Ccna Note 1gy3m
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report 3i3n4
Overview 26281t
& View Ccna Note as PDF for free.
More details 6y5l6z
- Words: 12,616
- Pages: 127
IP Address N OSI Layer
P
Layer 2
P
M
Layer 3
P - Class A , Class B
language)
Class
Class C
IP
Decimal (human
Binary,Octel and Hexa (Machine Language)
Decimal to Hexa and Binary
M -
-
-
-
-
0000 0000-0010 0100-1000 1 b
-
-
-
b
b 8 bit = 1 Byte 1024 B = 1 Kilobyte (KB) 1024KB = 1 Megabyte (MB) 1024MB = 1 Gigabyte (GB) b
b
P
P
b
-b
N
b
-b
-b
P
P
Class A = 1.0.0.0 to 126.255.255.255 Class B = 128.0.0.0 to 191.255.255.255
CCNA 640-802
Page 1 of 127
P -
P O
b
P
IANA (Internet Assigned Numbers Authority) P
N
P
High Order Bit b
b
b
b
b b b (Loop back address b
b
b
N
b
b
b N
N
N
N
O N N
b
O N
b
N
Private Address
CCNA 640-802
P
N
Page 2 of 127
P
L
O
P P P
P
P
N P
P
P
Internet
LAN P
b
P
IP Subnetting IP Subnetting
Building
4
IP
Building
IANA
IANA N
website N
http://www.apnic.net/ IP
Small Office
site
APNIC b
- 203.81.162.22
Yatanarpon Teleport Name
Small Office
Office
Computer
50
Class C Cost
IP
254
Class C
IP 54
Office
IP
Class C IP
Cost ISP
IP
IP
Router
Internet N
IP
Computer Subnetting Class A
Subnetting
Subnet Mask
Default Subnet Mask
Octet 255
Host 255
Octet
'1' Class A
'1'
Slash Notation Default Subnet Mask
192.168.0.255 O
CCNA 640-802
'255'
Network Address
Host
Default Subnet Mask
Octet
192.168.0.0
'0' Subnet Mask
Class B
IP Address Post
8 bit
Network
10.0.0.0/8
Network
172.16.0.0/16
Class C
Octet
192.168.0.0/24
Network Address '0'
Address
Broadcast Address
-
Page 3 of 127
Broadcast Address
N 255
Computer1 IP- 10.0.0.1
Computer2 IP - 11.0.0.1
SM- 255.0.0.0
SM- 255.0.0.0
Computer Octet
10.0.0.1
Network ID
Network
Class A Class C
11.0.0.2
Class B
Octet
Computer
Network
Octet
Octet
255
Subnet Mask b
P
Octet
Subnetting P
P
P
b
M
b
Host
b P
b b b
b
M
P
N
O
-b
b N N b
N
N
M N b
Host ID
N
b
M
O b
P
CCNA 640-802
b
M
M
O
Last IP
-
Network
First IP
192.168.0.0
192.168.0.1
192.168.0.62
192.168.0.63
192.168.0.64
192.168.0.65
192.168.0.126
192.168.0.127
192.168.0.128
192.168.0.129 192.168.0.190
192.168.0.191
192.168.0.192
192.168.0.193 192.168.0.254
192.168.0.255
Page 4 of 127
Broadcast
N
Class B
subnet
Class B
Octet 172.16.0.0/16
Subnet Mask
subnet
Class C
Octet
subnet Network
-
172.16.0.0
172.16.128.0
First IP
-
172.16.0.1
172.16.128.1
Last IP
-
172.16.127.254
172.16.255.254
Broadcast -
172.16.127.255
172.16.255.255 1 bit
Default Subnet Mask 0
255.255.0.0
Network
1 bit
00000000.00000000
Decimal
10000000.00000000
'/' 172.16.0.0/18
1 bit
172.16.0.0/17 172.16.64.0/18
172.16.192.0/17
CCNA 640-802
Host
Page 5 of 127
172.16.128.0/18
8
16
32
Host
Class A /9
Subnet Mask
/30
255.0.0.0
Octet
/30 http://subnettingquestions.com/
Question: How many subnets and hosts per subnet can you get from the network 172.29.0.0/23? Networks
Network
IP 255.255.0.0
172
/23 23
Class B
'255' 16
7 bit
Host 2^9
Hosts 16 bits,
512
Subnet Mask
Third Octet
Host
2^7
32 bits
512 Hosts
Class B
Network 128 Sub Networks
Subnet Mask 23 Network
9 510 Hosts
Answer: 128 subnets and 510 hosts ------------------------------------------------------------------------------------------------------------------------------- -------Question: You are deg a subnet mask for the 172.26.0.0 network. You want 110 subnets with up to 300
hosts on each subnet. What subnet mask should you use? 172.26.0.0 Network
N
110
Network
300 Hosts
Subnet Mask 2^9 7 bit
Hosts
Hosts
/23
Network
2^7
128
300
2^8
256
Host Network
1 bit
110
Answer: 255.255.254.0 ----------------------------------------------------------------------------------------------------------------------------- ---------Question: What valid host range is the IP address 172.16.205.218/26 a part of? IP IP
172
/26 192
64
172.16.205.192 Network
Broadcast
CCNA 640-802
Class B
Default
255.255.255.192 64 series
172.16.205.0/26 IP
172.16.205.218
172.16.205.193
10 bits
Octet 172.16.205.64
Host
256 172.16.205.128
172.16.205.192 Network
172.16.205.254
Page 6 of 127
/16
Answer: 172.16.205.193 through to 172.16.205.254 --------------------------------------------------------------------------------------------------------------------------------------Question: What is the last valid host on the subnetwork 10.121.32.0 255.255.240.0? IP 256
240
16 series
IP
IP
Subnet Mask 10.121.0.0
10.121.16.0
10.121.48.0
10.121.47.255
Third Octet 10.121.32.0
Host IP
10.121.32.0
Broadcast
10.121.47.254
Answer: 10.121.47.254 ----------------------------------------------------------------------------------------------------------------------------- ---------Question: What is the first valid host on the subnetwork that the node 172.22.154.105/24 belongs to? IP /24
Network
255.255.255.0
Class B
Third Octer
IP
Subnet Mask
Class C
256
IP
255
1 series
172.22.154.0
172.22.0.0
First IP
1 series
172.22.154.1
Answer: 172.22.154.1 ------------------------------------------------------------------------------------------------------------------------------ --------Question: What is the broadcast address of the network 172.21.60.0/22? IP 255.255.252.0
256
252
Broadcast Address 4 series
Third Octet
Network
Third Octet
Network
60
4
172.21.64.0
Subnet Mask
60
4
4 series
Subnet 4
Network Address Broadcast Address
Network
172.21.63.255
Answer: 172.21.63.255 ----------------------------------------------------------------------------------------------------------------------------- ---------Question: Which subnet does host 172.18.62.52/27 belong to? IP 255.255.255.224 172.18.62.32
256
172.18.62.64
224
Network 32 series IP
Subnet Mask Network
172.18.62.32 Network
Answer: 172.18.62.32
CCNA 640-802
Page 7 of 127
32
172.18.62.0
Self Study
VLSM(Variable Length Subnet Mask)
Subnetting a subnet is VLSM.
b
b
Router A - 60 hosts Router B - 25 hosts Router C - 25 hosts Router D - 10 hosts
b
b
b
b
M
O b
192.168.0.128/26
192.168.0.64/26
192.168.0.192/26
b
b
b
b b 192.168.0.144/28
192.168.0.160/28
192.168.0.176/28 L
P
L
CCNA 640-802
L
Page 8 of 127
P
- -
192.168.0.148/30
192.168.0.152/30
192.168
L P
P
Route Summarization or CIDR (Classless Inter-Domain Route)
Supernetting is CIDR
N
b b
172.16.64.0
10101100.00010000.01000000.00000000
172.16.65.0
10101100.00010000.01000001.00000000
172.16.66.0
10101100.00010000.01000010.00000000
172.16.67.0
10101100.00010000.01000011.00000000Common bits:
10101100.00010000.010000xx.00000000
CCNA 640-802
Page 9 of 127
N
172. Step 2 172.16.68.0
10101100.00010000.01000100.00000000
172.16.69.0
10101100.00010000.01000101.00000000
172.16.70.0
10101100.00010000.01000110.00000000
172.16.71.0
10101100.00010000.01000111.00000000
Common bits: 10101100.00010000.010001xx 172.16.68.0/22 Step 3 -172.16.72.0
10101100.00010000.01001000.00000000
172.16.73.0
10101100.00010000.01001001.00000000
172.16.74.0
10101100.00010000 01001010.00000000
172.16.75.0
10101100.00010000 01001011.00000000
172.16.76.0
10101100.00010000.01001100.00000000
172.16.77.0
10101100.00010000.01001101.00000000
172.16.78.0
10101100.00010000.01001110.00000000
172.16.79.0
10101100.00010000.01001111.00000000
Common bits: 10101100.00010000.01001xxx 172.16.72.0/21
CCNA 640-802
Page 10 of 127
Router Commands Shortcuts To Entering Commands Router>enable
=
Router>en
Command Short Key
Router#configure terminal Router#conf t Tab Key
Command
Router#sh
=
Router#show
? Question Mark
Command
Router#?
Mode
Command
List Router#c?
c
Command
Router#cl?
cl
Command
Router#clock
clock Command
List
clear clock List parameters
% Incomplete Command Router#clock ?
Date/Time
Subcommands
set Router#clock set 13:56:00 26 July 2012
Enter Key
Command
Date/Time Command
Router# Router(config)#clock timezone YGN 0 0 enable Command Router>enable
Mode
Mode
Router# configure terminal Command Router#configure terminal
Global Configuration Mode
Router(config)# exit Command Router#exit
L
Router>exit Router(config-if)#exit
Current Mode
Router(config)# Router(config)#exit
Current Mode
Router#
CCNA 640-802
Page 11 of 127
disable Command Router#disable
Mode
Router> Command Router#
exit Command
show Command Router#show ?
Command List
Router#show interfaces
Interfaces
Router#show interface serial 0/0
Serial 0/0 interface
Router#show ip interface brief
Interfaces
Router#show controllers serial 0
DCE/DTE
summary Clock Rate
Router#show clock *13:56:00 YGN Thu 26 July 2012 Router#show history
command
Router#show flash
Flash memory info
Router#show version
Firmware version
Router#show arp
ARP Table
YGN#show running-config
config file
YGN#show startup-config
N
M
config file
YGN#sh s Line
0 con 0
idle
*67 vty 0
idle
Host(s)
Idle
Location
00:04:09 00:00:00 192.168.1.20 Active
YGN#show ip route
Routing Table
do Command YGN(config)#do show running-config
Mode
Saving Configuration YGN#copy running-config startup-config YGN#write
(Remark-
YGN#copy run tftp
CCNA 640-802
=
config file
’ tftp server
Page 12 of 127
running config file
Erasing Configuration YGN#erase start
NVRAM
startup config file
N Router(config)#hostname YGN
N
YGN(config)# YGN(config)#no hostname
N
Router(config)# Router
Restart
YGN#reload YGN(config)#enable cisco
Mode
YGN(config)#service encryption
Type 7
YGN(config)#no service encryption YGN(config)#enable secret cisco
Mode
Type 5
console YGN(config)#line console 0 YGN(config-line)# console YGN(config-line)#
o
fastethernet interface YGN(config)#interface fastethernet 0/0
f0/0 interface
ip
YGN(config-if)#ip address 192.168.1.1 255.255.255.0 YGN(config-if)#description Connect to
description
YGN(config-if)#no shutdown
interface
serial interface YGN(config)#interface serial 0/0 YGN(config-if)#ip address 192.168.1.1 255.255.255.0 YGN(config-if)#description Link to ISP YGN(config-if)#clock rate 64000
Clock rate
YGN(config-if)#no shutdown logging synchronous Command YGN(config)#line con 0 YGN(config-line)#logging synchronous
CCNA 640-802
Command command
Page 13 of 127
console
information
exec-timeout Command YGN(config)#line con 0
Console
YGN(config-line)#exec-timeout 0 0
0 0(min sec) console
auto log off auto log off
YGN(config-line)# Banner YGN(config)#banner motd $ ------------------------------------------------------------WARNING: This router is the property of Ciscronet Networking Academy. Any unauthorized access is monitored. Violators will be prosecuted. ------------------------------------------------------------$ Router YGN(config)#line vty 0 1
telnet
YGN(config-line)# telnet
telnet
YGN(config-line)#
o
console port
(eg. 0 4)
database
YGN(config)#name console secret console
Normal
YGN(config)#name privilege 15 secret
ssh
Router YGN(config)#line vty 0 4 YGN(config-line)# local
YGN(config-line)#transport input ssh
YGN(config)#ip domain-name abc.com
Router
YGN(config)#crypto key generate rsa The name for the keys will be: YGN.abc.com
Domain Name
Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys.Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus[512]: 1024 %
b
b
b …[OK]
YGN>sh s Line
Host(s) idle
00:02:05
ssh
idle
00:00:32
0 con 0 68 vty 1
Idle
Location
YGN>show t brief
CCNA 640-802
Page 14 of 127
DH Configuration
YGN(config)#ip dh excluded-address 192.168.1.1 192.168.1.20
P
YGN(config)#ip dh pool -Dept
P
YGN(dh-config)#network 192.168.1.0 255.255.255.0
Network Scope
YGN(dh-config)#default-router 192.168.1.1
Gateway
YGN(dh-config)#dns-server 192.168.1.10
DNS Server
YGN(dh-config)#netbios-name-server 192.168.1.10 YGN(dh-config)#domain-name abc.com
’ Domain Name
YGN(dh-config)#lease 0 1 0 DH Reservation YGN#clear ip dh binding
dh ip
clear
YGN(config)#ip dh pool winxp-1
Reservation Name create
YGN(config-dh)#host 192.168.1.200 255.255.255.0
IP
YGN(config-dh)#client-identifier 0108.0027.4b84
MAC-Address
YGN(config-dh)#client-name winxp1
Computer Name
YGN#clear ip dh binding YGN(config)#ip dh pool ubuntu
For Linux Platform
YGN(config-dh)#host 192.168.1.200 255.255.255.0 YGN(config-dh)#hardware-address 0108.0027.4b84 YGN(config-dh)#client-name ubuntu NTP Server YGN(config)#ntp-server 192.168.1.10 For Router Security YGN(config)# block-for 300 attempts 3 within 10 YGN(config)# on-success log
YGN(config)# on-failure log
L
YGN(config)#logging host 192.168.1.10
Server
YGN(config)#security s min-length 10
length
CCNA 640-802
Page 15 of 127
log log log
DH Exercise
Router>en
Mode
Router#conf t
Global Mode
Router(config)#enable secret cisco
Mode
Router(config)#line con 0
Console Configuration
Router(config-line)# local
Database
Router(config-line)#exit
Sub Interface
Router(config)#line vty 0 4
Telnet Configuration
Router(config-line)# local
Database
Router(config-line)#exit
Sub Interface
Router(config)#name console secret console Router(config)#name telnet secret telnet Router(config)#int f0/0
Interface f0/0
Router(config-if)#ip add 192.168.1.1 255.255.255.0
IP
Router(config-if)#no shut
Interface
Router(config-if)#int f0/1
Interface f0/1
Router(config-if)#ip add 192.168.2.1 255.255.255.0
IP
Router(config-if)#no shut
Interface
Router(config-if)#exit
Sub Interface
Router(config)#ip dh pool -Dept
Dept
Router(dh-config)#network 192.168.1.0 255.255.255.0
N
Router(dh-config)#default-router 192.168.1.1
Gateway
Router(dh-config)#dns-server 192.168.1.10
DNS Server
Router(dh-config)#exit Router(config)#ip dh pool Marketing-Dept
Marketing Dept
Router(dh-config)#network 192.168.2.0 255.255.255.0
N
Router(dh-config)#default-router 192.168.2.1
Gateway
Router(dh-config)#dns-server 192.168.1.10
DNS Server
Router(dh-config)#exit
CCNA 640-802
Page 16 of 127
Router(config)#ip dh excluded-address 192.168.1.1
Address
192.168.1.20
Address
Router(config)#ip dh excluded-address 192.168.2.1 192.168.2.20 Router(config)#end YGN#sh ip dh binding
DH List Address
Configure Your Router to SDM (Manage with GUI) Router# configureterminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip http server
For HTTP
Router(config)# ip http secure-server Router(config)# ip http authentication local Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000 Router(config)# namehttpprivilege 15 secret http Router(config)# line vty 0 4 Router(config-line)# privilege level 15 Router(config-line)# local Router(config-line)# transport input telnet ssh Router(config-line)# exit Install the SDM File http:// IPAddress (or) http://172.28.54.203:2000 SDM Launcher
Router Router>en
Mode
Router#conf t
Global Configuration Mode
Router(config)#hostname YGN YGN#clock set 4:10:00 July 27 2012 YGN#conf t
CCNA 640-802
Page 17 of 127
YGN(config)#clock timezone YGN 0 0 YGN(config)#int f0/0
Fastethernet interface
YGN(config-if)#ip add 192.168.1.1 255.255.255.0
IP
YGN(config-if)#description For Telnet
Description
YGN(config-if)#no shut
Interface
YGN(config-if)#exit
Sub Interface
YGN(config)#name telnet privilege 15 secret telnet
Database
YGN(config)#name console secret console YGN(config)#line con 0
Console Configuration
YGN(config-line)# local
Database
YGN(config)#line vty 0 1
Telnet Configuration
YGN(config-line)# local
Database
YGN(config-line)#end
Sub Interface
Computer
Router
PC>telnet 192.168.1.1
Router
…O Access Verification name : telnet : ****** Router
P
YGN#conf t
b
M
YGN(config)#name super privilege 15 secret super YGN(config)#line vty 0 1
Telnet Configuration
YGN(config-line)# local
Database
YGN(config-line)#transport input ssh
P
YGN(config-line)#exit
Sub interface
YGN(config)#ip domain-name abc.com
setting
YGN(config)#crypto key generate rsa The name for the keys will be: YGN.abc.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may takea few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be nonexportable...[OK] YGN(config)#
CCNA 640-802
Page 18 of 127
Computer
Router
PC>ssh –l super 192.168.1.1
ssh protocol
Open :***** YGN# Static Route Two ways of static route 1.
next-hop address &
2.
exit interface
Static Route Routing Change
Routing Protocol
small network
Router Router
Routing Table
Change
Distance
Configuring Static Route on a Router Router(config)#ip route destination-network Subnet-Mask Exit-Interface (or) next-hop address
CCNA 640-802
Page 19 of 127
Exercise( Static Route)
HQ>en
Next-hop IP
HQ#conf t
Route
HQ(config)#ip route 192.168.2.0 255.255.255.0 10.10.10.2
Bandwidth
HQ(config)#ip route 192.168.3.0 255.255.255.0 10.10.10.2
Static Data AD
HQ(config)#ip route 192.168.4.0 255.255.255.0 10.10.10.6 5 HQ(config)#ip route 192.168.5.0 255.255.255.0 10.10.10.6 5 HQ(config)#ip route 192.168.4.0 255.255.255.0 10.10.10.10 10 HQ(config)#ip route 192.168.5.0 255.255.255.0 10.10.10.10 10 HQ(config)#ip route 192.168.6.0 255.255.255.0 10.10.10.14 HQ(config)#ip route 192.168.7.0 255.255.255.0 10.10.10.14 B1>en
Exit Interface
B1#conf t
Static
B1(config)#ip route 192.168.0.0 255.255.255.0 Serial0/0/0
Route
B1(config)#ip route 192.168.1.0 255.255.255.0 Serial0/0/0 B1(config)#ip route 192.168.4.0 255.255.255.0 Serial0/0/0 B1(config)#ip route 192.168.5.0 255.255.255.0 Serial0/0/0 B1(config)#ip route 192.168.6.0 255.255.255.0 Serial0/0/0 B1(config)#ip route 192.168.7.0 255.255.255.0 Serial0/0/0 B1(config)#ip route 10.10.10.4 255.255.255.252 Serial0/0/0 B1(config)#ip route 10.10.10.8 255.255.255.252 Serial0/0/0 B1(config)#ip route 10.10.10.12 255.255.255.252 Serial0/0/0 B2>en
Static + CIDR
B2#conf t
Routing Table Size
B2(config)#ip route 192.168.0.0 255.255.252.0 10.10.10.5 10 B2(config)#ip route 192.168.6.0 255.255.254.0 10.10.10.5 10
CCNA 640-802
Page 20 of 127
B2(config)#ip route 192.168.0.0 255.255.252.0 10.10.10.9 11 B2(config)#ip route 192.168.6.0 255.255.254.0 10.10.10.9 11 B3>en B3#conf t B3(config)#ip route 192.168.0.0 255.255.254.0 Serial0/0/0 B3(config)#ip route 192.168.4.0 255.255.254.0 Serial0/0/0 B3(config)#ip route 192.168.2.0 255.255.254.0 Serial0/0/0 Default Route( type of static) Default Route
(stub) network
Router(config)#ip route 0.0.0.0 0.0.0.0 exit-interface (or) next-hop IP
Exercise(Static and Default Route)
CCNA 640-802
Page 21 of 127
HQ>en HQ#conf t HQ(config)#ip route 192.168.2.0 255.255.254.0 10.10.10.2 HQ(config)#ip route 192.168.4.0 255.255.254.0 10.10.10.6 5 HQ(config)#ip route 192.168.4.0 255.255.254.0 10.10.10.10 10 HQ(config)#ip route 192.168.6.0 255.255.254.0 10.10.10.14 B1>en B1#conf t B1(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/0 B2>en B2#conf t B2(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/0 3 B2(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/1 2 B3>en B3#conf t B3(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/0
DH Relay Agent
CCNA 640-802
Page 22 of 127
For Server DH Scope
HQ(config)#int f0/1 HQ(config-if)#ip helper-address 192.168.0.10 HQ(config-if)#exit HQ(config)# B1(config)#int f0/0 B1(config-if)#ip helper-address 192.168.0.10 B1(config-if)#int f0/1 B1(config-if)#ip helper-address 192.168.0.10 B1(config-if)#exit B2(config)#int f0/0 B2(config-if)#ip helper-address 192.168.0.10 B2(config-if)#int f0/1 B2(config-if)#ip helper-address 192.168.0.10 B2(config-if)#exit B2(config)# B3(config)#int f0/0 B3(config-if)#ip helper-address 192.168.0.10 B3(config-if)#int f0/1 B3(config-if)#ip helper-address 192.168.0.10 B3(config-if)#exit
CCNA 640-802
Page 23 of 127
Router Cracking Configuration is 0x2102---16 bit HEX 0010 0001 0000 0010 NVRAM ignore 0x2142 no service recovery 1.power off 2.power on 3.press Ctrl+C or Ctrl+Break while booting state 4.Rommon> 5.Rommon>confreg 0x2142 6.Rommon>reset 7.router#copy start run 8.change the that you forgot 8.1.save the startup-config 9.router(config)#config- 0x2102 10.router#reload 11.no shutdown command on all shutdown interfaces
CCNA 640-802
Page 24 of 127
CDP-Cisco Discovery Protocol(Network
cisco devices
)
HQ#sh cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 ments is enabled HQ#sh cdp neighbors
Neighbor Devices
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Br S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Switch
Fas 0/0
Switch
156
S
2950
Port ID Fas 0/1
Fas 0/1
156
S
2950
B2
Ser 0/0/1
163
R
C1841
Fas 0/1 Ser 0/0/0
B3
Ser 0/1/1
163
R
C1841
Ser 0/0/0
B2
Ser 0/1/0
163
R
C1841
Ser 0/0/1
B1
Ser 0/0/0
164
R
C1841
Ser 0/0/0
HQ#sh cdp interface Vlan1 is istratively down, line protocol is down Sending CDP packets every 60 seconds Holdtime is 180 seconds FastEthernet0/0 is up, line protocol is up Sending CDP packets every 60 seconds Holdtime is 180 seconds HQ#sh cdp neighbors detail
(or)
Neighbor Device
Information
HQ#sh cdp entry * HQ(config)#no cdp run
CDP Protocol
HQ(config)#int f0/0
Interface
HQ(config-if)#no cdp enable HQ(config-if)#int f0/1 HQ(config-if)#no cdp enable ARP (Address Resolution Protocol) HQ#sh arp Protocol Address
FastEthernet Port Age (min) Hardware Addr Type Interface
Internet 192.168.0.1
- 0007.EC88.C301 ARPA FastEthernet0/0
Internet 192.168.0.10
3 0001.424E.BB2E ARPA FastEthernet0/0
Internet 192.168.1.1
- 0007.EC88.C302 ARPA FastEthernet0/1
CCNA 640-802
Page 25 of 127
CDP
DNS From Server
Server
N
CCNA 640-802
Page 26 of 127
B1>en B1#conf t B1(config)#ip domain-lookup
DNS Server
Record
B1(config)#ip name-server 192.168.0.10
DNS Server IP Address
B1(config)#exit B2>en B2#conf t B2(config)#ip domain-lookup B2(config)#ip name-server 192.168.0.10 B2(config)#exit B3>en B3#conf t B3(config)#ip domain-lookup B3(config)#ip name-server 192.168.0.10 B3(config)#exit B3#hq
HQ Router
Translating "hq"...domain server (192.168.0.10) Trying 192.168.0.1 ...Open ------------------------------------------------------------WARNING: This router is the property of Ciscronet Networking Academy. Any unauthorized access is monitored. Violators will be prosecuted. ------------------------------------------------------------ Access Verification name: console : HQ> Configuration Local Host File For Name to IP HQ(config)#ip host B1 192.168.2.1 HQ(config)#ip host B2 192.168.4.1 HQ(config)#ip host B3 192.168.6.1 B1(config)#no ip domain-lookup
CCNA 640-802
# domain-lookup
Page 27 of 127
Backup Config File to TFTP Server
YGN>enable
Mode
YGN#copy startup-config tftp
Startup-config file
Address or name of remote host []? 192.168.0.100
Server Address
Destination filename [Router-confg]? Router-config
TFTP Server
TFTP Server
copy
save
Writing startup-config....!! [OK - 592 bytes] 592 bytes copied in 3.078 secs (0 bytes/sec) YGN# Delete Config From Router YGN#erase startup-config Restore Config File from TFTP Server YGN#copy tftp startup-config
TFTP Server
Address or name of remote host []? 192.168.0.100
TFTP Server Address
Source filename []? Router-config
TFTP Server
Destination filename [startup-config]? Accessing tftp://192.168.0.100/Router-config... Loading Router-config from 192.168.0.100: ! [OK - 487 bytes] 487 bytes copied in 0.031 secs (15709 bytes/sec) YGN#
CCNA 640-802
Page 28 of 127
File
copy Filename
Backup Config File to FTP Server
YGN>en
Mode
YGN#conf t
Global Mode
YGN(config)#ip ftp name cisco
FTP
name create
YGN(config)#ip ftp cisco
FTP
create
YGN(config)#exit
Mode
YGN#copy startup-config ftp
Startup-Config file
Address or name of remote host []? 192.168.0.100
FTP Server Address
Destination filename [Router-confg]?Router-ftp
FTP Server
FTP Server
copy
N
Writing startup-config... [OK - 531 bytes] 531 bytes copied in 0.063 secs (8000 bytes/sec) YGN# Restore Config File from FTP Server YGN>en
Mode
YGN#conf t
Global Mode
YGN(config)#int f0/0
Interface f0/0
YGN(config-if)#ip add 192.168.0.1 255.255.255.0
IP
YGN(config-if)#no shut
Interface
YGN(config-if)#exit
Sub Interface
YGN(config)#exit
Global Mode
YGN#copy ftp startup-config
FTP Server
Address or name of remote host []? 192.168.0.100 Source filename []? Router-ftp
copy
FTP Server Address FTP Server
Destination filename [startup-config]? Accessing ftp://192.168.0.100/Router-ftp... [OK - 531 bytes] 531 bytes copied in 0.047 secs (11297 bytes/sec)
CCNA 640-802
file
Page 29 of 127
Filename
Dual IOS Boot Configuration
YGN#show flash
Flash directory
System flash directory: File Length Name/status 3 33591768 c1841-advipservicesk9-mz.124-15.T1.bin 2 28282
sigdef-category.xml
1 227537
sigdef-default.xml
[33847587 bytes used, 30168797 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write) YGN#copy tftp flash
TFTP
IOS
Flash
Address or name of remote host []? 192.168.0.100
TFTP Server IP
Source filename []? c1841-ipbase-mz.123-14.T7.bin
IOS Name
copy
Destination filename [c1841-ipbase-mz.123-14.T7.bin]? YGN#show flash
Flash directory
System flash directory: File Length
Name/status
3 33591768 c1841-advipservicesk9-mz.124-15.T1.bin 4 13832032 c1841-ipbase-mz.123-14.T7.bin 2 28282
sigdef-category.xml
1 227537
sigdef-default.xml
YGN#show version
Boot
version
System image file is "flash:c1841-advipservicesk9-mz.12415.T1.bin" YGN(config)#boot system flash c1841-advisk9-mz.124-15.T1.bin
First Boot Flash File for Boot Order
YGN(config)#boot system flash c1841-ipbase-mz.123-14.T7.bin
Second Boot Flash File
YGN(config)#boot system tftp c1841-ipbasek9-mz.124-12.bin
TFTP Server
Boot
192.168.0.100 YGN(config)#do write
Current Configuration
YGN(config)#do reload
Router
CCNA 640-802
Page 30 of 127
Restart
Restore From Console Cable software
( Hyper Terminal/Tera Term) Link
Step 1 –xmodem
IOS
restore
Remark – xmodem – console port zmodem – auxiliary port
Router#delete flash and then power off/on
IOS
rommon1#confreg 0x3922
Boot
rommon2#reset
(0x3922)
Router Boot Console speed Software
115200 speed
rommon1#xmodem –c filename.bin Do you wish to continue y/n? y
Hyper Terminal TransferSend File (or) Tera Term FileTransferxmodemsend and then browse File location
Router(config)#line con 0
Console
Router(config-line)#speed 9600
Speed
CCNA 640-802
Page 31 of 127
software
console
Dynamic Route Routing Protocol
P
P
RIP version 2 Advanced Routing Protocol
Large Network
Dynamic Routing Protocol update
cisco
EIGRP ( Enhanced IGRP) Protocol
Internetwork
Static Route
IS-IS (
IGRP( Interior
developed
BGP (Border Gateway Protocol) Portocol
Routing Information Change Static Route
Router
CCNA 640-802
OSPF (Open Shortest Path First)
Intermediate- System-to-Intermediate System Gateway Routing Protocol)
1982
Page 32 of 127
neighbors Router
Information
IGP protocol
RIP,IGRP,EIGRP,OSPF
Number
IS-IS Protocol
P
AS(Autonomous System)
BGP Protocol
AS Number
Distance Vector and Link State Distance Vector - Distance
hop count
Vector
Distance Vector protocol Information
Routing Information
Vector Protocol State Protocol
Neighbor Router Update
Complete View
CCNA 640-802
Update
Page 33 of 127
Distance Link-State – Link
Distance Vector Protocol
Routing Changes (eg. Router Neighbor
Routing
Information
hop count Network
( Periodic Update) N
direction
Distance Vector
Neighbor Periodic Update
Classful and Classless Routing Classful Routing Protocol
- RIP and IGRPClassless
Protocol
- RIPv2,EIGRP,OSPF
Convergence Convergence
Routing Information
Network
IGRP Protocol
EIGRP
RIP
OSPF Protocol
Metric Metric = Distance or hop count (eg. RIP Protocol
hop count
b
)RIP – Hop count for best path IGRP and EIGRP – Bandwidth , Delay , Reliability and Load IS-IS and OSPF – Cost (choose lowest cost) Load Balancing Load Balancing
RIP Protocol
Bandwidth
data
Bandwidth synchronize
data
istrative Distance Network
AD
Protocol AD
Router EIGRP Network
Routing Protocol Characteristics
Time to Convergence
Scalability
Classless
Resource Usage
CCNA 640-802
Page 34 of 127
AD
Implementation and Maintenance
Routing Protocol Learning Chart
Cold Start – Cold Start
Router
Connected Network
Learning
Periodic Update (RIP and IGRP) RIP
update
Router
30 seconds
Neighbor Router
IGRP
90 seconds
Routing Table
Routing Table
Failure of a link
Introduction of a new link
Failure of a router
Change of link parameters
RIP Timers
Invalid Timer – Router
Flush Timer – Router Route
30s
Update
60s (240s default)
invalid Update
Routing Table
Holddown Timer – Neighbor Router
Network down
show ip route (or) sh ip protocols command
CCNA 640-802
180s (default)
Page 35 of 127
Routing Loop
180s
update receive time
Bounded Update EIGRP Protocol EIGRP
Distance Vector Routing Protocol
Bounded Update
Partial Update
Periodic Update
Network
active
Network
neighbors
update
neighbor routers
update
EIGRP
Triggered Update Triggered Update update
N
Network
down
Neighbor Routers
update
L
Synchronized Update synchronized update update
Routers
Neighbor Routers
data
Routing Loop
R3 Router
N R2 Router
R3
down
Packet
R3
R2
Periodic update
R2
R1 Router
Network 10.4.0.0
Data R3
CCNA 640-802
R2
Routing Table Update
Interface s0/0/1 R3
Triggered update Routing Table Update
Network
R3 R3 Table
Neighbor Router R2
R2
Interface s0/0/1
L
Page 36 of 127
Data
Interface s0/0/1 Data data
Routing Loop
Count to Infinity
Holddown Timer
Split Horizontal Rule
Route Poisoning
Poison Reverse
Default TTL
RIPv1(Routing Information Protocol Version 1)
distance vector routing protocol
uses hop count for its path selection
hop counts greater than 15 are unavailable
messages are broadcast send every 30 seconds.
CCNA 640-802
Page 37 of 127
Exercise 1.
R1(config)#router rip
RIP Protocol
Network
Update
Interface
R1(config-router)#network 192.168.1.0 R1(config-router)#network 192.168.2.0 R1(config-router)#ive-interface f0/0 R2(config)#router rip R2(config-router)#network 192.168.2.0 R2(config-router)#network 192.168.3.0 R2(config-router)#network 192.168.4.0 R2(config-router)#ive-interface f0/0 R3(config)#router rip R3(config-router)#network 192.168.4.0 R3(config-router)#network 192.168.5.0 R3(config-router)#ive-interface f0/0 Related Commands R1#sh run | sec router router rip ive-interface FastEthernet0/0 network 192.168.1.0 network 192.168.2.0
CCNA 640-802
Page 38 of 127
R1#sh ip protocols Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 17 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: send version 1, receive any version Interface
Send Recv Triggered RIP Key-chain
Serial0/0
1
12
Automatic network summarization is in effect Maximum path: 4 Routing for Networks: 192.168.1.0 192.168.2.0 ive Interface(s): FastEthernet0/0 Routing Information Sources: Gateway
Distance
192.168.2.2
120
Last Update 00:00:07
Distance: (default is 120) R1#sh ip route rip R
192.168.4.0/24 [120/1] via 192.168.2.2, 00:00:01, Serial0/0
R
192.168.5.0/24 [120/2] via 192.168.2.2, 00:00:01, Serial0/0
R
192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:01, Serial0/0
R1#sh ip route 192.168.5.0 (Network Address) Routing entry for 192.168.5.0/24 Known via "rip", distance 120, metric 2 Redistributing via rip Last update from 192.168.2.2 on Serial0/0, 00:00:15 ago Routing Descriptor Blocks: * 192.168.2.2, from 192.168.2.2, 00:00:15 ago, via Serial0/0 Route metric is 2, traffic share count is 1 R1(config)#router rip R1(config-router)#distance 100( AD -
CCNA 640-802
change
)
b
)
Page 39 of 127
Exercise 2.
R1(config)#router rip R1(config-router)#network 172.30.0.0 R2(config)#router rip R2(config-router)#network 172.30.0.0 R2(config-router)#network 192.168.4.0 R3(config)#router rip R3(config-router)#network 192.168.4.0 R3(config-router)#network 192.168.1.0 PN Route
R3
ISP Router
R2
Distribute
CCNA 640-802
Page 40 of 127
RIP Network
Default
R3 R2
ISP
Router
172.30.0.0/22 Network
RIP Network Router R1
R3(config)#no router rip
R2
R3(config)#ip route 172.30.0.0 255.255.252.0 s0/0
172.30.0.0/22 Network
static route
R2(config)#router rip R2(config-router)#no network 192.168.4.0
ISP Default Route
R2(config-router)#ive-interface s0/1
RIP update
R2(config-router)#exit
Configuration
R2(config)#ip route 0.0.0.0 0.0.0.0 s0/1
ISP
ISP
R2(config)#router rip R2(config-router)#default-information originate
RIP
Default Route
RIP
Default Route
Border Router (Network
Router
RIP Network RIP
Router) Router
Router
default router
default router
RIP v2 ( Routing Information Protocol 2) RIPv1
subnet mask
address field
auto summary eg. 172.16.0.0/22
network
VLSM
classful
172.16.0.0/16
subnet mask
auto summary VLSM,CIDR
Discontinuous Network
Discontinuous Network – R2
CCNA 640-802
Network
summarized
Page 41 of 127
routing table size
-
RIPv2
subnet mask
Discontinuous Network Data
RIPv1
RIPv2
auto summary M
L
Exercise 3.
R1(config)#router rip R1(config-router)#network 172.30.0.0 R1(config-router)#network 209.165.200.0 R1(config-router)#version 2 R1(config-router)#no auto-summary R2(config)#router rip R2(config-router)#network 10.0.0.0 R2(config-router)#network 209.165.200.0 R2(config-router)#version 2 R2(config-router)#no auto-summary R3(config)#router rip R3(config-router)#network 172.30.0.0 R3(config-router)#network 209.165.200.0 R3(config-router)#version 2 R3(config-router)#no auto-summary
CCNA 640-802
VLSM,CIDR
Page 42 of 127
-
VLSM Network -
-
-
-
L
Internet
R2(config)#ip route 192.168.0.0 255.255.0.0 null 0
Network
R2(config)#router rip
RIP Network
R2(config-router)#redistribute static
(Remark: For Test)
Static
R3(config)#int lo 1
Loopback Interface
R3(config-if)#ip add 172.20.0.1 255.255.255.252
IP Address
R3(config-if)#exit R3(config)#ip route 0.0.0.0 0.0.0.0 lo 1 R3(config)#router rip
RIP Configuration
R3(config-router)#default-information originate
Default Route
CCNA 640-802
Page 43 of 127
RIP
create
#for test
EIGRP (Enhanced Interior Gateway Routing Protocol) -
Type of Distance Vector
-
Features of EIGRP -
Balance Hybird Protocol / Advanced Distance Protocol
Reliable Transport Protocol (RTP) -
Bounded Updates
-
Diffudate Algorithm ( DUAL)
-
Establishing Adjacencies
-
Neighbor and Topology Tables
CCNA 640-802
Page 44 of 127
EIGRP Message Format include -
Hello
- Hello packets
multicast
Bandwidth (1.544 Mbps)
-
Update - Update packets
CCNA 640-802
60s
neighbors T1
Hello packets b
N
Page 45 of 127
5s
T1
-
Query & Reply –Query
Network
down
N
b
Query
b
EIGRP Protocol
protocol
EIGRP
T/IP Table
Neighbors Table N
b
CCNA 640-802
down
b
Path Topology Table
Routing Table Routing path
Neighbors Table,Topology Tables N
b
T/IP,IPX
best path
Topology Table
Page 46 of 127
Backup path
Apple Talk Routing Table b
backup path
EIGRP Protocol
Transport Layer Modules
T/IP,IPX
AppleTalk
Module
Layer
PDM ( Protocol Dependent Modules)
PDM Modules
DUAL Algorithm Router
Network Neighbor Routers Acknowledge
Down
Neighbors Router Update Packets
Router
Neighbors
Neighbor Router Reply Network
N
b (Convergence State)
istrative Distance
Internal EIGRP – 90
External EIGRP – 170
Summary EIGRP Route – 5
CCNA 640-802
Update Packets
Page 47 of 127
Query Packets
Authentication Authentication
authenticate
Router Router
Authenticate(same
EIGRP
Max Hop
255
Router
R1(config)#router eigrp AS-Number R1(config-router)#network w.x.y.z subnet-mask R1(config-router)#network w.x.y.z wildcast-mask R1(config-router)#no auto-summary
CCNA 640-802
Page 48 of 127
Max Path
6
Exercise 1.
R1(config)#router eigrp 10 R1(config-router)#network 172.16.0.0 R1(config-router)#network 192.168.10.0
Classful
R1(config-router)#no auto-summary
#absent null 0 route path
R1(config)#int s0/0 R1(config-if)#bandwidth 64 R1(config-if)#int s0/1 R1(config-if)#bandwidth 1544 R2(config)#router eigrp 10 R2(config-router)#network 172.16.3.0 255.255.255.252 R2(config-router)#network 172.16.2.0 255.255.255.0 R2(config-router)#network 192.168.10.8 255.255.255.252 R2(config-router)#no auto-summary R2(config)#int s0/0
Interface serial 0/0
R2(config-if)#bandwidth 64
Bandwidth
R2(config-if)#int s0/1 R2(config-if)#bandwidth 1024 R3(config)#router eigrp 10 R3(config-router)#network 192.168.10.8 0.0.0.3 R3(config-router)#network 192.168.1.0 0.0.0.255 R3(config-router)#network 192.168.10.4 0.0.0.3 R3(config-router)#no auto-summary R3(config)#int s0/0 R3(config-if)#bandwidth 1024 R3(config-if)#int s0/1 R3(config-if)#bandwidth 1544
CCNA 640-802
auto summarized
Page 49 of 127
EIGRP Composite Metric and K values
Bandwidth=107/mini BW(K) * 256 Delay= Total Delay/10 * 256 Delay Values in Microseconds
Router#sh ip eigrp topology w.x.y.z cost Router(config)#router eigrp 10 Router(config-router)#metric weights 0 1 0 0 0 0 0
Delay
tos(default 0)
CCNA 640-802
Page 50 of 127
Bandwidth
DUAL Concepts
Successor ( Main Path)
Feasible Successor ( backup path)
Feasible Distance
Feasible Condition
Reported Distance ( Router
Network
) Fesible Distance (Metric) and Successor (Gateway)
CCNA 640-802
Page 51 of 127
Neighbors Router
’
Fesible Distance
Next Hop Address for Successor
Reported Distance
Next Hop Address for Fesible Successor
Router#debug eigrp fsm
Dual update
Router#sh ip eigrp topology
Topology Table
Router#sh ip eigrp neighbors
Neighbors Table
Router#sh ip eigrp topology all-links
Topology Table
Default Route
Routing Path
EIGRP
R2(config)#ip route 0.0.0.0 0.0.0.0 lo 0 R2(config)#router eigrp 10
Router
Route
R2(config-router)#redistribute static
R2(config)#ip default-network 10.0.0.0
Network
R2(config)#router eigrp 10 R2(config-router)#network 10.0.0.0 R2(config-router)#auto-summary
CCNA 640-802
Auto summary
Page 52 of 127
Classful
Manual Summarization
R1(config)#router eigrp 10 R1(config-router)#network 172.16.0.0 R1(config-router)#network 192.168.10.0 R1(config-router)#no auto-summary R2(config)#router eigrp 10 R2(config-router)#network 172.16.0.0 R2(config-router)#network 192.168.10.0 R2(config-router)#no auto-summary R3(config)#router eigrp 10 R3(config-router)#network 192.168.10.0 R3(config-router)#network 192.168.1.0 R3(config-router)#no auto-summary R3(config-route)#exit R3(config)#int lo 0 R3(config-if)#ip add 192.168.0.1 255.255.255.0 R3(config)#int lo 2 R3(config-if)#ip add 192.168.2.1 255.255.255.0 R3(config)#int lo 3 R3(config-if)#ip add 192.168.3.1 255.255.255.0 R3(config)#router eigrp 10 R3(config-router)#network 192.168.0.0 R3(config-router)#network 192.168.2.0 R3(config-router)#network 192.168.3.0 R3(config)#int s0/0
Interface
R3(config-if)#ip summary-address eigrp 10 192.168.0.0 255.255.252.0
Manual Summarization
R3(config)#int s0/0 R3(config-if)#ip summary-address eigrp 10 192.168.0.0 255.255.252.0
CCNA 640-802
Page 53 of 127
R1#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per- static route o - ODR, P - periodic ed static route Gateway of last resort is not set 192.168.10.0/30 is subnetted, 2 subnets C
192.168.10.4 is directly connected, Serial0/1
D
192.168.10.8 [90/2681856] via 192.168.10.6, 01:00:20, Serial0/1 [90/2681856] via 172.16.3.2, 01:00:20, Serial0/0 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C
172.16.1.0/24 is directly connected, FastEthernet0/0
D
172.16.2.0/24 [90/2172416] via 172.16.3.2, 01:00:20, Serial0/0
C D
172.16.3.0/30 is directly connected, Serial0/0 192.168.0.0/22 [90/2172416] via 192.168.10.6, 00:00:12, Serial0/1
R1#
CCNA 640-802
Page 54 of 127
Link State Routing Protocol
Link-State Routing Process 1.
Link-State Routing Protocol
2. 3.
Connected Network
Hello packets
Neighbors
Link-State Router
learns
Connected Networks
Connected Networks
4.
LSP (Link State Packet)
Neighbor Routers
5.
Routers
LSP
Network
Routers
Network
Topology map Advantages Of Link-State Routing Protocol 1.
Routers
2.
Network
Topology Map Routers
Flood
Network Convergence( Network
) 3.
Distance Vector Protocols
Periodic Update
LSP
Routers 4.
Mutiple Areas
Network
Requirement s Of a Link-State Routing Protocol Link-State Routing Protocols
Network
U,Memory Multiple Areas
Areas
Routing
Bandwidth Routers
LSP Flooding
Resources
CCNA 640-802
Page 55 of 127
OSPF (AD – 110)
j
’
P
OSPF Link-State Update – Link-state Update Packets Link-state Update Packets
CCNA 640-802
O P
Link-State ments ( LSAs)
Page 56 of 127
OSPF Algorithm - OSPF Router
Routers
Link-State Database (SPF)
SPF Tree
LSAs ( Link State ment) OSPF
SPF Tree
IP Routing Table
OSPF Packet Type
Router(config)#router ospf process-id Router(config-router)#network w.x.y.z wildcast-mask area 0
CCNA 640-802
j
Page 57 of 127
’
P
Exercise
R1(config)#no logging console
Command
interrupt
R1(config)#router ospf 1 R1(config-router)#network 172.16.1.16 0.0.0.15 area 0 R1(config-router)#network 192.168.10.0 0.0.0.7 area 0 R2(config)#no logging console R2(config)#router ospf 2 R2(config-router)#network 192.168.10.0 0.0.0.3 area 0 R2(config-router)#network 192.168.10.8 0.0.0.3 area 0 R2(config-router)#network 10.10.10.0 0.0.0.255 area 0 R3(config)#no logging console R3(config)#router ospf 3 R3(config-router)#network 192.168.10.0 0.0.0.255 area 0
O
R3(config-router)#network 172.16.1.32 0.0.0.7 area 0
CCNA 640-802
Page 58 of 127
Network
Bandwidth Before define bandwidth R1-R2(10.10.10.0)
R1(config)#int s0/0 R1(config-if)#bandwidth 64 R1(config-if)#int s0/1 R1(config-if)#bandwidth 1544 R2(config)#int s0/0 R2(config-if)#bandwidth 64 R2(config-if)#int s0/1 R2(config-if)#bandwidth 1024 R3(config)#int s0/0 R3(config-if)#bandwidth 1544 R3(config-if)#int s0/1 R3(config-if)#bandwidth 1024
After Define Bandwidth R1-R3-R2(10.10.10.0)
AD
Cost
CCNA 640-802
AD
Cost
Page 59 of 127
Cost R1-R3-R2(10.10.10.0) Cost= 108/BW(bps)+108/BW(bps) Cost=108/1544*103+ 108/1024*103 + 108/100*106 =162 OSPF Cost Metric
Bandwidth 100MB
R1(config)#router ospf 1 R1(config-router)#auto-cost reference-bandwidth ? <1-4294967> The reference bandwidth in of Mbits per second R1(config-router)#auto-cost reference-bandwidth 10000
cost
R1-R3-R2(10.10.10.0)
CCNA 640-802
Page 60 of 127
108
1010
R1(config)#int s0/0 R1(config-if)#ip ospf cost 16200 R2(config)#int s0/0 R2(config-if)#ip ospf cost 16200 R1-R2(10.10.10.0)
R1#sh ip ospf neighbor
Router ID 1.
-
2.
Loopback Interface
3.
Physical IP
Router-ID
L
b
R1(config)#int lo 0 R1(config-if)#ip add 192.168.11.11 255.255.255.255 R2(config)#int lo 0 R2(config-if)#ip add 192.168.11.22 255.255.255.255 R3(config)#int lo 0 R3(config-if)#ip add 192.168.11.33 255.255.255.255
Router-ID
CCNA 640-802
Point to Point
P
‘ ’
-Time(Default 40s)
Page 61 of 127
Router-ID Command R1(config)#router ospf 1 R1(config-router)#router-id 1.1.1.1 Reload or use "clear ip ospf process" command, for this to take effect R1(config-router)#end R1#clear ip ospf process Reset ALL OSPF processes? [no]: y R1# R2(config)#router ospf 2 R2(config-router)#router-id 2.2.2.2 Reload or use "clear ip ospf process" command, for this to take effect R2(config-router)#end R2#clear ip ospf process Reset ALL OSPF processes? [no]: y R2# R3(config)#router ospf 3 R3(config-router)#router-id 3.3.3.3 Reload or use "clear ip ospf process" command, for this to take effect R3(config-router)#end R3#clear ip ospf process Reset ALL OSPF processes? [no]: y R3#
CCNA 640-802
Page 62 of 127
R1
Default Route
R1(config)#int lo 1 R1(config-if)#ip address 172.20.0.1255.255.255.252 R1(config-if)#exit R1(config)#ip route 0.0.0.0 0.0.0.0 lo 1 R1(config)#router ospf 1 R1(config-router)#default-information originate
CCNA 640-802
Page 63 of 127
Default Type E2
metric
1
Type E1 R1(config)#router ospf 1 R1(config-router)#default-information originate metric-type 1 R1(config-router)#
Virtual Link Exercise
CCNA 640-802
Page 64 of 127
E1
R1(config)#router ospf 1
O P
R1(config-router)#network 10.1.1.0 0.0.0.255 area 0 R1(config-router)#network 10.1.12.0 0.0.0.255 area 0 R2(config)#router ospf 1 R2(config-router)#network 10.1.2.0 0.0.0.255 area 0 R2(config-router)#network 10.1.12.0 0.0.0.255 area 0 R2(config-router)#network 10.1.23.0 0.0.0.255 area 23 R3(config)#router ospf 1 R3(config-router)#network 10.1.23.0 0.0.0.255 area 23 R3(config-router)#network 10.1.3.0 0.0.0.255 area 23 R3(config-router)#network 192.168.0.0 0.0.255.255 area 100
IA(International Area) Loopback Interface
Area
Network
Classful
R1(config)#int lo 1 R1(config-if)#ip ospf network point-to-point R2(config)#int lo 2 R2(config-if)#ip ospf network point-to-point R3(config)#int lo 3 R3(config-if)#ip ospf network point-to-point R3(config)#int lo 100 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 101 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 102 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 103 R3(config-if)#ip ospf network point-to-point
CCNA 640-802
Page 65 of 127
Virtual Link – Area
Network
Route
Main Area (area 0)
Main Area Route
Router
Virtual Link
Router-Id
R1(config)#router ospf 1 R1(config-router)#router-id 1.1.1.1 Reload or use "clear ip ospf process" command, for this to take effect R1(config-router)#end R1#clear ip ospf process Reset ALL OSPF processes? [no]: y R1# R2(config)#router ospf 1 R2(config-router)#router-id 2.2.2.2 Reload or use "clear ip ospf process" command, for this to take effect R2(config-router)#end R2#clear ip ospf process Reset ALL OSPF processes? [no]: y R2#conf t R2(config)#router ospf 1 R2(config-router)#area 23 virtual-link 3.3.3.3 R3(config)#router ospf 1 R3(config-router)#router-id 3.3.3.3 Reload or use "clear ip ospf process" command, for this to take effect R3(config-router)#exit R3(config)#end R3#clear ip ospf process Reset ALL OSPF processes? [no]: y R3# R3(config)#router ospf 1 R3(config-router)#area 23 virtual-link 2.2.2.2
Virtual Link
CCNA 640-802
R3
Network
R1
Page 66 of 127
Network Area
Virtual Link
R3
Loopback Interface
Route Summarize
R3(config)#router ospf 1 R3(config-router)#area 100 range 192.168.100.0 255.255.252.0
Multiaccess Network
Multiaccess Network
Shared Media
Devices
OSPF defines five network types
Point-to-Point
Boradcast Multiaccess
Nonbroadcast Multiaccess (NBMA)
Point-to-multipoint
Virtual links
CCNA 640-802
Page 67 of 127
Designated Router( DR ) OSPF Multiple access networks
Router
DR
Router BDR
Router BDR
DR
Network
LSA
DR Router
DR
Routers Priority
( Multiaccess Network Point-to-Point Network
Router
Routers
Router_ID
Exercise
R1(config)#int f0/0 R1(config-if)#ip add 192.168.1.1 255.255.255.0 R1(config-if)#no shut R1(config-if)#exit R1(config)#router ospf 1 R1(config-router)#network 192.168.1.0 0.0.0.255 area 0 R1(config-router)#exit
CCNA 640-802
Page 68 of 127
)
Router Priority
LSA
R2(config)#int f0/0 R2(config-if)#ip add 192.168.1.2 255.255.255.0 R2(config-if)#no shut R2(config-if)#exit R2(config)#router ospf 1 R2(config-router)#network 192.168.1.0 0.0.0.255 area 0 R2(config-router)#exit R3(config)#int f0/0 R3(config-if)#ip add 192.168.1.3 255.255.255.0 R3(config-if)#no shut R3(config-if)#int f0/1 R3(config-if)#ip add 192.168.2.3 255.255.255.0 R3(config-if)#no shut R3(config-if)#exit R3(config)#router ospf 1 R3(config-router)#network 192.168.1.0 0.0.0.255 area 0 R3(config-router)#network 192.168.2.0 0.0.0.255 area 0 R3(config-router)#exit R4(config)#int f0/0 R4(config-if)#ip add 192.168.1.4 255.255.255.0 R4(config-if)#no shut R4(config-if)#exit R4(config)#router ospf 1 R4(config-router)#network 192.168.1.0 0.0.0.255 area 0 R4(config-router)#exit R5(config)#int f0/0 R5(config-if)#ip add 192.168.2.5 255.255.255.0 R5(config-if)#no shut R5(config-if)#exit R5(config)#router ospf 1 R5(config-router)#network 192.168.2.0 0.0.0.255 area 0 R5(config-router)#exit
R3
CCNA 640-802
192.168.1.3
192.168.2.3
Page 69 of 127
IP
192.168.2.3
ID
R1#sh ip ospf interface brief
R1#sh ip ospf int f0/0
Router ID
CCNA 640-802
Loopback Address
DR, BDR
Page 70 of 127
Router
Network
Router
DR
Router down –
DROTHER
Routers DR, BDR
P
Router
Priority
‘ ’
R1(config)#int lo 0 R1(config-if)#ip add 111.111.111.1 255.255.255.255 R1(config-if)# R2(config)#int lo 0 R2(config-if)#ip add 111.111.111.2 255.255.255.255 R2(config-if)# R3(config)#int lo 0 R3(config-if)#ip add 111.111.111.3 255.255.255.255 R3(config-if)# R4(config)#int lo 0 R4(config-if)#ip add 111.111.111.4 255.255.255.255 R4(config-if)# R5(config)#int lo 0 R5(config-if)#ip add 111.111.111.5 255.255.255.255 R5(config-if)# R6(config)#int f0/0 R6(config-if)#ip add 192.168.1.6 255.255.255.0 R6(config-if)#no shut R6(config-if)#int lo 0 R6(config-if)#ip add 111.111.111.6 255.255.255.255 R6(config-if)#exit R6(config)#router ospf 1 R6(config-router)#network 192.168.1.0 0.0.0.255 area 0 R6(config-router)#exit R6
L
Project
b
CCNA 640-802
Router ID
Page 71 of 127
BDR
Priority
( 0-255)
R3(config)#int f0/0
R3
Network
DR
Priority
R3(config-if)#ip ospf priority 200 R2(config)#int f0/0
Router
R2(config-if)#ip ospf priority 150
Priority
BDR
DR
R1(config)#int f0/0 R1(config-if)#ip ospf priority 100 R6(config)#int f0/0
Performance
R6(config-if)#ip ospf priority 0
Priority
RIP
Router
O P
CCNA 640-802
Page 72 of 127
DR, BDR
R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 172.16.0.0 R1(config-router)#network 192.168.48.0 R1(config-router)#network 192.168.49.0 R1(config-router)#network 192.168.50.0 R1(config-router)#network 192.168.51.0 R1(config-router)#network 192.168.70.0 R1(config-router)#no auto-summary R1(config-router)#exit R1(config)#int lo 0 R1(config-if)#ip ospf network point-to-point
Lookback address
R1(config-if)#int lo 48 R1(config-if)#ip ospf network point-to-point R1(config-if)#int lo 49 R1(config-if)#ip ospf network point-to-point R1(config-if)#int lo 50 R1(config-if)#ip ospf network point-to-point R1(config-if)#int lo 51 R1(config-if)#ip ospf network point-to-point R1(config-if)#int lo 70 R1(config-if)#ip ospf network point-to-point R1(config-if)# R2(config)#router rip R2(config-router)#version 2 R2(config-router)#network 172.16.0.0 R2(config-router)#no auto-summary R2(config-router)#ive-interface s0/1 R2(config-router)#exit R2(config)#router ospf 1 R2(config-router)#network 172.16.23.0 0.0.0.255 area 0 R2(config-router)#ive-interface s0/0 R2(config-router)#exit R2(config)#int lo 0 R2(config-if)#ip ospf network point-to-point R2(config-if)#exit R2(config)#router rip
RIP Protocol
R2(config-router)#redistribute ospf 1 metric ? <0-16>
Default metric
transparent Transparently redistribute metric R2(config-router)#redistribute ospf 1 metric 3
CCNA 640-802
metric OSPF
Redistribute count hop count
Page 73 of 127
hop
R2(config-router)#exit R2(config)#router ospf 1
OSPF Protocol
R2(config-router)#redistribute rip subnets
cost rip
R2(config-router)#redistribute rip subnets metric-type 1
subnets
R2(config-router)#
default E1
R3(config)#router ospf 1 R3(config-router)#network 172.16.23.0 0.0.0.255 area 0 R3(config-router)#network 172.16.3.0 0.0.0.255 area 0 R3(config-router)#network 192.168.0.0 0.0.255.255 area 0 R3(config-router)#exit R3(config)#int lo 0 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 20 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 25 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 30 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 35 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 40 R3(config-if)#ip ospf network point-to-point
CCNA 640-802
metric
Page 74 of 127
EIGRP
O P R2(config)#router eigrp 10
Reliability
R2(config-router)#redistribute ospf 1 metric 1544 20000 255 1 1500MTU BW Delay
Load
R2(config-router)#exit R2(config)#router ospf 1 R2(config-router)#redistribute eigrp 10 subnets R2(config-router)#exit
Switching Commands
CCNA 640-802
Page 75 of 127
? command (help) Switch>?
mode
command
Command Modes Switch>
Mode
Switch>enable
Privilege Mode (or) Mode
Switch#exit
Mode
Switch#disable Switch#configure terminal
Global Configuration Mode
show Commands Switch#sh mac address-table
Mac Address Table
Switch#clear mac address-table
Mac Address Table
Switch#show running-config
Current Configuration
Switch#show startup-config
N
M
clear
save
Configuration
Setting host name Command Switch#configure terminal
Global Mode
Switch(config)#hostname S1
N
Switch(config)#enable cisco
Mode
Switch(config)#enable secret cisco
Mode
Switch(config)#line console 0
Console port
Switch(config-line)# local
database
Switch(config-line)#exit
Sub Interface
Switch(config)#line vty 0 4
Telnet
Switch(config-line)# local
database
Switch(config-line)#exit
Sub Interface
VLAN Command Switch(config)#vlan 10
VLAN database
Switch(config-vlan)#name
VLAN
Switch(config-vlan)#exit
VLAN database
Switch(config)#interface f0/1
(or)
Interface f0/1
VLAN
Switch(config)#interface range f0/1 – 3
Interface f0/1
f0/3
Switch(config)#switchport mode access
Dynamic Type to Static
Switch(config)#switchport access vlan 10
Switchport
VLAN 10
Exercise
CCNA 640-802
Page 76 of 127
VLAN
Port Security
PC1
PC4
F
P
Switch>en
Mode
Switch#sh mac address-table
Mac Address Table
Mac Address Table ------------------------------------------Vlan ----
Mac Address -----------
Type --------
Ports -----
1
0002.4a52.27bd
DYNAMIC
Fa0/2
1
000b.beac.acd4
DYNAMIC
Fa0/3
1
00d0.5849.4426
DYNAMIC
Fa0/1
Switch#conf t
Global Configuration Mode
Switch(config)#hostname S1
Switch
S1(config)#enable secret cisco
Global Mode
S1(config)#int range f0/1 - 3
Port range
S1(config-if-range)#switchport mode access
Dynamic Type to Static
S1(config-if-range)#switchport port-security
Port-Security
S1(config-if-range)#switchport port-security ?
Port-Security
host
Command
mac-address Secure mac address maximum violation
Max secure addresses Security violation mode
S1(config-if-range)#switchport port-security maximum ? <1-132> Maximum addresses S1(config-if-range)#switchport port-security maximum 1
Port
Mac Address 1
S1(config-if-range)#switchport port-security mac-address ? H.H.H 48 bit mac address sticky Configure dynamic secure addresses as sticky S1(config-if-range)#switchport port-security mac-address sticky S1(config-if-range)#switchport port-security violation ?
CCNA 640-802
Page 77 of 127
Mac Security Mode
protect Security violation protect mode restrict Security violation restrict mode shutdown Security violation shutdown mode S1(config-if-range)#switchport port-security violation shutdown
Mac Table
Address
S1(config-if-range)#end S1#sh port-security address
Sticky Mac Address
Secure Mac Address Table ------------------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age
---
-----------
----
1
00D0.5849.4426
SecureSticky
FastEthernet0/1
-
1
0002.4A52.27BD SecureSticky
FastEthernet0/2
-
1
000B.BEAC.ACD4 SecureSticky
FastEthernet0/3
-
(mins) -----
-------------
-----------------------------------------------------------------------------Total Addresses in System (excluding one mac per port)
:0
Max Addresses limit in System (excluding one mac per port) : 1024
S1#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count)
(Count)
(Count)
-------------------------------------------------------------------Fa0/1
1
1
0
Shutdown
Fa0/2
1
1
0
Shutdown
Fa0/3
1
1
0
Shutdown
----------------------------------------------------------------------
CCNA 640-802
Page 78 of 127
Port Security
Violation Count
port shutdown
S1#sh port-security
PC1
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Violation Count 1
Action (Count)
(Count)
(Count)
-------------------------------------------------------------------Fa0/1
1
1
1
Shutdown
Fa0/2
1
1
0
Shutdown
Fa0/3
1
1
0
Shutdown
Port
S1#sh port-security interface f0/1 Port Security
: Enabled
Port Status
: Secure-shutdown
Violation Mode
: Shutdown
Aging Time
: 0 mins
Aging Type
: Absolute
SecureStatic Address Aging : Disabled Maximum MAC Addresses
:1
Total MAC Addresses
:1
Configured MAC Addresses
:0
Sticky MAC Addresses
:1
Last Source Address:Vlan
: 00E0.A377.D11D:1
Security Violation Count
:1
S1#conf t
P
S1(config)#int f0/1 S1(config-if)#shutdown S1(config-if)#no shut Switch
CCNA 640-802
Page 79 of 127
PC4 port shutdown
Router Router>en
Mode
Router#conf t
G b
M
Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int f0/0
Interface f0/0
Router(config-if)#ip add 192.168.1.1 255.255.255.0
P
Router(config-if)#no shut
Interface
Router(config-if)#exit
Sub Interface
Router(config)#int f0/1
Interface f0/1
Router(config-if)#ip add 192.168.2.1 255.255.255.0
P
Router(config-if)#no shut
Interface
Router(config-if)#exit
Sub Interface
Router(config)#exit
Global Mode
Router#write
Current Configuration
Switch Switch>en
Mode
Switch#conf t
Global Configuration Mode
Switch(config)#enable secret cisco
Mode
Switch(config)#line con 0
Console
pas P
Switch(config-line)# local Switch(config-line)#exit
Sub Interface
Switch(config)#name console secret console
cretate
Switch(config)#name telnet secret telnet Switch(config)#interface vlan 1 Switch(config-if)#ip add 192.168.1.5 255.255.255.0
Switch
IP
Switch(config-if)#no shut Switch(config-if)#exit
Sub Interface
Switch(config)#line vty 0 4
Telnet
Switch(config-line)# local Switch(config-line)#exit Switch(config)#ip default-gateway 192.168.1.1 Switch(config)#do write
Sub Interface Netwrok Current Configuration
Building configuration... [OK] Switch 1 PC>telnet 192.168.2.5 Trying 192.168.2.5 ...Open Access Verification name:
CCNA 640-802
Page 80 of 127
Switch Cracking
1.Power Off
Putty
setting
2.Power On,press Mode button while boot and them
Mode button
prompt switch:
switch:
3.Enter swtich:flash_init
flash_init Command
Switch
Power
Power
4.Enter switch:dir flash: 5.Enter switch:rename flash:config.text flash:config.old
config.text file
Enter switch:dir flash: 6.Enter switch:boot
Switch
Restart
7. Switch>en Switch#copy flash:config.old running-config
Config file
And then reset for your switch
Setting
copy
VLAN Trunking 1.
ISL (InterSwitch Link)
2.
IEEE 802.1q
(not today used)
Switch(config)#vlan 99
Native Vlan
Vlan Database Create
Switch(config-vlan)#name native Switch(config-vlan)#exit Switch(config)#interface fastethernet0/1
Interface f0/1
Switch(config-if)#switchport mode trunk
Trunk Port
Switch(config-if)#switchport trunk native vlan 99
Trunk Link
Switch(config-if)#switchport trunk allowed vlan vlanname
CCNA 640-802
Page 81 of 127
N vlan
VLAN Hopping VLAN hopping is a computer security exploit, a method of attacking networked resources on a Virtual LAN(VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible. There are two primary methods of VLAN hopping: switch spoofing and double tagging. Both attack vectors can be easily mitigated with proper switchport configuration. Switch spoofing In a switch spoofing attack, an attacking host imitates a trunking switch by speaking the tagging and trunking protocols (e.g. Multiple VLAN Registration Protocol, IEEE 802.1Q, VLAN Trunking Protocol) used in maintaining a VLAN. Traffic for multiple VLANs is then accessible to the attacking host. Mitigation Switch spoofing can only be exploited when interfaces are set to negotiate a trunk. To prevent this attack on Cisco IOS, use one of the following methods[1]: 1. Ensure that ports are not set to negotiate trunks automatically. Switch(config-if)# switch trunk nonegotiate 2. Ensure that ports that are not meant to be trunks are explicitly configured as access ports Switch(config-if)# switch mode access Double tagging In a double tagging attack, an attacking host connected on a dot1q interface prepends two VLAN tags to packets that it transmits. The packet (which corresponds to the VLAN that the attacker is really a member of) is forwarded without the first tag, because it is the native VLAN. The second (false) tag is then visible to the second switch that the packet encounters. This false VLAN tag indicates that the packet is destined for a target host on a second switch. The packet is then sent to the target host as though it originated on the target VLAN bying the network mechanisms that logically isolate VLANs from one another. However, this attack allows to send packets toward the second switch, but possible answers are not forwarded to the attacking host. Mitigation Double Tagging can only be exploited when switches use "Native VLANs" [2]. Ports with a specific access VLAN (the native VLAN) don't apply a VLAN tag when sending frames, allowing the attacker's fake VLAN tag to be
CCNA 640-802
Page 82 of 127
read by the next switch. It is always good practice to do one of the following (With sample IOS interface configuration): 1. Simply do not put any hosts on VLAN 1 (The default VLAN). i.e., assign an access VLAN other than VLAN 1 to every access port Switch(config-if)# switch access vlan 2 2. Change the native VLAN on all trunk ports to an unused VLAN ID. Switch(config-if)# switchport trunk native vlan 999 3. Explicit tagging of the native VLAN on all trunk ports. Switch(config-if)# switchport trunk native vlan tag Example As an example of a double tagging attack, consider a secure web server on a VLAN called VLAN1. Hosts on VLAN1 are allowed access to the web server; hosts from outside the VLAN are blocked by layer 3 filters. An attacking host on a separate VLAN, called VLAN2, creates a specially formed packet to attack the web server. It places a header tagging the packet as belonging to VLAN2 on top of another header tagging the packet as belonging to VLAN1. When the packet is sent, the switch on VLAN2 sees the VLAN2 header and removes it, and forwards the packet. The VLAN2 switch expects that the packet will be treated as a standard T packet by the switch on VLAN1. However, when the packet reaches VLAN1, the switch sees a tag indicating that the packet is part of VLAN1, and so byes the layer 3 handling, treating it as a layer 2 packet on the same logical VLAN. The packet thus arrives at the target server as though it was sent from another host on VLAN1, ignoring any layer 3 filtering that might be in place.
CCNA 640-802
Page 83 of 127
VLAN - 802.1Q ( Inter vlan routing with Router) Exercise 1
Switch 1 to 5 Switch>en
Mode
Switch#conf t
Global Mode
Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#vlan 10
VLAN Database 10
Switch(config-vlan)#name HR
VLAN Database
Switch(config-vlan)#vlan 20
VLAN Database 20
Switch(config-vlan)#name Sale
VLAN Database
Switch(config-vlan)#vlan 30
VLAN Database 30
Switch(config-vlan)#name Manager
VLAN Database
Switch(config-vlan)#vlan 40
VLAN Database 40
Switch(config-vlan)#name
VLAN Database
Switch(config-vlan)#vlan 50
VLAN Database 50
Switch(config-vlan)#name Operation
VLAN Database
Switch(config-vlan)#vlan 60
VLAN Database 60
Switch(config-vlan)#name Security
VLAN Database
Name Name Name Name Name Name
Switch(config-vlan)#exit Switch(config)# Switch(config)#int f0/2
Interface f0/2
Switch(config-if)#switchport mode access
Dynamic Type to Static
Switch(config-if)#switchport port-security
Port Security
Switch(config-if)#switchport port-security violation protect
CCNA 640-802
Page 84 of 127
‘P
vlan
M
’
Switch(config-if)#switchport access vlan 10
VLAN 10
Switch(config-if)#int f0/3 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security violation protect Switch(config-if)#switchport access vlan 20 Switch(config-if)#int f0/4 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security violation protect Switch(config-if)#switchport access vlan 30 Switch(config-if)#int f0/5 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security violation protect Switch(config-if)#switchport access vlan 40 Switch(config-if)#int f0/6 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security violation protect Switch(config-if)#switchport access vlan 50 Switch(config-if)#int f0/7 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security violation protect Switch(config-if)#switchport access vlan 60 Switch(config-if)#int f0/1
Interface f0/1
Switch(config-if)#switchport mode trunk
Trunk L
Switch(config-if)#int range f0/8 - 24
Interface Range f0/8
f0/24
Switch(config-if-range)#shutdown Port
Shutdown
Router Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int f0/0
Interface f0/0
Router(config-if)#no shutdown
Interface
Router(config-if)#int f0/0.10
F0/0
Router(config-subif)#encapsulation dot1Q 10 (vlan name)
VLAN
Router(config-subif)#ip add 192.168.10.1 255.255.255.0 Router(config-subif)#int f0/0.20
CCNA 640-802
Page 85 of 127
subinterface create dot1Q
Route
Router(config-subif)#encapsulation dot1Q 20 Router(config-subif)#ip add 192.168.20.1 255.255.255.0 Router(config-subif)#int f0/0.30 Router(config-subif)#encapsulation dot1Q 30 Router(config-subif)#ip add 192.168.30.1 255.255.255.0 Router(config-subif)#int f0/0.40 Router(config-subif)#encapsulation dot1Q 40 Router(config-subif)#ip add 192.168.40.1 255.255.255.0 Router(config-subif)#int f0/0.50 Router(config-subif)#encapsulation dot1Q 50 Router(config-subif)#ip add 192.168.50.1 255.255.255.0 Router(config-subif)#int f0/0.60 Router(config-subif)#encapsulation dot1Q 60 Router(config-subif)#ip add 192.168.60.1 255.255.255.0 Router(config-subif)#exit Router(config)#ip dh excluded-address 192.168.10.1
Excluded Address
192.168.10.10 Router(config)#ip dh excluded-address 192.168.20.1 192.168.20.10 Router(config)#ip dh excluded-address 192.168.30.1 192.168.30.10 Router(config)#ip dh excluded-address 192.168.40.1 192.168.40.10 Router(config)#ip dh excluded-address 192.168.50.1 192.168.50.10 Router(config)#ip dh excluded-address 192.168.60.1 192.168.60.10 Router(config)#ip dh pool vlan10 Router(dh-config)#network 192.168.10.0 255.255.255.0 Router(dh-config)#default-router 192.168.10.1 Router(dh-config)#ip dh pool vlan20
VLAN
Router(dh-config)#network 192.168.20.0 255.255.255.0 Router(dh-config)#default-router 192.168.20.1 Router(dh-config)#ip dh pool vlan30 Router(dh-config)#network 192.168.30.0 255.255.255.0 Router(dh-config)#default-router 192.168.30.1 Router(dh-config)#ip dh pool vlan40 Router(dh-config)#network 192.168.40.0 255.255.255.0 Router(dh-config)#default-router 192.168.40.1 Router(dh-config)#ip dh pool vlan50 Router(dh-config)#network 192.168.50.0 255.255.255.0 Router(dh-config)#default-router 192.168.50.1
CCNA 640-802
Page 86 of 127
PP
Router(dh-config)#ip dh pool vlan60 Router(dh-config)#network 192.168.60.0 255.255.255.0 Router(dh-config)#default-router 192.168.60.1
Intervlan Routing with Layer3 Switch (Routing with virtual interface lan)
L3(config)#vlan 10
Vlan
L3(config-vlan)#name L3(config-vlan)#vlan 20 L3(config-vlan)#name HR L3(config-vlan)#vlan 99 L3(config-vlan)#name Native_Trunk L3(config-vlan)#exit L3(config)#int range f0/1-2
Interface f0/1&f0/2
L3(config-if-range)#switchport trunk encapsulation dot1q
dot1q trunk
L3(config-if-range)#switchport mode trunk
Trunk mode
L3(config-if-range)#switchport trunk native vlan 99
Trunk Link
L3(config-if-range)#switchport trunk allowed vlan 10,20
enable N Vlan 10,20
L3(config-if-range)#exit L3(config)#int vlan 10
Virtual Interface 10
L3(config-if)#ip add 192.168.10.1 255.255.255.0
Route
L3(config-if)#int vlan 20 L3(config-if)#ip add 192.168.20.1 255.255.255.0 L3(config-if)#exit L3(config)#ip routing
Vlan
L3(config)#ip dh excluded-address 192.168.10.1 192.168.10.20
IP Addresses
L3(config)#ip dh excluded-address 192.168.20.1 192.168.20.20
CCNA 640-802
Page 87 of 127
IP
L3(config)#ip dh pool vlan10
Vlan
L3(dh-config)#network 192.168.10.0 255.255.255.0 L3(dh-config)#default-router 192.168.10.1 L3(dh-config)#ip dh pool vlan20 L3(dh-config)#network 192.168.20.0 255.255.255.0 L3(dh-config)#default-router 192.168.20.1 L3(dh-config)#exit SW1(config)#vlan 10 SW1(config-vlan)#name SW1(config-vlan)#vlan 20 SW1(config-vlan)#name HR SW1(config-vlan)#vlan 99 SW1(config-vlan)#name Native_Trunk SW1(config-vlan)#exit SW1(config)#int f0/5 SW1(config-if)#switchport mode trunk SW1(config-if)#switchport trunk native vlan 99 SW1(config-if)#switchport trunk allowed vlan 10,20 SW1(config-if)#int range f0/1-2 SW1(config-if-range)#switchport mode access SW1(config-if-range)#switchport access vlan 20 SW1(config-if-range)#int range f0/3-4 SW1(config-if-range)#switchport mode access SW1(config-if-range)#switchport access vlan 10 SW1(config-if-range)#exit SW2(config)#vlan 10 SW2(config-vlan)#name SW2(config-vlan)#vlan 20 SW2(config-vlan)#name HR SW2(config-vlan)#vlan 99 SW2(config-vlan)#name Native_Trunk SW2(config-vlan)#exit SW2(config)#int f0/5 SW2(config-if)#switchport mode trunk SW2(config-if)#switchport trunk native vlan 99 SW2(config-if)#switchport trunk allowed vlan 10,20 SW2(config-if)#int range f0/1-2 SW2(config-if-range)#switchport mode access SW2(config-if-range)#switchport access vlan 20 SW2(config-if-range)#int range f0/3-4 SW2(config-if-range)#switchport mode access SW2(config-if-range)#switchport access vlan 10
CCNA 640-802
Page 88 of 127
DH Scope
Dynamic Trunking Protocol (DTP) P
P b
Switch(config)#int f0/1
Interface f0/1
Switch(config-if)#switchport mode dynamic desirable
Trunk Link Neighbors Interface
b Interface
Trunk
Switch(config-if)#switchport mode dynamic auto
Neighbors Interface
Switch(config-if)#switchport nonegotiate
DTP
b
Interface
Trunk
VLAN Trunking Protocol Switch(config)#vtp mode server
Default
Switch
P
M
VTP Server Mode Switch(config)#vtp mode client
VTP Client Mode
Switch(config)#vtp mode transparent
VTP Transparent Mode
VTP Server VTP Server Client
Switch(config)#no vtp mode
CCNA 640-802
Default Server Mode
Page 89 of 127
Switch(config)#vtp domain domain-name
Domain-name
1-32 Characters
Remark-
Switch domain-name
Communicate Switch(config)#vtp p@ssw0rd Switch(config)#vtp pruning
Enable VTP pruning Default
b
Mode 1
VTP Server Enable
VTP pruning function use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning save and increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. What VTP Pruning does,
VLAN 1(default) is always pruning-ineligible, meaning traffic from VLAN 1 cannot be pruned in any situation.
Pruning eligibility is based only on the VLANs that need the given broadcast information across the trunks. It is not related with the number of ports assigned to that VLAN.
VTP Pruning does not change, add, or delete the VLANs in a VTP domain, it simply reduces the broadcast and multicast traffic.
VTP version 2 and VTP version 1 are not interoperable on network devices in the same VTP domain. Every network device in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every network device in the VTP domain s version 2.
Switch#show vtp status
VTP Configuration
Switch#show vtp counters
VTP Couters
VTP ments Summary ments – VTP Server
Clients
5min
Configuration Rivision no. Count
Creating or deleting a VLAN Suspending or activating a VLAN Changing the name of a VLAN Changing the MTU of a VLAN
CCNA 640-802
P sent
Subset ments – VTP information
Request ments- VTP Client
update
VTP Server
Page 90 of 127
Remark- VTP No
Revision No
Switch
VTP Server Switch
Network
L N
Update b
Revision
O
VLAN Exercise-2 (Intervlan Routing With Layer3 Switch)
Layer3 Switch Switch(config)#hostname L3 L3(config)#int range f0/1-2 L3(config-if-range)#switchport trunk encapsulation dot1q L3(config-if-range)#switchport mode trunk L3(config-if-range)#exit L3(config)#vtp mode server L3(config)#vtp domain cisco
VTP Configuration
L3(config)#vtp cisco L3(config)#vlan 10 L3(config-vlan)#name HR L3(config-vlan)#vlan 20 L3(config-vlan)#name Sale L3(config-vlan)#vlan 30 L3(config-vlan)#name Manager L3(config-vlan)#vlan 40
VLAN creation & define
L3(config-vlan)#name
description
L3(config-vlan)#vlan 50 L3(config-vlan)#name Operation L3(config-vlan)#vlan 60 L3(config-vlan)#name Security L3(config)#vlan 99 L3(config-vlan)#name Native_Trunk
CCNA 640-802
Page 91 of 127
L3(config-vlan)#exit L3(config-if-range)#int range f0/1-2
Interface f0/1 & f0/2
native
L3(config-if-range)#switchport trunk native vlan 99 L3(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 Allow
vlan
L3(config-if-range)#exit L3(config)#int vlan 10 L3(config-if)#ip add 192.168.10.1 255.255.255.0 L3(config-if)#int vlan 20 L3(config-if)#ip add 192.168.20.1 255.255.255.0 L3(config-if)#int vlan 30 L3(config-if)#ip add 192.168.30.1 255.255.255.0 L3(config-if)#int vlan 40
Define Ip address for virtual
L3(config-if)#ip add 192.168.40.1 255.255.255.0
interface Intervlan Routing
L3(config-if)#int vlan 50 L3(config-if)#ip add 192.168.50.1 255.255.255.0 L3(config-if)#int vlan 60 L3(config-if)#ip add 192.168.60.1 255.255.255.0 L3(config-if)#exit L3(config)#ip routing L3(config)#int f0/3 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 10 L3(config-if)#int f0/4 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 20 L3(config-if)#int f0/5 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 30 L3(config-if)#int f0/6 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 40 L3(config-if)#int f0/7 L3(config-if)#switchport mode access L3(config-if)#switchport port-security
CCNA 640-802
Page 92 of 127
L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 50 L3(config-if)#int f0/8 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 60 L3(config-if)#int range f0/9-24 L3(config-if-range)#shutdown L3(config-if-range)#exit L3(config)#ip dh excluded-address 192.168.10.1 192.168.10.50 L3(config)#ip dh excluded-address 192.168.20.1 192.168.20.50 L3(config)#ip dh excluded-address 192.168.30.1 192.168.30.50 L3(config)#ip dh excluded-address 192.168.40.1 192.168.40.50 L3(config)#ip dh excluded-address 192.168.50.1 192.168.50.50 L3(config)#ip dh excluded-address 192.168.60.1 192.168.60.50 L3(config)#ip dh pool vlan10 L3(dh-config)#network 192.168.10.0 255.255.255.0 L3(dh-config)#default-router 192.168.10.1 L3(dh-config)#ip dh pool vlan20 L3(dh-config)#network 192.168.20.0 255.255.255.0 L3(dh-config)#default-router 192.168.20.1 L3(dh-config)#ip dh pool vlan30 L3(dh-config)#network 192.168.30.0 255.255.255.0 L3(dh-config)#default-router 192.168.30.1 L3(dh-config)#ip dh pool vlan40 L3(dh-config)#network 192.168.40.0 255.255.255.0 L3(dh-config)#default-router 192.168.40.1 L3(dh-config)#ip dh pool vlan50 L3(dh-config)#network 192.168.50.0 255.255.255.0 L3(dh-config)#default-router 192.168.50.1 L3(dh-config)#ip dh pool vlan60 L3(dh-config)#network 192.168.60.0 255.255.255.0 L3(dh-config)#default-router 192.168.60.1 L3(dh-config)#exit Layer2 Switch
(SW2 Configuration
Switch(config)#hostname SW2 SW2(config)#int range f0/1-2 SW2(config-if-range)#switchport mode trunk SW2(config-if-range)#exit SW2(config)#vtp mode client
CCNA 640-802
Page 93 of 127
)
SW2(config)#vtp domain cisco SW2(config)#vtp cisco SW2(config)#int range f0/1-2 SW2(config-if-range)#switchport trunk native vlan 99 SW2(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 SW2(config-if-range)#exit SW2(config)#int f0/3 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 10 SW2(config-if)#int f0/4 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 20 SW2(config-if)#int f0/5 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 30 SW2(config-if)#int f0/6 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 40 SW2(config-if)#int f0/7 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 50 SW2(config-if)#int f0/8 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 60 SW2(config)#int range f0/9-24 SW2(config-if-range)#shutdown
CCNA 640-802
Page 94 of 127
VOIP(Voice Over Internet Protocol)
L3(config)#vlan 10 L3(config-vlan)#name HR L3(config-vlan)#vlan 20 L3(config-vlan)#name Sale L3(config-vlan)#vlan 30 L3(config-vlan)#name Manager L3(config-vlan)#vlan 40 L3(config-vlan)#name L3(config-vlan)#vlan 50 L3(config-vlan)#name Operation L3(config-vlan)#vlan 60 L3(config-vlan)#name Security L3(config-vlan)#vlan 99 L3(config-vlan)#name Native L3(config-vlan)#exit L3(config)#vtp mode server L3(config)#vtp domain cisco L3(config)#vtp cisco
CCNA 640-802
Page 95 of 127
L3(config)#int range f0/1 - 2 L3(config-if-range)#switchport trunk encapsulation dot1q L3(config-if-range)#switchport mode trunk L3(config-if-range)#switchport nonegotiate 3(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 L3(config-if-range)#switchport trunk native vlan 99 L3(config-if-range)#exit L3(config)#int f0/3 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 10 L3(config-if)#switchport voice vlan 10
VOIP
L3(config-if)#int f0/4 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 20 L3(config-if)#switchport voice vlan 20 L3(config-if)#int f0/5 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 30 L3(config-if)#switchport voice vlan 30 L3(config-if)#int f0/6 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 40 L3(config-if)#switchport voice vlan 40 L3(config-if)#int f0/7 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 50 L3(config-if)#switchport voice vlan 50 L3(config-if)#int f0/8 L3(config-if)#switchport mode access L3(config-if)#switchport port-security
CCNA 640-802
Page 96 of 127
L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 60 L3(config-if)#switchport voice vlan 60 L3(config-if)#exit L3(config)#int range f0/9 - 24 L3(config-if-range)#shutdown L3(config-if-range)#exit L3(config)#ip routing L3(config)#int vlan10 L3(config-if)#ip add 10.10.10.1 255.255.255.0 L3(config-if)#int vlan20 L3(config-if)#ip add 10.10.20.1 255.255.255.0 L3(config-if)#int vlan30 L3(config-if)#ip add 10.10.30.1 255.255.255.0 L3(config-if)#int vlan40 L3(config-if)#ip add 10.10.40.1 255.255.255.0 L3(config-if)#int vlan50 L3(config-if)#ip add 10.10.50.1 255.255.255.0 L3(config-if)#int vlan60 L3(config-if)#ip add 10.10.60.1 255.255.255.0 L3(config-if)#exit L3(config)#ip dh excluded-address 10.10.10.1 10.10.10.50 L3(config)#ip dh excluded-address 10.10.20.1 10.10.20.50 L3(config)#ip dh excluded-address 10.10.30.1 10.10.30.50 L3(config)#ip dh excluded-address 10.10.40.1 10.10.40.50 L3(config)#ip dh excluded-address 10.10.50.1 10.10.50.50 L3(config)#ip dh excluded-address 10.10.60.1 10.10.60.50 L3(config)#ip dh pool vlan10 L3(dh-config)#network 10.10.10.0 255.255.255.0 L3(dh-config)#default-router 10.10.10.1 L3(dh-config)#option 150 ip 192.168.0.1
option 150 – ph svr
L3(dh-config)#ip dh pool vlan20
192.168.0.1 - CME Address
L3(dh-config)#network 10.10.20.0 255.255.255.0 L3(dh-config)#default-router 10.10.20.1
CCNA 640-802
Page 97 of 127
L3(dh-config)#option 150 ip 192.168.0.1 L3(dh-config)#ip dh pool vlan30 L3(dh-config)#network 10.10.30.0 255.255.255.0 L3(dh-config)#default-router 10.10.30.1 L3(dh-config)#option 150 ip 192.168.0.1 L3(dh-config)#ip dh pool vlan40 L3(dh-config)#network 10.10.40.0 255.255.255.0 L3(dh-config)#default-router 10.10.40.1 L3(dh-config)#option 150 ip 192.168.0.1 L3(dh-config)#ip dh pool vlan50 L3(dh-config)#network 10.10.50.0 255.255.255.0 L3(dh-config)#default-router 10.10.50.1 L3(dh-config)#option 150 ip 192.168.0.1 L3(dh-config)#ip dh pool vlan60 L3(dh-config)#network 10.10.60.0 255.255.255.0 L3(dh-config)#default-router 10.10.60.1 L3(dh-config)#option 150 ip 192.168.0.1 L3(config-if-range)#exit L3(config)#int f0/9 L3(config-if)#no switchport
IP
L3(config-if)#ip add 192.168.0.2 255.255.255.252 L3(config-if)#no shut SWA(config)#vtp mode client SWA(config)#vtp cisco SWA(config)#int range f0/1 - 2 SWA(config-if-range)#switchport mode trunk SWA(config-if-range)#switchport trunk native vlan 99 SWA(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 SWA(config-if-range)#switchport nonegotiate SWA(config-if-range)#exit SWA(config)#int f0/3 SWA(config-if)#switchport mode access SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 10 SWA(config-if)#switchport voice vlan 10 SWA(config-if)#int f0/4 SWA(config-if)#switchport mode access
CCNA 640-802
Page 98 of 127
switchport mode
SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 20 SWA(config-if)#switchport voice vlan 20 SWA(config-if)#int f0/5 SWA(config-if)#switchport mode access SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 30 SWA(config-if)#switchport voice vlan 30 SWA(config-if)#int f0/6 SWA(config-if)#switchport mode access SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 40 SWA(config-if)#switchport voice vlan 40 SWA(config-if)#int f0/7 SWA(config-if)#switchport mode access SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 50 SWA(config-if)#switchport voice vlan 50 SWA(config-if)#int f0/8 SWA(config-if)#switchport mode access SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 60 SWA(config-if)#switchport voice vlan 60 SWA(config-if)#int range f0/9 - 24 SWA(config-if-range)#shutdown SWB(config)#vtp mode server SWB(config)#vtp cisco SWB(config)#int f0/2 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect SWB(config-if)#switchport access vlan 10 SWB(config-if)#switchport voice vlan 10 SWB(config-if)#int f0/3 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect
CCNA 640-802
Page 99 of 127
SWB(config-if)#switchport access vlan 20 SWB(config-if)#switchport voice vlan 20 SWB(config-if)#int f0/4 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect SWB(config-if)#switchport access vlan 30 SWB(config-if)#switchport voice vlan 30 SWB(config-if)#int f0/5 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect SWB(config-if)#switchport access vlan 40 SWB(config-if)#switchport voice vlan 40 SWB(config-if)#int f0/6 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect SWB(config-if)#switchport access vlan 50 SWB(config-if)#switchport voice vlan 50 SWB(config-if)#int f0/7 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect SWB(config-if)#switchport access vlan 60 SWB(config-if)#switchport voice vlan 60 SWB(config-if)#int range f0/8 - 24 SWB(config-if-range)#shutdown SWC(config)#vtp mode client Setting device to VTP CLIENT mode. SWC(config)#vtp cisco Setting device VLAN database to cisco SWC(config)#int range f0/1 - 2 SWC(config-if-range)#switchport mode trunk SWC(config-if-range)#switchport trunk native vlan 99 SWC(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 SWC(config-if-range)#switchport nonegotiate SWC(config-if-range)#int f0/3 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect
CCNA 640-802
Page 100 of 127
SWC(config-if)#switchport access vlan 10 SWC(config-if)#switchport voice vlan 10 SWC(config-if)#int f0/4 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect SWC(config-if)#switchport access vlan 20 SWC(config-if)#switchport voice vlan 20 SWC(config-if)#int f0/5 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect SWC(config-if)#switchport access vlan 30 SWC(config-if)#switchport voice vlan 30 SWC(config-if)#int f0/6 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect SWC(config-if)#switchport access vlan 40 SWC(config-if)#switchport voice vlan 40 SWC(config-if)#int f0/7 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect SWC(config-if)#switchport access vlan 50 SWC(config-if)#switchport voice vlan 50 SWC(config-if)#int f0/8 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect SWC(config-if)#switchport access vlan 60 SWC(config-if)#switchport voice vlan 60 SWC(config-if)#int range f0/9 - 24 SWC(config-if-range)#shutdown SWD(config)#vtp mode client Setting device to VTP CLIENT mode. SWD(config)#vtp cisco Setting device VLAN database to cisco SWD(config)#int f0/1 SWD(config-if)#switchport mode trunk SWD(config-if)#switchport trunk native vlan 99 SWD(config-if)#switchport trunk allowed vlan
CCNA 640-802
Page 101 of 127
10,20,30,40,50,60 SWD(config-if)#switchport nonegotiate SWD(config-if)#int f0/2 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 10 SWD(config-if)#switchport voice vlan 10 SWD(config-if)#int f0/3 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 20 SWD(config-if)#switchport voice vlan 20 SWD(config-if)#int f0/4 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 30 SWD(config-if)#switchport voice vlan 30 SWD(config-if)#int f0/5 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 40 SWD(config-if)#switchport voice vlan 40 SWD(config-if)#int f0/6 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 50 SWD(config-if)#switchport voice vlan 50 SWD(config-if)#int f0/7 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 60 SWD(config-if)#switchport voice vlan 60 SWD(config-if)#int range f0/8 -24 SWD(config-if-range)#shutdown CME(config)#int f0/0 CME(config-if)#ip add 192.168.0.1 255.255.255.252
CCNA 640-802
Page 102 of 127
CME(config-if)#no shut CME(config-if)#exit CME(config)#ip route 10.10.10.0 255.255.255.0 f0/0 CME(config)#ip route 10.10.20.0 255.255.255.0 f0/0 CME(config)#ip route 10.10.30.0 255.255.255.0 f0/0 CME(config)#ip route 10.10.40.0 255.255.255.0 f0/0 CME(config)#ip route 10.10.50.0 255.255.255.0 f0/0 CME(config)#ip route 10.10.60.0 255.255.255.0 f0/0 CME(config)#telephony-service
Phone Service
CME(config-telephony)#max-dn 30
Ph.ext
CME(config-telephony)#max-ephones 30
Ph.
CME(config-telephony)#exit CME(config)#ephone-dn 1
dn= directory numbers (1-144)
CME(config-ephone-dn)#number 9101
Ph extension
CME(config-ephone-dn)#ephone-dn 2 CME(config-ephone-dn)#number 9102 CME(config-ephone-dn)#ephone-dn 3 CME(config-ephone-dn)#number 9103 CME(config-ephone-dn)#ephone-dn 4 CME(config-ephone-dn)#number 9104 CME(config-ephone-dn)#ephone-dn 5 CME(config-ephone-dn)#number 9105 CME(config-ephone-dn)#ephone-dn 6 CME(config-ephone-dn)#number 9201 CME(config-ephone-dn)#ephone-dn 7 CME(config-ephone-dn)#number 9202 CME(config-ephone-dn)#ephone-dn 8 CME(config-ephone-dn)#number 9203 CME(config-ephone-dn)#ephone-dn 9 CME(config-ephone-dn)#number 9204 CME(config-ephone-dn)#ephone-dn 10 CME(config-ephone-dn)#number 9205 CME(config-ephone-dn)#ephone-dn 11 CME(config-ephone-dn)#number 9301 CME(config-ephone-dn)#ephone-dn 12 CME(config-ephone-dn)#number 9302 CME(config-ephone-dn)#ephone-dn 13 CME(config-ephone-dn)#number 9303 CME(config-ephone-dn)#ephone-dn 14 CME(config-ephone-dn)#number 9304
CCNA 640-802
Page 103 of 127
CME(config-ephone-dn)#ephone-dn 15 CME(config-ephone-dn)#number 9305 CME(config-ephone-dn)#ephone-dn 16 CME(config-ephone-dn)#number 9401 CME(config-ephone-dn)#ephone-dn 17 CME(config-ephone-dn)#number 9402 CME(config-ephone-dn)#ephone-dn 18 CME(config-ephone-dn)#number 9403 CME(config-ephone-dn)#ephone-dn 19 CME(config-ephone-dn)#number 9404 CME(config-ephone-dn)#ephone-dn 20 CME(config-ephone-dn)#number 9405 CME(config-ephone-dn)#ephone-dn 21 CME(config-ephone-dn)#number 9501 CME(config-ephone-dn)#ephone-dn 22 CME(config-ephone-dn)#number 9502 CME(config-ephone-dn)#ephone-dn 23 CME(config-ephone-dn)#number 9503 CME(config-ephone-dn)#ephone-dn 24 CME(config-ephone-dn)#number 9504 CME(config-ephone-dn)#ephone-dn 25 CME(config-ephone-dn)#number 9505 CME(config-ephone-dn)#ephone-dn 26 CME(config-ephone-dn)#number 9601 CME(config-ephone-dn)#ephone-dn 27 CME(config-ephone-dn)#number 9602 CME(config-ephone-dn)#ephone-dn 28 CME(config-ephone-dn)#number 9603 CME(config-ephone-dn)#ephone-dn 29 CME(config-ephone-dn)#number 9604 CME(config-ephone-dn)#ephone-dn 30 CME(config-ephone-dn)#number 9605 CME(config-ephone-dn)#exit CME(config)#ephone 1
P
CME(config-ephone)#type cipc
Type = softphone
CME(config-ephone)#mac-address 000A.F3CA.14B1
Computer Mac Address
CME(config-ephone)#button 1:1
Ext no.
CME(config-ephone)#ephone 2 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0001.638E.60BA CME(config-ephone)#button 1:2
CCNA 640-802
Page 104 of 127
P
(9101)
CME(config-ephone)#ephone 3 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0090.0CE6.AC8A CME(config-ephone)#button 1:3 CME(config-ephone)#ephone 4 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00E0.A353.5EBA CME(config-ephone)#button 1:4 CME(config-ephone)#ephone 5 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 000A.F390.BBE5 CME(config-ephone)#button 1:5 CME(config-ephone)#ephone 6 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0001.4248.E46A CME(config-ephone)#button 1:6 CME(config-ephone)#ephone 7 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 000B.BE10.4336 CME(config-ephone)#button 1:7 CME(config-ephone)#ephone 8 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.5897.0895 CME(config-ephone)#button 1:8 CME(config-ephone)#ephone 9 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0002.4AED.6AB6 CME(config-ephone)#button 1:9 CME(config-ephone)#ephone 10 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0007.ECA4.8CCE CME(config-ephone)#button 1:10 CME(config-ephone)#ephone 11 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00E0.F7A2.2543 CME(config-ephone)#button 1:11 CME(config-ephone)#ephone 12 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.9793.B500 CME(config-ephone)#button 1:12 CME(config-ephone)#ephone 13 CME(config-ephone)#type cipc
CCNA 640-802
Page 105 of 127
CME(config-ephone)#mac-address 0030.A316.ABB3 CME(config-ephone)#button 1:13 CME(config-ephone)#ephone 14 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00E0.B013.C2B3 CME(config-ephone)#button 1:14 CME(config-ephone)#ephone 15 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 000A.41D9.9A33 CME(config-ephone)#button 1:15 CME(config-ephone)#ephone 16 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0001.9769.0AE8 CME(config-ephone)#button 1:16 CME(config-ephone)#ephone 17 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0009.7C9C.1A52 CME(config-ephone)#button 1:17 CME(config-ephone)#ephone 18 CME(config-ephone)#mac-address 0010.1112.9D99 CME(config-ephone)#button 1:18 CME(config-ephone)#type cipc CME(config-ephone)#ephone 19 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0005.5E26.516A CME(config-ephone)#button 1:19 CME(config-ephone)#ephone 20 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 000B.BEED.0C31 CME(config-ephone)#button 1:20 CME(config-ephone)#ephone 21 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.FF90.81C4 CME(config-ephone)#button 1:21 CME(config-ephone)#ephone 22 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0010.11EA.B09D CME(config-ephone)#button 1:22 CME(config-ephone)# CME(config-ephone)#ephone 23 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.BA28.A209
CCNA 640-802
Page 106 of 127
CME(config-ephone)#button 1:23 CME(config-ephone)#ephone 24 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0002.4A8C.6226 CME(config-ephone)#button 1:24 CME(config-ephone)#ephone 25 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.5854.800C CME(config-ephone)#button 1:25 CME(config-ephone)#ephone 26 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 000D.BDDC.7A11 CME(config-ephone)#button 1:26 CME(config-ephone)#ephone 27 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0001.97A0.3065 CME(config-ephone)#button 1:27 CME(config-ephone)#ephone 28 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0002.1654.4B8B CME(config-ephone)#button 1:28 CME(config-ephone)#ephone 29 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0006.2AE5.4C38 CME(config-ephone)#button 1:29 CME(config-ephone)#ephone 30 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.FF4E.969A CME(config-ephone)#button 1:30 CME(config-ephone)#exit CME(config)#telephony-service CME(config-telephony)#ip source-address 192.168.0.1 port 2000
CCNA 640-802
Page 107 of 127
Spanning Tree Protocol (STP)(802.1D) STP Protocol
Switch to Switch
L
recover
Backup P
Data
Port
P
Root Port
Root Bridge
Link
Desg Port P
Link
Forwarded Port Path Cost Down
BLK port P
Switch
P
Root Bridge
1
(0-61440) Priority
2. Priority
4-bit
…
Mac Address
Switch
Remark – Root Bridge
Switch
Port
Switch(config)#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID
Priority Address
32769 0001.6435.13E5
This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address
32769 (priority 32768 sys-id-ext 1) 0001.6435.13E5
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface
Role Sts Cost
Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa0/2
Desg FWD 19
128.2
P2p
Fa0/1
Desg FWD 19
128.1
P2p
CCNA 640-802
Page 108 of 127
Root Port Election Non-Root Switch
Path Cost Switch
P Path
Cost
10 GB
2
1 GB
4
100 MB
19
10 MB
100
Port No.
Port No.
Non-Root Switch Link
Acti
P
Root Port
BPDU(Bridge Protocol Data Unit)
Down 20s, Forwarding
15s
MAC Learning
19+19
CCNA 640-802
Switch
every 2s
Link Down
Cost 19
BLK Port
Root Bridge
Root Bridge
Page 109 of 127
10 Backup Link
15s
50s
P Mac Address
Path Cost Port
Switch
Root Bridge
Neighbor Switch
Root Port
Mac Address
Access Layer
Core Layer
Priority Switch
Data
Root Bridge Root Bridge
Per Vlan Spanning-Tree (PVST+)
CCNA 640-802
Mac Address
Page 110 of 127
Switch Access Layer
Vlan
Root Primary
BLK Port
Rapid PVST Rapid PVST
Backup Link
2s
P Switch(config)#spanning-tree mode rapid-pvst
CCNA 640-802
Page 111 of 127
b
YGN-S1(config)#int range f0/1 - 2 YGN-S1(config-if-range)#switchport mode trunk YGN-S1(config-if-range)#switchport nonegotiate YGN-S1(config-if-range)#exit YGN-S1(config)#vtp mode server YGN-S1(config)#vtp domain cisco YGN-S1(config)#vtp cisco YGN-S2(config)#int range f0/1 - 2 YGN-S2(config-if-range)#switchport mode trunk YGN-S2(config-if-range)#switchport nonegotiate YGN-S2(config-if-range)#exit YGN-S2(config)#vtp mode client YGN-S2(config)#vtp domain cisco YGN-S2(config)#vtp cisco YGN-S3(config)#int range f0/1 - 2 YGN-S3(config-if-range)#switchport mode trunk YGN-S3(config-if-range)#switchport nonegotiate
CCNA 640-802
Page 112 of 127
YGN-S3(config-if-range)#exit YGN-S3(config)#vtp mode client YGN-S3(config)#vtp domain cisco YGN-S3(config)#vtp cisco
Access Control Lists Access Control lists
Router
s
instructions ACL 1.
Standard Access Lists
2.
Extended Access Lists
Standard Access Lists 1.
Standard Access Lists
2.
Data Packets
3.
Destination Addresses
filter Router
CCNA 640-802
1-99 source addresses L interface
Page 113 of 127
Destination
4.
P
Filter
OSI Model
Layer 3
Exercise 1
J
’
’
deny
B1(config)#access-list 10 deny host 192.168.1.31 B1(config)#access-list 10 deny 192.168.1.31
access-list 10 deny Source IP Address
B1(config)#access-list 10 deny 192.168.1.31 0.0.0.0 ACL No. B1(config)#int f0/0 -
Access-list
Rule host
Destination Network Source Network
outbound
default deny auto rule Host
host
B1(config)#access-list 11 deny host 192.168.1.31
Deny host
B1(config)#access-list 11 permit any B1(config)#int f0/0
CCNA 640-802
IP
Interface
B1(config-if)#ip access-group 10 out
Rule
Deny
Page 114 of 127
source network Deny
B1(config-if)#ip access-group 10 out
B1(config)#access-list 12 deny 192.168.1.0 0.0.0.255
192.168.1.0 Network
B1(config)#access-list 12 permit any B1(config)#int f0/0 B1(config-if)#ip access-group 12 out
B1(config)#access-list 13 deny 192.168.1.128 0.0.0.127
Network
B1(config)#access-list 13 permit any
192.168.1.255
192.168.1.128
B1(config)# B1(config)#int f0/0 B1(config-if)#ip access-group 13 out
B1(config)#access-list 14 deny 192.168.1.0 0.0.0.63
N
192.168.1.0-64
B1(config)#access-list 14 deny 192.168.1.128 0.0.0.63
192.168.1.128-192
Deny
B1(config)#access-list 14 permit any B1(config)# B1(config)#int f0/0 B1(config-if)#ip access-group 14 out
B1(config)#access-list 15 deny 192.168.1.32 0.0.0.31
Deny
B1(config)#access-list 15 deny 192.168.1.96 0.0.0.31 B1(config)#access-list 15 deny 192.168.1.160 0.0.0.31 B1(config)#access-list 15 deny 192.168.1.224 0.0.0.31 B1(config)#access-list 15 permit any B1(config)# B1(config)#int f0/0 B1(config-if)#ip access-group 15 out
B1(config)#access-list 16 deny 192.168.1.1 0.0.0.254 B1(config)#access-list 16 permit any
IP b
B1(config)# B1(config)#int f0/0 B1(config-if)#ip access-group 16 out
CCNA 640-802
Page 115 of 127
/
255
Extended Access Lists
Exercises 192.168.7.0 Network
CCNA 640-802
Website access
Extended Access Lists
Page 116 of 127
access-list 110 permit t 192.168.7.0 0.0.0.255 any eq
7.0 Network
0.0 Network
website
80 access-list 110 permit udp 192.168.7.0 0.0.0.255 host
website
192.168.0.10 eq 53
Service
access-list 110 permit udp any eq 68 any eq 67
Client
DNS DH Service (68
server int f0/1
client
67
)
Access-List
Interface
ip access-group 110 in access-list 111 deny t 192.168.7.0 0.0.0.255 host
Website
192.168.0.11 eq 80
deny
cisco.com website (Remark – Deny
ACL access-list 111 permit t 192.168.7.0 0.0.0.255 any eq
) website
P
80 access-list 111 permit udp 192.168.7.0 0.0.0.255 host 192.168.0.10 eq 53 access-list 111 permit udp any eq 68 any eq 67 int f0/1 ip access-group 111 in access-list 111 permit icmp 192.168.7.0 0.0.0.255
7.0 Network
192.168.2.0 0.0.0.255 echo
CCNA 640-802
Page 117 of 127
2.0 Network
Ping
access-list 112 deny t 192.168.7.0 0.0.0.255 host 192.168.0.11 eq 80 access-list 112 permit t 192.168.7.0 0.0.0.255 any eq 80 access-list 112 permit udp 192.168.7.0 0.0.0.255 host 192.168.0.10 eq 53 access-list 112 permit udp any eq 68 any eq 67 access-list 112 deny icmp 192.168.7.64 0.0.0.31
7.64-7.96
2.224-2.255
deny
192.168.2.224 0.0.0.31 echo access-list 112 permit icmp 192.168.7.0 0.0.0.255 192.168.2.0 0.0.0.255 echo access-list 112 permit t host 192.168.7.100 host
7.100 computer
192.168.0.11 eq 21 int f0/1 ip access-group 112 in
Name Access-List
J
’
Router
HQ(config)#enable secret cisco
CCNA 640-802
Page 118 of 127
0.11
HQ(config)#line vty 0 4 HQ(config-line)# telnet HQ(config-line)#exit HQ(config)#ip access-list standard John
John
HQ(config-std-nacl)#permit host 192.168.1.31
John compuer
Standard ACL
HQ(config-std-nacl)#exit HQ(config)#line vty 0 4
Telnet
HQ(config-line)#access-class John in
ACL
HQ(config-line)#exit
J
’ Computer
Server Network
Switch
Switch(config)#enable secret cisco
Mode
Switch(config)#line vty 0 4 Switch(config-line)# telnet
Switch(config-line)#exit Switch(config)#int vlan 1
Switch
IP
Switch(config-if)#ip add 192.168.0.5 255.255.255.0 Switch(config-if)#no shut Switch(config-if)#exit Switch(config)#ip default-gateway 192.168.0.1
Switch
gateway
Switch(config)#ip access-list standard John
N
Switch(config-std-nacl)#permit host 192.168.1.31
L
192.168.1.31
Switch(config-std-nacl)#exit Switch(config)#line vty 0 4
ACL
Switch(config-line)#access-class John in Switch(config-line)#exit
Time Base ACL
CCNA 640-802
Page 119 of 127
R1#sh clock R1(config)#clock timezone YGN 6 30 R1#clock set 19:00:00 11 Oct 2012 R1(config)#ntp master
ntp server
R2(config)#ntp server 192.168.123.1
Time Setting
NTP Server
R2(config)#clock timezone YGN 6 30
N
L
111.0 Network
222.0 Network
ICMP Allow
R1(config)#ip access-list extended PING R1(config-ext-nacl)#permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo R1(config)#int f0/0 R1(config-if)#ip access-group PING in R1#sh access-list Extended IP access list PING 10 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo N
L
111.10 Client
222.20 Server
ICMP Deny
ACL
ACL No. R1(config)#ip access-list extended PING R1(config-ext-nacl)#9 deny icmp host 192.168.111.10 host 192.168.222.20 echo
R1(config-ext-nacl)#do sh access-list
CCNA 640-802
Page 120 of 127
Extended IP access list PING 9 deny icmp host 192.168.111.10 host 192.168.222.20 echo 10 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo ACL Rule
ACL No. start no.increase count
R1(config)#ip access-list resequence PING 10 10 R1(config)#do sh access-list Extended IP access list PING 10 deny icmp host 192.168.111.10 host 192.168.222.20 echo 20 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo Remote Desktop
(Time Frame
)
R1(config)#time-range RDP R1(config-time-range)#? Time range configuration commands: absolute absolute time and date default Set a command to its defaults exit
Exit from time-range configuration mode
no
Negate a command or set its defaults
periodic periodic time and date R1(config-time-range)#periodic Monday Wednesday Thursday 8:30 to 9:00 R1(config-time-range)#ip access-list extended PING R1(config-ext-nacl)#5 permit t host 192.168.111.10 host 192.168.222.20 eq3389 time-range RDP R1(config-ext-nacl)#do sh access-list Extended IP access list PING 5 permit t host 192.168.111.10 host 192.168.222.20 eq 3389 time-range RDP (inactive) 10 deny icmp host 192.168.111.10 host 192.168.222.20 echo 20 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255
CCNA 640-802
Page 121 of 127
B1(config)#enable secret cisco B1(config)#line vty 0 4 B1(config-line)# telnet B1(config)#access-list 10 permit 10.10.14.0 0.0.0.255
IT Vlan 24
B1(config)#line vty 0 4
Router B1 Router
B1(config-line)#access-class 10 in 7.0 Guest Network
Internet Access
Allow
(HTTP,HTTPS,DNS,DH)
B2(config)#access-list 120 permit udp 10.10.7.0 0.0.0.255 host 10.10.15.10 eq 53 L
Guest Network
DNS Server
DNS Service
B2(config)#access-list 120 deny t 10.10.7.0 0.0.0.255 host 10.10.15.30 eq 80 L
Guest Network
Internal website(www.abc.com)
P
B2(config)#access-list 120 deny t 10.10.7.0 0.0.0.255 host 10.10.15.30 eq 443 L
Guest Network
Internal website(www.abc.com)
B2(config)#access-list 120 permit t 10.10.7.0 0.0.0.255 any eq 80 L
CCNA 640-802
Guest Network
Internet Website
P
Page 122 of 127
P
L
B2(config)#access-list 120 permit t 10.10.7.0 0.0.0.255 any eq 443 L
Guest Network
Internet Website
P
B2(config)#access-list 120 permit udp any eq 68 eq 67 L
Guest Network
DH Server
DH Service
B2(config)#access-list 120 permit ip 10.10.7.0 0.0.0.255 10.10.9.0 0.0.0.255 L
Guest Network
Wireless
B2(config)#access-list 120 permit ip 10.10.7.0 0.0.0.255 10.10.11.0 0.0.0.255 L
Guest Network
Wireless
B2(config)#access-list 120 deny t 10.10.7.0 0.0.0.255 host 10.10.15.50 0.0.0.255 eq 25 L
Guest Network
Internal Mail Server
SMTP
B2(config)#access-list 120 deny t 10.10.7.0 0.0.0.255 host 10.10.15.50 0.0.0.255 eq 110 L
Guest Network
Internal Mail Server
POP3
B2(config)#access-list 120 permit t 10.10.7.0 0.0.0.255 any eq 25 L
Guest Network
Internet Mail Server
B2(config)#access-list 120 permit t 10.10.7.0 0.0.0.255 any eq 110 L
Guest Network
Internet Mail Server
B2(config)#int f0/0.17 B2(config-subif)#ip access-group 120 in
NAT (Network Address Translation)
Three types of NATStatic NAT (one to one)- Mapping an uned IP address to a ed IP address on a one-toone basis. Particularly useful when a device needs to be accessible from outside the network.
CCNA 640-802
Page 123 of 127
In static NAT, the computer with the IP address of 192.168.0.10 will always translate to 213.81.71.69:
Dynamic NAT – Maps an uned IP address to a ed IP address from a group of ed IP addresses. Dynamic NAT also establishes a one-to-one mapping between uned and ed IP address, but the mapping could vary depending on the ed address available in the pool, at the time of communication. In dynamic NAT, the computer with the IP address of 192.168.32.10 will translate to the first available address in the range from 213.18.123.100 to 213.18.123.150:
Overloading – A form of dynamic NAT that maps multiple uned IP addresses to a single ed IP address by using different ports. Known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT. In overloading, each computer on the private network is translated to the same IP address (213.18.123.100) but with a different port number assignment:
Exercise ( Static NAT) - Internal Web Site
CCNA 640-802
External Client
Page 124 of 127
N
NAT(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0
Internet
NAT(config)#ip nat inside source static 10.1.0.254 203.81.64.11 Nat
203.81.64.11
NAT(config)#int s0/0/0
10.1.0.254
NAT(config-if)#ip nat outside
Int serial 0/0/0
translate outside interface
NAT(config-if)#int f0/0 NAT(config-if)#ip nat inside
Int f0/0
inside interface
NAT(config)#ip nat inside source static t 10.1.0.254 80 203.81.64.11 80
Wan IP
NAT(config)#ip nat inside source static t 10.1.0.253 80 203.81.64.11 443
Internal Web Server
DNS Server
Exercise (Dynamic NAT)–Internal Clients
CCNA 640-802
Internet
Page 125 of 127
WAN IP
Port
NAT(config)#access-list 30 permit 10.1.0.0 0.0.1.255
L
NAT(config)#ip nat pool MYPOOL 203.81.64.3
WAN IP 3
203.81.64.5 netmask 255.255.255.240
NAT
NAT(config)#ip nat inside source list 30 pool MYPOOL
Interface
POOL
NAT(config)#int s0/0/0 NAT(config-if)#ip nat outside NAT(config-if)#int f0/0 NAT(config-if)#ip nat inside NAT(config-if)#int f0/1 NAT(config-if)#ip nat inside NAT#sh ip nat translations
NAT
NAT#clear ip nat translation
NAT
Exercise -PAT (Port Address Translation) Internal Clients
Internet
NAT(config)#ip nat inside source list 30 pool MYPOOL overload HTTP/HTTPS
DNS
Allow
N
NAT(config)#access-list 120 permit t 10.1.0.0 0.0.1.255 any eq 80 NAT(config)#access-list 120 permit t 10.1.0.0 0.0.1.255 any eq 443 NAT(config)#access-list 120 permit t 10.1.0.0 0.0.1.255 any eq 53 NAT(config)#ip nat inside source list 120 pool MYPOOL overload
CCNA 640-802
Page 126 of 127
Overload
PAT
CCNA 640-802
Page 127 of 127
P
Layer 2
P
M
Layer 3
P - Class A , Class B
language)
Class
Class C
IP
Decimal (human
Binary,Octel and Hexa (Machine Language)
Decimal to Hexa and Binary
M -
-
-
-
-
0000 0000-0010 0100-1000 1 b
-
-
-
b
b 8 bit = 1 Byte 1024 B = 1 Kilobyte (KB) 1024KB = 1 Megabyte (MB) 1024MB = 1 Gigabyte (GB) b
b
P
P
b
-b
N
b
-b
-b
P
P
Class A = 1.0.0.0 to 126.255.255.255 Class B = 128.0.0.0 to 191.255.255.255
CCNA 640-802
Page 1 of 127
P -
P O
b
P
IANA (Internet Assigned Numbers Authority) P
N
P
High Order Bit b
b
b
b
b b b (Loop back address b
b
b
N
b
b
b N
N
N
N
O N N
b
O N
b
N
Private Address
CCNA 640-802
P
N
Page 2 of 127
P
L
O
P P P
P
P
N P
P
P
Internet
LAN P
b
P
IP Subnetting IP Subnetting
Building
4
IP
Building
IANA
IANA N
website N
http://www.apnic.net/ IP
Small Office
site
APNIC b
- 203.81.162.22
Yatanarpon Teleport Name
Small Office
Office
Computer
50
Class C Cost
IP
254
Class C
IP 54
Office
IP
Class C IP
Cost ISP
IP
IP
Router
Internet N
IP
Computer Subnetting Class A
Subnetting
Subnet Mask
Default Subnet Mask
Octet 255
Host 255
Octet
'1' Class A
'1'
Slash Notation Default Subnet Mask
192.168.0.255 O
CCNA 640-802
'255'
Network Address
Host
Default Subnet Mask
Octet
192.168.0.0
'0' Subnet Mask
Class B
IP Address Post
8 bit
Network
10.0.0.0/8
Network
172.16.0.0/16
Class C
Octet
192.168.0.0/24
Network Address '0'
Address
Broadcast Address
-
Page 3 of 127
Broadcast Address
N 255
Computer1 IP- 10.0.0.1
Computer2 IP - 11.0.0.1
SM- 255.0.0.0
SM- 255.0.0.0
Computer Octet
10.0.0.1
Network ID
Network
Class A Class C
11.0.0.2
Class B
Octet
Computer
Network
Octet
Octet
255
Subnet Mask b
P
Octet
Subnetting P
P
P
b
M
b
Host
b P
b b b
b
M
P
N
O
-b
b N N b
N
N
M N b
Host ID
N
b
M
O b
P
CCNA 640-802
b
M
M
O
Last IP
-
Network
First IP
192.168.0.0
192.168.0.1
192.168.0.62
192.168.0.63
192.168.0.64
192.168.0.65
192.168.0.126
192.168.0.127
192.168.0.128
192.168.0.129 192.168.0.190
192.168.0.191
192.168.0.192
192.168.0.193 192.168.0.254
192.168.0.255
Page 4 of 127
Broadcast
N
Class B
subnet
Class B
Octet 172.16.0.0/16
Subnet Mask
subnet
Class C
Octet
subnet Network
-
172.16.0.0
172.16.128.0
First IP
-
172.16.0.1
172.16.128.1
Last IP
-
172.16.127.254
172.16.255.254
Broadcast -
172.16.127.255
172.16.255.255 1 bit
Default Subnet Mask 0
255.255.0.0
Network
1 bit
00000000.00000000
Decimal
10000000.00000000
'/' 172.16.0.0/18
1 bit
172.16.0.0/17 172.16.64.0/18
172.16.192.0/17
CCNA 640-802
Host
Page 5 of 127
172.16.128.0/18
8
16
32
Host
Class A /9
Subnet Mask
/30
255.0.0.0
Octet
/30 http://subnettingquestions.com/
Question: How many subnets and hosts per subnet can you get from the network 172.29.0.0/23? Networks
Network
IP 255.255.0.0
172
/23 23
Class B
'255' 16
7 bit
Host 2^9
Hosts 16 bits,
512
Subnet Mask
Third Octet
Host
2^7
32 bits
512 Hosts
Class B
Network 128 Sub Networks
Subnet Mask 23 Network
9 510 Hosts
Answer: 128 subnets and 510 hosts ------------------------------------------------------------------------------------------------------------------------------- -------Question: You are deg a subnet mask for the 172.26.0.0 network. You want 110 subnets with up to 300
hosts on each subnet. What subnet mask should you use? 172.26.0.0 Network
N
110
Network
300 Hosts
Subnet Mask 2^9 7 bit
Hosts
Hosts
/23
Network
2^7
128
300
2^8
256
Host Network
1 bit
110
Answer: 255.255.254.0 ----------------------------------------------------------------------------------------------------------------------------- ---------Question: What valid host range is the IP address 172.16.205.218/26 a part of? IP IP
172
/26 192
64
172.16.205.192 Network
Broadcast
CCNA 640-802
Class B
Default
255.255.255.192 64 series
172.16.205.0/26 IP
172.16.205.218
172.16.205.193
10 bits
Octet 172.16.205.64
Host
256 172.16.205.128
172.16.205.192 Network
172.16.205.254
Page 6 of 127
/16
Answer: 172.16.205.193 through to 172.16.205.254 --------------------------------------------------------------------------------------------------------------------------------------Question: What is the last valid host on the subnetwork 10.121.32.0 255.255.240.0? IP 256
240
16 series
IP
IP
Subnet Mask 10.121.0.0
10.121.16.0
10.121.48.0
10.121.47.255
Third Octet 10.121.32.0
Host IP
10.121.32.0
Broadcast
10.121.47.254
Answer: 10.121.47.254 ----------------------------------------------------------------------------------------------------------------------------- ---------Question: What is the first valid host on the subnetwork that the node 172.22.154.105/24 belongs to? IP /24
Network
255.255.255.0
Class B
Third Octer
IP
Subnet Mask
Class C
256
IP
255
1 series
172.22.154.0
172.22.0.0
First IP
1 series
172.22.154.1
Answer: 172.22.154.1 ------------------------------------------------------------------------------------------------------------------------------ --------Question: What is the broadcast address of the network 172.21.60.0/22? IP 255.255.252.0
256
252
Broadcast Address 4 series
Third Octet
Network
Third Octet
Network
60
4
172.21.64.0
Subnet Mask
60
4
4 series
Subnet 4
Network Address Broadcast Address
Network
172.21.63.255
Answer: 172.21.63.255 ----------------------------------------------------------------------------------------------------------------------------- ---------Question: Which subnet does host 172.18.62.52/27 belong to? IP 255.255.255.224 172.18.62.32
256
172.18.62.64
224
Network 32 series IP
Subnet Mask Network
172.18.62.32 Network
Answer: 172.18.62.32
CCNA 640-802
Page 7 of 127
32
172.18.62.0
Self Study
VLSM(Variable Length Subnet Mask)
Subnetting a subnet is VLSM.
b
b
Router A - 60 hosts Router B - 25 hosts Router C - 25 hosts Router D - 10 hosts
b
b
b
b
M
O b
192.168.0.128/26
192.168.0.64/26
192.168.0.192/26
b
b
b
b b 192.168.0.144/28
192.168.0.160/28
192.168.0.176/28 L
P
L
CCNA 640-802
L
Page 8 of 127
P
- -
192.168.0.148/30
192.168.0.152/30
192.168
L P
P
Route Summarization or CIDR (Classless Inter-Domain Route)
Supernetting is CIDR
N
b b
172.16.64.0
10101100.00010000.01000000.00000000
172.16.65.0
10101100.00010000.01000001.00000000
172.16.66.0
10101100.00010000.01000010.00000000
172.16.67.0
10101100.00010000.01000011.00000000Common bits:
10101100.00010000.010000xx.00000000
CCNA 640-802
Page 9 of 127
N
172. Step 2 172.16.68.0
10101100.00010000.01000100.00000000
172.16.69.0
10101100.00010000.01000101.00000000
172.16.70.0
10101100.00010000.01000110.00000000
172.16.71.0
10101100.00010000.01000111.00000000
Common bits: 10101100.00010000.010001xx 172.16.68.0/22 Step 3 -172.16.72.0
10101100.00010000.01001000.00000000
172.16.73.0
10101100.00010000.01001001.00000000
172.16.74.0
10101100.00010000 01001010.00000000
172.16.75.0
10101100.00010000 01001011.00000000
172.16.76.0
10101100.00010000.01001100.00000000
172.16.77.0
10101100.00010000.01001101.00000000
172.16.78.0
10101100.00010000.01001110.00000000
172.16.79.0
10101100.00010000.01001111.00000000
Common bits: 10101100.00010000.01001xxx 172.16.72.0/21
CCNA 640-802
Page 10 of 127
Router Commands Shortcuts To Entering Commands Router>enable
=
Router>en
Command Short Key
Router#configure terminal Router#conf t Tab Key
Command
Router#sh
=
Router#show
? Question Mark
Command
Router#?
Mode
Command
List Router#c?
c
Command
Router#cl?
cl
Command
Router#clock
clock Command
List
clear clock List parameters
% Incomplete Command Router#clock ?
Date/Time
Subcommands
set Router#clock set 13:56:00 26 July 2012
Enter Key
Command
Date/Time Command
Router# Router(config)#clock timezone YGN 0 0 enable Command Router>enable
Mode
Mode
Router# configure terminal Command Router#configure terminal
Global Configuration Mode
Router(config)# exit Command Router#exit
L
Router>exit Router(config-if)#exit
Current Mode
Router(config)# Router(config)#exit
Current Mode
Router#
CCNA 640-802
Page 11 of 127
disable Command Router#disable
Mode
Router> Command Router#
exit Command
show Command Router#show ?
Command List
Router#show interfaces
Interfaces
Router#show interface serial 0/0
Serial 0/0 interface
Router#show ip interface brief
Interfaces
Router#show controllers serial 0
DCE/DTE
summary Clock Rate
Router#show clock *13:56:00 YGN Thu 26 July 2012 Router#show history
command
Router#show flash
Flash memory info
Router#show version
Firmware version
Router#show arp
ARP Table
YGN#show running-config
config file
YGN#show startup-config
N
M
config file
YGN#sh s Line
0 con 0
idle
*67 vty 0
idle
Host(s)
Idle
Location
00:04:09 00:00:00 192.168.1.20 Active
YGN#show ip route
Routing Table
do Command YGN(config)#do show running-config
Mode
Saving Configuration YGN#copy running-config startup-config YGN#write
(Remark-
YGN#copy run tftp
CCNA 640-802
=
config file
’ tftp server
Page 12 of 127
running config file
Erasing Configuration YGN#erase start
NVRAM
startup config file
N Router(config)#hostname YGN
N
YGN(config)# YGN(config)#no hostname
N
Router(config)# Router
Restart
YGN#reload YGN(config)#enable cisco
Mode
YGN(config)#service encryption
Type 7
YGN(config)#no service encryption YGN(config)#enable secret cisco
Mode
Type 5
console YGN(config)#line console 0 YGN(config-line)# console YGN(config-line)#
o
fastethernet interface YGN(config)#interface fastethernet 0/0
f0/0 interface
ip
YGN(config-if)#ip address 192.168.1.1 255.255.255.0 YGN(config-if)#description Connect to
description
YGN(config-if)#no shutdown
interface
serial interface YGN(config)#interface serial 0/0 YGN(config-if)#ip address 192.168.1.1 255.255.255.0 YGN(config-if)#description Link to ISP YGN(config-if)#clock rate 64000
Clock rate
YGN(config-if)#no shutdown logging synchronous Command YGN(config)#line con 0 YGN(config-line)#logging synchronous
CCNA 640-802
Command command
Page 13 of 127
console
information
exec-timeout Command YGN(config)#line con 0
Console
YGN(config-line)#exec-timeout 0 0
0 0(min sec) console
auto log off auto log off
YGN(config-line)# Banner YGN(config)#banner motd $ ------------------------------------------------------------WARNING: This router is the property of Ciscronet Networking Academy. Any unauthorized access is monitored. Violators will be prosecuted. ------------------------------------------------------------$ Router YGN(config)#line vty 0 1
telnet
YGN(config-line)# telnet
telnet
YGN(config-line)#
o
console port
(eg. 0 4)
database
YGN(config)#name console secret console
Normal
YGN(config)#name privilege 15 secret
ssh
Router YGN(config)#line vty 0 4 YGN(config-line)# local
YGN(config-line)#transport input ssh
YGN(config)#ip domain-name abc.com
Router
YGN(config)#crypto key generate rsa The name for the keys will be: YGN.abc.com
Domain Name
Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys.Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus[512]: 1024 %
b
b
b …[OK]
YGN>sh s Line
Host(s) idle
00:02:05
ssh
idle
00:00:32
0 con 0 68 vty 1
Idle
Location
YGN>show t brief
CCNA 640-802
Page 14 of 127
DH Configuration
YGN(config)#ip dh excluded-address 192.168.1.1 192.168.1.20
P
YGN(config)#ip dh pool -Dept
P
YGN(dh-config)#network 192.168.1.0 255.255.255.0
Network Scope
YGN(dh-config)#default-router 192.168.1.1
Gateway
YGN(dh-config)#dns-server 192.168.1.10
DNS Server
YGN(dh-config)#netbios-name-server 192.168.1.10 YGN(dh-config)#domain-name abc.com
’ Domain Name
YGN(dh-config)#lease 0 1 0 DH Reservation YGN#clear ip dh binding
dh ip
clear
YGN(config)#ip dh pool winxp-1
Reservation Name create
YGN(config-dh)#host 192.168.1.200 255.255.255.0
IP
YGN(config-dh)#client-identifier 0108.0027.4b84
MAC-Address
YGN(config-dh)#client-name winxp1
Computer Name
YGN#clear ip dh binding YGN(config)#ip dh pool ubuntu
For Linux Platform
YGN(config-dh)#host 192.168.1.200 255.255.255.0 YGN(config-dh)#hardware-address 0108.0027.4b84 YGN(config-dh)#client-name ubuntu NTP Server YGN(config)#ntp-server 192.168.1.10 For Router Security YGN(config)# block-for 300 attempts 3 within 10 YGN(config)# on-success log
YGN(config)# on-failure log
L
YGN(config)#logging host 192.168.1.10
Server
YGN(config)#security s min-length 10
length
CCNA 640-802
Page 15 of 127
log log log
DH Exercise
Router>en
Mode
Router#conf t
Global Mode
Router(config)#enable secret cisco
Mode
Router(config)#line con 0
Console Configuration
Router(config-line)# local
Database
Router(config-line)#exit
Sub Interface
Router(config)#line vty 0 4
Telnet Configuration
Router(config-line)# local
Database
Router(config-line)#exit
Sub Interface
Router(config)#name console secret console Router(config)#name telnet secret telnet Router(config)#int f0/0
Interface f0/0
Router(config-if)#ip add 192.168.1.1 255.255.255.0
IP
Router(config-if)#no shut
Interface
Router(config-if)#int f0/1
Interface f0/1
Router(config-if)#ip add 192.168.2.1 255.255.255.0
IP
Router(config-if)#no shut
Interface
Router(config-if)#exit
Sub Interface
Router(config)#ip dh pool -Dept
Dept
Router(dh-config)#network 192.168.1.0 255.255.255.0
N
Router(dh-config)#default-router 192.168.1.1
Gateway
Router(dh-config)#dns-server 192.168.1.10
DNS Server
Router(dh-config)#exit Router(config)#ip dh pool Marketing-Dept
Marketing Dept
Router(dh-config)#network 192.168.2.0 255.255.255.0
N
Router(dh-config)#default-router 192.168.2.1
Gateway
Router(dh-config)#dns-server 192.168.1.10
DNS Server
Router(dh-config)#exit
CCNA 640-802
Page 16 of 127
Router(config)#ip dh excluded-address 192.168.1.1
Address
192.168.1.20
Address
Router(config)#ip dh excluded-address 192.168.2.1 192.168.2.20 Router(config)#end YGN#sh ip dh binding
DH List Address
Configure Your Router to SDM (Manage with GUI) Router# configureterminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip http server
For HTTP
Router(config)# ip http secure-server Router(config)# ip http authentication local Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000 Router(config)# namehttpprivilege 15 secret http Router(config)# line vty 0 4 Router(config-line)# privilege level 15 Router(config-line)# local Router(config-line)# transport input telnet ssh Router(config-line)# exit Install the SDM File http:// IPAddress (or) http://172.28.54.203:2000 SDM Launcher
Router Router>en
Mode
Router#conf t
Global Configuration Mode
Router(config)#hostname YGN YGN#clock set 4:10:00 July 27 2012 YGN#conf t
CCNA 640-802
Page 17 of 127
YGN(config)#clock timezone YGN 0 0 YGN(config)#int f0/0
Fastethernet interface
YGN(config-if)#ip add 192.168.1.1 255.255.255.0
IP
YGN(config-if)#description For Telnet
Description
YGN(config-if)#no shut
Interface
YGN(config-if)#exit
Sub Interface
YGN(config)#name telnet privilege 15 secret telnet
Database
YGN(config)#name console secret console YGN(config)#line con 0
Console Configuration
YGN(config-line)# local
Database
YGN(config)#line vty 0 1
Telnet Configuration
YGN(config-line)# local
Database
YGN(config-line)#end
Sub Interface
Computer
Router
PC>telnet 192.168.1.1
Router
…O Access Verification name : telnet : ****** Router
P
YGN#conf t
b
M
YGN(config)#name super privilege 15 secret super YGN(config)#line vty 0 1
Telnet Configuration
YGN(config-line)# local
Database
YGN(config-line)#transport input ssh
P
YGN(config-line)#exit
Sub interface
YGN(config)#ip domain-name abc.com
setting
YGN(config)#crypto key generate rsa The name for the keys will be: YGN.abc.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may takea few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be nonexportable...[OK] YGN(config)#
CCNA 640-802
Page 18 of 127
Computer
Router
PC>ssh –l super 192.168.1.1
ssh protocol
Open :***** YGN# Static Route Two ways of static route 1.
next-hop address &
2.
exit interface
Static Route Routing Change
Routing Protocol
small network
Router Router
Routing Table
Change
Distance
Configuring Static Route on a Router Router(config)#ip route destination-network Subnet-Mask Exit-Interface (or) next-hop address
CCNA 640-802
Page 19 of 127
Exercise( Static Route)
HQ>en
Next-hop IP
HQ#conf t
Route
HQ(config)#ip route 192.168.2.0 255.255.255.0 10.10.10.2
Bandwidth
HQ(config)#ip route 192.168.3.0 255.255.255.0 10.10.10.2
Static Data AD
HQ(config)#ip route 192.168.4.0 255.255.255.0 10.10.10.6 5 HQ(config)#ip route 192.168.5.0 255.255.255.0 10.10.10.6 5 HQ(config)#ip route 192.168.4.0 255.255.255.0 10.10.10.10 10 HQ(config)#ip route 192.168.5.0 255.255.255.0 10.10.10.10 10 HQ(config)#ip route 192.168.6.0 255.255.255.0 10.10.10.14 HQ(config)#ip route 192.168.7.0 255.255.255.0 10.10.10.14 B1>en
Exit Interface
B1#conf t
Static
B1(config)#ip route 192.168.0.0 255.255.255.0 Serial0/0/0
Route
B1(config)#ip route 192.168.1.0 255.255.255.0 Serial0/0/0 B1(config)#ip route 192.168.4.0 255.255.255.0 Serial0/0/0 B1(config)#ip route 192.168.5.0 255.255.255.0 Serial0/0/0 B1(config)#ip route 192.168.6.0 255.255.255.0 Serial0/0/0 B1(config)#ip route 192.168.7.0 255.255.255.0 Serial0/0/0 B1(config)#ip route 10.10.10.4 255.255.255.252 Serial0/0/0 B1(config)#ip route 10.10.10.8 255.255.255.252 Serial0/0/0 B1(config)#ip route 10.10.10.12 255.255.255.252 Serial0/0/0 B2>en
Static + CIDR
B2#conf t
Routing Table Size
B2(config)#ip route 192.168.0.0 255.255.252.0 10.10.10.5 10 B2(config)#ip route 192.168.6.0 255.255.254.0 10.10.10.5 10
CCNA 640-802
Page 20 of 127
B2(config)#ip route 192.168.0.0 255.255.252.0 10.10.10.9 11 B2(config)#ip route 192.168.6.0 255.255.254.0 10.10.10.9 11 B3>en B3#conf t B3(config)#ip route 192.168.0.0 255.255.254.0 Serial0/0/0 B3(config)#ip route 192.168.4.0 255.255.254.0 Serial0/0/0 B3(config)#ip route 192.168.2.0 255.255.254.0 Serial0/0/0 Default Route( type of static) Default Route
(stub) network
Router(config)#ip route 0.0.0.0 0.0.0.0 exit-interface (or) next-hop IP
Exercise(Static and Default Route)
CCNA 640-802
Page 21 of 127
HQ>en HQ#conf t HQ(config)#ip route 192.168.2.0 255.255.254.0 10.10.10.2 HQ(config)#ip route 192.168.4.0 255.255.254.0 10.10.10.6 5 HQ(config)#ip route 192.168.4.0 255.255.254.0 10.10.10.10 10 HQ(config)#ip route 192.168.6.0 255.255.254.0 10.10.10.14 B1>en B1#conf t B1(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/0 B2>en B2#conf t B2(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/0 3 B2(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/1 2 B3>en B3#conf t B3(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/0
DH Relay Agent
CCNA 640-802
Page 22 of 127
For Server DH Scope
HQ(config)#int f0/1 HQ(config-if)#ip helper-address 192.168.0.10 HQ(config-if)#exit HQ(config)# B1(config)#int f0/0 B1(config-if)#ip helper-address 192.168.0.10 B1(config-if)#int f0/1 B1(config-if)#ip helper-address 192.168.0.10 B1(config-if)#exit B2(config)#int f0/0 B2(config-if)#ip helper-address 192.168.0.10 B2(config-if)#int f0/1 B2(config-if)#ip helper-address 192.168.0.10 B2(config-if)#exit B2(config)# B3(config)#int f0/0 B3(config-if)#ip helper-address 192.168.0.10 B3(config-if)#int f0/1 B3(config-if)#ip helper-address 192.168.0.10 B3(config-if)#exit
CCNA 640-802
Page 23 of 127
Router Cracking Configuration is 0x2102---16 bit HEX 0010 0001 0000 0010 NVRAM ignore 0x2142 no service recovery 1.power off 2.power on 3.press Ctrl+C or Ctrl+Break while booting state 4.Rommon> 5.Rommon>confreg 0x2142 6.Rommon>reset 7.router#copy start run 8.change the that you forgot 8.1.save the startup-config 9.router(config)#config- 0x2102 10.router#reload 11.no shutdown command on all shutdown interfaces
CCNA 640-802
Page 24 of 127
CDP-Cisco Discovery Protocol(Network
cisco devices
)
HQ#sh cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 ments is enabled HQ#sh cdp neighbors
Neighbor Devices
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Br S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Switch
Fas 0/0
Switch
156
S
2950
Port ID Fas 0/1
Fas 0/1
156
S
2950
B2
Ser 0/0/1
163
R
C1841
Fas 0/1 Ser 0/0/0
B3
Ser 0/1/1
163
R
C1841
Ser 0/0/0
B2
Ser 0/1/0
163
R
C1841
Ser 0/0/1
B1
Ser 0/0/0
164
R
C1841
Ser 0/0/0
HQ#sh cdp interface Vlan1 is istratively down, line protocol is down Sending CDP packets every 60 seconds Holdtime is 180 seconds FastEthernet0/0 is up, line protocol is up Sending CDP packets every 60 seconds Holdtime is 180 seconds HQ#sh cdp neighbors detail
(or)
Neighbor Device
Information
HQ#sh cdp entry * HQ(config)#no cdp run
CDP Protocol
HQ(config)#int f0/0
Interface
HQ(config-if)#no cdp enable HQ(config-if)#int f0/1 HQ(config-if)#no cdp enable ARP (Address Resolution Protocol) HQ#sh arp Protocol Address
FastEthernet Port Age (min) Hardware Addr Type Interface
Internet 192.168.0.1
- 0007.EC88.C301 ARPA FastEthernet0/0
Internet 192.168.0.10
3 0001.424E.BB2E ARPA FastEthernet0/0
Internet 192.168.1.1
- 0007.EC88.C302 ARPA FastEthernet0/1
CCNA 640-802
Page 25 of 127
CDP
DNS From Server
Server
N
CCNA 640-802
Page 26 of 127
B1>en B1#conf t B1(config)#ip domain-lookup
DNS Server
Record
B1(config)#ip name-server 192.168.0.10
DNS Server IP Address
B1(config)#exit B2>en B2#conf t B2(config)#ip domain-lookup B2(config)#ip name-server 192.168.0.10 B2(config)#exit B3>en B3#conf t B3(config)#ip domain-lookup B3(config)#ip name-server 192.168.0.10 B3(config)#exit B3#hq
HQ Router
Translating "hq"...domain server (192.168.0.10) Trying 192.168.0.1 ...Open ------------------------------------------------------------WARNING: This router is the property of Ciscronet Networking Academy. Any unauthorized access is monitored. Violators will be prosecuted. ------------------------------------------------------------ Access Verification name: console : HQ> Configuration Local Host File For Name to IP HQ(config)#ip host B1 192.168.2.1 HQ(config)#ip host B2 192.168.4.1 HQ(config)#ip host B3 192.168.6.1 B1(config)#no ip domain-lookup
CCNA 640-802
# domain-lookup
Page 27 of 127
Backup Config File to TFTP Server
YGN>enable
Mode
YGN#copy startup-config tftp
Startup-config file
Address or name of remote host []? 192.168.0.100
Server Address
Destination filename [Router-confg]? Router-config
TFTP Server
TFTP Server
copy
save
Writing startup-config....!! [OK - 592 bytes] 592 bytes copied in 3.078 secs (0 bytes/sec) YGN# Delete Config From Router YGN#erase startup-config Restore Config File from TFTP Server YGN#copy tftp startup-config
TFTP Server
Address or name of remote host []? 192.168.0.100
TFTP Server Address
Source filename []? Router-config
TFTP Server
Destination filename [startup-config]? Accessing tftp://192.168.0.100/Router-config... Loading Router-config from 192.168.0.100: ! [OK - 487 bytes] 487 bytes copied in 0.031 secs (15709 bytes/sec) YGN#
CCNA 640-802
Page 28 of 127
File
copy Filename
Backup Config File to FTP Server
YGN>en
Mode
YGN#conf t
Global Mode
YGN(config)#ip ftp name cisco
FTP
name create
YGN(config)#ip ftp cisco
FTP
create
YGN(config)#exit
Mode
YGN#copy startup-config ftp
Startup-Config file
Address or name of remote host []? 192.168.0.100
FTP Server Address
Destination filename [Router-confg]?Router-ftp
FTP Server
FTP Server
copy
N
Writing startup-config... [OK - 531 bytes] 531 bytes copied in 0.063 secs (8000 bytes/sec) YGN# Restore Config File from FTP Server YGN>en
Mode
YGN#conf t
Global Mode
YGN(config)#int f0/0
Interface f0/0
YGN(config-if)#ip add 192.168.0.1 255.255.255.0
IP
YGN(config-if)#no shut
Interface
YGN(config-if)#exit
Sub Interface
YGN(config)#exit
Global Mode
YGN#copy ftp startup-config
FTP Server
Address or name of remote host []? 192.168.0.100 Source filename []? Router-ftp
copy
FTP Server Address FTP Server
Destination filename [startup-config]? Accessing ftp://192.168.0.100/Router-ftp... [OK - 531 bytes] 531 bytes copied in 0.047 secs (11297 bytes/sec)
CCNA 640-802
file
Page 29 of 127
Filename
Dual IOS Boot Configuration
YGN#show flash
Flash directory
System flash directory: File Length Name/status 3 33591768 c1841-advipservicesk9-mz.124-15.T1.bin 2 28282
sigdef-category.xml
1 227537
sigdef-default.xml
[33847587 bytes used, 30168797 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write) YGN#copy tftp flash
TFTP
IOS
Flash
Address or name of remote host []? 192.168.0.100
TFTP Server IP
Source filename []? c1841-ipbase-mz.123-14.T7.bin
IOS Name
copy
Destination filename [c1841-ipbase-mz.123-14.T7.bin]? YGN#show flash
Flash directory
System flash directory: File Length
Name/status
3 33591768 c1841-advipservicesk9-mz.124-15.T1.bin 4 13832032 c1841-ipbase-mz.123-14.T7.bin 2 28282
sigdef-category.xml
1 227537
sigdef-default.xml
YGN#show version
Boot
version
System image file is "flash:c1841-advipservicesk9-mz.12415.T1.bin" YGN(config)#boot system flash c1841-advisk9-mz.124-15.T1.bin
First Boot Flash File for Boot Order
YGN(config)#boot system flash c1841-ipbase-mz.123-14.T7.bin
Second Boot Flash File
YGN(config)#boot system tftp c1841-ipbasek9-mz.124-12.bin
TFTP Server
Boot
192.168.0.100 YGN(config)#do write
Current Configuration
YGN(config)#do reload
Router
CCNA 640-802
Page 30 of 127
Restart
Restore From Console Cable software
( Hyper Terminal/Tera Term) Link
Step 1 –xmodem
IOS
restore
Remark – xmodem – console port zmodem – auxiliary port
Router#delete flash and then power off/on
IOS
rommon1#confreg 0x3922
Boot
rommon2#reset
(0x3922)
Router Boot Console speed Software
115200 speed
rommon1#xmodem –c filename.bin Do you wish to continue y/n? y
Hyper Terminal TransferSend File (or) Tera Term FileTransferxmodemsend and then browse File location
Router(config)#line con 0
Console
Router(config-line)#speed 9600
Speed
CCNA 640-802
Page 31 of 127
software
console
Dynamic Route Routing Protocol
P
P
RIP version 2 Advanced Routing Protocol
Large Network
Dynamic Routing Protocol update
cisco
EIGRP ( Enhanced IGRP) Protocol
Internetwork
Static Route
IS-IS (
IGRP( Interior
developed
BGP (Border Gateway Protocol) Portocol
Routing Information Change Static Route
Router
CCNA 640-802
OSPF (Open Shortest Path First)
Intermediate- System-to-Intermediate System Gateway Routing Protocol)
1982
Page 32 of 127
neighbors Router
Information
IGP protocol
RIP,IGRP,EIGRP,OSPF
Number
IS-IS Protocol
P
AS(Autonomous System)
BGP Protocol
AS Number
Distance Vector and Link State Distance Vector - Distance
hop count
Vector
Distance Vector protocol Information
Routing Information
Vector Protocol State Protocol
Neighbor Router Update
Complete View
CCNA 640-802
Update
Page 33 of 127
Distance Link-State – Link
Distance Vector Protocol
Routing Changes (eg. Router Neighbor
Routing
Information
hop count Network
( Periodic Update) N
direction
Distance Vector
Neighbor Periodic Update
Classful and Classless Routing Classful Routing Protocol
- RIP and IGRPClassless
Protocol
- RIPv2,EIGRP,OSPF
Convergence Convergence
Routing Information
Network
IGRP Protocol
EIGRP
RIP
OSPF Protocol
Metric Metric = Distance or hop count (eg. RIP Protocol
hop count
b
)RIP – Hop count for best path IGRP and EIGRP – Bandwidth , Delay , Reliability and Load IS-IS and OSPF – Cost (choose lowest cost) Load Balancing Load Balancing
RIP Protocol
Bandwidth
data
Bandwidth synchronize
data
istrative Distance Network
AD
Protocol AD
Router EIGRP Network
Routing Protocol Characteristics
Time to Convergence
Scalability
Classless
Resource Usage
CCNA 640-802
Page 34 of 127
AD
Implementation and Maintenance
Routing Protocol Learning Chart
Cold Start – Cold Start
Router
Connected Network
Learning
Periodic Update (RIP and IGRP) RIP
update
Router
30 seconds
Neighbor Router
IGRP
90 seconds
Routing Table
Routing Table
Failure of a link
Introduction of a new link
Failure of a router
Change of link parameters
RIP Timers
Invalid Timer – Router
Flush Timer – Router Route
30s
Update
60s (240s default)
invalid Update
Routing Table
Holddown Timer – Neighbor Router
Network down
show ip route (or) sh ip protocols command
CCNA 640-802
180s (default)
Page 35 of 127
Routing Loop
180s
update receive time
Bounded Update EIGRP Protocol EIGRP
Distance Vector Routing Protocol
Bounded Update
Partial Update
Periodic Update
Network
active
Network
neighbors
update
neighbor routers
update
EIGRP
Triggered Update Triggered Update update
N
Network
down
Neighbor Routers
update
L
Synchronized Update synchronized update update
Routers
Neighbor Routers
data
Routing Loop
R3 Router
N R2 Router
R3
down
Packet
R3
R2
Periodic update
R2
R1 Router
Network 10.4.0.0
Data R3
CCNA 640-802
R2
Routing Table Update
Interface s0/0/1 R3
Triggered update Routing Table Update
Network
R3 R3 Table
Neighbor Router R2
R2
Interface s0/0/1
L
Page 36 of 127
Data
Interface s0/0/1 Data data
Routing Loop
Count to Infinity
Holddown Timer
Split Horizontal Rule
Route Poisoning
Poison Reverse
Default TTL
RIPv1(Routing Information Protocol Version 1)
distance vector routing protocol
uses hop count for its path selection
hop counts greater than 15 are unavailable
messages are broadcast send every 30 seconds.
CCNA 640-802
Page 37 of 127
Exercise 1.
R1(config)#router rip
RIP Protocol
Network
Update
Interface
R1(config-router)#network 192.168.1.0 R1(config-router)#network 192.168.2.0 R1(config-router)#ive-interface f0/0 R2(config)#router rip R2(config-router)#network 192.168.2.0 R2(config-router)#network 192.168.3.0 R2(config-router)#network 192.168.4.0 R2(config-router)#ive-interface f0/0 R3(config)#router rip R3(config-router)#network 192.168.4.0 R3(config-router)#network 192.168.5.0 R3(config-router)#ive-interface f0/0 Related Commands R1#sh run | sec router router rip ive-interface FastEthernet0/0 network 192.168.1.0 network 192.168.2.0
CCNA 640-802
Page 38 of 127
R1#sh ip protocols Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 17 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: send version 1, receive any version Interface
Send Recv Triggered RIP Key-chain
Serial0/0
1
12
Automatic network summarization is in effect Maximum path: 4 Routing for Networks: 192.168.1.0 192.168.2.0 ive Interface(s): FastEthernet0/0 Routing Information Sources: Gateway
Distance
192.168.2.2
120
Last Update 00:00:07
Distance: (default is 120) R1#sh ip route rip R
192.168.4.0/24 [120/1] via 192.168.2.2, 00:00:01, Serial0/0
R
192.168.5.0/24 [120/2] via 192.168.2.2, 00:00:01, Serial0/0
R
192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:01, Serial0/0
R1#sh ip route 192.168.5.0 (Network Address) Routing entry for 192.168.5.0/24 Known via "rip", distance 120, metric 2 Redistributing via rip Last update from 192.168.2.2 on Serial0/0, 00:00:15 ago Routing Descriptor Blocks: * 192.168.2.2, from 192.168.2.2, 00:00:15 ago, via Serial0/0 Route metric is 2, traffic share count is 1 R1(config)#router rip R1(config-router)#distance 100( AD -
CCNA 640-802
change
)
b
)
Page 39 of 127
Exercise 2.
R1(config)#router rip R1(config-router)#network 172.30.0.0 R2(config)#router rip R2(config-router)#network 172.30.0.0 R2(config-router)#network 192.168.4.0 R3(config)#router rip R3(config-router)#network 192.168.4.0 R3(config-router)#network 192.168.1.0 PN Route
R3
ISP Router
R2
Distribute
CCNA 640-802
Page 40 of 127
RIP Network
Default
R3 R2
ISP
Router
172.30.0.0/22 Network
RIP Network Router R1
R3(config)#no router rip
R2
R3(config)#ip route 172.30.0.0 255.255.252.0 s0/0
172.30.0.0/22 Network
static route
R2(config)#router rip R2(config-router)#no network 192.168.4.0
ISP Default Route
R2(config-router)#ive-interface s0/1
RIP update
R2(config-router)#exit
Configuration
R2(config)#ip route 0.0.0.0 0.0.0.0 s0/1
ISP
ISP
R2(config)#router rip R2(config-router)#default-information originate
RIP
Default Route
RIP
Default Route
Border Router (Network
Router
RIP Network RIP
Router) Router
Router
default router
default router
RIP v2 ( Routing Information Protocol 2) RIPv1
subnet mask
address field
auto summary eg. 172.16.0.0/22
network
VLSM
classful
172.16.0.0/16
subnet mask
auto summary VLSM,CIDR
Discontinuous Network
Discontinuous Network – R2
CCNA 640-802
Network
summarized
Page 41 of 127
routing table size
-
RIPv2
subnet mask
Discontinuous Network Data
RIPv1
RIPv2
auto summary M
L
Exercise 3.
R1(config)#router rip R1(config-router)#network 172.30.0.0 R1(config-router)#network 209.165.200.0 R1(config-router)#version 2 R1(config-router)#no auto-summary R2(config)#router rip R2(config-router)#network 10.0.0.0 R2(config-router)#network 209.165.200.0 R2(config-router)#version 2 R2(config-router)#no auto-summary R3(config)#router rip R3(config-router)#network 172.30.0.0 R3(config-router)#network 209.165.200.0 R3(config-router)#version 2 R3(config-router)#no auto-summary
CCNA 640-802
VLSM,CIDR
Page 42 of 127
-
VLSM Network -
-
-
-
L
Internet
R2(config)#ip route 192.168.0.0 255.255.0.0 null 0
Network
R2(config)#router rip
RIP Network
R2(config-router)#redistribute static
(Remark: For Test)
Static
R3(config)#int lo 1
Loopback Interface
R3(config-if)#ip add 172.20.0.1 255.255.255.252
IP Address
R3(config-if)#exit R3(config)#ip route 0.0.0.0 0.0.0.0 lo 1 R3(config)#router rip
RIP Configuration
R3(config-router)#default-information originate
Default Route
CCNA 640-802
Page 43 of 127
RIP
create
#for test
EIGRP (Enhanced Interior Gateway Routing Protocol) -
Type of Distance Vector
-
Features of EIGRP -
Balance Hybird Protocol / Advanced Distance Protocol
Reliable Transport Protocol (RTP) -
Bounded Updates
-
Diffudate Algorithm ( DUAL)
-
Establishing Adjacencies
-
Neighbor and Topology Tables
CCNA 640-802
Page 44 of 127
EIGRP Message Format include -
Hello
- Hello packets
multicast
Bandwidth (1.544 Mbps)
-
Update - Update packets
CCNA 640-802
60s
neighbors T1
Hello packets b
N
Page 45 of 127
5s
T1
-
Query & Reply –Query
Network
down
N
b
Query
b
EIGRP Protocol
protocol
EIGRP
T/IP Table
Neighbors Table N
b
CCNA 640-802
down
b
Path Topology Table
Routing Table Routing path
Neighbors Table,Topology Tables N
b
T/IP,IPX
best path
Topology Table
Page 46 of 127
Backup path
Apple Talk Routing Table b
backup path
EIGRP Protocol
Transport Layer Modules
T/IP,IPX
AppleTalk
Module
Layer
PDM ( Protocol Dependent Modules)
PDM Modules
DUAL Algorithm Router
Network Neighbor Routers Acknowledge
Down
Neighbors Router Update Packets
Router
Neighbors
Neighbor Router Reply Network
N
b (Convergence State)
istrative Distance
Internal EIGRP – 90
External EIGRP – 170
Summary EIGRP Route – 5
CCNA 640-802
Update Packets
Page 47 of 127
Query Packets
Authentication Authentication
authenticate
Router Router
Authenticate(same
EIGRP
Max Hop
255
Router
R1(config)#router eigrp AS-Number R1(config-router)#network w.x.y.z subnet-mask R1(config-router)#network w.x.y.z wildcast-mask R1(config-router)#no auto-summary
CCNA 640-802
Page 48 of 127
Max Path
6
Exercise 1.
R1(config)#router eigrp 10 R1(config-router)#network 172.16.0.0 R1(config-router)#network 192.168.10.0
Classful
R1(config-router)#no auto-summary
#absent null 0 route path
R1(config)#int s0/0 R1(config-if)#bandwidth 64 R1(config-if)#int s0/1 R1(config-if)#bandwidth 1544 R2(config)#router eigrp 10 R2(config-router)#network 172.16.3.0 255.255.255.252 R2(config-router)#network 172.16.2.0 255.255.255.0 R2(config-router)#network 192.168.10.8 255.255.255.252 R2(config-router)#no auto-summary R2(config)#int s0/0
Interface serial 0/0
R2(config-if)#bandwidth 64
Bandwidth
R2(config-if)#int s0/1 R2(config-if)#bandwidth 1024 R3(config)#router eigrp 10 R3(config-router)#network 192.168.10.8 0.0.0.3 R3(config-router)#network 192.168.1.0 0.0.0.255 R3(config-router)#network 192.168.10.4 0.0.0.3 R3(config-router)#no auto-summary R3(config)#int s0/0 R3(config-if)#bandwidth 1024 R3(config-if)#int s0/1 R3(config-if)#bandwidth 1544
CCNA 640-802
auto summarized
Page 49 of 127
EIGRP Composite Metric and K values
Bandwidth=107/mini BW(K) * 256 Delay= Total Delay/10 * 256 Delay Values in Microseconds
Router#sh ip eigrp topology w.x.y.z cost Router(config)#router eigrp 10 Router(config-router)#metric weights 0 1 0 0 0 0 0
Delay
tos(default 0)
CCNA 640-802
Page 50 of 127
Bandwidth
DUAL Concepts
Successor ( Main Path)
Feasible Successor ( backup path)
Feasible Distance
Feasible Condition
Reported Distance ( Router
Network
) Fesible Distance (Metric) and Successor (Gateway)
CCNA 640-802
Page 51 of 127
Neighbors Router
’
Fesible Distance
Next Hop Address for Successor
Reported Distance
Next Hop Address for Fesible Successor
Router#debug eigrp fsm
Dual update
Router#sh ip eigrp topology
Topology Table
Router#sh ip eigrp neighbors
Neighbors Table
Router#sh ip eigrp topology all-links
Topology Table
Default Route
Routing Path
EIGRP
R2(config)#ip route 0.0.0.0 0.0.0.0 lo 0 R2(config)#router eigrp 10
Router
Route
R2(config-router)#redistribute static
R2(config)#ip default-network 10.0.0.0
Network
R2(config)#router eigrp 10 R2(config-router)#network 10.0.0.0 R2(config-router)#auto-summary
CCNA 640-802
Auto summary
Page 52 of 127
Classful
Manual Summarization
R1(config)#router eigrp 10 R1(config-router)#network 172.16.0.0 R1(config-router)#network 192.168.10.0 R1(config-router)#no auto-summary R2(config)#router eigrp 10 R2(config-router)#network 172.16.0.0 R2(config-router)#network 192.168.10.0 R2(config-router)#no auto-summary R3(config)#router eigrp 10 R3(config-router)#network 192.168.10.0 R3(config-router)#network 192.168.1.0 R3(config-router)#no auto-summary R3(config-route)#exit R3(config)#int lo 0 R3(config-if)#ip add 192.168.0.1 255.255.255.0 R3(config)#int lo 2 R3(config-if)#ip add 192.168.2.1 255.255.255.0 R3(config)#int lo 3 R3(config-if)#ip add 192.168.3.1 255.255.255.0 R3(config)#router eigrp 10 R3(config-router)#network 192.168.0.0 R3(config-router)#network 192.168.2.0 R3(config-router)#network 192.168.3.0 R3(config)#int s0/0
Interface
R3(config-if)#ip summary-address eigrp 10 192.168.0.0 255.255.252.0
Manual Summarization
R3(config)#int s0/0 R3(config-if)#ip summary-address eigrp 10 192.168.0.0 255.255.252.0
CCNA 640-802
Page 53 of 127
R1#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per- static route o - ODR, P - periodic ed static route Gateway of last resort is not set 192.168.10.0/30 is subnetted, 2 subnets C
192.168.10.4 is directly connected, Serial0/1
D
192.168.10.8 [90/2681856] via 192.168.10.6, 01:00:20, Serial0/1 [90/2681856] via 172.16.3.2, 01:00:20, Serial0/0 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C
172.16.1.0/24 is directly connected, FastEthernet0/0
D
172.16.2.0/24 [90/2172416] via 172.16.3.2, 01:00:20, Serial0/0
C D
172.16.3.0/30 is directly connected, Serial0/0 192.168.0.0/22 [90/2172416] via 192.168.10.6, 00:00:12, Serial0/1
R1#
CCNA 640-802
Page 54 of 127
Link State Routing Protocol
Link-State Routing Process 1.
Link-State Routing Protocol
2. 3.
Connected Network
Hello packets
Neighbors
Link-State Router
learns
Connected Networks
Connected Networks
4.
LSP (Link State Packet)
Neighbor Routers
5.
Routers
LSP
Network
Routers
Network
Topology map Advantages Of Link-State Routing Protocol 1.
Routers
2.
Network
Topology Map Routers
Flood
Network Convergence( Network
) 3.
Distance Vector Protocols
Periodic Update
LSP
Routers 4.
Mutiple Areas
Network
Requirement s Of a Link-State Routing Protocol Link-State Routing Protocols
Network
U,Memory Multiple Areas
Areas
Routing
Bandwidth Routers
LSP Flooding
Resources
CCNA 640-802
Page 55 of 127
OSPF (AD – 110)
j
’
P
OSPF Link-State Update – Link-state Update Packets Link-state Update Packets
CCNA 640-802
O P
Link-State ments ( LSAs)
Page 56 of 127
OSPF Algorithm - OSPF Router
Routers
Link-State Database (SPF)
SPF Tree
LSAs ( Link State ment) OSPF
SPF Tree
IP Routing Table
OSPF Packet Type
Router(config)#router ospf process-id Router(config-router)#network w.x.y.z wildcast-mask area 0
CCNA 640-802
j
Page 57 of 127
’
P
Exercise
R1(config)#no logging console
Command
interrupt
R1(config)#router ospf 1 R1(config-router)#network 172.16.1.16 0.0.0.15 area 0 R1(config-router)#network 192.168.10.0 0.0.0.7 area 0 R2(config)#no logging console R2(config)#router ospf 2 R2(config-router)#network 192.168.10.0 0.0.0.3 area 0 R2(config-router)#network 192.168.10.8 0.0.0.3 area 0 R2(config-router)#network 10.10.10.0 0.0.0.255 area 0 R3(config)#no logging console R3(config)#router ospf 3 R3(config-router)#network 192.168.10.0 0.0.0.255 area 0
O
R3(config-router)#network 172.16.1.32 0.0.0.7 area 0
CCNA 640-802
Page 58 of 127
Network
Bandwidth Before define bandwidth R1-R2(10.10.10.0)
R1(config)#int s0/0 R1(config-if)#bandwidth 64 R1(config-if)#int s0/1 R1(config-if)#bandwidth 1544 R2(config)#int s0/0 R2(config-if)#bandwidth 64 R2(config-if)#int s0/1 R2(config-if)#bandwidth 1024 R3(config)#int s0/0 R3(config-if)#bandwidth 1544 R3(config-if)#int s0/1 R3(config-if)#bandwidth 1024
After Define Bandwidth R1-R3-R2(10.10.10.0)
AD
Cost
CCNA 640-802
AD
Cost
Page 59 of 127
Cost R1-R3-R2(10.10.10.0) Cost= 108/BW(bps)+108/BW(bps) Cost=108/1544*103+ 108/1024*103 + 108/100*106 =162 OSPF Cost Metric
Bandwidth 100MB
R1(config)#router ospf 1 R1(config-router)#auto-cost reference-bandwidth ? <1-4294967> The reference bandwidth in of Mbits per second R1(config-router)#auto-cost reference-bandwidth 10000
cost
R1-R3-R2(10.10.10.0)
CCNA 640-802
Page 60 of 127
108
1010
R1(config)#int s0/0 R1(config-if)#ip ospf cost 16200 R2(config)#int s0/0 R2(config-if)#ip ospf cost 16200 R1-R2(10.10.10.0)
R1#sh ip ospf neighbor
Router ID 1.
-
2.
Loopback Interface
3.
Physical IP
Router-ID
L
b
R1(config)#int lo 0 R1(config-if)#ip add 192.168.11.11 255.255.255.255 R2(config)#int lo 0 R2(config-if)#ip add 192.168.11.22 255.255.255.255 R3(config)#int lo 0 R3(config-if)#ip add 192.168.11.33 255.255.255.255
Router-ID
CCNA 640-802
Point to Point
P
‘ ’
-Time(Default 40s)
Page 61 of 127
Router-ID Command R1(config)#router ospf 1 R1(config-router)#router-id 1.1.1.1 Reload or use "clear ip ospf process" command, for this to take effect R1(config-router)#end R1#clear ip ospf process Reset ALL OSPF processes? [no]: y R1# R2(config)#router ospf 2 R2(config-router)#router-id 2.2.2.2 Reload or use "clear ip ospf process" command, for this to take effect R2(config-router)#end R2#clear ip ospf process Reset ALL OSPF processes? [no]: y R2# R3(config)#router ospf 3 R3(config-router)#router-id 3.3.3.3 Reload or use "clear ip ospf process" command, for this to take effect R3(config-router)#end R3#clear ip ospf process Reset ALL OSPF processes? [no]: y R3#
CCNA 640-802
Page 62 of 127
R1
Default Route
R1(config)#int lo 1 R1(config-if)#ip address 172.20.0.1255.255.255.252 R1(config-if)#exit R1(config)#ip route 0.0.0.0 0.0.0.0 lo 1 R1(config)#router ospf 1 R1(config-router)#default-information originate
CCNA 640-802
Page 63 of 127
Default Type E2
metric
1
Type E1 R1(config)#router ospf 1 R1(config-router)#default-information originate metric-type 1 R1(config-router)#
Virtual Link Exercise
CCNA 640-802
Page 64 of 127
E1
R1(config)#router ospf 1
O P
R1(config-router)#network 10.1.1.0 0.0.0.255 area 0 R1(config-router)#network 10.1.12.0 0.0.0.255 area 0 R2(config)#router ospf 1 R2(config-router)#network 10.1.2.0 0.0.0.255 area 0 R2(config-router)#network 10.1.12.0 0.0.0.255 area 0 R2(config-router)#network 10.1.23.0 0.0.0.255 area 23 R3(config)#router ospf 1 R3(config-router)#network 10.1.23.0 0.0.0.255 area 23 R3(config-router)#network 10.1.3.0 0.0.0.255 area 23 R3(config-router)#network 192.168.0.0 0.0.255.255 area 100
IA(International Area) Loopback Interface
Area
Network
Classful
R1(config)#int lo 1 R1(config-if)#ip ospf network point-to-point R2(config)#int lo 2 R2(config-if)#ip ospf network point-to-point R3(config)#int lo 3 R3(config-if)#ip ospf network point-to-point R3(config)#int lo 100 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 101 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 102 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 103 R3(config-if)#ip ospf network point-to-point
CCNA 640-802
Page 65 of 127
Virtual Link – Area
Network
Route
Main Area (area 0)
Main Area Route
Router
Virtual Link
Router-Id
R1(config)#router ospf 1 R1(config-router)#router-id 1.1.1.1 Reload or use "clear ip ospf process" command, for this to take effect R1(config-router)#end R1#clear ip ospf process Reset ALL OSPF processes? [no]: y R1# R2(config)#router ospf 1 R2(config-router)#router-id 2.2.2.2 Reload or use "clear ip ospf process" command, for this to take effect R2(config-router)#end R2#clear ip ospf process Reset ALL OSPF processes? [no]: y R2#conf t R2(config)#router ospf 1 R2(config-router)#area 23 virtual-link 3.3.3.3 R3(config)#router ospf 1 R3(config-router)#router-id 3.3.3.3 Reload or use "clear ip ospf process" command, for this to take effect R3(config-router)#exit R3(config)#end R3#clear ip ospf process Reset ALL OSPF processes? [no]: y R3# R3(config)#router ospf 1 R3(config-router)#area 23 virtual-link 2.2.2.2
Virtual Link
CCNA 640-802
R3
Network
R1
Page 66 of 127
Network Area
Virtual Link
R3
Loopback Interface
Route Summarize
R3(config)#router ospf 1 R3(config-router)#area 100 range 192.168.100.0 255.255.252.0
Multiaccess Network
Multiaccess Network
Shared Media
Devices
OSPF defines five network types
Point-to-Point
Boradcast Multiaccess
Nonbroadcast Multiaccess (NBMA)
Point-to-multipoint
Virtual links
CCNA 640-802
Page 67 of 127
Designated Router( DR ) OSPF Multiple access networks
Router
DR
Router BDR
Router BDR
DR
Network
LSA
DR Router
DR
Routers Priority
( Multiaccess Network Point-to-Point Network
Router
Routers
Router_ID
Exercise
R1(config)#int f0/0 R1(config-if)#ip add 192.168.1.1 255.255.255.0 R1(config-if)#no shut R1(config-if)#exit R1(config)#router ospf 1 R1(config-router)#network 192.168.1.0 0.0.0.255 area 0 R1(config-router)#exit
CCNA 640-802
Page 68 of 127
)
Router Priority
LSA
R2(config)#int f0/0 R2(config-if)#ip add 192.168.1.2 255.255.255.0 R2(config-if)#no shut R2(config-if)#exit R2(config)#router ospf 1 R2(config-router)#network 192.168.1.0 0.0.0.255 area 0 R2(config-router)#exit R3(config)#int f0/0 R3(config-if)#ip add 192.168.1.3 255.255.255.0 R3(config-if)#no shut R3(config-if)#int f0/1 R3(config-if)#ip add 192.168.2.3 255.255.255.0 R3(config-if)#no shut R3(config-if)#exit R3(config)#router ospf 1 R3(config-router)#network 192.168.1.0 0.0.0.255 area 0 R3(config-router)#network 192.168.2.0 0.0.0.255 area 0 R3(config-router)#exit R4(config)#int f0/0 R4(config-if)#ip add 192.168.1.4 255.255.255.0 R4(config-if)#no shut R4(config-if)#exit R4(config)#router ospf 1 R4(config-router)#network 192.168.1.0 0.0.0.255 area 0 R4(config-router)#exit R5(config)#int f0/0 R5(config-if)#ip add 192.168.2.5 255.255.255.0 R5(config-if)#no shut R5(config-if)#exit R5(config)#router ospf 1 R5(config-router)#network 192.168.2.0 0.0.0.255 area 0 R5(config-router)#exit
R3
CCNA 640-802
192.168.1.3
192.168.2.3
Page 69 of 127
IP
192.168.2.3
ID
R1#sh ip ospf interface brief
R1#sh ip ospf int f0/0
Router ID
CCNA 640-802
Loopback Address
DR, BDR
Page 70 of 127
Router
Network
Router
DR
Router down –
DROTHER
Routers DR, BDR
P
Router
Priority
‘ ’
R1(config)#int lo 0 R1(config-if)#ip add 111.111.111.1 255.255.255.255 R1(config-if)# R2(config)#int lo 0 R2(config-if)#ip add 111.111.111.2 255.255.255.255 R2(config-if)# R3(config)#int lo 0 R3(config-if)#ip add 111.111.111.3 255.255.255.255 R3(config-if)# R4(config)#int lo 0 R4(config-if)#ip add 111.111.111.4 255.255.255.255 R4(config-if)# R5(config)#int lo 0 R5(config-if)#ip add 111.111.111.5 255.255.255.255 R5(config-if)# R6(config)#int f0/0 R6(config-if)#ip add 192.168.1.6 255.255.255.0 R6(config-if)#no shut R6(config-if)#int lo 0 R6(config-if)#ip add 111.111.111.6 255.255.255.255 R6(config-if)#exit R6(config)#router ospf 1 R6(config-router)#network 192.168.1.0 0.0.0.255 area 0 R6(config-router)#exit R6
L
Project
b
CCNA 640-802
Router ID
Page 71 of 127
BDR
Priority
( 0-255)
R3(config)#int f0/0
R3
Network
DR
Priority
R3(config-if)#ip ospf priority 200 R2(config)#int f0/0
Router
R2(config-if)#ip ospf priority 150
Priority
BDR
DR
R1(config)#int f0/0 R1(config-if)#ip ospf priority 100 R6(config)#int f0/0
Performance
R6(config-if)#ip ospf priority 0
Priority
RIP
Router
O P
CCNA 640-802
Page 72 of 127
DR, BDR
R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 172.16.0.0 R1(config-router)#network 192.168.48.0 R1(config-router)#network 192.168.49.0 R1(config-router)#network 192.168.50.0 R1(config-router)#network 192.168.51.0 R1(config-router)#network 192.168.70.0 R1(config-router)#no auto-summary R1(config-router)#exit R1(config)#int lo 0 R1(config-if)#ip ospf network point-to-point
Lookback address
R1(config-if)#int lo 48 R1(config-if)#ip ospf network point-to-point R1(config-if)#int lo 49 R1(config-if)#ip ospf network point-to-point R1(config-if)#int lo 50 R1(config-if)#ip ospf network point-to-point R1(config-if)#int lo 51 R1(config-if)#ip ospf network point-to-point R1(config-if)#int lo 70 R1(config-if)#ip ospf network point-to-point R1(config-if)# R2(config)#router rip R2(config-router)#version 2 R2(config-router)#network 172.16.0.0 R2(config-router)#no auto-summary R2(config-router)#ive-interface s0/1 R2(config-router)#exit R2(config)#router ospf 1 R2(config-router)#network 172.16.23.0 0.0.0.255 area 0 R2(config-router)#ive-interface s0/0 R2(config-router)#exit R2(config)#int lo 0 R2(config-if)#ip ospf network point-to-point R2(config-if)#exit R2(config)#router rip
RIP Protocol
R2(config-router)#redistribute ospf 1 metric ? <0-16>
Default metric
transparent Transparently redistribute metric R2(config-router)#redistribute ospf 1 metric 3
CCNA 640-802
metric OSPF
Redistribute count hop count
Page 73 of 127
hop
R2(config-router)#exit R2(config)#router ospf 1
OSPF Protocol
R2(config-router)#redistribute rip subnets
cost rip
R2(config-router)#redistribute rip subnets metric-type 1
subnets
R2(config-router)#
default E1
R3(config)#router ospf 1 R3(config-router)#network 172.16.23.0 0.0.0.255 area 0 R3(config-router)#network 172.16.3.0 0.0.0.255 area 0 R3(config-router)#network 192.168.0.0 0.0.255.255 area 0 R3(config-router)#exit R3(config)#int lo 0 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 20 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 25 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 30 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 35 R3(config-if)#ip ospf network point-to-point R3(config-if)#int lo 40 R3(config-if)#ip ospf network point-to-point
CCNA 640-802
metric
Page 74 of 127
EIGRP
O P R2(config)#router eigrp 10
Reliability
R2(config-router)#redistribute ospf 1 metric 1544 20000 255 1 1500MTU BW Delay
Load
R2(config-router)#exit R2(config)#router ospf 1 R2(config-router)#redistribute eigrp 10 subnets R2(config-router)#exit
Switching Commands
CCNA 640-802
Page 75 of 127
? command (help) Switch>?
mode
command
Command Modes Switch>
Mode
Switch>enable
Privilege Mode (or) Mode
Switch#exit
Mode
Switch#disable Switch#configure terminal
Global Configuration Mode
show Commands Switch#sh mac address-table
Mac Address Table
Switch#clear mac address-table
Mac Address Table
Switch#show running-config
Current Configuration
Switch#show startup-config
N
M
clear
save
Configuration
Setting host name Command Switch#configure terminal
Global Mode
Switch(config)#hostname S1
N
Switch(config)#enable cisco
Mode
Switch(config)#enable secret cisco
Mode
Switch(config)#line console 0
Console port
Switch(config-line)# local
database
Switch(config-line)#exit
Sub Interface
Switch(config)#line vty 0 4
Telnet
Switch(config-line)# local
database
Switch(config-line)#exit
Sub Interface
VLAN Command Switch(config)#vlan 10
VLAN database
Switch(config-vlan)#name
VLAN
Switch(config-vlan)#exit
VLAN database
Switch(config)#interface f0/1
(or)
Interface f0/1
VLAN
Switch(config)#interface range f0/1 – 3
Interface f0/1
f0/3
Switch(config)#switchport mode access
Dynamic Type to Static
Switch(config)#switchport access vlan 10
Switchport
VLAN 10
Exercise
CCNA 640-802
Page 76 of 127
VLAN
Port Security
PC1
PC4
F
P
Switch>en
Mode
Switch#sh mac address-table
Mac Address Table
Mac Address Table ------------------------------------------Vlan ----
Mac Address -----------
Type --------
Ports -----
1
0002.4a52.27bd
DYNAMIC
Fa0/2
1
000b.beac.acd4
DYNAMIC
Fa0/3
1
00d0.5849.4426
DYNAMIC
Fa0/1
Switch#conf t
Global Configuration Mode
Switch(config)#hostname S1
Switch
S1(config)#enable secret cisco
Global Mode
S1(config)#int range f0/1 - 3
Port range
S1(config-if-range)#switchport mode access
Dynamic Type to Static
S1(config-if-range)#switchport port-security
Port-Security
S1(config-if-range)#switchport port-security ?
Port-Security
host
Command
mac-address Secure mac address maximum violation
Max secure addresses Security violation mode
S1(config-if-range)#switchport port-security maximum ? <1-132> Maximum addresses S1(config-if-range)#switchport port-security maximum 1
Port
Mac Address 1
S1(config-if-range)#switchport port-security mac-address ? H.H.H 48 bit mac address sticky Configure dynamic secure addresses as sticky S1(config-if-range)#switchport port-security mac-address sticky S1(config-if-range)#switchport port-security violation ?
CCNA 640-802
Page 77 of 127
Mac Security Mode
protect Security violation protect mode restrict Security violation restrict mode shutdown Security violation shutdown mode S1(config-if-range)#switchport port-security violation shutdown
Mac Table
Address
S1(config-if-range)#end S1#sh port-security address
Sticky Mac Address
Secure Mac Address Table ------------------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age
---
-----------
----
1
00D0.5849.4426
SecureSticky
FastEthernet0/1
-
1
0002.4A52.27BD SecureSticky
FastEthernet0/2
-
1
000B.BEAC.ACD4 SecureSticky
FastEthernet0/3
-
(mins) -----
-------------
-----------------------------------------------------------------------------Total Addresses in System (excluding one mac per port)
:0
Max Addresses limit in System (excluding one mac per port) : 1024
S1#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count)
(Count)
(Count)
-------------------------------------------------------------------Fa0/1
1
1
0
Shutdown
Fa0/2
1
1
0
Shutdown
Fa0/3
1
1
0
Shutdown
----------------------------------------------------------------------
CCNA 640-802
Page 78 of 127
Port Security
Violation Count
port shutdown
S1#sh port-security
PC1
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Violation Count 1
Action (Count)
(Count)
(Count)
-------------------------------------------------------------------Fa0/1
1
1
1
Shutdown
Fa0/2
1
1
0
Shutdown
Fa0/3
1
1
0
Shutdown
Port
S1#sh port-security interface f0/1 Port Security
: Enabled
Port Status
: Secure-shutdown
Violation Mode
: Shutdown
Aging Time
: 0 mins
Aging Type
: Absolute
SecureStatic Address Aging : Disabled Maximum MAC Addresses
:1
Total MAC Addresses
:1
Configured MAC Addresses
:0
Sticky MAC Addresses
:1
Last Source Address:Vlan
: 00E0.A377.D11D:1
Security Violation Count
:1
S1#conf t
P
S1(config)#int f0/1 S1(config-if)#shutdown S1(config-if)#no shut Switch
CCNA 640-802
Page 79 of 127
PC4 port shutdown
Router Router>en
Mode
Router#conf t
G b
M
Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int f0/0
Interface f0/0
Router(config-if)#ip add 192.168.1.1 255.255.255.0
P
Router(config-if)#no shut
Interface
Router(config-if)#exit
Sub Interface
Router(config)#int f0/1
Interface f0/1
Router(config-if)#ip add 192.168.2.1 255.255.255.0
P
Router(config-if)#no shut
Interface
Router(config-if)#exit
Sub Interface
Router(config)#exit
Global Mode
Router#write
Current Configuration
Switch Switch>en
Mode
Switch#conf t
Global Configuration Mode
Switch(config)#enable secret cisco
Mode
Switch(config)#line con 0
Console
pas P
Switch(config-line)# local Switch(config-line)#exit
Sub Interface
Switch(config)#name console secret console
cretate
Switch(config)#name telnet secret telnet Switch(config)#interface vlan 1 Switch(config-if)#ip add 192.168.1.5 255.255.255.0
Switch
IP
Switch(config-if)#no shut Switch(config-if)#exit
Sub Interface
Switch(config)#line vty 0 4
Telnet
Switch(config-line)# local Switch(config-line)#exit Switch(config)#ip default-gateway 192.168.1.1 Switch(config)#do write
Sub Interface Netwrok Current Configuration
Building configuration... [OK] Switch 1 PC>telnet 192.168.2.5 Trying 192.168.2.5 ...Open Access Verification name:
CCNA 640-802
Page 80 of 127
Switch Cracking
1.Power Off
Putty
setting
2.Power On,press Mode button while boot and them
Mode button
prompt switch:
switch:
3.Enter swtich:flash_init
flash_init Command
Switch
Power
Power
4.Enter switch:dir flash: 5.Enter switch:rename flash:config.text flash:config.old
config.text file
Enter switch:dir flash: 6.Enter switch:boot
Switch
Restart
7. Switch>en Switch#copy flash:config.old running-config
Config file
And then reset for your switch
Setting
copy
VLAN Trunking 1.
ISL (InterSwitch Link)
2.
IEEE 802.1q
(not today used)
Switch(config)#vlan 99
Native Vlan
Vlan Database Create
Switch(config-vlan)#name native Switch(config-vlan)#exit Switch(config)#interface fastethernet0/1
Interface f0/1
Switch(config-if)#switchport mode trunk
Trunk Port
Switch(config-if)#switchport trunk native vlan 99
Trunk Link
Switch(config-if)#switchport trunk allowed vlan vlanname
CCNA 640-802
Page 81 of 127
N vlan
VLAN Hopping VLAN hopping is a computer security exploit, a method of attacking networked resources on a Virtual LAN(VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible. There are two primary methods of VLAN hopping: switch spoofing and double tagging. Both attack vectors can be easily mitigated with proper switchport configuration. Switch spoofing In a switch spoofing attack, an attacking host imitates a trunking switch by speaking the tagging and trunking protocols (e.g. Multiple VLAN Registration Protocol, IEEE 802.1Q, VLAN Trunking Protocol) used in maintaining a VLAN. Traffic for multiple VLANs is then accessible to the attacking host. Mitigation Switch spoofing can only be exploited when interfaces are set to negotiate a trunk. To prevent this attack on Cisco IOS, use one of the following methods[1]: 1. Ensure that ports are not set to negotiate trunks automatically. Switch(config-if)# switch trunk nonegotiate 2. Ensure that ports that are not meant to be trunks are explicitly configured as access ports Switch(config-if)# switch mode access Double tagging In a double tagging attack, an attacking host connected on a dot1q interface prepends two VLAN tags to packets that it transmits. The packet (which corresponds to the VLAN that the attacker is really a member of) is forwarded without the first tag, because it is the native VLAN. The second (false) tag is then visible to the second switch that the packet encounters. This false VLAN tag indicates that the packet is destined for a target host on a second switch. The packet is then sent to the target host as though it originated on the target VLAN bying the network mechanisms that logically isolate VLANs from one another. However, this attack allows to send packets toward the second switch, but possible answers are not forwarded to the attacking host. Mitigation Double Tagging can only be exploited when switches use "Native VLANs" [2]. Ports with a specific access VLAN (the native VLAN) don't apply a VLAN tag when sending frames, allowing the attacker's fake VLAN tag to be
CCNA 640-802
Page 82 of 127
read by the next switch. It is always good practice to do one of the following (With sample IOS interface configuration): 1. Simply do not put any hosts on VLAN 1 (The default VLAN). i.e., assign an access VLAN other than VLAN 1 to every access port Switch(config-if)# switch access vlan 2 2. Change the native VLAN on all trunk ports to an unused VLAN ID. Switch(config-if)# switchport trunk native vlan 999 3. Explicit tagging of the native VLAN on all trunk ports. Switch(config-if)# switchport trunk native vlan tag Example As an example of a double tagging attack, consider a secure web server on a VLAN called VLAN1. Hosts on VLAN1 are allowed access to the web server; hosts from outside the VLAN are blocked by layer 3 filters. An attacking host on a separate VLAN, called VLAN2, creates a specially formed packet to attack the web server. It places a header tagging the packet as belonging to VLAN2 on top of another header tagging the packet as belonging to VLAN1. When the packet is sent, the switch on VLAN2 sees the VLAN2 header and removes it, and forwards the packet. The VLAN2 switch expects that the packet will be treated as a standard T packet by the switch on VLAN1. However, when the packet reaches VLAN1, the switch sees a tag indicating that the packet is part of VLAN1, and so byes the layer 3 handling, treating it as a layer 2 packet on the same logical VLAN. The packet thus arrives at the target server as though it was sent from another host on VLAN1, ignoring any layer 3 filtering that might be in place.
CCNA 640-802
Page 83 of 127
VLAN - 802.1Q ( Inter vlan routing with Router) Exercise 1
Switch 1 to 5 Switch>en
Mode
Switch#conf t
Global Mode
Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#vlan 10
VLAN Database 10
Switch(config-vlan)#name HR
VLAN Database
Switch(config-vlan)#vlan 20
VLAN Database 20
Switch(config-vlan)#name Sale
VLAN Database
Switch(config-vlan)#vlan 30
VLAN Database 30
Switch(config-vlan)#name Manager
VLAN Database
Switch(config-vlan)#vlan 40
VLAN Database 40
Switch(config-vlan)#name
VLAN Database
Switch(config-vlan)#vlan 50
VLAN Database 50
Switch(config-vlan)#name Operation
VLAN Database
Switch(config-vlan)#vlan 60
VLAN Database 60
Switch(config-vlan)#name Security
VLAN Database
Name Name Name Name Name Name
Switch(config-vlan)#exit Switch(config)# Switch(config)#int f0/2
Interface f0/2
Switch(config-if)#switchport mode access
Dynamic Type to Static
Switch(config-if)#switchport port-security
Port Security
Switch(config-if)#switchport port-security violation protect
CCNA 640-802
Page 84 of 127
‘P
vlan
M
’
Switch(config-if)#switchport access vlan 10
VLAN 10
Switch(config-if)#int f0/3 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security violation protect Switch(config-if)#switchport access vlan 20 Switch(config-if)#int f0/4 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security violation protect Switch(config-if)#switchport access vlan 30 Switch(config-if)#int f0/5 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security violation protect Switch(config-if)#switchport access vlan 40 Switch(config-if)#int f0/6 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security violation protect Switch(config-if)#switchport access vlan 50 Switch(config-if)#int f0/7 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security violation protect Switch(config-if)#switchport access vlan 60 Switch(config-if)#int f0/1
Interface f0/1
Switch(config-if)#switchport mode trunk
Trunk L
Switch(config-if)#int range f0/8 - 24
Interface Range f0/8
f0/24
Switch(config-if-range)#shutdown Port
Shutdown
Router Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int f0/0
Interface f0/0
Router(config-if)#no shutdown
Interface
Router(config-if)#int f0/0.10
F0/0
Router(config-subif)#encapsulation dot1Q 10 (vlan name)
VLAN
Router(config-subif)#ip add 192.168.10.1 255.255.255.0 Router(config-subif)#int f0/0.20
CCNA 640-802
Page 85 of 127
subinterface create dot1Q
Route
Router(config-subif)#encapsulation dot1Q 20 Router(config-subif)#ip add 192.168.20.1 255.255.255.0 Router(config-subif)#int f0/0.30 Router(config-subif)#encapsulation dot1Q 30 Router(config-subif)#ip add 192.168.30.1 255.255.255.0 Router(config-subif)#int f0/0.40 Router(config-subif)#encapsulation dot1Q 40 Router(config-subif)#ip add 192.168.40.1 255.255.255.0 Router(config-subif)#int f0/0.50 Router(config-subif)#encapsulation dot1Q 50 Router(config-subif)#ip add 192.168.50.1 255.255.255.0 Router(config-subif)#int f0/0.60 Router(config-subif)#encapsulation dot1Q 60 Router(config-subif)#ip add 192.168.60.1 255.255.255.0 Router(config-subif)#exit Router(config)#ip dh excluded-address 192.168.10.1
Excluded Address
192.168.10.10 Router(config)#ip dh excluded-address 192.168.20.1 192.168.20.10 Router(config)#ip dh excluded-address 192.168.30.1 192.168.30.10 Router(config)#ip dh excluded-address 192.168.40.1 192.168.40.10 Router(config)#ip dh excluded-address 192.168.50.1 192.168.50.10 Router(config)#ip dh excluded-address 192.168.60.1 192.168.60.10 Router(config)#ip dh pool vlan10 Router(dh-config)#network 192.168.10.0 255.255.255.0 Router(dh-config)#default-router 192.168.10.1 Router(dh-config)#ip dh pool vlan20
VLAN
Router(dh-config)#network 192.168.20.0 255.255.255.0 Router(dh-config)#default-router 192.168.20.1 Router(dh-config)#ip dh pool vlan30 Router(dh-config)#network 192.168.30.0 255.255.255.0 Router(dh-config)#default-router 192.168.30.1 Router(dh-config)#ip dh pool vlan40 Router(dh-config)#network 192.168.40.0 255.255.255.0 Router(dh-config)#default-router 192.168.40.1 Router(dh-config)#ip dh pool vlan50 Router(dh-config)#network 192.168.50.0 255.255.255.0 Router(dh-config)#default-router 192.168.50.1
CCNA 640-802
Page 86 of 127
PP
Router(dh-config)#ip dh pool vlan60 Router(dh-config)#network 192.168.60.0 255.255.255.0 Router(dh-config)#default-router 192.168.60.1
Intervlan Routing with Layer3 Switch (Routing with virtual interface lan)
L3(config)#vlan 10
Vlan
L3(config-vlan)#name L3(config-vlan)#vlan 20 L3(config-vlan)#name HR L3(config-vlan)#vlan 99 L3(config-vlan)#name Native_Trunk L3(config-vlan)#exit L3(config)#int range f0/1-2
Interface f0/1&f0/2
L3(config-if-range)#switchport trunk encapsulation dot1q
dot1q trunk
L3(config-if-range)#switchport mode trunk
Trunk mode
L3(config-if-range)#switchport trunk native vlan 99
Trunk Link
L3(config-if-range)#switchport trunk allowed vlan 10,20
enable N Vlan 10,20
L3(config-if-range)#exit L3(config)#int vlan 10
Virtual Interface 10
L3(config-if)#ip add 192.168.10.1 255.255.255.0
Route
L3(config-if)#int vlan 20 L3(config-if)#ip add 192.168.20.1 255.255.255.0 L3(config-if)#exit L3(config)#ip routing
Vlan
L3(config)#ip dh excluded-address 192.168.10.1 192.168.10.20
IP Addresses
L3(config)#ip dh excluded-address 192.168.20.1 192.168.20.20
CCNA 640-802
Page 87 of 127
IP
L3(config)#ip dh pool vlan10
Vlan
L3(dh-config)#network 192.168.10.0 255.255.255.0 L3(dh-config)#default-router 192.168.10.1 L3(dh-config)#ip dh pool vlan20 L3(dh-config)#network 192.168.20.0 255.255.255.0 L3(dh-config)#default-router 192.168.20.1 L3(dh-config)#exit SW1(config)#vlan 10 SW1(config-vlan)#name SW1(config-vlan)#vlan 20 SW1(config-vlan)#name HR SW1(config-vlan)#vlan 99 SW1(config-vlan)#name Native_Trunk SW1(config-vlan)#exit SW1(config)#int f0/5 SW1(config-if)#switchport mode trunk SW1(config-if)#switchport trunk native vlan 99 SW1(config-if)#switchport trunk allowed vlan 10,20 SW1(config-if)#int range f0/1-2 SW1(config-if-range)#switchport mode access SW1(config-if-range)#switchport access vlan 20 SW1(config-if-range)#int range f0/3-4 SW1(config-if-range)#switchport mode access SW1(config-if-range)#switchport access vlan 10 SW1(config-if-range)#exit SW2(config)#vlan 10 SW2(config-vlan)#name SW2(config-vlan)#vlan 20 SW2(config-vlan)#name HR SW2(config-vlan)#vlan 99 SW2(config-vlan)#name Native_Trunk SW2(config-vlan)#exit SW2(config)#int f0/5 SW2(config-if)#switchport mode trunk SW2(config-if)#switchport trunk native vlan 99 SW2(config-if)#switchport trunk allowed vlan 10,20 SW2(config-if)#int range f0/1-2 SW2(config-if-range)#switchport mode access SW2(config-if-range)#switchport access vlan 20 SW2(config-if-range)#int range f0/3-4 SW2(config-if-range)#switchport mode access SW2(config-if-range)#switchport access vlan 10
CCNA 640-802
Page 88 of 127
DH Scope
Dynamic Trunking Protocol (DTP) P
P b
Switch(config)#int f0/1
Interface f0/1
Switch(config-if)#switchport mode dynamic desirable
Trunk Link Neighbors Interface
b Interface
Trunk
Switch(config-if)#switchport mode dynamic auto
Neighbors Interface
Switch(config-if)#switchport nonegotiate
DTP
b
Interface
Trunk
VLAN Trunking Protocol Switch(config)#vtp mode server
Default
Switch
P
M
VTP Server Mode Switch(config)#vtp mode client
VTP Client Mode
Switch(config)#vtp mode transparent
VTP Transparent Mode
VTP Server VTP Server Client
Switch(config)#no vtp mode
CCNA 640-802
Default Server Mode
Page 89 of 127
Switch(config)#vtp domain domain-name
Domain-name
1-32 Characters
Remark-
Switch domain-name
Communicate Switch(config)#vtp p@ssw0rd Switch(config)#vtp pruning
Enable VTP pruning Default
b
Mode 1
VTP Server Enable
VTP pruning function use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown, and flooded unicast packets. VTP pruning save and increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. What VTP Pruning does,
VLAN 1(default) is always pruning-ineligible, meaning traffic from VLAN 1 cannot be pruned in any situation.
Pruning eligibility is based only on the VLANs that need the given broadcast information across the trunks. It is not related with the number of ports assigned to that VLAN.
VTP Pruning does not change, add, or delete the VLANs in a VTP domain, it simply reduces the broadcast and multicast traffic.
VTP version 2 and VTP version 1 are not interoperable on network devices in the same VTP domain. Every network device in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every network device in the VTP domain s version 2.
Switch#show vtp status
VTP Configuration
Switch#show vtp counters
VTP Couters
VTP ments Summary ments – VTP Server
Clients
5min
Configuration Rivision no. Count
Creating or deleting a VLAN Suspending or activating a VLAN Changing the name of a VLAN Changing the MTU of a VLAN
CCNA 640-802
P sent
Subset ments – VTP information
Request ments- VTP Client
update
VTP Server
Page 90 of 127
Remark- VTP No
Revision No
Switch
VTP Server Switch
Network
L N
Update b
Revision
O
VLAN Exercise-2 (Intervlan Routing With Layer3 Switch)
Layer3 Switch Switch(config)#hostname L3 L3(config)#int range f0/1-2 L3(config-if-range)#switchport trunk encapsulation dot1q L3(config-if-range)#switchport mode trunk L3(config-if-range)#exit L3(config)#vtp mode server L3(config)#vtp domain cisco
VTP Configuration
L3(config)#vtp cisco L3(config)#vlan 10 L3(config-vlan)#name HR L3(config-vlan)#vlan 20 L3(config-vlan)#name Sale L3(config-vlan)#vlan 30 L3(config-vlan)#name Manager L3(config-vlan)#vlan 40
VLAN creation & define
L3(config-vlan)#name
description
L3(config-vlan)#vlan 50 L3(config-vlan)#name Operation L3(config-vlan)#vlan 60 L3(config-vlan)#name Security L3(config)#vlan 99 L3(config-vlan)#name Native_Trunk
CCNA 640-802
Page 91 of 127
L3(config-vlan)#exit L3(config-if-range)#int range f0/1-2
Interface f0/1 & f0/2
native
L3(config-if-range)#switchport trunk native vlan 99 L3(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 Allow
vlan
L3(config-if-range)#exit L3(config)#int vlan 10 L3(config-if)#ip add 192.168.10.1 255.255.255.0 L3(config-if)#int vlan 20 L3(config-if)#ip add 192.168.20.1 255.255.255.0 L3(config-if)#int vlan 30 L3(config-if)#ip add 192.168.30.1 255.255.255.0 L3(config-if)#int vlan 40
Define Ip address for virtual
L3(config-if)#ip add 192.168.40.1 255.255.255.0
interface Intervlan Routing
L3(config-if)#int vlan 50 L3(config-if)#ip add 192.168.50.1 255.255.255.0 L3(config-if)#int vlan 60 L3(config-if)#ip add 192.168.60.1 255.255.255.0 L3(config-if)#exit L3(config)#ip routing L3(config)#int f0/3 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 10 L3(config-if)#int f0/4 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 20 L3(config-if)#int f0/5 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 30 L3(config-if)#int f0/6 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 40 L3(config-if)#int f0/7 L3(config-if)#switchport mode access L3(config-if)#switchport port-security
CCNA 640-802
Page 92 of 127
L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 50 L3(config-if)#int f0/8 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 60 L3(config-if)#int range f0/9-24 L3(config-if-range)#shutdown L3(config-if-range)#exit L3(config)#ip dh excluded-address 192.168.10.1 192.168.10.50 L3(config)#ip dh excluded-address 192.168.20.1 192.168.20.50 L3(config)#ip dh excluded-address 192.168.30.1 192.168.30.50 L3(config)#ip dh excluded-address 192.168.40.1 192.168.40.50 L3(config)#ip dh excluded-address 192.168.50.1 192.168.50.50 L3(config)#ip dh excluded-address 192.168.60.1 192.168.60.50 L3(config)#ip dh pool vlan10 L3(dh-config)#network 192.168.10.0 255.255.255.0 L3(dh-config)#default-router 192.168.10.1 L3(dh-config)#ip dh pool vlan20 L3(dh-config)#network 192.168.20.0 255.255.255.0 L3(dh-config)#default-router 192.168.20.1 L3(dh-config)#ip dh pool vlan30 L3(dh-config)#network 192.168.30.0 255.255.255.0 L3(dh-config)#default-router 192.168.30.1 L3(dh-config)#ip dh pool vlan40 L3(dh-config)#network 192.168.40.0 255.255.255.0 L3(dh-config)#default-router 192.168.40.1 L3(dh-config)#ip dh pool vlan50 L3(dh-config)#network 192.168.50.0 255.255.255.0 L3(dh-config)#default-router 192.168.50.1 L3(dh-config)#ip dh pool vlan60 L3(dh-config)#network 192.168.60.0 255.255.255.0 L3(dh-config)#default-router 192.168.60.1 L3(dh-config)#exit Layer2 Switch
(SW2 Configuration
Switch(config)#hostname SW2 SW2(config)#int range f0/1-2 SW2(config-if-range)#switchport mode trunk SW2(config-if-range)#exit SW2(config)#vtp mode client
CCNA 640-802
Page 93 of 127
)
SW2(config)#vtp domain cisco SW2(config)#vtp cisco SW2(config)#int range f0/1-2 SW2(config-if-range)#switchport trunk native vlan 99 SW2(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 SW2(config-if-range)#exit SW2(config)#int f0/3 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 10 SW2(config-if)#int f0/4 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 20 SW2(config-if)#int f0/5 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 30 SW2(config-if)#int f0/6 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 40 SW2(config-if)#int f0/7 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 50 SW2(config-if)#int f0/8 SW2(config-if)#switchport mode access SW2(config-if)#switchport port-security SW2(config-if)#switchport port-security violation protect SW2(config-if)#switchport access vlan 60 SW2(config)#int range f0/9-24 SW2(config-if-range)#shutdown
CCNA 640-802
Page 94 of 127
VOIP(Voice Over Internet Protocol)
L3(config)#vlan 10 L3(config-vlan)#name HR L3(config-vlan)#vlan 20 L3(config-vlan)#name Sale L3(config-vlan)#vlan 30 L3(config-vlan)#name Manager L3(config-vlan)#vlan 40 L3(config-vlan)#name L3(config-vlan)#vlan 50 L3(config-vlan)#name Operation L3(config-vlan)#vlan 60 L3(config-vlan)#name Security L3(config-vlan)#vlan 99 L3(config-vlan)#name Native L3(config-vlan)#exit L3(config)#vtp mode server L3(config)#vtp domain cisco L3(config)#vtp cisco
CCNA 640-802
Page 95 of 127
L3(config)#int range f0/1 - 2 L3(config-if-range)#switchport trunk encapsulation dot1q L3(config-if-range)#switchport mode trunk L3(config-if-range)#switchport nonegotiate 3(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 L3(config-if-range)#switchport trunk native vlan 99 L3(config-if-range)#exit L3(config)#int f0/3 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 10 L3(config-if)#switchport voice vlan 10
VOIP
L3(config-if)#int f0/4 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 20 L3(config-if)#switchport voice vlan 20 L3(config-if)#int f0/5 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 30 L3(config-if)#switchport voice vlan 30 L3(config-if)#int f0/6 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 40 L3(config-if)#switchport voice vlan 40 L3(config-if)#int f0/7 L3(config-if)#switchport mode access L3(config-if)#switchport port-security L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 50 L3(config-if)#switchport voice vlan 50 L3(config-if)#int f0/8 L3(config-if)#switchport mode access L3(config-if)#switchport port-security
CCNA 640-802
Page 96 of 127
L3(config-if)#switchport port-security violation protect L3(config-if)#switchport access vlan 60 L3(config-if)#switchport voice vlan 60 L3(config-if)#exit L3(config)#int range f0/9 - 24 L3(config-if-range)#shutdown L3(config-if-range)#exit L3(config)#ip routing L3(config)#int vlan10 L3(config-if)#ip add 10.10.10.1 255.255.255.0 L3(config-if)#int vlan20 L3(config-if)#ip add 10.10.20.1 255.255.255.0 L3(config-if)#int vlan30 L3(config-if)#ip add 10.10.30.1 255.255.255.0 L3(config-if)#int vlan40 L3(config-if)#ip add 10.10.40.1 255.255.255.0 L3(config-if)#int vlan50 L3(config-if)#ip add 10.10.50.1 255.255.255.0 L3(config-if)#int vlan60 L3(config-if)#ip add 10.10.60.1 255.255.255.0 L3(config-if)#exit L3(config)#ip dh excluded-address 10.10.10.1 10.10.10.50 L3(config)#ip dh excluded-address 10.10.20.1 10.10.20.50 L3(config)#ip dh excluded-address 10.10.30.1 10.10.30.50 L3(config)#ip dh excluded-address 10.10.40.1 10.10.40.50 L3(config)#ip dh excluded-address 10.10.50.1 10.10.50.50 L3(config)#ip dh excluded-address 10.10.60.1 10.10.60.50 L3(config)#ip dh pool vlan10 L3(dh-config)#network 10.10.10.0 255.255.255.0 L3(dh-config)#default-router 10.10.10.1 L3(dh-config)#option 150 ip 192.168.0.1
option 150 – ph svr
L3(dh-config)#ip dh pool vlan20
192.168.0.1 - CME Address
L3(dh-config)#network 10.10.20.0 255.255.255.0 L3(dh-config)#default-router 10.10.20.1
CCNA 640-802
Page 97 of 127
L3(dh-config)#option 150 ip 192.168.0.1 L3(dh-config)#ip dh pool vlan30 L3(dh-config)#network 10.10.30.0 255.255.255.0 L3(dh-config)#default-router 10.10.30.1 L3(dh-config)#option 150 ip 192.168.0.1 L3(dh-config)#ip dh pool vlan40 L3(dh-config)#network 10.10.40.0 255.255.255.0 L3(dh-config)#default-router 10.10.40.1 L3(dh-config)#option 150 ip 192.168.0.1 L3(dh-config)#ip dh pool vlan50 L3(dh-config)#network 10.10.50.0 255.255.255.0 L3(dh-config)#default-router 10.10.50.1 L3(dh-config)#option 150 ip 192.168.0.1 L3(dh-config)#ip dh pool vlan60 L3(dh-config)#network 10.10.60.0 255.255.255.0 L3(dh-config)#default-router 10.10.60.1 L3(dh-config)#option 150 ip 192.168.0.1 L3(config-if-range)#exit L3(config)#int f0/9 L3(config-if)#no switchport
IP
L3(config-if)#ip add 192.168.0.2 255.255.255.252 L3(config-if)#no shut SWA(config)#vtp mode client SWA(config)#vtp cisco SWA(config)#int range f0/1 - 2 SWA(config-if-range)#switchport mode trunk SWA(config-if-range)#switchport trunk native vlan 99 SWA(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 SWA(config-if-range)#switchport nonegotiate SWA(config-if-range)#exit SWA(config)#int f0/3 SWA(config-if)#switchport mode access SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 10 SWA(config-if)#switchport voice vlan 10 SWA(config-if)#int f0/4 SWA(config-if)#switchport mode access
CCNA 640-802
Page 98 of 127
switchport mode
SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 20 SWA(config-if)#switchport voice vlan 20 SWA(config-if)#int f0/5 SWA(config-if)#switchport mode access SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 30 SWA(config-if)#switchport voice vlan 30 SWA(config-if)#int f0/6 SWA(config-if)#switchport mode access SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 40 SWA(config-if)#switchport voice vlan 40 SWA(config-if)#int f0/7 SWA(config-if)#switchport mode access SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 50 SWA(config-if)#switchport voice vlan 50 SWA(config-if)#int f0/8 SWA(config-if)#switchport mode access SWA(config-if)#switchport port-security SWA(config-if)#switchport port-security violation protect SWA(config-if)#switchport access vlan 60 SWA(config-if)#switchport voice vlan 60 SWA(config-if)#int range f0/9 - 24 SWA(config-if-range)#shutdown SWB(config)#vtp mode server SWB(config)#vtp cisco SWB(config)#int f0/2 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect SWB(config-if)#switchport access vlan 10 SWB(config-if)#switchport voice vlan 10 SWB(config-if)#int f0/3 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect
CCNA 640-802
Page 99 of 127
SWB(config-if)#switchport access vlan 20 SWB(config-if)#switchport voice vlan 20 SWB(config-if)#int f0/4 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect SWB(config-if)#switchport access vlan 30 SWB(config-if)#switchport voice vlan 30 SWB(config-if)#int f0/5 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect SWB(config-if)#switchport access vlan 40 SWB(config-if)#switchport voice vlan 40 SWB(config-if)#int f0/6 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect SWB(config-if)#switchport access vlan 50 SWB(config-if)#switchport voice vlan 50 SWB(config-if)#int f0/7 SWB(config-if)#switchport mode access SWB(config-if)#switchport port-security SWB(config-if)#switchport port-security violation protect SWB(config-if)#switchport access vlan 60 SWB(config-if)#switchport voice vlan 60 SWB(config-if)#int range f0/8 - 24 SWB(config-if-range)#shutdown SWC(config)#vtp mode client Setting device to VTP CLIENT mode. SWC(config)#vtp cisco Setting device VLAN database to cisco SWC(config)#int range f0/1 - 2 SWC(config-if-range)#switchport mode trunk SWC(config-if-range)#switchport trunk native vlan 99 SWC(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 SWC(config-if-range)#switchport nonegotiate SWC(config-if-range)#int f0/3 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect
CCNA 640-802
Page 100 of 127
SWC(config-if)#switchport access vlan 10 SWC(config-if)#switchport voice vlan 10 SWC(config-if)#int f0/4 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect SWC(config-if)#switchport access vlan 20 SWC(config-if)#switchport voice vlan 20 SWC(config-if)#int f0/5 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect SWC(config-if)#switchport access vlan 30 SWC(config-if)#switchport voice vlan 30 SWC(config-if)#int f0/6 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect SWC(config-if)#switchport access vlan 40 SWC(config-if)#switchport voice vlan 40 SWC(config-if)#int f0/7 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect SWC(config-if)#switchport access vlan 50 SWC(config-if)#switchport voice vlan 50 SWC(config-if)#int f0/8 SWC(config-if)#switchport mode access SWC(config-if)#switchport port-security SWC(config-if)#switchport port-security violation protect SWC(config-if)#switchport access vlan 60 SWC(config-if)#switchport voice vlan 60 SWC(config-if)#int range f0/9 - 24 SWC(config-if-range)#shutdown SWD(config)#vtp mode client Setting device to VTP CLIENT mode. SWD(config)#vtp cisco Setting device VLAN database to cisco SWD(config)#int f0/1 SWD(config-if)#switchport mode trunk SWD(config-if)#switchport trunk native vlan 99 SWD(config-if)#switchport trunk allowed vlan
CCNA 640-802
Page 101 of 127
10,20,30,40,50,60 SWD(config-if)#switchport nonegotiate SWD(config-if)#int f0/2 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 10 SWD(config-if)#switchport voice vlan 10 SWD(config-if)#int f0/3 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 20 SWD(config-if)#switchport voice vlan 20 SWD(config-if)#int f0/4 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 30 SWD(config-if)#switchport voice vlan 30 SWD(config-if)#int f0/5 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 40 SWD(config-if)#switchport voice vlan 40 SWD(config-if)#int f0/6 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 50 SWD(config-if)#switchport voice vlan 50 SWD(config-if)#int f0/7 SWD(config-if)#switchport mode access SWD(config-if)#switchport port-security SWD(config-if)#switchport port-security violation protect SWD(config-if)#switchport access vlan 60 SWD(config-if)#switchport voice vlan 60 SWD(config-if)#int range f0/8 -24 SWD(config-if-range)#shutdown CME(config)#int f0/0 CME(config-if)#ip add 192.168.0.1 255.255.255.252
CCNA 640-802
Page 102 of 127
CME(config-if)#no shut CME(config-if)#exit CME(config)#ip route 10.10.10.0 255.255.255.0 f0/0 CME(config)#ip route 10.10.20.0 255.255.255.0 f0/0 CME(config)#ip route 10.10.30.0 255.255.255.0 f0/0 CME(config)#ip route 10.10.40.0 255.255.255.0 f0/0 CME(config)#ip route 10.10.50.0 255.255.255.0 f0/0 CME(config)#ip route 10.10.60.0 255.255.255.0 f0/0 CME(config)#telephony-service
Phone Service
CME(config-telephony)#max-dn 30
Ph.ext
CME(config-telephony)#max-ephones 30
Ph.
CME(config-telephony)#exit CME(config)#ephone-dn 1
dn= directory numbers (1-144)
CME(config-ephone-dn)#number 9101
Ph extension
CME(config-ephone-dn)#ephone-dn 2 CME(config-ephone-dn)#number 9102 CME(config-ephone-dn)#ephone-dn 3 CME(config-ephone-dn)#number 9103 CME(config-ephone-dn)#ephone-dn 4 CME(config-ephone-dn)#number 9104 CME(config-ephone-dn)#ephone-dn 5 CME(config-ephone-dn)#number 9105 CME(config-ephone-dn)#ephone-dn 6 CME(config-ephone-dn)#number 9201 CME(config-ephone-dn)#ephone-dn 7 CME(config-ephone-dn)#number 9202 CME(config-ephone-dn)#ephone-dn 8 CME(config-ephone-dn)#number 9203 CME(config-ephone-dn)#ephone-dn 9 CME(config-ephone-dn)#number 9204 CME(config-ephone-dn)#ephone-dn 10 CME(config-ephone-dn)#number 9205 CME(config-ephone-dn)#ephone-dn 11 CME(config-ephone-dn)#number 9301 CME(config-ephone-dn)#ephone-dn 12 CME(config-ephone-dn)#number 9302 CME(config-ephone-dn)#ephone-dn 13 CME(config-ephone-dn)#number 9303 CME(config-ephone-dn)#ephone-dn 14 CME(config-ephone-dn)#number 9304
CCNA 640-802
Page 103 of 127
CME(config-ephone-dn)#ephone-dn 15 CME(config-ephone-dn)#number 9305 CME(config-ephone-dn)#ephone-dn 16 CME(config-ephone-dn)#number 9401 CME(config-ephone-dn)#ephone-dn 17 CME(config-ephone-dn)#number 9402 CME(config-ephone-dn)#ephone-dn 18 CME(config-ephone-dn)#number 9403 CME(config-ephone-dn)#ephone-dn 19 CME(config-ephone-dn)#number 9404 CME(config-ephone-dn)#ephone-dn 20 CME(config-ephone-dn)#number 9405 CME(config-ephone-dn)#ephone-dn 21 CME(config-ephone-dn)#number 9501 CME(config-ephone-dn)#ephone-dn 22 CME(config-ephone-dn)#number 9502 CME(config-ephone-dn)#ephone-dn 23 CME(config-ephone-dn)#number 9503 CME(config-ephone-dn)#ephone-dn 24 CME(config-ephone-dn)#number 9504 CME(config-ephone-dn)#ephone-dn 25 CME(config-ephone-dn)#number 9505 CME(config-ephone-dn)#ephone-dn 26 CME(config-ephone-dn)#number 9601 CME(config-ephone-dn)#ephone-dn 27 CME(config-ephone-dn)#number 9602 CME(config-ephone-dn)#ephone-dn 28 CME(config-ephone-dn)#number 9603 CME(config-ephone-dn)#ephone-dn 29 CME(config-ephone-dn)#number 9604 CME(config-ephone-dn)#ephone-dn 30 CME(config-ephone-dn)#number 9605 CME(config-ephone-dn)#exit CME(config)#ephone 1
P
CME(config-ephone)#type cipc
Type = softphone
CME(config-ephone)#mac-address 000A.F3CA.14B1
Computer Mac Address
CME(config-ephone)#button 1:1
Ext no.
CME(config-ephone)#ephone 2 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0001.638E.60BA CME(config-ephone)#button 1:2
CCNA 640-802
Page 104 of 127
P
(9101)
CME(config-ephone)#ephone 3 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0090.0CE6.AC8A CME(config-ephone)#button 1:3 CME(config-ephone)#ephone 4 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00E0.A353.5EBA CME(config-ephone)#button 1:4 CME(config-ephone)#ephone 5 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 000A.F390.BBE5 CME(config-ephone)#button 1:5 CME(config-ephone)#ephone 6 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0001.4248.E46A CME(config-ephone)#button 1:6 CME(config-ephone)#ephone 7 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 000B.BE10.4336 CME(config-ephone)#button 1:7 CME(config-ephone)#ephone 8 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.5897.0895 CME(config-ephone)#button 1:8 CME(config-ephone)#ephone 9 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0002.4AED.6AB6 CME(config-ephone)#button 1:9 CME(config-ephone)#ephone 10 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0007.ECA4.8CCE CME(config-ephone)#button 1:10 CME(config-ephone)#ephone 11 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00E0.F7A2.2543 CME(config-ephone)#button 1:11 CME(config-ephone)#ephone 12 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.9793.B500 CME(config-ephone)#button 1:12 CME(config-ephone)#ephone 13 CME(config-ephone)#type cipc
CCNA 640-802
Page 105 of 127
CME(config-ephone)#mac-address 0030.A316.ABB3 CME(config-ephone)#button 1:13 CME(config-ephone)#ephone 14 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00E0.B013.C2B3 CME(config-ephone)#button 1:14 CME(config-ephone)#ephone 15 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 000A.41D9.9A33 CME(config-ephone)#button 1:15 CME(config-ephone)#ephone 16 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0001.9769.0AE8 CME(config-ephone)#button 1:16 CME(config-ephone)#ephone 17 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0009.7C9C.1A52 CME(config-ephone)#button 1:17 CME(config-ephone)#ephone 18 CME(config-ephone)#mac-address 0010.1112.9D99 CME(config-ephone)#button 1:18 CME(config-ephone)#type cipc CME(config-ephone)#ephone 19 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0005.5E26.516A CME(config-ephone)#button 1:19 CME(config-ephone)#ephone 20 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 000B.BEED.0C31 CME(config-ephone)#button 1:20 CME(config-ephone)#ephone 21 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.FF90.81C4 CME(config-ephone)#button 1:21 CME(config-ephone)#ephone 22 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0010.11EA.B09D CME(config-ephone)#button 1:22 CME(config-ephone)# CME(config-ephone)#ephone 23 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.BA28.A209
CCNA 640-802
Page 106 of 127
CME(config-ephone)#button 1:23 CME(config-ephone)#ephone 24 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0002.4A8C.6226 CME(config-ephone)#button 1:24 CME(config-ephone)#ephone 25 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.5854.800C CME(config-ephone)#button 1:25 CME(config-ephone)#ephone 26 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 000D.BDDC.7A11 CME(config-ephone)#button 1:26 CME(config-ephone)#ephone 27 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0001.97A0.3065 CME(config-ephone)#button 1:27 CME(config-ephone)#ephone 28 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0002.1654.4B8B CME(config-ephone)#button 1:28 CME(config-ephone)#ephone 29 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 0006.2AE5.4C38 CME(config-ephone)#button 1:29 CME(config-ephone)#ephone 30 CME(config-ephone)#type cipc CME(config-ephone)#mac-address 00D0.FF4E.969A CME(config-ephone)#button 1:30 CME(config-ephone)#exit CME(config)#telephony-service CME(config-telephony)#ip source-address 192.168.0.1 port 2000
CCNA 640-802
Page 107 of 127
Spanning Tree Protocol (STP)(802.1D) STP Protocol
Switch to Switch
L
recover
Backup P
Data
Port
P
Root Port
Root Bridge
Link
Desg Port P
Link
Forwarded Port Path Cost Down
BLK port P
Switch
P
Root Bridge
1
(0-61440) Priority
2. Priority
4-bit
…
Mac Address
Switch
Remark – Root Bridge
Switch
Port
Switch(config)#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID
Priority Address
32769 0001.6435.13E5
This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address
32769 (priority 32768 sys-id-ext 1) 0001.6435.13E5
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface
Role Sts Cost
Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa0/2
Desg FWD 19
128.2
P2p
Fa0/1
Desg FWD 19
128.1
P2p
CCNA 640-802
Page 108 of 127
Root Port Election Non-Root Switch
Path Cost Switch
P Path
Cost
10 GB
2
1 GB
4
100 MB
19
10 MB
100
Port No.
Port No.
Non-Root Switch Link
Acti
P
Root Port
BPDU(Bridge Protocol Data Unit)
Down 20s, Forwarding
15s
MAC Learning
19+19
CCNA 640-802
Switch
every 2s
Link Down
Cost 19
BLK Port
Root Bridge
Root Bridge
Page 109 of 127
10 Backup Link
15s
50s
P Mac Address
Path Cost Port
Switch
Root Bridge
Neighbor Switch
Root Port
Mac Address
Access Layer
Core Layer
Priority Switch
Data
Root Bridge Root Bridge
Per Vlan Spanning-Tree (PVST+)
CCNA 640-802
Mac Address
Page 110 of 127
Switch Access Layer
Vlan
Root Primary
BLK Port
Rapid PVST Rapid PVST
Backup Link
2s
P Switch(config)#spanning-tree mode rapid-pvst
CCNA 640-802
Page 111 of 127
b
YGN-S1(config)#int range f0/1 - 2 YGN-S1(config-if-range)#switchport mode trunk YGN-S1(config-if-range)#switchport nonegotiate YGN-S1(config-if-range)#exit YGN-S1(config)#vtp mode server YGN-S1(config)#vtp domain cisco YGN-S1(config)#vtp cisco YGN-S2(config)#int range f0/1 - 2 YGN-S2(config-if-range)#switchport mode trunk YGN-S2(config-if-range)#switchport nonegotiate YGN-S2(config-if-range)#exit YGN-S2(config)#vtp mode client YGN-S2(config)#vtp domain cisco YGN-S2(config)#vtp cisco YGN-S3(config)#int range f0/1 - 2 YGN-S3(config-if-range)#switchport mode trunk YGN-S3(config-if-range)#switchport nonegotiate
CCNA 640-802
Page 112 of 127
YGN-S3(config-if-range)#exit YGN-S3(config)#vtp mode client YGN-S3(config)#vtp domain cisco YGN-S3(config)#vtp cisco
Access Control Lists Access Control lists
Router
s
instructions ACL 1.
Standard Access Lists
2.
Extended Access Lists
Standard Access Lists 1.
Standard Access Lists
2.
Data Packets
3.
Destination Addresses
filter Router
CCNA 640-802
1-99 source addresses L interface
Page 113 of 127
Destination
4.
P
Filter
OSI Model
Layer 3
Exercise 1
J
’
’
deny
B1(config)#access-list 10 deny host 192.168.1.31 B1(config)#access-list 10 deny 192.168.1.31
access-list 10 deny Source IP Address
B1(config)#access-list 10 deny 192.168.1.31 0.0.0.0 ACL No. B1(config)#int f0/0 -
Access-list
Rule host
Destination Network Source Network
outbound
default deny auto rule Host
host
B1(config)#access-list 11 deny host 192.168.1.31
Deny host
B1(config)#access-list 11 permit any B1(config)#int f0/0
CCNA 640-802
IP
Interface
B1(config-if)#ip access-group 10 out
Rule
Deny
Page 114 of 127
source network Deny
B1(config-if)#ip access-group 10 out
B1(config)#access-list 12 deny 192.168.1.0 0.0.0.255
192.168.1.0 Network
B1(config)#access-list 12 permit any B1(config)#int f0/0 B1(config-if)#ip access-group 12 out
B1(config)#access-list 13 deny 192.168.1.128 0.0.0.127
Network
B1(config)#access-list 13 permit any
192.168.1.255
192.168.1.128
B1(config)# B1(config)#int f0/0 B1(config-if)#ip access-group 13 out
B1(config)#access-list 14 deny 192.168.1.0 0.0.0.63
N
192.168.1.0-64
B1(config)#access-list 14 deny 192.168.1.128 0.0.0.63
192.168.1.128-192
Deny
B1(config)#access-list 14 permit any B1(config)# B1(config)#int f0/0 B1(config-if)#ip access-group 14 out
B1(config)#access-list 15 deny 192.168.1.32 0.0.0.31
Deny
B1(config)#access-list 15 deny 192.168.1.96 0.0.0.31 B1(config)#access-list 15 deny 192.168.1.160 0.0.0.31 B1(config)#access-list 15 deny 192.168.1.224 0.0.0.31 B1(config)#access-list 15 permit any B1(config)# B1(config)#int f0/0 B1(config-if)#ip access-group 15 out
B1(config)#access-list 16 deny 192.168.1.1 0.0.0.254 B1(config)#access-list 16 permit any
IP b
B1(config)# B1(config)#int f0/0 B1(config-if)#ip access-group 16 out
CCNA 640-802
Page 115 of 127
/
255
Extended Access Lists
Exercises 192.168.7.0 Network
CCNA 640-802
Website access
Extended Access Lists
Page 116 of 127
access-list 110 permit t 192.168.7.0 0.0.0.255 any eq
7.0 Network
0.0 Network
website
80 access-list 110 permit udp 192.168.7.0 0.0.0.255 host
website
192.168.0.10 eq 53
Service
access-list 110 permit udp any eq 68 any eq 67
Client
DNS DH Service (68
server int f0/1
client
67
)
Access-List
Interface
ip access-group 110 in access-list 111 deny t 192.168.7.0 0.0.0.255 host
Website
192.168.0.11 eq 80
deny
cisco.com website (Remark – Deny
ACL access-list 111 permit t 192.168.7.0 0.0.0.255 any eq
) website
P
80 access-list 111 permit udp 192.168.7.0 0.0.0.255 host 192.168.0.10 eq 53 access-list 111 permit udp any eq 68 any eq 67 int f0/1 ip access-group 111 in access-list 111 permit icmp 192.168.7.0 0.0.0.255
7.0 Network
192.168.2.0 0.0.0.255 echo
CCNA 640-802
Page 117 of 127
2.0 Network
Ping
access-list 112 deny t 192.168.7.0 0.0.0.255 host 192.168.0.11 eq 80 access-list 112 permit t 192.168.7.0 0.0.0.255 any eq 80 access-list 112 permit udp 192.168.7.0 0.0.0.255 host 192.168.0.10 eq 53 access-list 112 permit udp any eq 68 any eq 67 access-list 112 deny icmp 192.168.7.64 0.0.0.31
7.64-7.96
2.224-2.255
deny
192.168.2.224 0.0.0.31 echo access-list 112 permit icmp 192.168.7.0 0.0.0.255 192.168.2.0 0.0.0.255 echo access-list 112 permit t host 192.168.7.100 host
7.100 computer
192.168.0.11 eq 21 int f0/1 ip access-group 112 in
Name Access-List
J
’
Router
HQ(config)#enable secret cisco
CCNA 640-802
Page 118 of 127
0.11
HQ(config)#line vty 0 4 HQ(config-line)# telnet HQ(config-line)#exit HQ(config)#ip access-list standard John
John
HQ(config-std-nacl)#permit host 192.168.1.31
John compuer
Standard ACL
HQ(config-std-nacl)#exit HQ(config)#line vty 0 4
Telnet
HQ(config-line)#access-class John in
ACL
HQ(config-line)#exit
J
’ Computer
Server Network
Switch
Switch(config)#enable secret cisco
Mode
Switch(config)#line vty 0 4 Switch(config-line)# telnet
Switch(config-line)#exit Switch(config)#int vlan 1
Switch
IP
Switch(config-if)#ip add 192.168.0.5 255.255.255.0 Switch(config-if)#no shut Switch(config-if)#exit Switch(config)#ip default-gateway 192.168.0.1
Switch
gateway
Switch(config)#ip access-list standard John
N
Switch(config-std-nacl)#permit host 192.168.1.31
L
192.168.1.31
Switch(config-std-nacl)#exit Switch(config)#line vty 0 4
ACL
Switch(config-line)#access-class John in Switch(config-line)#exit
Time Base ACL
CCNA 640-802
Page 119 of 127
R1#sh clock R1(config)#clock timezone YGN 6 30 R1#clock set 19:00:00 11 Oct 2012 R1(config)#ntp master
ntp server
R2(config)#ntp server 192.168.123.1
Time Setting
NTP Server
R2(config)#clock timezone YGN 6 30
N
L
111.0 Network
222.0 Network
ICMP Allow
R1(config)#ip access-list extended PING R1(config-ext-nacl)#permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo R1(config)#int f0/0 R1(config-if)#ip access-group PING in R1#sh access-list Extended IP access list PING 10 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo N
L
111.10 Client
222.20 Server
ICMP Deny
ACL
ACL No. R1(config)#ip access-list extended PING R1(config-ext-nacl)#9 deny icmp host 192.168.111.10 host 192.168.222.20 echo
R1(config-ext-nacl)#do sh access-list
CCNA 640-802
Page 120 of 127
Extended IP access list PING 9 deny icmp host 192.168.111.10 host 192.168.222.20 echo 10 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo ACL Rule
ACL No. start no.increase count
R1(config)#ip access-list resequence PING 10 10 R1(config)#do sh access-list Extended IP access list PING 10 deny icmp host 192.168.111.10 host 192.168.222.20 echo 20 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo Remote Desktop
(Time Frame
)
R1(config)#time-range RDP R1(config-time-range)#? Time range configuration commands: absolute absolute time and date default Set a command to its defaults exit
Exit from time-range configuration mode
no
Negate a command or set its defaults
periodic periodic time and date R1(config-time-range)#periodic Monday Wednesday Thursday 8:30 to 9:00 R1(config-time-range)#ip access-list extended PING R1(config-ext-nacl)#5 permit t host 192.168.111.10 host 192.168.222.20 eq3389 time-range RDP R1(config-ext-nacl)#do sh access-list Extended IP access list PING 5 permit t host 192.168.111.10 host 192.168.222.20 eq 3389 time-range RDP (inactive) 10 deny icmp host 192.168.111.10 host 192.168.222.20 echo 20 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255
CCNA 640-802
Page 121 of 127
B1(config)#enable secret cisco B1(config)#line vty 0 4 B1(config-line)# telnet B1(config)#access-list 10 permit 10.10.14.0 0.0.0.255
IT Vlan 24
B1(config)#line vty 0 4
Router B1 Router
B1(config-line)#access-class 10 in 7.0 Guest Network
Internet Access
Allow
(HTTP,HTTPS,DNS,DH)
B2(config)#access-list 120 permit udp 10.10.7.0 0.0.0.255 host 10.10.15.10 eq 53 L
Guest Network
DNS Server
DNS Service
B2(config)#access-list 120 deny t 10.10.7.0 0.0.0.255 host 10.10.15.30 eq 80 L
Guest Network
Internal website(www.abc.com)
P
B2(config)#access-list 120 deny t 10.10.7.0 0.0.0.255 host 10.10.15.30 eq 443 L
Guest Network
Internal website(www.abc.com)
B2(config)#access-list 120 permit t 10.10.7.0 0.0.0.255 any eq 80 L
CCNA 640-802
Guest Network
Internet Website
P
Page 122 of 127
P
L
B2(config)#access-list 120 permit t 10.10.7.0 0.0.0.255 any eq 443 L
Guest Network
Internet Website
P
B2(config)#access-list 120 permit udp any eq 68 eq 67 L
Guest Network
DH Server
DH Service
B2(config)#access-list 120 permit ip 10.10.7.0 0.0.0.255 10.10.9.0 0.0.0.255 L
Guest Network
Wireless
B2(config)#access-list 120 permit ip 10.10.7.0 0.0.0.255 10.10.11.0 0.0.0.255 L
Guest Network
Wireless
B2(config)#access-list 120 deny t 10.10.7.0 0.0.0.255 host 10.10.15.50 0.0.0.255 eq 25 L
Guest Network
Internal Mail Server
SMTP
B2(config)#access-list 120 deny t 10.10.7.0 0.0.0.255 host 10.10.15.50 0.0.0.255 eq 110 L
Guest Network
Internal Mail Server
POP3
B2(config)#access-list 120 permit t 10.10.7.0 0.0.0.255 any eq 25 L
Guest Network
Internet Mail Server
B2(config)#access-list 120 permit t 10.10.7.0 0.0.0.255 any eq 110 L
Guest Network
Internet Mail Server
B2(config)#int f0/0.17 B2(config-subif)#ip access-group 120 in
NAT (Network Address Translation)
Three types of NATStatic NAT (one to one)- Mapping an uned IP address to a ed IP address on a one-toone basis. Particularly useful when a device needs to be accessible from outside the network.
CCNA 640-802
Page 123 of 127
In static NAT, the computer with the IP address of 192.168.0.10 will always translate to 213.81.71.69:
Dynamic NAT – Maps an uned IP address to a ed IP address from a group of ed IP addresses. Dynamic NAT also establishes a one-to-one mapping between uned and ed IP address, but the mapping could vary depending on the ed address available in the pool, at the time of communication. In dynamic NAT, the computer with the IP address of 192.168.32.10 will translate to the first available address in the range from 213.18.123.100 to 213.18.123.150:
Overloading – A form of dynamic NAT that maps multiple uned IP addresses to a single ed IP address by using different ports. Known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT. In overloading, each computer on the private network is translated to the same IP address (213.18.123.100) but with a different port number assignment:
Exercise ( Static NAT) - Internal Web Site
CCNA 640-802
External Client
Page 124 of 127
N
NAT(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0
Internet
NAT(config)#ip nat inside source static 10.1.0.254 203.81.64.11 Nat
203.81.64.11
NAT(config)#int s0/0/0
10.1.0.254
NAT(config-if)#ip nat outside
Int serial 0/0/0
translate outside interface
NAT(config-if)#int f0/0 NAT(config-if)#ip nat inside
Int f0/0
inside interface
NAT(config)#ip nat inside source static t 10.1.0.254 80 203.81.64.11 80
Wan IP
NAT(config)#ip nat inside source static t 10.1.0.253 80 203.81.64.11 443
Internal Web Server
DNS Server
Exercise (Dynamic NAT)–Internal Clients
CCNA 640-802
Internet
Page 125 of 127
WAN IP
Port
NAT(config)#access-list 30 permit 10.1.0.0 0.0.1.255
L
NAT(config)#ip nat pool MYPOOL 203.81.64.3
WAN IP 3
203.81.64.5 netmask 255.255.255.240
NAT
NAT(config)#ip nat inside source list 30 pool MYPOOL
Interface
POOL
NAT(config)#int s0/0/0 NAT(config-if)#ip nat outside NAT(config-if)#int f0/0 NAT(config-if)#ip nat inside NAT(config-if)#int f0/1 NAT(config-if)#ip nat inside NAT#sh ip nat translations
NAT
NAT#clear ip nat translation
NAT
Exercise -PAT (Port Address Translation) Internal Clients
Internet
NAT(config)#ip nat inside source list 30 pool MYPOOL overload HTTP/HTTPS
DNS
Allow
N
NAT(config)#access-list 120 permit t 10.1.0.0 0.0.1.255 any eq 80 NAT(config)#access-list 120 permit t 10.1.0.0 0.0.1.255 any eq 443 NAT(config)#access-list 120 permit t 10.1.0.0 0.0.1.255 any eq 53 NAT(config)#ip nat inside source list 120 pool MYPOOL overload
CCNA 640-802
Page 126 of 127
Overload
PAT
CCNA 640-802
Page 127 of 127
Related Documents 3h463d
Ccna Note 1gy3m
March 2021 0
Ccna 6d1526
March 2023 0
Ccna` 4v5h6k
December 2019 224
Ccna 6d1526
December 2019 90
Note 6p516v
August 2021 0
Note Making And Note Taking 37i4v
October 2019 144More Documents from "Thi Ha" 3c625l
7.2.2.4 Packet Tracer - Configuring Basic Eigrp With Ipv4 Instructions 4h4446
October 2019 216
Ccna Note 1gy3m
March 2021 0
Computer University Mandalay 431z5
July 2021 0
Compliancehandbook.pdf 421h2m
January 2022 0
The-incredible-life-of-a-himalayan-yogi-the-times-teachings-and-life-of-living-shiva-baba-lokenath-brahmachari-by-shuddhaanandaa-brahm.pdf 2h2925
December 2021 0