk sq .Load.alancing ... I,;A ... |T 1& |s hold rXZnT

3#

&-: 0ack#p process Rqk sq T&T, v}T kZnT ij jXk NO}wZ nqV kRqTk{T TUTT N{ OXOZT v N} NPT ij OP jXk vn jXk{T T~s Z {X{T |xq ... -), ij mRqk sq ... TP kOlm jTk |x UPj 3Y{T T~s z{T s~ ... kO vZXjq SXm Tq

+ttp3""tftpd32.]ounin.net"
.jXk{T OYZ XY{ qY{T Y{ XY}{T rTXq standard edition NO}wZ kjT ~Y 1os X XY{ kZ Xs 9-N *[ 05) z{T Xs~{T k i vO N} y~{T X{T ip k O i lj 9outerc?222 Oq 8N#' jXk z{T s~ tnT XY{ X{T ip k T~q i"config N Om k |{ XjZ cloud kZq jXk{T rX }X{T ij Xw{T XP N z #witch {Tq qX}{X XO {T k i configuration X{ N}q vOx N} y~{T OOw{T Xw{T X kRqTk{T y{ p{T rXm iO |}sq Oq S| i rX |s cloud ~sq configuration kZq i}T qX}{T m z .kRqTk{T iOq |x XYPkZT y~{T i" N}w y~{Tq yX X{T p{T rXm kZ N qT ijq NI6(thernet ~xX qT ij XXP ij OZ {~q 0loud | {T Nq {X kRqTk{T N XYx T~q ... Add T i T{T .XY Nj |O kRqTr vXm9outer z "ing N} Slots XYj kZ ~xX XY{ kZ V TUTnT z{T [{T k Yq kRqTk{T z{T configuration N} {~m X[ |x T~s rXZ #lot 2: 0?222*I6*&( su1net ij kRqTk{T wZ{ i" SXX q Console wZx ij vO N[q kRqTk{T Npq YO X}Ox N 3k{T ~q p{T z tXYnT t |{ y{ p{T rXm

)10config2bint f&"& )10config7if2bip add 1:2.1#..1.4& 2$$.2$$.2$$.& )10config7if2bno s+

.{~m kRqTk{T z XYX ij qT Ur z N tT tT Ox XYZ rXm z kRqTk{T ij ping N} k "ing kjT ~OYR k i Ur z NwR { tQx Win\, O{q Windows ? z N}R Ym TuT 3}j j .X z O{XZ{T T{T ~OYR O Ox 1- Go to Control Panel->Network and Internet -> Network and Sharing Center, click Local Area Connection Link of the connection to change then choose 'Properties' !tton" #- Press the 'Config!re"""' !tton, choose the 'Ad$anced' ta to %odif& the ' IP V4 Checksum Offload' and 'TCP Checksum Offload (IPV4)' and 'UDP Checksum Offload (IPV4)'" DA9QR PF8; LMNO8; @IJK B;CDEFGH; ?@A => 9:;< 678 (- Changed the setting fro% )* and +* ,na le to -isa led so that the .S will co%p!te the checks!%" /- )e oot &o!r %achine after the setting changes"

)10config2b+ostna/e a+/ed a+/ed0config2benable secret 1234 a+/ed0config2bwr /e/

3O{XZ{T TUTnT vO ykq kRqTk{T z{T U kRqTk{T T XkO kRqTk{ k }m XYq 3iOZk oXYsq kRqTk{T z TUTnT t tnT 9A5 kmT~{T z TUTnT t[

a+/ed0config2bwr
3,

.NxT T~sq NG9A5 z TUTnT t{

tq TUTnT j t[ tXj Uw 0urrent)irector! X[ ij Y{T ij XY} y~{T T&T, jXk N vmkZq oXP ip kZ[T Ser;er Interface X[ ij ... 6] P r{x QpY ... |}wjq ijTq |{X[ tXj |x Vq kRqTk{T z{T s~ Tft"#er;er jXk{T ~xX ij rXZ ... Ser;er Xl} yXP N T~q X 3TUTnT kjTqV ~OYZ tft" jXk |x X[Tq run |x UP}{T TUTnT ij v ~[

a+/edbcop- run tftp oXP |x UPj Xj i" T~sqtft" jXk vO P y~{T X{T ip O Address or na/e of re/ote +ost >?c 1:2.1#..1.12& aaa Z q kR k[T T yV ZmT qT ah ed*confg nT T~ v[T Ns Q 1estination filena/e >a+/ed7confg?c aaa 1&&2 b-tes copied in 3.4,2 secs 02.: b-tes"sec2 XY t{T R .XY{ sT |s run TUTT X ... k{T ~xstartu" TUTT t[ XUrT TuT a+/edbcop- start tftp Address or na/e of re/ote +ost >?c 1:2.1#..1.12& 1estination filena/e >a+/ed7confg?c start 1&&2 b-tes copied in &.1$2 secs 0#$:2 b-tes"sec2
UTn t[ y~{T TUTnT j TZT i}Ox P kRqTr XYPq XYx qT kRqTk{T |x pj yV N TuT tnT ... T{T ~s k i {T kRqTk{T kRqTk{T z{T N[ wZ{T Y |Xl{T kRqTk{T Nq qT kRqTk{T Nq qT kRqTk{T Nq |X kRqTr 3vO ~Yq |Xl{T p{T su1net ij kRqTk{T wZ{ ip SX n qT

)20config2bint f&"& )20config7if2bip add 1:2.1#..1.41 2$$.2$$.2$$.& )20config7if2bno s+

|Xl{T kRqTk{T z{T s~ 0{T j vk y~{T NO{T XYsq2 qT kRqTk{T |x R N { tnT 3k{T ~q v[ R y~{T TUTnT j k i qT kRqTk{T TUTT vO ~Yq .kRqTk{T z{T XZ{T run z{T tft" jXk ij }{T Y yV X X XYZm Xj Z

)2bcop- tftp run .XXP |x UPjXj ip T~sq T&T, jXk yw y~{T X{T ip i XY{X Address or na/e of re/ote +ost >?c 1:2.1#..1.12& .v UTk}{T }{T T z Q tnT Source filena/e >?c Aaa .0;nter .. 2 012 kRqTk{T 022 |x UP}{T run z{T }{T T~s kR Ns OmQR 1estination filena/e >running7config?c
.XwZ{ }{T ip zZ {X qnXm {T kRqTk{T T~s TUTT tR |T |xq .iOZj irTnT tn Q{T NXr XY{ kR iOZj irTT ij ikRqTk{T tXm TuT }{T T~s Yx 1in. XsUTZjT t XY{T ... XY{T wR yV I6# y{ tXm TuT S|p{T 3Zq kRqTk{T z{T s~ q X{T X}{T PR O T&T, rX}{ r{x N[TU
9ocal I! 8lobal I! 3.

a+/edbcop- tftp flas+

.XXP |x UPjXj ip T~sq T&T, jXk yw y~{T X{T ip i XY{X

Address or na/e of re/ote +ost >1:2.1#..1.12&?c 1:2.1#..1.12& Source filena/e >aaa?c

1 : BB Na e of "ool

.kRqTk{T wZ V XsYq ;nter q }{T UTZjT j I6# j T v{ Z

#tart I, (nd I, #u1net ask #rc. I, #rc. Wild card ask

&-,; Network $ddress Translation: 2N$T3

T!"es of NAT: 1) #tatic NAT : Assign /anuall- public I! address to e'er- pri'ate address. 2) )!na ic NAT :

,ool Na e

T+e router is gi'en a pool t+at contains /an- I! address 0public2 and e'er- user tr- to access a public network will be gi'en an I! rando/l-. ') ,ort Addresses Translation (,AT): 7 All /ac+ines +a'e t+e sa/e public I!. 7 T+e source port nu/ber are used to differentiate t+e different connection so itEs /ust be uniGue. 7 T+is process called 0address o'erload2.

!assword

222.1.1.1

Internet

1B2.1A4.1.1 1B2.1A4.1.2 1B2.1A4.1.' 1B2.1A4.1.+

I! 1:2.1#..1.1 1:2.1#..1.1 1:2.1#..1.2 1:2.1#..1.2 1:2.1#..1.3

!ort 1&2$ 1&2# 1&2$ 1&2, 1&2#

I! 2&&.1.1.1 2&&.1.1.1 2&&.1.1.1 2&&.1.1.1 2&&.1.1.1

!ort 1&2$ 1&2# 1&2, 1&2. 1&2:

3:

H Configuration of NAT3
Inside 012 022 Outside

0Config7if2 b I! 0Config7if2 b I! 1* #tatic: 0Config2 b I! 2* )!na ic: 0Config2 b I! 0Config2 b I! b S+ I! NAT NAT NAT

NAT NAT inside

inside outside source static

9ocal I!

@@@@@ @@@@@

8lobal I!

pool

Na e of "ool

@@@@@ @@@ @@@

#rc. Wild card

#tart I,

(nd I,

net /ask
ask

#u1net

@@@@@.

ask

1 : BB #rc. I, 0Config2 b Access7list @@@ per/it @@@@

? @@@@@@@.>

inside

source

Na e list @@ !ool ,ool @@@@. O'erload

NAT translations

0to displa- w+o uses t+e NAT2

If !AT

#ecuring )e;ices -/ /-,Telnet and SS9 * #et "assword to telneting of the router for re ote configuration. )outer 0config2 b line & 4 !assword )outer 0config = line2 b password @@@@@. )outer 0config = line2 b login
!er/it 1en1en-

't-

0to active the command2

!er/it

sX{T k{T jTk T Np k{T T i}j yV kpj kO -k m ,lain te%t vn ijT kO kZ Telnet k i [{T ijT x ##$ 22 Rk TZT N T~{ ...kRqTk{T z{T sT~{T Xj}{T Z Z T~q kRqTk{T ip v{ Uwq 02 sniffing X}Tq .kpj vn klmT (##$ (#ecure #hell

qT Z ijnT XRnT T~s NOZ{q n

4&

)outer0config2buserna/e a+/ed secret cisco1234 }m i Z X}q [{T Y X ZO cisco12'+ |sq k }m X T N}q ah ed sq Z}{ T .v X{ O{q vk X{T telnet k )outer0config2bip do/ain7na/e a+/ed.co/ [ |sq nT T~s wR kRqTk{T ij U R mkp{ XR kRqTk{T T~s yVkRqTk{T Nm iOjqU T s T~s co . S| yV t nTq X} )outer0config2bcr-pto ke- generate rsa kp}{T XRnT TZT .!lease define a +ostna/e ot+er t+an )outer kOZj nT tXm TuT k n ~s tXjT ij Ym k[T T z{T |TkZxnT kRqTk{T T kOOR vT XYj Q{T T~s NnT |x )outer0config2b+ostna/e )OCT;) kRqTk{T T kOOZ{ )OCT;)0config2b cr-pto ke- generate rsa kRqTk{T T kOOR k[V kj T+e na/e for t+e ke-s will be3 )1.a+/ed.co/ C+oose t+e siLe of t+e ke- /odulus in t+e range of 3#& to 2&4. for -our 8eneral !urpose .^e-s. C+oosing a ke- /odulus greater t+an $12 /a- take a few /inutes vRUX i}q jr $12 z{T kp jr Nm O kOpZ{T s |{XZ{T T{Tq SS6 kOpZ{T NOpR R XYs $12 k{T X} 6ow /an- bits in t+e /odulus >$12?3 2&4. kOpZ{T rXOZ[T R XYs 8enerating 2&4. bit )SA ke-s4 ke-s will be non7eBportable...>O^? XY R kOpZ{T rXOZ[T co unication XRnT Xjj NY{ O{q configuring x TUT{ kOpZ{T T~s Option )OCT;)0config2bline 't- & 1$ XO{T ZR XVq XRT 1$ N XYs Src. I! <ild& card 00N, |x OR rR Zj XO X}YO |x 1$ |s O zTq |s /ask O NT H ar 1 134#34,.$1,3 SS67$7;NA(9;13 SS6 1.:: +as been enabled )OCT;)0config7line2btransport input ss+ kpj kO{T |q SS6 k i kp}{T XRnT Z tX telnet k i kRqTk{X NZ yV rXPT kp}{T kO{T XY{T z{T O T~s )OCT;)0config7line2btransport input telnt XZm i {~m )OCT;)0config7line2blogin local rX[ qT ZO ij NZ tT i} ijUT yV tn TP j kjT T~s p{T N[TU ij t tT XRnT k T~sq p{T kOZO}{T |x i{q ##$ k i XRnT rXZq ,utt! jXk k iq p{T |x X z{T s~ tnT Z !Cass+ 7l a+/ed 1&&.1&&.:#.1 L } k {X Open !assword3 cisco1234 k{T }m Z XYs /-& Network sec#rity: access control list 2$C%3
Nu/ber of AC9 Internet

1&.&.&.1 !er/it

1&.&.&.2 1en-

1&.&.&.3 1en27 den-.

1&.&.&.4 !er/it

7 3C s: are set of a co//and t+atEs grouped under certain nu/ber or na/e to control traffic flow. 7 AC9 can do one of two actions3 17 per/it - 3C co+figuratio+: 41

a7 create AC9. 7

b7 Assign t+e AC9 to certain interface.

aBi/u/ nu/ber of AC9 can be applied on eac+ interface is two 0one per direction4 per protocol2. In bound

7 In an inbound AC94 packets are processed before t+e- are routed to an outbound interface. Out bound 7 In an outbound AC9 0)outed and t+en pre'ented2. $C% processing: 17 State/ents are processed fro/ top to down. 27 Once /atc+ is found no furt+er state/ents. 37 If no /atc+ is found t+e packet will be dropped due to i/plicit den- 0 state/ent at t+e end of AC9 called den- an- 2. 47 At least t+ere /ust be one per/it state/ent in AC9 or ot+erwise all packets will be dropped. 47 In an- AC94 -ou canEt add state/ent between state/entsh an- new state/ent is added to t+e end of t+e list4 so t+e seGuence is 'er- i/portant.

A0L t!"e

Nu/bered Standard 13 :: eBtended 1&&3 1::

Na/ed Standard an- na/e eBtended an- na/e

(1) #tandard nu 1ered A0L: Standard nu/bered AC9 filter packets based onl- on source I! address in t+e packet +eader.

/ 0onfiguration:
Src. I!
)est I, )est wild card ask

Option

card /ask #rc I, #rc<ild wild card ask T0,7I, )outer 0 config 2 bAccess7list 1 3 :: per/it " den"rotocol @@@. . ? @@@@@@> .

Note:

;G M eGual 9t M less t+an 7 If I want to per/it or den- src I!4 onl- we write t+e wild8t card /ask as 0&.&.&.&2 or write M greater t+an @@@@@. > instead of wild card /ask.

? +ost

)outer 0 config 2 bAccess7list 1 3 :: per/it " den- +ost @ip@@. .

Note:
7 If I write t+e wild card /ask is 2$$.2$$.2$$.2$$ t+is eGual M an-4 0per/it or den- all networks2.

)outer 0config2 b int

s&
Nu/ber of AC9 42

)outer 0config7if2 b I! access7group (% 1 :

!er/it

@@@@@@@ In " out .

Telnet or

1:2.1#..1.1"24 S& Internet

e&

1en-

1:2.1#..1.2"24

)outer 0config2 b Access7list )outer 0config2 b Access7list )outer 0config2 b int

e&

$ $

denper/it

1:2.1#..1.2 1:2.1#..1.1

&.&.&.& &.&.&.2$$
AC9 na/e

)outer 0config7if2 b I! access7group (% 2:

Ser'er e&
)est I,

in
<ild card /ask 6ost e$Src I!e# Src wild card /ask

Src I! e3 eTC! e4 protocol 2 " I!

e1

1est wild card /ask ;G M eGual 9t M less t+an 1:2.1#..$.1 &.&.&.& 8t M greater t+an 1:2.1#..$.1"24

1:2.1#..1.1"24

)outer 0config2 b Access7list )outer 0config2 b Access7list )outer 0config2 b int

e&

$ $

denper/it

an-

)outer 0config7if2 b I! access7group

/ ,lace ent of standard A0L:

out

7 !lace I! standard AC9 as close to t+e destination as possible. (2) (%tended nu 1ered A0L : 7 ItEs /uc+ /ore fleBible t+an standard AC9. 7 ;Btended AC9 can /atc+ on3 17 Source I!* destination I!. 27 TC!"I! protocols 0 I!4 TC!4 IC !4 @@@2. 37 !rotocol infor/ation 0 port no. 4 IC ! /essage t-pe 2. CCNA Telnet or

/ 0onfiguration:
T0,7I, "rotocol )outer0config2bAccess7list 1&& 3 1:: per/it"den- @@@@.. )est I, )est wild card ask #rc I, #rc wild card

@@.. @@@@...

ask

?Operator Dsrc protocol infor/ation> @.@ @@@@.@@ ?OperatorD 1ST protocol infor/ation?
43

;G M eGual 9t M less t+an 8t M greater t+an 0Na/ed 0AC9 )outer0config2bAccess7list 1&& 3 1:: per/it

I!

an-

an-

0 to per/it all 2.
6ost

(% :
Ser'er e&

1,2.1#.&.&"1# e1 e2 e3 e4 e$ e#

1:2.1#..1.1"24

0)estrict onl- telnet fro/ 6ost to Ser'er2 )outer0config2bAccess7list 1#$ )outer0config2bAccess7list 1#$ )outer 0config2 b int )outer 0config7if2 b I!
e#

1:2.1#..$.1"24 Telnet or

den- TC! per/it I!

+ost 1:2.1#..$.1 +ost 1:2.1#..1.1 eG 23 anan-

access7group 1#$

in

/ ,lace ent of e%tended A0L 7 !lace I! eBtended AC9 as close to t+e source as possible. D If I want to den- de'ice fro/ ping so we deal wit+ IC ! not TC! or C1!. (') Na ed A0L:

> 0onfiguration:

)outer 0config2 b I! * If standard:

Access7list

standard " eBtended

Src I!

AC9 na/e

@@@@@.

)outer 0config7std7nacl2 b per/it " den- @@@@.. ? @@@.@@@@@ > * If e%tended: )outer0config7eBt7nacl2b per/it " den- @@@..........@ @@.@.. @@@@@@..
operatorDsrc pro info > @.@
)est I,

<ild card /ask

TC! " I! protocol

Src I!

Src wild card /ask

1est wild card /ask

@@.@@...@@?

operatorD1est protocol infor/ation>

;G M eGual 9t M less t+an 8t M greater t+an

Note:
7 7 In nu/bered AC94 -ou cannot delete certain state/ent4 onl- -ou can delete t+e w+ole AC9. In na/ed AC94 -ou can delete certain state/ent inside t+e AC9. 1:2.1#..13.1 1:2.1#..1.&"24 Internet e& 1:2.1#..1&.& 1:2.1#..11.& 1:2.1#..12.& 1:2.1#..13.& Internet 44

)outer0config2b I!

Access7list

eBtended I! an-

CCNA

@@@@ &.&.&.2$$

Telnet or

)outer0config7eBt7nacl2b den- TC! )outer0config7eBt7nacl2b per/it )outer0config2 b int

e&

1:2.1#..1.& an-

+ost 1:2.1#..13.1 eG 23

)outer 0config7if2 b I! access7group )outer b s+ )outer b s+ )outer b s+ I! I! I! int Access list Access list

CCNA

in

0to displa- t+e place/ent and direction of Access list2 0to s+ow state/ent of Access7list2.
0Na/ed 0AC9

Port Sec#rity /-/ N}{T z{T vk q O{T ij vj La"to" }{T tT i}}{T i}x p{ iOjQR oXYs i { TuT XmXZnT ~s ij p{T X} {~{ kOm rTkQ Zq XO{T NjXm v{q p{T z{T qT Y{T z [{Tq XT 0isco#witch Xlj .riand#witch |x O}{T X{T i}x ... TuT XTkZ[nT ~s XpZmT {~mq N Ox mkp{T Xw{ O{q kOR 5A0address tT #witch k tT Uk}x ,ort#ecurit! z yZwR NZpq mkp{T X r XPr Xq kjnT T~ }{T k Tu TuXj ... X RkXj #hutdown v{ N}q ,ort xk tmV tT P ij wZ{T NOpRq [{X ad in tT z{T #hutdown wZ{T zR ... yUX .,ort#ecurit! OX[ ~sq kjX kq ,02 tXj ,01 X TQ Y {u q ...,ort#ecurit! OX[ vO ~Yq X{T XY{Xlj z{T U .XwZ{T N ZO Om XO OZ{T UTk}{T XwZx Nm qT wZ{T z switch"ort odeaccess kjT ~OYR ,ort#ecurit! NOR N ,ortsecurit!

Switc+0config2bint f&"2 Switc+0config7if2bswitc+port /ode access wZ{T z iwq X}w{T OX[ |Z tnT Switc+0config7if2bswitc+port port7securitX Rk}{T Xw{T y~{T 5A0 XZm j wZ{T z X}w{T OX[ ~Y tnT Switc+0config7if2bswitc+port port7securit- /ac7address &&&1.42:&.&$C: .,ort wZ{T ~s N kO sX TuTq5A0 T~s N}w XP kR i{ wZ{T ~s XYs
config rXZ kR |Z{T ~xXY{T ij vO m N}q Xw{T z{T Xs~{T k i XY{Xlj ij 5A0 TkZT Z .5A0address N |x Yq &ast(thernet2 rXZ ~xXY{T rX }X{T ij kjnT T~s )os kjTqV ~xX |x ZYx iOjq{T i} i Xw{ AC xk}{ XjT

C3daget/ac "s 1:2.1#..1.1&3

.v{ 5A0 P UTk}{T Xw{X X{T s i" T~s .kjT )os X |x ZYx XYjXjT Xw{T tXm TuT XjT
4$

C3daipconfig all
{~{ ... XZ{T Y XOx Q{T O{X}ZT oXYsq p{T PV N{ 5A0address Nm } V tT T P j {X ~sq 5A0 qT w kjnT T~sq ... {T s stick! zYjq ... |{XZ{T sq Auto r 5A0 k[T kjT oXYs .wZ{X v{XT Z XP q

Switc+0config7if2bswitc+port port7securit- /ac7address stick3Np{T T~ tq Z}{T XwZ{T ij }j z kjnT T~s ~OYZ{ k oXYs XVq Switc+0config2bint range f&"173 3kjnT T~s ZYx Zj O{ XwZx z {T XUrT TuT {~mq Switc+0config2bint range f&"14f&"34f&"2
kjT X~q {u N { TuTq |{XZ{T kjnT ~OYR n qT ... Np{T T~ "ortsecurit! kjT ~OYR tO iOZ{Xw{T m |xq v{ Uw tT T~{qd!na ic"ort |s XwZ{T qT wZ{T {X tT XsUXj {Xr XY{ k kXj y~{T .access s wZ{X XRnT

Switc+0config7if7range2bswitc+port /ode access

~OYZ{T N Xm XwZ{T z X}w{T OX[ |Z |{ |{XZ{T kjnT

Switc+0config7if7range2bswitc+port port7securitwZ{X vOR R XP q Tk 5A0 qT q NORq X}w{T kjT ~Y tnT

Switc+0config7if7range2bswitc+port port7securit- /ac7address stick.k[nT z 0,01 = ,022 XP Nm ij "ing N} D`EWX @IJ[8; BDZFI8; c<h; gM[Q8Df eEf c<9d DJ8 ^`aEb _@8; ^>H; ;@A @IJU< P\E]^8; YZ[8; VWX TA@U n8; PWQI8; g9Q8; m8Di8; gM[Q8;< lZFI8; VWX D`WEk\K jM[\[8; MAC g9Q8 PUDi8; gM[Q8;< portsecurity ;s; lZFI8; VWX @IJEb ;sD> Y>DO8; gM[Q8;< qr9: PF8; BDp;^FGH; g9Q8 oR;^8; gM[Q8;< lZFI8; DA;^K PF8; MAC .t;^FG; 9d< S

Switc+bs+ port7securitX{T R Xm |Z{T wZ{X XP Nm r Oq ,02 q,01 iX{Tq #witch iO XRnT tnT N R vT kY ,02 z{T ,01 ij "ing N} k[T z{T wZ{T t{ wZR zZ 0OX 3&2 kZYq k[nT qT XrT yV XO Nw { tn T~sq k[T {TXj "ortf272 i{q k}T t{T z{T {wRq f27'T rx wZ{T ."ortf272 N ZO ,0' z ,02 ij "ing N} Uk}x XZT 3kjnT T~s Zq X{XT R |Z{T XwZ{T z XYmXj PT XPrT nqV N}{ "ort XPrT NPT ij

Switc+0config2bint range f&"273 Switc+0config7if7range2bs+ut XOpR O ijq "ortsecurit! kjT N ij XxXT R XT {q zZ wZ{T SXn shut kjT XYZm kjnT T~ k[V kj Switc+0config7if7range2bno s+ut
."ort |x l}{T 5A0address N}wR |Z{T PT XYPrT XYT kp N}{ UR T~q <; D |w<9w eFRDF{ zw^x =X. eFEuiK yK lvw^x _DR< BDZFI8; VWX qui[8; MACaddresses lf^Q> DUgC; ;s; S ^>H; ;@A TF7U $sticky

Switc+bs+ port7securit- address

5A0address |Xl{T U}{Tq port X{ |}ZY |Z{T Ok{T p{T r Glan r qT U}{T |x vOx qP kOx jX{T U}{Tq wZ{T tTY Tk{T U}{Tq wZ{T z vZOlR XOx R |Z{T k{T {Xl{T U}{Tq wZ{T z l}{Tq Z tT nT q{T T~s |x 5A0address kR n2 ... X{X wZ{T ~s z 5A0 T~s OX{ |Z}{T {T .0PT N ij XXO XZT qT XrT
4#

P8DF8; DJ8 ^`aEb D`IFb; l>~X ?9QR< ^>H; ;@A DJuF{ M8 }H;

Switc+0config2bint f&"2 c Switc+0config7if2bswitc+port port7securit- /aBi/u/ aBi/u/ addresses e17132a

yV wZ{T ~ XRnX X{ Z |Z{T 5A0addresses U Nl} XrT ~s iO Xj r ZmT |Y T~sq PT z{T Xs~{T k i {u Zq G6I, ij RTs r |x lj {uq XP ij klmT kR tT wZ{ i} z X T yZwq vOx |Z{T #witch wZx k i #witch {X v I,,hone XYj rXZq (nd)e;ices n tXm x 5A0address XP N{ iXP "ort k {~{q ... Xw{X NR ,0 z}R k[V wZx .wZ{T ~s |x pj NwR Tq 5A0 k tT n v{ -} lEW[X _. eUG yK _@8; ^E 0AC address ^w D>9JX port eR Mvw _@8; ;^dH; 9w9ZF8 ^G; ^>; DJw98 ^>H; ;@A zw^x =X 8s yFw< $t;^FG; S

c Switc+0config7if2bswitc+port port7securit- 'iolation protect Securit- 'iolation protect /ode restrict Securit- 'iolation restrict /ode s+utdown Securit- 'iolation s+utdown /ode
vOxq ... STkPnT |YR ;iolation }mq ... XO ~OYZ{T UTk}{T XwZ{T qT wZ{T z iwq kjnT ~OYR 3|sq vXpZj XkR sklmTq TrXOZ[T "rotect ^ 1rops packets wit+ unknown source addresses until -ou re/o'e a sufficient nu/ber of .secure AC addresses to drop below t+e /aBi/u/ 'alue ZO l}{T 5A0 XPrT Yq Zj 5A0address Vr tT wZ{T ~s k i XXO XrT .p{ Wk[ N vX Ad in T kO ij XXO{T XrT UX restrict ^ 1rops packets wit+ unknown source addresses until -ou re/o'e a sufficient nu/ber of secure AC addresses to drop below t+e /aBi/u/ 'alue and causes t+e Securit-%iolation .counter to incre/ent ZO l}{T 5A0 XPrT Yq Zj 5A0address Vr tT wZ{T ~s k i XXO XrT .p{ Wk[ N vX Ad in z{T T {Xr XrT j ij XXO{T XrT UX shutdown ^ !uts t+e interface into t+e error7disabled state i//ediatel- and sends an SN ! trap .notification v{ y~{T X{T XPrT R tTq zZ Xw{T |x wZ{T WT Z Wk[ N TuXx )efault |TkZxnT STkPnT sq .vOYR {Xr XrT j wZ{T |x l}{T 5A0address ^>H; ;@A TF7U ewCDud; ?CMR oot MA FwMb 6Qd S Switc+0config2bspanning7tree 'lan 1 root pri/arOX 3& z{T rXZnT z{T PXw{T tqU !%ST T OZ{ S Switc+0config2bspanning7tree /ode rapid7p'st

+. #witching
Purposes for using switching:

4,

- Breaks up collision domains - Cost effective resilient internetworking Switching services: - Hardware based bridging (ASIC) - Wire speed - ow cost and latenc! Switching limitations: - "ust break up collision domains correctl! - "ake sure t#at users spend $% percent of t#eir time on t#e local segment - Switc#es do not break broadcast domains b! default

Bridging VS. LAN Switching& Bridge Switch Software based Hardware based ASIC c#ips Have one S'( per bridge Have man! ow number of ports "an! numbers of ports - Bot# make forwarding decisions based on la!er ) address

6 Met!ods o" switc!ing: (1) #tore _ and _ forward:* 7 T+e switc+ forwards t+e fra/e after t+e co/plete fra/e is recei'ed. 7 C+ecking t+e 5CS4 if itEs t+e sa/e included in t+e fra/e4 forward it4 if itEs different4 drop it. (2) 0ut _ through:* 7 T+e switc+ stores t+e first 14 b-te t+en begins to forward t+e fra/e M pass t+roug+. 7 ItEs faster but /a- be switc+ing bad fra/es. (') &rag ent free: * 0 /odified cut7t+roug+ 2 7 T+e switc+ store first #4 b-te t+en begin to forward t+e fra/e. 7 To reduce t+e nu/ber of ;t+ernet run fra/es 0fra/es s/aller t+an /ini/u/ legal siLe of ;t+ernet fra/e2.

+-, Spanning tree protocol 2STP 3

A

1 ; 5 ain purpose of ST! is re/o'ing la-er 2 loops fro/ -our topolog-7switc+ingswitc+ing loop2.

7 Switc+es will use (!1C 0 (ridge !rotocol 1ata Cnit 2 to learn t+e topolog- of t+e network. 7 Onl- one pat+ can be taken fro/ one de'ice to an- ot+er de'ice. 1* .,)- is floated fro '* (;er! switch will for e;er! switch to all other switches. a data1ase fro all .,)-s (.,)- sending e;er! 2 sec). 4. 2* (;er! switch will take a co"! of .,)- C resend it to other neigh1ors.

+* #lectio+ of root s&itc': 7 ItEs t+e switc+ wit+ t+e lowest switc+ 0(ridge2 I1. 7 T+e switc+ I1 0. b-te2 is /ade up of 2 co/ponents3 a2 T+e switc+ priorit- 0default 324,#.2. b2 T+e switc+ AC address. 3* #lectio+ of t'e root port 1R"): 7 ItEs t+e best port on a non7root bridge or switc+ to reac+ t+e root switc+. 7 )oot bridge +as no root port. A* #lectio+ of desig+ated port 1!"): 7 ItEs t+e port +as t+e best port on eac+ 9AN seg/ent to reac+ t+e root switc+ 0+as least accu/ulated pat+ cost2. 7 All root switc+ ports are 1!. 7 If a tie 0 if bot+ are t+e sa/e in bandwidt+ 2 3 t+e port connected to t+e switc+ wit+ least bridge I1.

Note:
7 T+e bandwidt+ is con'ersel- proportional to t+e cost. 7 So least cost /eans +ig+ bandwidt+. 6- Fi+di+g bloc2i+g port 1B"): 7 (! is neit+er )! nor 1!.

Note:
All links are fast ;t+ernet M sa/e bandwidt+4 so we look at t+e / ,ort states: 1) .locking: 7 9isten and process (!1C to elect root port4 designated port and blocked port. 7 1efault is 2& sec. 2) Listening: 7 Still listening for (!1C and double7c+ecking t+e la-er 2 topolog-4 user traffic is dropped. 7 1efault is 1$ sec. ') Learning: AC address 0 least AC is t+e best 2.

b-te 4

7 Still listening processing * begins to eBa/ine t+e source address in t+e user fra/e updating its 9engt+ 1est. AC and Src. AC (!1C @@@@@@ New 5CS TA8 AC table but still not forwarding t+ese fra/es. 7 1efault is 1$ sec. +) &orwarding: 7 !rocess (!1C4 update AC table and forward user traffic t+roug+ t+e port. 4:

+-& *irt#al %$N 2 *%$N 3 ,ro1le : 7 If broadcast is found4 it will be flooded t+roug+ all t+e network because of single broadcast do/ain. #olution: using %9AN. / #olution using GLAN : 7 ;ac+ %9AN is a single broadcast do/ain. 7 ;'en unicast or broadcast cannot be forward in ot+er %9AN. 7 %9AN logicall- di'ides t+e switc+ into /ultiple independent switc+es at la-er 2. 7 %9AN can span on /ultiple switc+es. * -sing GLAN to:* 17 8roups users b- depart/ent 0 function 2. 27 )educe o'er+ead b- li/iting t+e siLe of eac+ broadcast. 37 ;nforce better securit- b- keeping sensiti'e de'ices on separate %9AN. GLAN connection t!"e: (1) Access "ort: 7 ItEs a port w+ic+ /e/ber in onl- one %9AN. 7 ItEs /ainl- a port t+at is connected to a !C.
Note:

ItEs unlogical to waste 2 ports for cable for eac+ %9AN. (2) Trunk "ort : 7 ItEs a port w+ic+ is /e/ber in all %9ANs.

+-/ *%$N tr#nking

trunking t!"e 0 fra/e tagging wit+ %9AN I1 2 1) Inter #witch Link (I#L): 7 IS9 is a cisco propriater- trunking /et+od t+at adds a 2#7b-te +eader and 47b-te trailer.

IS9 fra/e 2#7(-te 6eader

;t+ernet fra/e

4 7 (-te Trailer

GLAN I) 2) I((( 422.1B ( dot 1 <): nu 1er 7 ItEs a standardiLed trunking /et+od t+at inserts a four7b-te field into t+e original ;t+ernet fra/e and na e reco/puted t+e 5CS.

1est.

AC

Src.

AC

9engt+

@@@@@@. No. of ;lan

Original 5CS
$&

b-te 4 1est. AC Src. AC TA8 I, 9engt+ @@@@@@ #u1net ask

To put I! for %9AN

New 5CS

GLAN

Nu/ber of t+e port

/ GLAN e 1ershi"3

I)

(1) #tatic GLAN assign ent: !ort based %9AN 7 Assign certain port to certain %9AN /anuall-. 7 (- default all ports of switc+ in %9AN1. (2) )!na ic GLAN assign ent: AC based %9AN 7 Support plug * pla- /o'abilit-. 7 %9AN /anage/ent !olic- ser'er. 0% !S2 / GLAN trunk "rotocol: (GT,) GLANinfor/ation nu 1er across trunk port. 7 %T! is a Cisco proprietar- protocol t+at trans/its %9AN I, #u1net ask 7 Switc+ing /ust be in t+e sa/e do/ain to s+are /essage. * There are ' odes of GT,:
IS9 O)

Nu/ber of t+e port

IS9

or

na e #er;er 7 client 7 trans"arent I, of the interface which is connected to 7T" pru+i+g :7 ItEs a Cisco %T! feature used on trunk connections to d-na/icall- re/o'e %9ANs not acti'e between 2switc+es. 7 It reGuires all of t+e switc+es to be in ser'er /ode.

Switc+ b s+ Switc+ b s+

AC7address7table spanning7tree

0to displa- t+e

AC address table2

0to displa- root I1 * bridge I1 and status of ports )!4 1!2

$1

Switc+ b s+

%9AN brief
nu 1er

0to displa- %9ANs2 0 to create %9AN 2 05or na/ing 'lan2

Switc+ 0config2 b %9AN @@@@@@.. Switc+ 0config7'lan2 b na/e Switc+ 0config2 b int f&"1 /ode access 1
I, na e

@@@@@ access 'lan

Switc+ 0config7if2 b switc+port Switc+ 0config7if2 b switc+port Switc+ 0config2 b int %9AN Switc+ 0config7if2 b I! Switc+ 0config7if2 no To assign a trunk: Switc+ 0config2 b int

No. of ;lan

@@@@.

0To assign t+e port in 'lan2

To put I! for %9AN

address @@@ @@@@@@@ s+utdown

#u1net

ask

Nu/ber of t+e port 5& " @@@@@@@@@.

/ode trunk

Switc+ 0config7if2 b switc+port

Note 37 -ou need a router to connect different %9ANs. +-+ inter*lan 2s#b inter"ace on t!e ro#ter3 6n router: )outer 0config2 b int )outer 0config7if2 b no
@)outer 0config2 b int

5& I! address
IS9 O)

)outer 0config 7if2 b no

s+utdown

5&. 1 &r24 3 GLAN nu 1er dot1 @@@@@@@@.

)outer 0config7subif2 b encapsulation

I, #u1net ask @@@@@@@@ .@@@ )outer 0config7subif2 b I! address

Note:

I put I! address to t+e sub interface in t+e network of t+e %9AN network t+at connects to it.

6n switch: Switc+ 0config2 b int

Nu/ber of t+e port 5&"@@@..@@@@. /ode Trunk

na e

Switc+ 0config7if2 b switc+port Switc+ 0config7if2 b switc+port Switc+bs+ %T! status do/ain /ode Switc+ 0config2 b %T! Switc+ 0config2 b %T!

trunk

IS9

or dot1

0to /ake trunk port2 0to /ake t+e trunking2

encapsulation

0to s+ow status of %T! ser'er "client "transparent2 0To c+ange t+e na/e of t+e do/ain2 0State a /ode2
$2

@@@@

#er;er 7 client 7 trans"arent

@@@@..@@@@@@
I, of the interface which is connected to

Switc+ 0config2 bI!

default7gatewa-

@@@@@@@@@@@@@@..

0to set default gatewa- to t+e switc+2 .X{T XjTr z N} N} n |{ XU $ Nm q{T XZwj -j Z :`abcd ^Nb ;9OFb; }<g => ^[K Lg9Z> lEJ>8; L^FI8; PA< !"itch D`R ^[w PF8; idel l8D: D8; <; 9w9ZK =7[> S lZFf VWX MpM8; c~G => D`R y7ZF8; yFw< D |E]DvWK e8 lo#off lEW[X !"itch nW8 6Zw< eEf ^>;<h; $DJ8Di> T\:. ;@7A z]Dp98DR qpM8; 9w9ZK< Co$sole

Switc+0config2b line con & c Switc+0config7line2beBec7ti/eout e&73$,:1a Ti/eout in /inutes Switc+0config7line2beBec7ti/eout 3&

}{T T~s iOXj wR i}}{T X{T U OU t lj k ZYx O}{T ~s X XUrT TuT XjT

Switc+0config7line2beBec7ti/eout & kRqTk{T XwZx j N XYm X}m XO {X "ort wZ{T z{T [{T OZ Switc+0config2bint f&"1
&ast vn 12251"s XYs k{Xx ... k{T wR lj Uqwj X}wR i{q ,ort wZ{X wZ{T OZq i} x 1251"s XYs XZ}{Xx rTj y XOR i} n {~mq 1&& i XRUX i} (thernet 1T; 1C; 1C;n i{q XOR i} 1T; Np{T T~s kjnT Zq 3& qT ,& rXOZ[T

Switc+0config7if2bspeed 1&
Custo/er !re/iser ;Guip/ent 0C!;2 't!erc!annel +-1 T~sq 1251"s vZkq YO Trunk NOm kY T~q (thernet1251"s RXwZx Nmq #witch tXYT yY { ij klmT j {~{ kT XwZx |x P ykZpR tT mkp{T OXj |x oXYs O{q TP kOm z{T yU XYq TuT tnT iw ... XwZx . zT wmq tXYT zUT wm jUT tT OXj oXYsq Tq Trunk m Xj N}R |m wZx {Xw N}qLoo" {X Y}{ x T{ X}{Tq XxX #T, mRqk O Trunk ij klmT iOP{T iO NOm Xj Xm N}R XO T~q XwZ{T ~s z (therchannel mRqk NOZ {~{ 9edundanc! 3XpR{T T z T{T ~s ~OYR ~s k iq Tq Trunk 0x Tq #witch z ~YR2

Switc+0config7if2bspeed auto s |TkZxnTq

0C!;2

Switc+0config2bint range f&"173 Switc+0config7if7range2bc+annel7group 1 /ode on

. mRqk{T T~s wR N}R XX XwZ{T ~s kOXR sXpY s+ run kjT X~ TuXx ... X j N}R X{T Nm kZ Xs port )ast +-.
|Tl{T X I! z PT k[QR #T, mRqk UPx PT z I, p{T |x )$0, y{ tXm TuT z w{X NpR PV oXYsq I, z X{T Nw tT z OU ij klmT qT OU z{T N tT i}j k[QZ{Tq N}{T |x WkR r~T j | oXYsq ,ort&ast OX[ NOR )$0, ij I, z PT STUV kR NPT i}x ... #T, UPq I! TuTq wZx yV z OX{T ~s NOR i k y~{T k~wZ{T kR q Trunk ij XwZx z OX{T ~s NR tT ij .T P Ox 9oop | Z {u N z !ort 5ast OX[ N T~{ f27' z{T f271 ij Zj |s Trunk XwZx Xm O X{T XY{Xlj |x #witch XYjZT TuT 3Np{T T~q OZ}{T XwZ{T $3

Switc+0config2bint ra f&"4724 XwZ{T XU c Switc+0config7if7range2bspanning7tree portfast disable 1isable portfast for t+is interface OX{T ~s X XUrT TuT trunk ;nable portfast on t+e interface e'en in trunk /ode OX{T ~s NOR XUrT TuT
.XqU ij (nter z {Tq XZXZm i}j qT trunk XZm i}j vOR XUrT TuT

Switc+0config7if7range2bspanning7tree portfast trunk

| Zj XwZx z vOR ij r~w{X XkRq OX{T ~s XO N}{T XwZ{T U k~wR {Xr kZ tnT .rm~}{T TV ij

<arning3 portfast s+ould onl- be enabled on ports connected to a single +ost. Connecting +ubs4 concentrators4 switc+es4 bridges4 etc... to t+is interface w+en .portfast is enabled4 can cause te/porar- bridging loops Cse wit+ CACTION
3. Wide Area Network (WAN) Introd#ction to <$N 1-,
kZnT orXpZR O[T{T p{T |x PT NR tT kR qT kRqTr z kZnT NOR kR XjY n qT ... kZnT TV T sq 2X XOT XO |Z{Tq WAN nRqk XO NOR i}n (thernet XwZx tn ,ort#erial NkO wZx { OY{T k XXO{T NYR |{ X O[ }}j mRqk{T ~sq k[T z{T tXj ij XXO{T NYR |Z{T nRqk |sq 0 transitionWAN nRqk NOR NPT ij ... X T &i1er z OYj |Z{T X tT X } &i1er X TZT i}q X}m tZ{T |sq OZwZ{T N k nmRk .andwidth"rotocol XXWAN nRqk z q ..Serial XwZx y{ t tT kZpR WAN NRq YOj nX |x nT i" N}ZR n La!er2 i} N}R WAN nRqk tT s 9outing nRqk iOq XYO Wk{T XXO{T tT Z}{T Xp{T i}R 9outing"rotocol tT s k[nT S|p{Tq La!er ' i} N}R 9outing nRqkq ip TZT kO ij .NTZR Z}{T Xp{T N N[U X{ O{q k[T z{T tXj ij XXO{T NYZx WAN nRqk XjT X j NTZR .0&ra e9ela!= ,,,2 |s Xr |Z{T TV l{T z N}Rq XO XsklmT ijq WAN nRqk ij kOlm oXYs

1T;

1C;

1e/arcation point

1C;

1T;

Custo/er !re/iser ;Guip/ent 0C!;2

0C!;2

/ WAN connection t!"e: (1) )edicated lines: 7 T+e link is a'ailable all ti/es all dedicated bandwidt+. 7 No setup procedure before trans/itting data. 7 Onl- support point = to = point connection. 7 %er- eBpensi'e. 7 eB 3 leased line. $4

(2) 0ircuit switching : 7 !ro'ide dedicated bandwidt+ between 2 points. (ut onl- for duration of call. 7 ItEs useful back up connection. 7 Onl- support point = to = point connection. 7 eB.4 analog dial up 0/ode/2 * digital dial up 0IS1N2. (') ,acket switching: 7 ;ac+ 1T; de'ice connects to a Telco using a single p+-sical line wit+ possibilit- of being able to forward traffic to all ot+er sites 0%irtual circuit 2. 7 Support point = to = /ulti point. 7 eB. 3 fra/e rela- 4 AT 4 F2$

1-& <$N protocols 1-&-, 9D%C 29ig! %evel Data %ink Control protocol3
7 ItEs t+e default encapsulation on serial interface of Cisco routers. )outer 0config = if2 b encapsulation 7 !roprietar- protocol. 7 +as no option. +dlc

1-&-& PPP 2 Point = to = Point Protocol 3

7 Standard protocol. 7 !!! options3 17 Co/pression. 27 Call back. 37 ultilink. Cserna/e !assword 47 Aut+entication 0!A! * C6A! 2. /,A,:(,assword Authentication ,rotocol ) Cser na/e !assword Cser na/e !assword

Client Open connection Negotiate options 9C! !A! is ok Cser na/e * password 9C!

Ser'er

Link 0ontrol ,rotocol 09C!2

9C!

9C!

Cser na/e is 4 password is <elco/e 9C!

$$

Network 0ontrol ,rotocol 0NC!2

1ata flow

Note:

Cserna/e

!assword

7 !A! is a 27wa- +ands+ake process. 7 T+e source sends its user na/e * password in clear teBt. / 0$A, : ( 0hallenge $andshake Authentication ,rotocol )

Client
Cser na/e !assword

Ser'er Open connection Negotiate options 9C!

-ser na e ,assword

9ando

9C!

9C!

C6A! is ok Send user na/e * password 9C! 9C! 9C!

9C!

Cser na/e is )ando/ b ( output C+allenge <elco/e 2&& 3&& 1ata flow

9C! NC!
0$A, a 37wa- +ands+ake process.

7 C6A! uses one7wa- +as+ function based on t+e /essage digest 1&& 1&& $ 0 1$2. 2 Aencr-ption 0one7wa-1 C 3 )outer b +as+3 t-pe of encr-ption2. 3&& 2&&

/ 0onfiguration: (1) ,A,: A* 0lient:

5) switc+

0Config = if2 b ;ncapsulation 0Config = if2 b !!! .* #er;er: 0Config2 b Cserna/e 0Config = if2 b !!!
Cser na/e

!!! sent7userna/e @@@@ password !assword !A!

!assword Cserna/e !assword

!A!

@@@@.

@@@@. !!!

@@@@..

0Config = if2 b ;ncapsulation

aut+entication

$#

No. of 19CI 5ro/ 1#31&&,

S1 S&

1&&

# 2 # 1 # 2 # 1

2&&

2&&

1&&

$,

(2) 0$A,: On bot+3 0Config2 b Cserna/e

Cserna/e

@@@@. !!!

!assword !assword @@@@..

0Config = if2 b ;ncapsulation b debug !!!

0Config = if2 b !!! aut+entication aut+entication. 1-&-/ )rame relay 2)(3:

C6A! 0 atc+ ser'er wit+ client2

7 5) is a data link la-er packet switc+ing tec+nolog-. 7 5) supports /ultiple access tec+nolog- depending on t+e concept of 'irtual circuit 0%C2. 7 %irtual circuit 0%C2 is a logical connection between 2 de'ices. 7 5) wit+ %Cs is a good solution if -our router +as a single serial interface but needs to connect to /ultiple CISCO ANSI / )ata Link 0onnection Identifier ()L0I): .:33A 7 ;ac+ %C +as a uniGue local address called 019CI2. <A< destinations. 7 19CIs are a locall- significant.

(
2&& 3&&

1&&

A
2&&

1&& 3 3&&

19CI in 1&& 3&& 9A! = 53 fra/e rela-. 9A! = (3 F.2$ 9A! = 13 IS1N 5lag A)! AC In'erse A)! 19CI 19CI I! I!

!ort in 1 3

5) switc+

19CI out 2&& 2&&

!ort out 2 1

Control

t-pe

1ata

5CS

$.

H 9 I 0 9ocal

anage/ent Interface 23

7 Signaling !rotocol between router * 5) switc+. 7 ^eep a li'e * %C status. 7 9 I is local significant. D 9 I t-pe 3 International A/erican Cisco 1 = ITC 0.:33A2 2 = ANSI 0AnneB2 3 = Cisco 0default2
)outer 5) switc+
)0( )0( )T(

0onfiguration of &9:*

)outer
)T(

* 6n router: which we want to 0Config2 b fra/e7rela* 6n all : 0Config7if2 b ;ncapsulation * If an! of the * 6n &9 switch: 0Config7if2 bencapsulation

ake it &9 switch: 0to act a router as 5) switc+2. 0to displa- encapsulation 5)2 ietf
I!

switc+ing. fra/e7relafra/e7relaNu/ber HH

not 0isco de;ice (standard):

Nu/ber HH 0Config7if2 b fra/e7 relaintf7t-pe 1est. I!

1C;

0to displa- interface of 5)S as 1C;2

No. of Access list

* 6n router : ( on the interfaces of the routers No.). of 19CI 0Config7if2 b fra/e7relainterface719CI 0Config7if2 b fra/e7rela- /ap ip 7777dlci7777 77777ip7

;B3 1.& sec

p+one 5ro/ 1#31&&,

@@@@@

Note:
19CI fro/ 1# to 1&&,.
S1 S& 0Config2b Int

7 6n &9 switch : ee
1&&

0Config7if2 b fra/e7rela- route

2&&

.@@. Int @@@. @@. Int @@@.

# 2 # 1

# 2 # 1

2&&

@@@ @@@

0On t+e point 12 0On t+e point 22

0Config7if2 b fra/e7rela- route

1&&

Note:
$:

7 T+e interfaces t+at connected to t+e router can take I! address but t+e interfaces t+at connected wit+ 5) switc+ canEt take I! address because it beco/es deal wit+ la-er 2. 7 Take care t+at t+e all I!s are in t+e sa/e network.
)outer 5) switc+
)T( )0( )0(

5) switc+
)T( )0(

)outer
)T(

7 If we +a'e two 5) switc+es4 we will put one of t+eir interfaces 1C; and t+e Ot+er 1T; as s+own in t+e figure. > 6n all: Switc+ b s+ I! fra/e7relaroute. 9 I Switc+ b debug fra/e7relaSwitc+ 0config7if2 b fra/e7relaCISCO ANSI .:33A

01ispla- 19CI table2 0/onitoring for 9 I2 0To c+ange t+e 9 I t-pe2.

9 I7t-pe @@@@..

7 T+e 9 I t-pes are Cisco4 ansi and .:33A. 7 <e put .:33A in t+e co//and wit+out dot 0 :33A2. H Integrated Ser'ice 1igital Network 0IS1N23 7 IS1N is a circuit switc+ing digital dial up connection tec+nolog-. 7 ItEs a standard t+at define +ow 'oice * data connection can be setup across digital links. 7 It uses t+e so/e analog link of telep+one line4 using T1 H IS1N t-pes 3 12 IS1N ()I 0 (asic )ate Interface 23
2. > )

0 Ti/e 1i'ision

ultipleBing 2 to

di'ide single p+-sical c+annel to /ultiple logical c+annels.

T(1 (ter inal equi" ent t!"e 1) Nati;e IS1N ()I rate M 0 2 S K #4 2 D 1# M 144 kbps. I#)N Network Network I#)N (ri. 0 !ri/ar- )ate Interface 22 IS1N !)I 23 2 ter/ination t-pe 1 de;ice ter/ination t-pe switch 0 in A/erica 2 !)I"T13NT 23( D 1 T M 023K #42 D #4 MC 1.$44 /bps. NT1 2 S Connects /ultiple 0onnects !our 0 in ;urope 2 !)I"; 3 3&( D 21 M 03&K #42 D 02K #42 M 2.&4. /bps. 1 I#)N de;ice to de'ices toget+er 06ub2 ) Ter inal carrier network Non Ada"tor (TA) H 5unctional group and reference points37 (I#)N ode ) nati;e T(2 I#)N de;ice

( c+annel 3 0 1ata c+annel 2 carr- users data M #4 kbps. 0,( 1 c+annel 3 0 control c+annel 2 for call setup * call /anage/ent M 1# kbps.

#&

If we ha;e one T(

#7T .ri.

NT1

I#)N

ode : con'erts fro/ digital to analog or fro/ analog to digital. switc+7t-pe @@@@@@@@. @@@@@@@@@.. 0 as later 2

0Config2 b IS1N

0Config2 b Access7list 0Config2 b Int 0Config7if2 b I! 0Config7if2 b No 0Config7if2 b dialer 0Config7if2 b dialer 0Config7if2 b dialer (ri address

@@@@. !!!
Nu/ber HH

@@@@@@@.

s+utdown group @@@@@.

Nu/ber HH list @@@@. !rotocol @@@ I!

0Config7if2 b ;ncapsulation

9ist

No. of Access list

@@@.@@@

Idle7ti/eout I!

;B3 1.& sec

0Config7if2 b dialer /ap Route su--ari8atio+:

1est. I!

@@@@@@. Speed

@@@@

p+one

@@@@

7 ItEs t+e abilit- to +a'e a single I! address representing a collection of continuous I! subnets. 7 ItEs su//ariLing t+e I! subnets to a certain /a]or network I1. 3d4a+tage : 7 1ecrease routing o'er+ead. * Classless .+ter !o-ai+ Routi+g 1C.!R) 7 grouping of /a]or network I!s to a single CI1) block. 0config7if2 b bandwidt+ @@@. 0If we want to c+ange t+e bandwidt+ of t+e interface2

#1

.-Management Network Devices

2#.1D9CP 2Dynamic 9ost Con"ig#ration Protocol

XP X{ suT tT |} kO T~q 0XP $&&2 lj Xw{T PV ij kOm U ij vj p{T tR XjY {~mq OORXjRT r PT N{ i" SXX |{)$0, Z {~{ p{T |x XP N{ i" X[U Tq tT {uq )$0, j NmXpj XOx NwO Xmkp{T ij kOlm {~m iX{ i" SX ij mXZ Nw {~{ 0)#L9outer2 lj OORXjRT r XOx Nj )$0, t Xp{X X{T PT oXYs t tT kOxkO z Nj )$0, oXYs tXm TuT qT kRqTk{T z N}{T )$0, iOq vYO rXR Rk v y~ Xj T~sq askaddress q su1net z{T XYZxkj Yx ...p{T i} Tq )$0, oXYs t tT .vR i} y~{T U{Tq i" k[Tq ip qT xkj XYY} )$0, |Rq NjXZ{ sXP yV )$0, Rk vO Nj .!)efault XT s Xw{T |x p{T rXm tT O{T ij .vO )$0, NOZ{ XP N{ Xs~{ XZw x T~q )$0, Rk ij i" z{T Xs~{Tq ,ro"erties vX[ z [{Tq p{T rXm z{T Xs~{T Y q{T |x lj s Uw}{T rXOZ[nT tT Y (Internet,rotocolGersion + (T0,7I,+ .61tainanI,addressauto aticall! Zq kRqTk{T z{T s~ T~s XY{Xlj |x

)outer0config2bint f&"& )outer0config7if2bip add 1&.&.&.1 2$$.2$$.2$$.& )outer0config7if2bno s+

su1net Z}R wZx Nm kRqTk{T Y #u1net z tXZwZx Pn vT kRqTk{T |x j S| XY{ iw X ...Zj z yZwq ,ool z} i"range Nmq T{T )$0, |x Z{i"range ij klmT PqT tT ij |YY} T~sq XR |s |Z{T wZ{T ij k ,ool Nmq kRqTk{T z ,ool ij klmT PqT tT OZT |YT zY}5ask q su1net ."ool XO{T |}ZY |Z{T su1net z{T 3Z )$0, NOZ{ tnT

)outer0config2bip d+cp pool a+/ed

... config wj z dhc" NOR Z tT n qT .p{T tXj qT { T |R tT N N}{T |x X ah ed s XYs "ool z{T z}{T nT

)outer0d+cp7config2bnetwork 1&.&.&.& 2$$.2$$.2$$.& i" { Z{T Xq T Uw |{ i"range yV )outer0d+cp7config2bdefault7router 1&.&.&.1

ask qsu1net vX R XYs

.Z{ XYj kw |Z{T wZ{T tTY vO XYs |{ wZ Yx Nj kO dhc" Rk tT Y #i ulator N[TU XYnq XY{Xlj |x PT z{T s~ tnT .dhc" ij i" w O} z}R XYs i" z w{T O} OXr 1" -isco$er i w{ XpZT N} Xw{T XP p{T N[TU d+cp #" )epl&
#2

)$0, {X X{T i" s T~sq Xxq UPj vX p{X UPj tXm TuTdhc" N ij Uk{T O} (" )e1!est )$0, |x y~{T pool {T ij i" ij kRO}{T XP /" Acknowledg%ent i" vOq Xw{T XP z Uk )$0, 9e"l! O} |{ )$0, vjZ y~{T sq #, X}sq Tq O{q 0,ort2 r tXYT ZR O}{T ~s {~{ .)$0, ij i" z vk i NT y~{T #. |Xl{Tq kjnT T~s XZm k i {uq )N#ser;er )$0, NY XjT i" z N X{T tnT )outer0config2bip d+cp pool a+/ed XYPk[ XYm TuT"ool z{T [{ )outer0d+cp7config2bdns7ser'er 4.2.2.2 ... "ool T~s i} vR Z y~{T i")N#ser;er s T~s UXq )$0, Rk SXX Yx XY{Xlj |x Y{X XjT ... NOpR UX N}q Xw{T PV z{T s~ {u .)N# SX R vT kY Xs X XP Nm |x vOpR i" R tT i}nq ip X{ t tT Xmq 9outer ij klmT {~mq #er;er ij klmT p{T |x XY{ iw tnT {~mq }{T su1net i} ij i" T~s t tTq Xq ip X{ Uw tT yV -Ow kO T~x )$0, k i z{T XX Z |Z{T i" z{T UXZT Z tX )$0, z{T SX {~{ ... |X XP yV z{T vX Zn ..kjnT T~s k ii" ~s w {uq 9outers {~mq ser;ers )outer0d+cp7config2bip d+cp eBcluded7address 1&.&.&.2 1&.&.&.1& T~s i} ZR nq Xsw tT k |Z{T i"range j XYOT tnTq .... XYPk[ XYm TuT"ool i} N[ X .OORX}RqT r "ool R vT kYq X XP Nm |x vOpR UXq )$0, Rk SXX q Xw{T PV z{T s~ XY{Xlj |xq .Z}{T i" i} ij XX u[Q}{T i" tXm TuT Z}{T kO ij k[T vXTq i" kOOR kjnT T~s Z )$0, N ij v}{T i" sXp}{q )outerbs+ow ip d+cp binding SNMp .-& R k[ mRqk ij rj mRqk sq Tk}{T O} O{ 1:.. X SN ! {T mRqk kR |x V{T R i k[ mRqk SXPq Si/ple 8atewa- anage/ent !rotocol qV S8 ! v}V 1:., X kR C I! secure Co//on anage/ent Infor/ation !rotocol sqSN ! tXj Nw vT O}{T NXq Tq XX z N} vm X{T z V Np vZO{Xx V SN ! {T tm TkOlm q { kO[T i{ iO} z{T SN ! {T mRqk Ow{T |xq Network co/ponent2p{T Xj TV O}P j N}{ |Xl{T {T XjV {T X{T 4Z{T 4kRqk{T Nlj vZTkj UTk}{T X{T XYs sq kxkO{T qT Agent zq qT {T Agent {T ij XXO{T Z y~{T X{ sq NO}{T qV Network anage/ent Station 2N S

SN ! {T N} Om
Application 9a-er X{T {T nmRqk V s mRqk{T T~s tV |sq Xxk tT zZ{T OXnT SXOT z nqV ZY{ |sq NO}{Tq kxk{T iO NTZ{ NXk{T ij TV }[ Z sq 1#2 * 1#1 r{T [ ijq Xr{ C1!"I! {T Zq 8;T4 8;T7N;FT4 8;T7);S!ONS;4 S;T4 and T)A! X}mq 8et7)esponse N z }{T Nk rq sq Agent {T z{T 8et /essage XrQ Tk}{T V tT NO}{T k XjYx jUX{T r{T ij k

#3

TkOOZ}{T ij }{T z w{T |x kq Tk}{T O} XZ tV k XjY |x 8et7NeBt {Xk{ Y{X XjV

}O kOOR kxkO{T z kOOR yV q X |x wR Z S|p{ Xj Agent {T ij |{ NO}{T N ij NkR Set {T {Xr

sq 9ink 1own"Cp2 N}{T i r R lj Tk}{T X{ |x Xj S| q X |x Agent {T N ij NkR Trab T {Xr 1#1 r{T z NkR NXk{T |X X}YO 1#2 r{T z Xk {Xw{T ~s |x

N[V{T ij SN ! {T N} Om XY{ kpR jUX{T r{Tq

#4

I( |x vq NO}{T ij {T ~[Q Agent {T tV XY{ -Zq NO}{T z{T }{T Xj}{T XrQ I( {T rqq anage/ent Infor/ation (ase Zj TrTV SN ! {q SN !'1 SN !'2 SN !'3 {Tq |RrO{Tq ijT rjV { xXX kmV Xjj N}wR OZR zZ{T 8et7(ulk | 8et7NeBt TZT R |Xl{T rTT |x rjT xXV R x 2&&4 X ~Yj |{Xw{T XYZq |x Z}{T sq {Xl{T rTT XjV 1::, X rT R q Tk}{T TO}j ij Nlj Aut+entication !ri'acaccess control y~{T r}{T Z}{T |X}{T jXk{T T~s N}wR tV Y} i{ X{T vRTO}j v{ jXk N{q TP kOlm |x jZ}{T jTk{ Y{Xq {X O Z{T qV kRqk{T [ ij kR zZ{T OxTkZ{T httposs.oetiker.chmrtg XYs ij vO}wR OZR kO PkZj z{T XZw qYq z vZOlZ{q httpstrawberrySperl.googlecode.comfilesstrawberrySperlS./0././.msi O{XZ{T kjTqT XZ Rq 0O2kRqk{ s~Rq kXj |{T z jXk{T i {T R kO OlR CiscoEs IOS interface 5ast;t+ernet1"&

ip address 1:2.1#..1.2 2$$.2$$.2$$.& no s+utdown dupleB auto speed auto sn/p7ser'er co//unit- networkset )&
|{XZ{T }{T z N[UV q{T ij Xs 1os Co//and C3d/rtg72.1#.3dbin |{XZ{T kjT XZ q 1os Co//and perl cfg/aker networkset1:2.1#..1.2=global f<ork1ir3 c3dwwwd/rtgg =output /rtg.cfg kjT T~s ZmV jXk{T NOpZ{q 1os Co//and perl /rtg /rtg.cfg 6t/l j sXpR C3dwwwd/rtg z{V vPR Xsq kj qV vOpZ } X |x |O S| T~sq SX[T kR Tk}{T X{ OXT sXq vwZ

X{T kjnT ~OYZ OX kj XZY{T wZ R |{q 1os Co//and perl /rtg /rtg.cfg {T |Vq }O{T [ ij kRqk{T j vkRq 9oopback Interface N} R tV OXj Nm 8NS3 z }{T kR UrV {q O{XZ{T r{X -j s X}m 1:2.1#..1.1 |nT 9oopback

#$

>NTP >Network Time Protocol .-/

Set t+e ti/e on t+e de'ices 'ia NT! ser'er To s+ow ti/e on t+e router )outerbs+ow clock To set t+e ti/e on t+e router /anuall)outerbset clock ++3//3ss 1a- ont+ -ear 9ike )outerbset clock &.3&&3&& 12 ]an 2&14 To set t+e NT! ser'er and /ake routers update ti/e auto/aticall-

And configure t+e routers to take ti/e fro/ NT! ser'ers )outer0config2bntp ser'er 1&.&.&.1 ip of ntp ser'er

.-+ Syslog klmT P XT&T, jXk k i Xq 9outer z yk Xj Nmq TT NOR vZOq mRqk sq #!slog ~xX oXYs Y T&T, jXk X z{T XYsu TuXx ... skT s T~s i{q T&T, kO NOZ{ jXk ij 3Zq kRqTk{T z{T s~ tnT ... #er;er
##

a+/ed0config2blogging 1:2.1#..1.12& .XXP |x UPj Xj ip T~sq T&T, jXk yw y~{T X{X X{T ip T~s a+/ed0config2blogging on .XXO{T N V jXk{T tXx XZ { tTq zZ {T ~s z{T yUO T~sq kRqTk{T )A z XXO{T iR Z T&T, jXk z{T {T |x pj N TuT XjT 3kjnT T~s k i j{T ~{ jZ}{T X}{T wZ Y T~{ Tk{T Xj oZT a+/ed0config2blogging buffered 1#34. .T P }j [ ~sq Tk{T z XXO{T ~s t{ Uw}{T X}{T Om1#34. 3kjnT T~s ~OYZ Yx kRqTk{T Tr z X[ R |Z{T TnT sXpj XUrT TuT XjT a+/ed0config2bs+ logging N[TU XsUXT i} T{ Xj t[ R vT #!slog#er;er ~xX |xq T&T, jXk z{T Xs~{T Y {~m XsO}R i}q {T |x kRqTr ij klmn TT iR i} {~mq vOx X{T X}{T t[ R y~{T }{T .fro U} wR P y~{Tq r}{T ip k i Net)low .-1 XXO{T NOwZ jXk{T T~s q ... #olarwinds mk |sq Xp{T jTk{T Xmk kT ij mkp{ jXk{T T~s Zq kZnT z{T s~Yx OXj kZx |x i{q |Xj O{ sq Y{T ij T~s jXk{T N}w ... TnTq R Xsq RXjj XZ{ w kR NO}wZ{T Y{ rXZq solarwinds realti e netflow anal!Her .jXk{T NO}wR z jXk{T j |x nT ~s z {T k i jXk yQm N vOYR kq vOYZ jXk{T NO}wR .jXk{T Np Xs #olarWinds9ealti eNet&lowAnal!Her 3kjTqT ~s [ ij UTX Vq kRqTk{T z{T s~ tnT a+/ed0config2bint f&"& a+/ed0config7if2bip route7cac+e flow .wZ{T ~s z Netflow XYx iw T~s 3XXO{T ij vOZ tT k Xj rXZq kjnT T~s Z tnT c a+/ed0config7if2bip flow egress ;nable outbound Net5low wZ{T ~s ij PrX{T XXO{T NOZ VT ingress ;nable inbound Net5low wZ{T ~s ij [T{T XXO{T NOZ VT /onitor Appl- a 5low onitor to t+is interface a+/ed0config7if2bip flow egress a+/ed0config7if2bip flow7eBport 'er $ $ s knTq $ q : tTrT oXYs a+/ed0config2bip flow7cac+e ti/eout acti'e 1 OU 1 Nm TnT NOZ VT a+/ed0config2bip flow7cac+e ti/eout inacti'e 1$ kZT Xjj T ZR {q OU 1$ rqkj TuT Yj XRnT a+/ed0config2bip flow7eBport destination 1:2.1#..1.1&3 :::# i{q :::# X O klmT s T~sq !ort yV [ ijqX{T ip SXX XXO{T NOZ O XP yV z v{ Uw NnT |x Netflow jXk ~xX |x Listen on "ort X[ |x UPj v s !ort T~s t tT a+/ed0config2bip flow7eBport source f&"& |x wZx yV ij kR XXO{T v{ Uw tnT kRqTk{T r z zT ijq wZ{T Uwq XO Yx wZ{T XXO Pq vT Y Netflow jXk z{T s~ tnT XXO Nm NOR Vq NO XXO{T j XOx k kZT wm ~xX XY{ kR |{ #tart &low 0a"ture .kRqTk{T z wR |Z{T
#,

7(' T#nnel .-.

8eneric )outing ;ncapsulation 08);2 is one of t+e a'ailable tunneling /ec+anis/s w+ic+ uses I! as t+e transport protocol and can be used for carr-ing /an- different passenger protocols. T+e tunnels be+a'e as 'irtual point7to7point links t+at +a'e two endpoints identified b- t+e tunnel source and tunnel destination addresses at eac+ endpoint. T+e below diagra/ s+ows encapsulation process of 8); packet

0onfiguring 89( Tunnel

To create and 'erif- t+e 8); tunnel between t+e two networks.)1Es and )2Es Internal subnets01:2.1#..1.&"24 and 1:2.1#..2.&"242 are co//unicating wit+ eac+ ot+er using 8); tunnel o'er internet.(ot+ Tunnel 3 interfaces are part of t+e 1,2.1#.1.&"24 network.5irst step is to create our tunnel interface on )1 and )2 91 92 )10config2b interface Tunnel1 )10config7if2b ip address 1,2.1#.1.1 2$$.2$$.2$$.& )10config7if2b ip /tu 14&& )10config7if2b ip tcp ad]ust7/ss 13#& )10config7if2b tunnel source 1.1.1.1 )10config7if2b tunnel destination 2.2.2.2 )20config2b interface Tunnel1 )20config7if2b ip address 1,2.1#.1.2 2$$.2$$.2$$.& )20config7if2b ip /tu 14&& )20config7if2b ip tcp ad]ust7/ss 13#& )20config7if2b tunnel source 2.2.2.2 )20config7if2b tunnel destination 1.1.1.1 #.

Since 8); is an encapsulating protocol4 we ad]ust t+e /aBi/u/ transfer unit 0/tu2 to 14&& b-tes and /aBi/u/ seg/ent siLe 0/ss2 to 13#& b-tes. (ecause /ost transport TCs are 1$&& b-tes and we +a'e an added o'er+ead because of 8);4 we /ust reduce t+e TC to account for t+e eBtra o'er+ead. A setting of 14&& is a co//on practice and will ensure unnecessar- packet frag/entation is kept to a /ini/u/. After configuring tunnel4two tunnel endpoints can see eac+ ot+er can 'erif- using an ic/p ec+o fro/ one end. )1b ping 1,2.1#.1.2 T-pe escape seGuence to abort. Sending $4 1&&7b-te IC ! ;c+os to 1,2.1#.1.24 ti/eout is 2 seconds3 Success rate is 1&& percent 0$"$24 round7trip /in"a'g"/aB M 1"2"4 /s <orkstations on eit+er network will still not be able to reac+ t+e ot+er side unless a routing is configure on eac+ router.6ere <e will configure static route on bot+ router. 91(config)E i" route 1B2.1A4.2.2 233.233.233.2 1?2.1A.1.2 92(config)E i" route 1B2.1A4.1.2 233.233.233.2 1?2.1A.1.1 Now bot+ networks 01:2.1#..1.&"24 and 1:2.1#..2.&"242 are able to freel- co//unicate wit+ eac+ ot+er o'er t+e 8); Tunnel .

.-+ Intro to *PN

allows connecti'it- to pri'ate networks across t+e Internet4 enabling pri'ac- and tunneling of non7TC!"I! protocols. T+is i/age s+ow access to t+e re/ote network ser'ices and ser'ers as if /- +ost were rig+t t+ere on t+e sa/e %9AN as /- ser'ers.
virt#al private network 2*PN3

(enefits of %!Ns 1. Security %!Ns can pro'ide 'er- good securit- b- using ad'anced encr-ption and aut+entication !rotocols like I!sec and SS9 2. 0ost #a;ings not like t+e traditional leased point7to7point lines #:

3. Scalabilit4. 0o "ati1ilit! with 1road1and technolog! (ncr!"tion techniques to G,N 1. #! etric encr!"tion like 1ata ;ncr-ption Standard 01;S24 Triple 1;S 031;S24 and Ad'anced ;ncr-ption Standard 0A;S2. 2. As! etric encr!"tion like )i'est4 S+a/ir4 and Adle/an 0)SA2 I"sec secure data trans/ission o'er an I!7based network and functions at t+e la-er 3* 7can`t be used to encr-pt non7I! traffic. T+is /eans t+at if -ou +a'e to encr-pt non7I! traffic4 -ou`ll need to create a 8eneric )outing ;ncapsulation 08);2 tunnel for and t+en use I!sec to encr-pt t+at tunnel 7securit- protocols used b- I!sec are Authentication Header (AH) and Encapsulating Security Payload (ESP).

IPv. -4

,&

,1

)est. I,

,2