Comandos Cisco

GUÍA DE REFERENCIA
CISCO
Guía de comandos de Cisco desde Básico hacia Avanzado, con este
manual usted podrá encontrar ejemplos al mas alto nivel de expertos en
configuraciones CISCO
Contenido
Comandos Básicos ...............................................................................................................8
Copiar el Running config al Startup ...............................................................8
Ver la configuración ..................................................................................................8
Habilitar CDP ...............................................................................................................8
Habilitar CDP por interfaz ................................................................................8
Monitorear y mantener CDP ......................................................................................8
LLDP ........................................................................................................................................8
Habilitar LLDP ............................................................................................................8
Show Commands ...............................................................................................................8
Cambiar el nombre al Router o Switch ............................................................9
Configurar enlaces WAN SERIALES ........................................................................9
Configurar interfaces fastethernet .................................................................9
Mensajes no solicitados de iOS...........................................................................9
Configurar Mensaje de Ingreso a los router o switchs .......................9
Configurar PoE ................................................................................................................9
Contraseñas .........................................................................................................................10
Consola ...............................................................................................................................10
Telnet .................................................................................................................................10
SSH ........................................................................................................................................10
NAT ............................................................................................................................................11
Static NAT ........................................................................................................................11
Configurando Dynamic NAT .......................................................................................11
Configurar PAT OVERLOAD .........................................................................................12
Clear Commands ..............................................................................................................13
Troueblesooting ............................................................................................................13
DHCP ..........................................................................................................................................13
Configurar DHCP ............................................................................................................13
Configurando IP-Helper Address.........................................................................14
Troublesooting ..............................................................................................................15
IP SLA .....................................................................................................................................15
Configurar IP SLA .......................................................................................................15
Troubleshooting ............................................................................................................15
1
https://mr-telecomunicaciones.com
info@mr-telecomunicaciones.com
SNMP ..........................................................................................................................................16
SNMPv2c ...............................................................................................................................16
Configurar SNMPv2c Support for Trap and Inform ...................................16
SNMPv3 .................................................................................................................................17
Configurar Rutas Estáticas ......................................................................................17
Borrar rutas estáticas ...........................................................................................17
Configurar rutas por defecto .................................................................................17
Debug .......................................................................................................................................17
Uso de enrutamiento de IP de depuración ...................................................17
Protocolos de Enrutamiento ......................................................................................18
Classfull ..........................................................................................................................18
Classless ..........................................................................................................................18
IPv6 ......................................................................................................................................18
Distancia Administrativa .......................................................................................18
Verificando distancia administrativa y tipo de Protocolo ...........18
RIPv1 ...................................................................................................................................18
Configurando RIPv1 .................................................................................................18
Verificación y solución de problemas ......................................................19
Configurar Passive Interface .........................................................................19
Desabilitando Automatic Summarization ....................................................19
Configurar Default-Information Originate .............................................19
RIPv2 ...................................................................................................................................19
Configurando RIPv2 .................................................................................................19
Verificación y solución de problemas ......................................................19
Desabilitando Automatic Summarization ....................................................19
Configurar Default-Information Originate .............................................19
Configurar Passive Interface .........................................................................20
Verificando actualizaciones ............................................................................20
EIGRP (Distance Vector Protocol) ....................................................................20
Enabling EIGRP Routing .......................................................................................20
EIGRP Interface commands ...................................................................................20
Miscellaneous .............................................................................................................21
2
Show commands .............................................................................................................21
Modificar la métrica EIGRP ..............................................................................21
Configurando Hello Intervals and Hold Times ......................................21
Dirección muticast .....................................................................................................22
OSPF (Link-state routing protocol) ...............................................................22
Configuring OSPF Routing ...................................................................................22
Prioritizing the DR (Router ID) ..................................................................22
Show commands .............................................................................................................23
Timers .............................................................................................................................23
Miscellaneous .............................................................................................................23
Referencia rápida: OSPF Routing - Multiple Areas ........................23
Configuring OSPF Routing ...................................................................................24
OSPF Routing - Area Range (Summarization) ...........................................25
IPv6 ..........................................................................................................................................26
RIPNG ...................................................................................................................................26
Configurando RIPng .................................................................................................26
Propagando Default Route ...................................................................................26
EIGRP for IPv6 ..............................................................................................................27
Dirección de Multicast .......................................................................................27
Show commands .............................................................................................................27
Sumarizacion Manual...............................................................................................27
Configuración de EIGRP for IPv6 ..................................................................27
OSPF V3 ...............................................................................................................................73
Show Commands .............................................................................................................73
Configurando Interfaces .....................................................................................73
RADIUS Server...................................................................................................................101
Show Commands...............................................................................................................101
Dialer Interface ...........................................................................................................101
Switching ............................................................................................................................102
VLANS .................................................................................................................................102
Crear un Vlan ...........................................................................................................102
Configuración de un Puerto Troncal .........................................................102
3
Configurando Puertos de Acesso...................................................................102
Configurar VLAN ......................................................................................................102
Asignando un Puerto a una VLAN...................................................................102
Borrando VLANs ........................................................................................................103
Configurando VLAN Nativa .................................................................................103
Configurando Private Vlans ............................................................................103
Configurando Asociaciones de puertos en PVlans .............................103
Troubleshooting ......................................................................................................104
Vlan de Voz ...................................................................................................................104
Switchport voice vlan none ............................................................................104
Switchport voice vlan dot1p ..........................................................................104
Switchport voice vlan untagged...................................................................104
Switchport voice vlan vvid (opción recomendada)...........................105
VTP ......................................................................................................................................105
Configurando Dominios ........................................................................................105
Configurando el servidor y cliente .........................................................105
Configurando VTP Pruning .................................................................................105
EtherChannel .................................................................................................................105
Configurando EtherChannel Load Balancing ...........................................105
Asignando puertos y configurando el protocolo ...............................105
Configurando metodos en Pagp .......................................................................105
Configurando LACP .................................................................................................106
Spanning tree (STP) ................................................................................................107
Configurando STP....................................................................................................107
Configurando un Root Bridge ..........................................................................107
Cambiar el Root Bridge .....................................................................................107
Configurando PortFast ........................................................................................107
Configuración de BPDU GUARD ..........................................................................107
Configuración de Root Guard ..........................................................................107
Implementar PVST....................................................................................................108
Implementar PVST+ .................................................................................................108
Implementar Multiple Spanning Tree Protocol (MSTP) ...................108
4
DHCPv6 ...............................................................................................................................109
Troublesooting ........................................................................................................110
WAN ..........................................................................................................................................111
Comandos PPP .................................................................................................................111
Configurar PPP ........................................................................................................111
Verificación de PPP.............................................................................................112
Configuración de la autenticación (PAP o CHAP) .............................112
Configuring PPP Multilink (MLP) ................................................................114
Error Detection ......................................................................................................114
BGP ......................................................................................................................................115
Configuración de EBGP ........................................................................................116
Configurar rutas de descarte .......................................................................116
Show Commands ...........................................................................................................116
Estado vecino con el Neighbor Shut Down .............................................116
Alta disponibilidad ....................................................................................................116
HSRP ....................................................................................................................................116
Configuración HSRP Switchs ............................................................................116
Autenticación texto plano ..............................................................................117
Autenticación MD5 .................................................................................................117
Configurando HSRP Interface Tracking ....................................................117
Configuración HSRP Routers ............................................................................118
Configurar HSRP Interface Tracking .........................................................119
Diferencias entre HSRPv1 y HSRPv2............................................................119
VRRP (Virtual Router Redundancy Protocol).............................................120
GBLP ....................................................................................................................................120
Configurar GBLP ......................................................................................................120
GLBP Interface Tracking ...................................................................................121
Netflow IOS .......................................................................................................................121
SPAN ........................................................................................................................................121
Configurar Local SPAN ............................................................................................121
5
Configurar SPAN ..........................................................................................................122
Troubleshooting ..........................................................................................................122
Seguridad ............................................................................................................................123
Switch Security ..........................................................................................................123
BPDU GUARD ..................................................................................................................123
Root Guard ..................................................................................................................123
Port Security ...........................................................................................................124
Troubleshooting Port security .....................................................................124
DHCP SNOOPING ...........................................................................................................125
IP Source Guard ......................................................................................................126
Troubleshooting DHCP SNOOPING .....................................................................126
Prevencion de ARP Spoofing ................................................................................126
Mejorando seguridad en Telnet .....................................................................127
HTTP Secure Server ...............................................................................................127
Authentication, Authorization, and Accounting (AAA) .................128
TACACS+ .........................................................................................................................128
Radius ...........................................................................................................................128
Accounting ..................................................................................................................129
Security Using IEEE 802.1X Port-Based Authentication ............129
QoS ..........................................................................................................................................130
Configurando CoS trust using the IOS ........................................................130
Asignando CoS on a per-port basis ...............................................................131
Reescribiendo el CoS ..............................................................................................131
Implementing QoS for Voice ................................................................................131
Configuración de QoS para voz .........................................................................131
Auto QoS ..........................................................................................................................131
Interfaz de línea de comandos de QoS modular (CLI) .......................132
Classification of traffic – The class-map .........................................132
Definiendo the QoS policy – The policy-map ......................................132
Aplicando the policy to an interface – The service-policy ...132
IP Precedence and DSCP .........................................................................................132
Configuración de la confianza cos mediante el iOS ......................132
Asignando CoS on a per-port basis............................................................133
6
Rescribiendo the CoS ..........................................................................................133
Usando a MAC ACL to assign a DSCP value .............................................133
Configurando DSCP usando a MAC ACL .........................................................133
Uso de una ACL IP para definir el DSCP o la precedencia ........134
Configuración weighted fair queuing (WFQ).............................................134
Configuración Class-Based Weighted Fair Queuing ..............................135
CBWFQ Using WRED Packet Drop .......................................................................135
Low Latency Queuing (LLQ) ..................................................................................135
Multicast ............................................................................................................................136
PIM ......................................................................................................................................136
Configuración RPs .................................................................................................137
IGMP - Internet Group Management Protocol.............................................137
Configuración de las joins IGMP ................................................................137
CGMP ................................................................................................................................137
VPN ..........................................................................................................................................138
GRE .......................................................................................................................................138
IPSEC VPN .............................................................................................................................139
Paso 1 Configurar las interfaces .......................................................................................139
Paso 2 Configurar EIGRP ...................................................................................................140
Paso 3 Crear Políticas IKE .................................................................................................140
Paso 4 Configurar pre-shared keys ...................................................................................140
Paso 5 configurar IPsec transform set Lifetimes...............................................................141
Paso 6 definir interesting traffic .......................................................................................141
Paso 7 Crear y aplicar Crypto Maps ..................................................................................141
Paso 8 Verificar Ipsec configuration .................................................................................141
Paso 9 Verificar operación IPSEC ......................................................................................141
Paso 10 Probar .................................................................................................................142
MPLS ........................................................................................................................................143
7
Comandos Básicos
Copiar el Running config al Startup

Router# copy running-config startup-config
Ver la configuración
Router# show running-config
Router# show ip route
Router# show ip interface brief
Router# show interfaces
R1# show interfaces fastethernet 0/0
R1# show controllers serial 0/0/0
Habilitar CDP
Switch(config)# cdp run
Router(config)# no cdp run -------------- Deshabilitar CDP
Habilitar CDP por interfaz

Switch(config)# interface fastethernet 5/1
Switch(config-if)# cdp enable
Switch(config-if)# no cdp enable
Monitorear y mantener CDP

Switch# clear cdp counters
Switch# clear cdp table
Switch# show cdp
R3# show cdp neighbors
R3# show cdp neighbors detail ----Se puede visualizar la IP del

router remoto
LLDP
Habilitar LLDP
switch(config)# lldp run
switch(config)# end
Switch(config-if)# lldp enable
Show Commands
R1#show lldp neighbors
8
Cambiar el nombre al Router o Switch
Router# configure terminal
Router(config)# hostname R1
Configurar enlaces WAN SERIALES

R1(config)# interface Serial0/0
R1(config-if)# ip address 192.168.2.1 255.255.255.0
R1(config-if)# description Link to R2
R1(config-if)# clock rate 64000 DCE Only
R1(config-if)# no shutdown
Configurar interfaces fastethernet

R1(config)# interface fastethernet0/0
R1(config-if)# description R1 LAN
Mensajes no solicitados de iOS

Para mantener la salida no solicitada separada de la entrada,
introduzca el modo de configuración de línea para el puerto de la
consola y añada el logging synchronous
R1(config)# line console 0
R1(config-line)# logging synchronous
Configurar Mensaje de Ingreso a los router o switchs

Router(config)# banner motd # message #
Configurar PoE
Switch(config)# interface type mod/num
Switch(config-if)# power inline {auto [max milli-watts] | never
| static [max milli-watts]}
Ejemplo
Switch(config-if)# power inline auto
Switch# show power inline fastethernet 0/1
9
Contraseñas
Consola
Router(config)# enable secret password privilege password
Router(config)# line console 0 console password
Router(config-line)# password password
Router(config-line)# login
Telnet
Router(config)# line vty 0 4 telnet password
Router(config-line)# password password
Router(config-line)# login
SSH
Paso 1
• Switch(config)# Hostname SW1

• SW1(config)# ip domain-name example.com
• SW1(config)#crypto key generate rsa
How many bits in the module [512]: 1024
Paso 2
• SW1(config)#ip ssh version 2

Paso 3 (Opcional)
Router(config-line)# transport input ssh
Este comando asegura que solo las conexiones SSH son permitidas,
nadie por medio de telnet tendrá una conexión exitosa hacia el
router
Paso 4
• SW1(config)#line vty 0 15
• SW1(config-line)#login local
• SW1(config-line)#exit
• SW1(config)#username wendell password odom
• SW1(config)#username chris password youdaman
Ejemplo 2
switch(config)# username xyz password abc123
10
switch(config)# ip domain-name xyz.com
switch(config)# crypto key generate rsa
switch(config)# ip ssh version 2
switch(config)# line vty 0 15
switch(config-line)# login local
switch(config-line)# transport input ssh
NAT
Static NAT
R1(config)#ip nat inside source static [inside local] [inside
global]
Ejemplo
R1(config)#ip nat inside source static 10.1.1.1 192.168.1.2

R1(config)#interface ethernet 0
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#ip nat inside
R1(config)#interface serial 0
R1(config-if)#ip nat outside
Configurando Dynamic NAT

R1(config)#ip nat pool [name] [first address] [last address]
netmask [subnet-mask]
R1(config)#ip nat inside source lista acl-number pool pool-name
Ejemplo
11
R1(config)# access-list 1 permit 10.1.0.0 0.0.255.255
R1(config-if)#exit
R1(config-if)#exit
R1(config)# ip nat pool nat-pool 179.9.8.80 179.9.8.95 netmask
255.255.255.0
R1(config)#ip nat inside source list 1 pool nat-pool
Configurar PAT OVERLOAD

R1(config)#ip nat pool [name] [ip address] netmask [subnet-mask]
R1(config)# ip nat inside source list [acl-number] interface
type/number overload
Ejemplo
12
R1(config)# ip nat pool nat-pool2 179.9.8.20 netmask
255.255.255.240
R1(config)# ip nat inside source list 1 interface serial 0
overload
Clear Commands
R1#clear ip nat translations
R1#clear ip nat translation inside global-ip local-ip [outside
local-ip global-ip]
R1#clear ip nat translation protocol inside global-ip global-
port local-ip local-port [outside local-ip local-port global-ip
global-ip global-port]
Troueblesooting
R1# show ip nat translations
R1# show ip nat statistics
R1# debug ip nat
DHCP
Configurar DHCP
R1(config)#ip dhcp pool pool-name
R1(config)#ip dhcp-excluded-address ip-address [end-ip-address]
R1(dhcp-config)#network ip-address mask
R1(dhcp-config)#default-router ip-adress
R1(dhcp-config)#dns-server ip-address
13
R1(dhcp-config)#netbios-name-server ip-address
R1(dhcp-config)#domain-name name
Ejemplo
Router (config) #ip excluded-address 172.16.1.254
Router (config) dhcp pool subnet12
Router (dhcp-config)#network 172 . 16. 12.0 255.255 .255.0
Router (dhcp—config)# default-router 172.16.12.254
Router (dhcp—config)#dns-server 172. 16. 1.2
R1(dhcp-config)#netbios-name-server 172.16.1.3
Router (dhc-confi )#domain—name foo.com
Configurando IP-Helper Address
RTA(config)#interface e0
RTA(config-if)#ip helper-address 192.168.1.254
Default Forwarded UDP services
14
Troublesooting
R1# show ip dhcp binding
R1# debug ip dhcp server events
IP SLA
Configurar IP SLA
R1(config)# ip sla monitor 11

R1(config-rtr)# type echo protocol ipIcmpEcho 10.1.1.1 source-
interface fa0/0
R1(config-rtr)# frequency 10
R1(config)# ip sla monitor schedule schedule 11 life forever
start-time now
R1(config)# track 1 rtr 11 reachability
R1(config)# ip route 0.0.0.0 0.0.0.0 fa0/0 2 track 1
---- Segundo Enlace ------
R1(config)# ip sla monitor 22

R1(config-rtr)# type echo protocol ipIcmpEcho 172.16.1.1 source-
interface fa0/1
R1(config-rtr)# frequency 10
R1(config)# ip sla monitor schedule 22 life forever start-time
now
R1(config)# track 2 rtr 22 reachability
R1(config)# ip route 0.0.0.0 0.0.0.0 fa0/1 3 track 2
Troubleshooting
R1#show ip sla summary
R1#show ip sla configuration
15
R1#show ip sla statistics
R1#show ip sla history
SNMP
SNMPv2c
COMANDO EJEMPLO
R1(config)# ip access-list R1(config)#ip access list
standard [nombre_ACL] standard ACL_PROTECTSNMP
R1(config)#permit host [IP] R1(config)#permit host
10.1.3.3
R1(config)#snmp-server ¡
community community string RO R1(config)#snmp-server
[IPv6 acl_name] [acl_name] community secretROpw RO ACL_
R1(config)#snmp-server PROTECTSNMP
community community string RW R1(config)#snmp-server
RO [IPv6 acl_name] [acl_name] community secretRWpw RW ACL_
R1(config)#snmp-server PROTECTSNMP
location [nombre] R1(config)#snmp-server
R1(config)#snmp-server contact location Atlanta
[nombre] R1(config)#snmp-server contact
Tyler B
Configurar SNMPv2c Support for Trap and Inform

COMANDO EJEMPLO
R1(config)#snmp-server host R1(config)# snmp-server host
{hostname | ip-address} 10.1.3.3 version 2c secretTRAPpw
[informs] versión 2c R1(config)#snmp-server host
R1(config)# snmp-server enable 10.1.3.4 informs version 2c
traps secretTRAPpw
R1(config)#snmp-server enable
traps
Troubleshooting
R1# show snmp community
R1# show snmp location
R1# show snmp contact
R1# show snmp host
R1# show snmp
16
SNMPv3
R1(config)# snmp-server group

BookGroup v3 auth write v1default
R1(config)# snmp-server user
Youdda BookGroup v3 auth md5
madeuppassword R1(config)# snmp-
server host 10.1.3.3 version 3
auth Youdda
Configurar Rutas Estáticas

Router(config)# ip route network-address subnet-mask {ip-address |
exit-interface}
R2(config)# ip route 172.16.3.0 255.255.255.0 172.16.2.1
Borrar rutas estáticas

R2(config)# no ip route 172.16.3.0 255.255.255.0 172.16.2.1
Configurar rutas por defecto

Router(config)# ip route 0.0.0.0 0.0.0.0 [exit-interface | ip-address
]
R1(config)# ip route 0.0.0.0 0.0.0.0 serial 0/0/0
Debug
Uso de enrutamiento de IP de depuración
R2# debug ip routing
R2# undebug all
R2# undebug ip routing
17
Protocolos de Enrutamiento
Classfull
• RIP
• IGRP
Classless
• RIP v2
• EIGRP
• OSPF v2
• IS-IS
IPv6
• RIPng
• EIGRP for IPv6
• OSPF v3
• IS-IS for IPv6
Distancia Administrativa
Verificando distancia administrativa y tipo de Protocolo

R2# show ip protocols
R2# show ip route
RIPv1
Configurando RIPv1
R1# conf terminal
R1(config)# router rip
R1(config-router)# network [IP NETWORK]
18
R1(config-router)# exit
R1(config)# no router rip ----- Borra toda la configuración incluido

las redes
Verificación y solución de problemas

R1# show ip route
Configurar Passive Interface

Router(config-router)# passive-interface interface-type interface-
number
R2(config-router)# passive-interface FastEthernet 0/0
Desabilitando Automatic Summarization

R1(config-router)# no auto-summary
Configurar Default-Information Originate

R2(config-router)# default-information originate
R2(config-router)# end
RIPv2
Configurando RIPv2
R1# conf terminal
R1(config-router)# version 2
R1(config-router)# network [IP NETWORK]
R1(config)# no router rip ----- Borra toda la configuración incluido

las redes
Verificación y solución de problemas

R1# show ip route
Desabilitando Automatic Summarization

Configurar Default-Information Originate

R2(config-router)# default-information originate
R2(config-router)# end
19
Configurar Passive Interface
Router(config-router)# passive-interface interface-type interface-
number
R2(config-router)# passive-interface FastEthernet 0/0
Verificando actualizaciones
R2# debug ip rip
RIP: sending v2 update to 224.0.0.9 via Serial0/0/0 (209.165.200.229)
EIGRP (Distance Vector Protocol)
Enabling EIGRP Routing

Router(config)# router eigrp AS number (Must be the same on all
routers)
Router(config-router)# network network-address [wildcard mask]
EIGRP Interface commands

Router(config-if)# ip summary-address eigrp as-number network-
address mask
• RTC(config-if)#ip summary-address eigrp 2446 2.1.0.0 255.255.0.0

Router(config-if)# no auto-summary
1. auto-Resumen encendido por defecto. EIGRP resume

automaticallyentre límites de clase. Debe ser utilizado para
VLSM.
Router(config-if)#bandwidth kilobits
•Configures the bandwidth used by routing metrics on the outgoing

interface.
Router(config-if)#ip bandwidth-percent eigrp as-number bandwidth-
percentage
1. De forma predeterminada, EIGRP se establece para utilizar sólo

hasta el 50% del ancho de banda de una interfaz para
intercambiar información de enrutamiento.
Router(config-router)#eigrp log-neighbor-changes
1. Este comando permite registrar los cambios de adyacencia del

vecino para monitorear la estabilidad del sistema de
enrutamiento y para ayudar a detectar problemas.
RTA(config-router)# variance number
1. La Varianza comando instruye al router a incluir rutas con una

métrica menor o igual a n veces la ruta métrica mínima para ese
destino, donde n es el número especificado por el comando
varianza.
20
Miscellaneous
Router(config-router)# default-metric 56 100 255 10 1500 {k
values)
Show commands
Router# show ip eigrp neighbors {muestra los vecinos}
Router# show ip eigrp topology
Router# show ip eigrp topology [network]
Router# show ip eigrp topology all links
• displays topology, active/passive (well) state, successors

Router# debug eigrp fsm
Router# debug eigrp packet
Comando para verificar si existe algún problema con las

autenticaciones en los paquetes que se intercambian.
Router# show ip route eigrp {Rutas EIGRP en la tabla de

enrutamiento}
Router# show ip protocols
• AS number, filtering, redistribution, neighbors, distance

Router# show ip eigrp traffic EIGRP packets sent and received
Redistribution
Example 1: EIGRP y IGRP se redistribuyen automáticamente siempre que

se utilice el mismo identificador de proceso.
Router(config)# router eigrp 44 and Router(config)# router igrp

44
Modificar la métrica EIGRP

Router (config-router) #metric weights tos k1 k2 k3 k4 k5
Configurando Hello Intervals and Hold Times

Hello intervals and hold times no tienen que coincidir con otros
routers EIGRP para establecer adyacentes el rango es desde 1-
65535. Solo OSPF’s Hello y otros temporizadores tienen que
coincidir.
Router(config-if)# ip hello-interval eigrp as-number seconds
Router(config-if)# ip hold-time eigrp as-number seconds
R1(config)# int s0/0/0
R1(config-if)# ip hello-interval eigrp 1 60
R1(config-if)# ip hold-time eigrp 1 180
21
Troubleshooting
1. ¿Qué se debe hacer si no estas las tablas de los neighbors?
a. Compruebe las interfaces locales para asegurarse de que se
activa con el comando show ip interface brief
b. Tratar de hacer ping a la dirección del neighbors
2. ¿Qué sucede si hay PING exitoso y el router no puede visualizar
al router vecino?
a. Verificar si ambos router están en el mismo EIGRP process
ID con el comando show ip eigrp neighbors
b. Verificar si no existen passive-interface con el comando
show ip protocols
c. Verificar si es que los pesos de las métricas se
encuentran establecidos por defecto con los valores K1=1,
K2=0, K3=1, K4=0, K5=0 con el comando show ip protocols
d. Verificar si se está realizando un auto-summary, si es el
caso deshabilitar con el comando no auto-summary.
3. ¿Como que comando se encuentra Successor y Feasible Successor?
a. El comando que se debe aplicar es show ip eigrp topology
Dirección muticast
224.0.0.10
OSPF (Link-state routing protocol)
Configuring OSPF Routing

Router(config)# router ospf process-id
Router(config-router)# network network-address wild-card-mask area

area-number
Prioritizing the DR (Router ID)

Sequence (Si se añade un router con mayor prioridad a la red, el Dr y
los Fusileros no cambian.):
1. Priority
Router(config-if)# ip ospf priority number {0 = No DR; 1 =

default; highest = DR}
2. Highest Loopback Address
Router(config)# interface loopback 0
Router(config-if)# ip address ip-address mask
3. Highest Interface Address
Authentication
Router(config-router)# area area-number authentication
Router(config-if)# ip ospf authentication-key password
22
Show commands
Router# show ip protocols
Router# show ip ospf
Router# show ip ospf interface interface
Router# show ip ospf neighbor
Router# show ip ospf neighbor detail
Router# show ip ospf database
Router# show ip ospf adjacencies
Router# show ip ospf border-router
Router# show ip ospf virtual-links
Timers
Router(config-if)# ip ospf hello-interval value
Router(config-if)# ip ospf dead-interval value
Miscellaneous
Router# debug ip ospf
Router# debug ip ospf adj
Router# debug ip ospf events
Referencia rápida: OSPF Routing - Multiple Areas

Backbone Area (Area 0) -
• Interconnects areas
• Accepts all LSAs
• Connects to other AS’s (External Routes)
Stub Area
• Receives summary LSAs (routes) within its own autonomous system
• Does not receive external LSAs (routes)
• Default route injected automatically by ABR
El siguiente comando debe estar en todos los enrutadores de esa área,

tanto ABR como enrutadores internos:
Router(config-router)# area area-id stub
Totally Stubby Area

• Does not receive summary LSAs (routes) within its own autonomous
system
• Default route injected automatically by ABR
Estos comandos deben estar en el ABR Router:

23
Router(config-router)# area area-id stub no-summary
El siguiente comando debe estar en todos enrutadores internos en esa

área:
Router(config-router)# area area-id stub
NSSA (Not So Stubby Area)
• Receives summary LSAs (routes) within its own autonomous system

• Allows for redistribution of external routes
• “NSSAs allow external routes to be advertised into the OSPF
autonomous system while retaining the characteristics of a stub
area to the rest of the autonomous system.” - Jeff Doyle
Uno de estos comandos debe estar en el ABR Router:
Router(config-router)# area area-id nssa
Router(config-router)# area area-id nssa default-information-

originate
{Will cause the ASBR to advertise a default route into the

NSSA.}
El siguiente comando debe estar en todos enrutadores internos en esa

área:
Router(config-router)# area area-id nssa
Configuring OSPF Routing

Router(config)# router ospf process-id

area-1-number

area-2-number
{ABR would have multiple area statements.}
24
OSPF Routing - Area Range (Summarization)
On the ABR (Resume las rutas antes de inyectarlas en diferentes

áreas)
Router(config-router)# area area-id range network-address subnet-

mask
{Summarization is off by default}
{Useful for supernetting}
On the ASBR (Resume las rutas externas antes de inyectarlas en el

dominio OSPF.)
Router(config-router)# summary-address network-address subnet-mask
Virtual Links
Router(config-router)# area area-id virtual-link abr-ip-add
{abr-ip-add usually loopback of ABR on remote area 0}
{Virtual links are used to connect discontinuous area 0’s}
Miscellaneous
Router(config-router)# area process-id default-cost metric
Router(config-if)# bandwidth value
Router(config-if)# ip ospf cost value
25
IPv6
RIPNG
Configurando RIPng
R2(config)# ipv6 router rip CCNP_RIP

% IPv6 routing not enabled
R2(config)# ipv6 unicast-routing
R2(config)# ipv6 router rip CCNP_RIP ! Created automatically if
enabled on the interface first
R2(config)# interface ethernet 0/1
R2(config-if)# ipv6 rip CCNP_RIP enable
R2(config-if)# exit
R2(config)# interface loopback 0
R2(config-if)# ipv6 rip CCNP_RIP enable
Propagando Default Route

Originate option
R1(config-if)# ipv6 rip name default-information originate |
only
R1(config)# ipv6 route ::/0 2001:DB8:FEED:1::1
R1(config)# interface Ethernet 0/3
R1(config-if)# ipv6 rip CCNP_RIP default-information originate
26
Only option
R1(config)# ipv6 route ::/0 2001:DB8:FEED:1::1
R1(config)# interface Ethernet 0/3
R1(config-if)# ipv6 rip CCNP_RIP default-information only
EIGRP for IPv6

Dirección de Multicast
FF02::A or IPv6 link-local address
Show commands
R2# show ipv6 interface brief
R1# show ipv6 eigrp neighbors
R1# show ipv6 eigrp topology
R1# show ipv6 route eigrp
R3# show ipv6 protocols
Sumarizacion Manual
R3(config-if)# ipv6 summary-address eigrp 2 2001:db8:f::/62
Configuración de EIGRP for IPv6

Chapter 2 Lab 2-4, Named EIGRP Configuration Instructor Version
Topologia
27
Objectives
• Configure Named EIGRP for IPv4 and IPv6.
• Verify Named EIGRP configuration.
• Configure and verify passive routes Named EIGRP
configuration.
• Configure and verify default route using Named EIGRP
configuration.
Background
What is known as “classic” EIGRP requires separate EIGRP
configuration modes and commands for IPv4 and IPv6. Each process is
configured separately, router eigrp as-number for IPv4 and ipv6
router eigrp as-number for IPv6.
Named EIGRP uses the address family (AF) feature to unify the
configuration process when implementing both IPv4 and IPv6. In this
lab, you will configure named EIGRP for IPv4 and IPv6.
Note: This lab uses Cisco 1941 routers with Cisco IOS Release 15.4
with IP Base. The switches are Cisco WS-C2960-24TT-L with
Fast Ethernet interfaces, therefore the router will use routing
metrics associated with a 100 Mb/s interface. Depending on the
router or switch model and Cisco IOS Software version, the commands
available and output produced might vary from what is shown in this
lab.
28
Required Resources
• 4 routers (Cisco IOS Release 15.2 or comparable)
• 3 switches (LAN interfaces)
• Serial and Ethernet cables
Step 0: Suggested starting configurations.

a. Apply the following configuration to each router along with the
appropriate hostname. The exec-timeout 0 0 command should only
be used in a lab environment.
Router(config)# no ip domain-lookup
Router(config)# line con 0
Router(config-line)# logging synchronous
Router(config-line)# exec-timeout 0 0
Step 1: Configure the addressing and serial links.

a. Using the topology, configure the IPv4 and IPv6 addresses on the
interfaces of each router.
R1(config)# interface GigabitEthernet0/0
R1(config-if)# ipv6 address FE80::1 link-local
R1(config-if)# ipv6 address 2001:DB8:CAFE:1::1/64
R1(config-if)# exit
R1(config)# interface Serial0/0/0
R1(config-if)# clock rate 64000

R2(config-if)# exit
29
R2(config-if)# exit

R3(config-if)# exit
R3(config-if)# exit
R3(config-if)# ipv6 address 2001:DB8:FEED:77::2/64
30
R3(config-if)#

R4(config-if)# ipv6 address 2001:DB8:FEED:77::1/64
R4(config-if)# exit
R4(config)# ipv6 route 2001:DB8:CAFE::/48
2001:DB8:FEED:77::2
R4(config)# ip route 0.0.0.0 0.0.0.0 192.168.77.2
R4(config)#
b. Verify connectivity by pinging across each of the local networks

connected to each router.
c. Issue the show ip interface brief and show ipv6 interface brief
commands on each router. This command displays a brief listing
of the interfaces, their status, and their IP addresses. Router
R1 is shown as an example.
R1# show ip interface brief
Interface IP-Address OK? Method Status
Protocol
Embedded-Service-Engine0/0 unassigned YES unset
administratively down down
GigabitEthernet0/0 192.168.1.1 YES manual up
up
GigabitEthernet0/1 unassigned YES unset
Serial0/0/0 192.168.2.1 YES manual up
up
Serial0/0/1 unassigned YES unset
Em0/0 [administratively down/down]
unassigned
GigabitEthernet0/0 [up/up]
FE80::1
2001:DB8:CAFE:1::1
GigabitEthernet0/1 [administratively down/down]
unassigned
Serial0/0/0 [up/up]
FE80::1
31
2001:DB8:CAFE:2::1
Serial0/0/1 [administratively down/down]
unassigned
R1#
Step 2: Configure Named EIGRP for IPv4 on R1.

a. Named EIGRP is organized in an hierarchical manner.
Configuration for each routing protocol, EIGRP for IPv4 and
EIGRP for IPv6 is done within its own address family. To
configure named EIGRP configuration use the router eigrp
virtual-instance-name command in global configuration mode. The
virtual-instance-names do not have to match between neighbors.
Note: IPv6 unicast routing must be enabled prior to configuring
the IPv6 address family.
R1(config)# router eigrp DUAL-STACK
R1(config-router)#
b. EIGRP doesn’t start until at least one address family has been
defined (IPv4 or IPv6). The address family command starts the
EIGRP protocol (IPv4 or IPv6) for the defined autonomous system.
To configure the IPv4 address family and autonomous system you
use the address-family ipv4 unicast autonomous-system command.
This command puts you into the address family configuration
mode. Issue the address-family ? command see the two address
families available. After configuring the IPv4 address family
for EIGRP use the ? to see what commands available in address
family configuration mode such as the af-interface, eigrp, and
network commands.
R1(config-router)# address-family ?
ipv4 Address family IPv4
ipv6 Address family IPv6
R1(config-router)# address-family ipv4 unicast autonomous-system

4
R1(config-router-af)# ?
Address Family configuration commands:
af-interface Enter Address Family interface
configuration
default Set a command to its defaults
eigrp EIGRP Address Family specific commands
exit-address-family Exit Address Family configuration mode
help Description of the interactive help
system
maximum-prefix Maximum number of prefixes acceptable in
aggregate
metric Modify metrics and parameters for address
advertisement
neighbor Specify an IPv4 neighbor router
32
network Enable routing on an IP network
no Negate a command or set its defaults
shutdown Shutdown address family
timers Adjust peering based timers
topology Topology configuration mode
R1(config-router-af)#
c. In address family configuration mode you can enable EIGRP for
specific interfaces and define other general parameters such as
the router ID and stub routing. Issue the eigrp ? to see the
available options configured using the eigrp command. Use the
eigrp router-id command to configure the EIGRP router ID for the
IPv4 address family.
R1(config-router-af)# eigrp ?
default-route-tag Default Route Tag for the Internal
Routes
log-neighbor-changes Enable/Disable EIGRP neighbor logging
log-neighbor-warnings Enable/Disable EIGRP neighbor warnings
router-id router id for this EIGRP process
stub Set address-family in stubbed mode
R1(config-router-af)# eigrp router-id 1.1.1.1

d. While still in the address family configuration mode for IPv4,
use the network command to enable EIGRP on the interfaces. These
are the same network commands used in “classic” EIGRP for IPv4.
R1(config-router-af)# network 192.168.1.0
R1(config-router-af)# network 192.168.2.0 0.0.0.3
e. Exit the IPv4 address family configuration mode using the exit-
address-family command or the shorter exit command. Notice that
you are still in named EIGRP configuration mode.
R1(config-router-af)# exit-address-family
R1(config-router)#
Step 3: Configure Named EIGRP for IPv6 on R1.

a. Configure the IPv6 address family using the autonomous system
(process ID) of 6. Use the ? the view the command options
available under each mode and for some of the commands. There is
no requirement for the AS numbers to match between the IPv4 and
IPv6 address families, but they must match their neighbors’ AS.
In this example, routers R2 and R3 must use AS 4 for the IPv4
address family and AS 6 for the IPv6 address family.
6
33
b. Use the eigrp router-id command to configure the EIGRP router ID
for the IPv4 address family. The IPv6 router ID does not have to
match the a router ID configured for IPv4.
c. By default, all IPv6 interfaces are automatically enabled for
EIGRP for IPv6. This will be explored further in the next step.
In this scenario, is the eigrp router-id command required to
configure a router ID for the IPv4 AF? Is it required for the
IPv6 AF? What would happen if the router ID was not configured
using the eigrp router-id command?
________________________________________________________________
_________________
In this scenarios, the eigrp router-id command is not required
because the routers have at least one active IPv4 address. If
the eigrp router-id command is not used, the router will use the
highest IPv4 loopback address. If there are no IPv4 loopback
addresses, the router will use the highest IPv4 address on an
active physical interface. The router ID is a 32-bit value for
both EIGRP for IPv4 and IPv6.
Step 4: Configure Named EIGRP on R2 and R3.

a. Configure named EIGRP on R2 for the IPv4 address family. The
IPv6 unicast routing is enabled in preparation for configuring
the IPv6 address family.
4
*Jul 25 20:11:37.643: %DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor
192.168.2.1 (Serial0/0/0) is up: new adjacency
R2(config-router)#
Notice that the adjacency between R1 and R2 is established after
enabling EIGRP for IPv4 on the serial 0/0/0 interface.
b. Configure the IPv6 address family for EIGRP on R2.
6
*Jul 25 20:19:05.435: %DUAL-5-NBRCHANGE: EIGRP-IPv6 6: Neighbor
FE80::1 (Serial0/0/0) is up: new adjacency
34
Notice that the IPv6 adjacency with R1 comes up immediately
after configuring the IPv6 AF. This is because by default, all
IPv6 interfaces are enabled automatically.
c. On R3, configure named EIGRP on R3 for both the IPv4 and IPv6
address families. After the appropriate commands are configured
the IPv4 and IPv6 EIGRP adjacencies are established between R2
and R3. The serial link between R3 and R4 is also automatically
enabled in EIGRP for IPv6. This link is not suppose to be
included and will be disabled in EIGRP for IPv6 later in step 6.
4
*Jun 26 13:11:41.343: %DUAL-5-NBRCHANGE: EIGRP-IPv4 4: Neighbor
192.168.4.1 (Serial0/0/1) is up: new adjacency
6
FE80::2 (Serial0/0/1) is up: new adjacency
Step 5: Configure passive interfaces for named EIGRP.

a. Within each IPv4 and IPv6 AF is the address family interface
configuration mode. This mode is used to configure EIGRP
specific parameters on an interface, such as the hello timer and
summarization. From address family configuration mode, use the
af-interface interface-type interface-number command to enter
address family interface configuration mode. The following
output shows the sequence of commands starting from global
configuration mode.
4
R1(config-router-af)# af-interface gigabitethernet 0/0
R1(config-router-af-interface)#
b. Issue the ? to see the commands available in address family
interface configuration mode. Notice various commands to
configure interface specific parameters such as the hello
interval, hold timer, passive interfaces, and summarization.
R1(config-router-af-interface)# ?
35
Address Family Interfaces configuration commands:
add-paths Advertise add paths
authentication authentication subcommands
bandwidth-percent Set percentage of bandwidth percentage
limit
bfd Enable Bidirectional Forwarding Detection
dampening-change Percent interface metric must change to
cause update
dampening-interval Time in seconds to check interface metrics
exit-af-interface Exit from Address Family Interface
configuration mode
hello-interval Configures hello interval
hold-time Configures hold time
next-hop-self Configures EIGRP next-hop-self
passive-interface Suppress address updates on an interface
shutdown Disable Address-Family on interface
split-horizon Perform split horizon
summary-address Perform address summarization
R1(config-router-af-interface)#
The interface configuration mode commands are similar for both
the IPv4 and IPv6 address families. Commands issued are specific
for an interface within the address family, IPv4 or IPv6.
c. Using the passive-interface command, configure G0/0 interface as
passive for both the IPv4 and IPv6 EIGRP address families.
R1(config-router-af-interface)# passive-interface
R1(config-router-af-interface)# exit-af-interface
6
R1(config-router)#
d. Configure R2’s G0/0 interface as passive for both the IPv4 and
IPv6 address families.
4
36
6
R2(config-router-af-interface)# exit
R2(config-router-af)# exit
R2(config-router)#
e. Configure R3’s G0/0 interface as passive for both the IPv4 and
IPv6 address families.
4
6
R3(config-router-af-interface)# exit
R3(config-router-af)# exit
R3(config-router)#
Notice the exit command was used as the shorter method for the
exit-af-interface and exit-address-family commands.
Step 6: Disable named EIGRP on a specific IPv6 interface.

a. By default, all IPv6 interfaces are enabled for EIGRP for IPv6.
This happens when enabling the IPv6 address family with the
address-family ipv6 unicast autonomous-system command. Issue the
show ipv6 protocols command on R3 to verify that all three of
its IPv6 interfaces are enabled for EIGRP for IPv6. Notice that
the Serial 0/1/0 interface is also included.
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "application"
IPv6 Routing Protocol is "ND"
IPv6 Routing Protocol is "eigrp 6"
EIGRP-IPv6 VR(DUAL-STACK) Address-Family Protocol for AS(6)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 K6=0
Metric rib-scale 128
Metric version 64bit
NSF-aware route hold timer is 240
Router-ID: 3.3.3.3
37
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 16
Maximum hopcount 100
Maximum metric variance 1
Total Prefix Count: 6
Total Redist Count: 0
Interfaces:
Serial0/0/1
Serial0/1/0
GigabitEthernet0/0 (passive)
Redistribution:
None
R3#
b. As shown in the topology, R3’s S0/1/0 interface does not need to

be included in the EIGRP updates. A default route will be
configured later in this lab for reachability beyond the EIGRP
routing domain. When we configured the IPv4 AF we excluded the
network command for this interface. However, the same interface
is automatically included when configuring the IPv6 AF. The
shutdown address family interface command is used to disable
EIGRP on a specific interface. This does not disable the
physical interface, but only removes it from participating in
EIGRP.
6
R3(config-router-af)# af-interface serial 0/1/0
R3(config-router-af-interface)# shutdown
R3(config-router-af-interface)# end
R3#
How can you verify that the IPv6 interface is still active, in
the “up and up” state?
________________________________________________________________
_________________
There are several ways including using the show ipv6 interface
brief command on R3.
c. Using the show ipv6 protocols command, verify that R3 is no

longer including S0/1/0 in EIGRP for IPv6.
38
Router-ID: 3.3.3.3
Topology : 0 (base)
Active Timer: 3 min
Maximum path: 16
Interfaces:
Serial0/0/1
Redistribution:
None
R3#
Does the shutdown command used on S0/1/0 within the IPv6 AF also
have the same affect for that interface within the IPv4 AF?
________________________________________________________________
_________________
No, the shutdown command on S0/1/0 was configured within the
IPv6 AF and has no affect on the IPv4 AF.
Step 7: Configure and distribute a default static route in

named EIGRP.
a. On R3 configure IPv4 and IPv6 default static routes using an R4
as the next-hop router.
Note: With the use of CEF (Cisco Express Forwarding) it is
recommended practice that a next-hop IP address is used instead
of an exit-interface. There is a bug in IOS 15.4 that prevents
an IPv6 static route with only a next-hop address from being
redistributed. A fully specified static route with both an exit-
interface and a next-hop address is used in the example.
R3(config)# ip route 0.0.0.0 0.0.0.0 192.168.77.1
R3(config)# ipv6 route ::/0 serial0/1/0 2001:db8:feed:77::1
R3(config)#
39
a. Redistribution of static routes in named EIGRP is done in
topology configuration mode. Topology configuration mode is a
subset of an address family. By default, EIGRP has a base
topology for each address family. Additional topologies can be
configured for Multitopology Routing (MTR) which is used to
enable an EIGRP process for a specified topology. MTR is beyond
the scope of CCNP.
For each address family, issue the topology base command to
enter the base EIGRP topology. In topology configuration mode
use the redistribute static command to redistribute the default
static route into EIGRP.
4
R3(config-router-af)# topology base
R3(config-router-af-topology)# ?
Address Family Topology configuration commands:
auto-summary Enable automatic network number
summarization
default-information Control distribution of default
information
default-metric Set metric of redistributed routes
distance Define an administrative distance
distribute-list Filter entries in eigrp updates
eigrp EIGRP specific commands
exit-af-topology Exit from Address Family Topology
configuration mode
maximum-paths Forward packets over multiple paths
metric Modify metrics and parameters for
advertisement
offset-list Add or subtract offset from EIGRP metrics
redistribute Redistribute IPv4 routes from another
routing protocol
snmp Modify snmp parameters
summary-metric Specify summary to apply metric/filtering
timers Adjust topology specific timers
traffic-share How to compute traffic share over
alternate paths
variance Control load balancing variance
R3(config-router-af-topology)# redistribute static

R3(config-router-af-topology)# exit-af-topology
6
R3(config-router-af)# topology base
40
R3(config-router-af-topology)# redistribute static
R3(config-router-af-topology)# exit-af-topology
R3(config-router)#
b. Issue the show ip protocols and show ipv6 protocols commands to
verify that EIGRP is redistributing the static route.
*** IP Routing is NSF aware ***
Routing Protocol is "application"

Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Maximum path: 32
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 4)
Routing Protocol is "eigrp 4"

Default networks not flagged in outgoing updates
Default networks not accepted from incoming updates
Redistributing: static
Router-ID: 3.3.3.3
Topology : 0 (base)
Active Timer: 3 min
Maximum path: 4
Automatic Summarization: disabled

Maximum path: 4
192.168.4.0/30
41
192.168.5.0
Passive Interface(s):
GigabitEthernet0/0
192.168.4.1 90 02:07:02

Router-ID: 3.3.3.3
Topology : 0 (base)
Active Timer: 3 min
Maximum path: 16
Interfaces:
Serial0/0/1
Redistribution:
Redistributing protocol static
IPv6 Routing Protocol is "static"
R3#
Why does the show ip protocols command indicate that automatic
summarization is disabled?
________________________________________________________________
_______________
In IOS 15, automatic summarization in EIGRP for IPv4 is disabled
by default. It can be enabled using the auto-summary command in
topology configuration mode.
c. Examine the IPv4 and IPv6 routing tables on R1 to verify that it

is receiving the default static route using EIGRP.
42
R1# show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M -
mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 -
IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-
user static route
o - ODR, P - periodic downloaded static route, H - NHRP,
l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.2.2 to network 0.0.0.0
D*EX 0.0.0.0/0 [170/34036062] via 192.168.2.2, 00:03:23,

Serial0/0/0
192.168.4.0/30 is subnetted, 1 subnets
D 192.168.4.0 [90/23796062] via 192.168.2.2, 01:28:22,
Serial0/0/0
D 192.168.5.0/24 [90/23847262] via 192.168.2.2, 01:28:15,
Serial0/0/0
IPv6 Routing Table - default - 9 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static
route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D -
EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix,
DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 -
OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA
ext 2
a - Application
EX ::/0 [170/34036062]
via FE80::2, Serial0/0/0
D 2001:DB8:CAFE:4::/64 [90/23796062]
D 2001:DB8:CAFE:5::/64 [90/23847262]
D 2001:DB8:CAFE:99::/64 [90/23796702]
43
R1#
Step 8: Verify named EIGRP.

a. Although named EIGRP unifies configuration for EIGRP for IPv4
and IPv6, the neighbor tables, topology tables and EIGRP routing
processes are still separate. Use the show ip protocols and show
ipv6 protocols command to verify both EIGRP for IPv4 and IPv6
processes. Below is the output displayed for R2.
*** IP Routing is NSF aware ***
Routing Protocol is "application"

Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Maximum path: 32
Distance: (default is 4)
Routing Protocol is "eigrp 4"

Default networks flagged in outgoing updates
Default networks accepted from incoming updates
Router-ID: 2.2.2.2
Topology : 0 (base)
Active Timer: 3 min
Maximum path: 4
Automatic Summarization: disabled

Maximum path: 4
44
192.168.2.0/30
192.168.3.0
192.168.4.0/30
Passive Interface(s):
GigabitEthernet0/0
192.168.2.1 90 00:04:54
192.168.4.2 90 00:04:54
R2#
Router-ID: 2.2.2.2
Topology : 0 (base)
Active Timer: 3 min
Maximum path: 16
Interfaces:
Serial0/0/0
Serial0/0/1
Redistribution:
None
R2#
b. Issue the show ip eigrp neighbors and show ipv6 eigrp neighbors
command on R1 to verify the neighbor adjacencies with R2.
R1# show ip eigrp neighbors
EIGRP-IPv4 VR(DUAL-STACK) Address-Family Neighbors for AS(4)
45
H Address Interface Hold Uptime
SRTT RTO Q Seq
(sec)
(ms) Cnt Num
0 192.168.2.2 Se0/0/0 13 03:56:20
31 186 0 8
EIGRP-IPv6 VR(DUAL-STACK) Address-Family Neighbors for AS(6)
SRTT RTO Q Seq
(sec)
(ms) Cnt Num
0 Link-local address: Se0/0/0 13 00:09:14
669 4014 0 21
FE80::2
R1#
c. Examine R1’s EIGRP topology tables for IPv4 and IPv6 using the
show ip eigrp topology and show ipv6 eigrp topology commands.
R1# show ip eigrp topology
EIGRP-IPv4 VR(DUAL-STACK) Topology Table for AS(4)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R -
Reply,
r - reply Status, s - sia Status
P 192.168.2.0/30, 1 successors, FD is 1735175958

via Connected, Serial0/0/0
via Connected, GigabitEthernet0/0
via 192.168.2.2 (4356615958/3045895958), Serial0/0/0
via 192.168.2.2 (3045895958/1735175958), Serial0/0/0
via 192.168.2.2 (3052449558/1741729558), Serial0/0/0

EIGRP-IPv6 VR(DUAL-STACK) Topology Table for AS(6)/ID(1.1.1.1)
Reply,
P 2001:DB8:CAFE:5::/64, 1 successors, FD is 3052449558

via FE80::2 (3052449558/1741729558), Serial0/0/0
via FE80::2 (3045895958/1735175958), Serial0/0/0
via FE80::2 (3045977878/1735257878), Serial0/0/0
46
P ::/0, 1 successors, FD is 4356615958
via FE80::2 (4356615958/3045895958), Serial0/0/0
R1#
d. Verify that R1 has all the IPv4 and IPv6 routes shown in the
topology with the exclusion of R2’s LAN by using the show ip
route eigrp and show ipv6 route eigrp commands.
R1# show ip route eigrp
mobile, B - BGP
area
type 2
IS-IS level-2
user static route
l - LISP
D*EX 0.0.0.0/0 [170/34036062] via 192.168.2.2, 00:10:25,

Serial0/0/0
D 192.168.3.0/24 [90/13607262] via 192.168.2.2, 00:48:46,
Serial0/0/0
192.168.4.0/30 is subnetted, 1 subnets
D 192.168.4.0 [90/23796062] via 192.168.2.2, 00:48:33,
Serial0/0/0
D 192.168.5.0/24 [90/23847262] via 192.168.2.2, 00:38:12,
Serial0/0/0
route
EIGRP
DCE - Destination
47
OSPF ext 1
ext 2
a - Application
EX ::/0 [170/34036062]
D 2001:DB8:CAFE:3::/64 [90/13607262]
D 2001:DB8:CAFE:4::/64 [90/23796062]
D 2001:DB8:CAFE:5::/64 [90/23847262]
R1#
e. As a final verification of end-to-end reachability, from R1 ping
the IPv4 and IPv6 addresses on R5’s LAN.
R1# ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
56/56/56 ms
R1# ping 2001:db8:cafe:5::1
Sending 5, 100-byte ICMP Echos to 2001:DB8:CAFE:5::1, timeout is
2 seconds:
!!!!!
52/55/56 ms
R1#
f. Examine the named EIGRP configuration showing both the IPv4 and
IPv6 address families with the show running-config | section
router eigrp command. The output for R3 is displayed below.
R3# show running-config | section router eigrp
router eigrp DUAL-STACK
!
address-family ipv4 unicast autonomous-system 4
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
topology base
redistribute static
exit-af-topology
48
network 192.168.4.0 0.0.0.3
network 192.168.5.0
eigrp router-id 3.3.3.3
exit-address-family
!
!
passive-interface
exit-af-interface
!
af-interface Serial0/1/0
shutdown
exit-af-interface
!
topology base
redistribute static
exit-af-topology
exit-address-family
R3#
Device Configurations (Instructor version)
Initial Configurations
Router R1
hostname R1
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:1::1/64
no shutdown
!
interface Serial0/0/0
ip address 192.168.2.1 255.255.255.252
49
clock rate 64000
no shutdown
!
end
Router R2
hostname R2
!
ip address 192.168.3.1 255.255.255.0
no shutdown
!
ip address 192.168.2.2 255.255.255.252
no shutdown
!
ip address 192.168.4.1 255.255.255.252
clock rate 64000
no shutdown
!
end
Router R3
hostname R3
!
ip address 192.168.5.1 255.255.255.0
50
no shutdown
!
ip address 192.168.4.2 255.255.255.252
no shutdown
!
ip address 192.168.77.2 255.255.255.0
ipv6 address 2001:DB8:FEED:77::2/64
clock rate 64000
no shutdown
!
end
Router R4
hostname R4
!
ip address 192.168.77.1 255.255.255.0
no shutdown
!
ipv6 route 2001:DB8:ABCD::/48 2001:DB8:FEED:77::2
ipv6 route 2001:DB8:CAFE::/48 2001:DB8:FEED:77::2
ip route 0.0.0.0 0.0.0.0 192.168.77.2
!
end
Final Configurations
Router R1
hostname R1
!
ipv6 unicast-routing
ip cef
ipv6 cef
!
ip address 192.168.1.1 255.255.255.0
!
51
ip address 192.168.2.1 255.255.255.252
clock rate 64000
!
!
!
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 192.168.1.0
network 192.168.2.0 0.0.0.3
exit-address-family
!
!
passive-interface
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
end
Router R2
hostname R2
!
ip cef
ipv6 cef
!
ip address 192.168.3.1 255.255.255.0
!
ip address 192.168.2.2 255.255.255.252
!
ip address 192.168.4.1 255.255.255.252
52
clock rate 64000
!
!
!
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 192.168.2.0 0.0.0.3
network 192.168.3.0
network 192.168.4.0 0.0.0.3
exit-address-family
!
!
passive-interface
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
end
Router R3
hostname R3
!
ip cef
ipv6 cef
!
ip address 192.168.5.1 255.255.255.0
!
ip address 192.168.4.2 255.255.255.252
!
ip address 192.168.77.2 255.255.255.0
clock rate 64000
!
53
!
!
passive-interface
exit-af-interface
!
topology base
redistribute static
exit-af-topology
network 192.168.4.0 0.0.0.3
network 192.168.5.0
exit-address-family
!
!
passive-interface
exit-af-interface
!
af-interface Serial0/1/0
shutdown
exit-af-interface
!
topology base
redistribute static
exit-af-topology
exit-address-family
!
ip route 0.0.0.0 0.0.0.0 192.168.77.1
!
ipv6 route ::/0 Serial0/1/0 2001:DB8:FEED:77::1
!
end
Router R4
hostname R4
!
ip address 192.168.77.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.77.2
!
end
54
Chapter 2 Lab 2-3, EIGRP for IPv6 Instructor Version
Topology
Objectives
• Configure EIGRP for IPv6.
• Verify EIGRP for IPv6.
• Configure and verify passive routes using EIGRP for IPv6.
• Configure and verify summary routes using EIGRP for IPv6.
• Configure and verify default route using EIGRP for IPv6.
Background
EIGRP for IPv6 has the same overall operation and features as EIGRP
for IPv4. However, there are a few major differences between them:
• EIGRP for IPv6 is configured directly on the router interfaces.
• In the absence of the router having any IPv4 addresses, a 32-bit
router ID must be configured for the routing process to start.
• IPv6 unicast routing must be enabled before the routing process
can be configured.
In this lab, you will configure the network with EIGRP routing for
IPv6. You will also assign router IDs, configure passive
interfaces, a summary route, and verify the network is fully
converged.
Note: This lab uses Cisco 1941 routers with Cisco IOS Release 15.2
with IP Base. The switches are Cisco WS-C2960-24TT-L with Fast
Ethernet interfaces, therefore the router will use routing metrics
55
associated with a 100 Mb/s interface. Depending on the router or
switch model and Cisco IOS Software version, the commands available
and output produced might vary from what is shown in this lab.
Required Resources
• 3 switches (LAN interfaces)

b. Apply the following configuration to each router along with the
appropriate hostname. The exec-timeout 0 0 command should only
be used in a lab environment.
Step 1: Configure the addressing and serial links.

c. Using the topology, configure the IPv6 addresses on the
interfaces of each router including the loopback addresses on
R3.
R1(config)# interface gigabitethernet 0/0
R1(config-if)# ipv6 address 2001:db8:cafe:1::1/64
R1(config-if)# ipv6 address fe80::1 link-local
R1(config-if)# exit
R1(config)# interface serial 0/0/0
R1(config-if)# exit

56
R2(config-if)# exit
R2(config-if)# exit

R3(config-if)# exit
R3(config-if)# exit
R3(config-if)# ipv6 address 2001:db8:abcd:1::1/64
R3(config-if)# exit
R3(config-if)# exit
57
R3(config-if)# exit
R3(config-if)# exit
R3(config-if)# exit
R3(config-if)# ipv6 address 2001:db8:feed:77::2/64
R3(config-if)# exit
R3(config)#

R4(config-if)# ipv6 address 2001:db8:feed:77::1/64
R4(config-if)# exit
R4(config)# ipv6 route 2001:db8:cafe::/48 2001:db8:feed:77::2
R4(config)# ipv6 route 2001:db8:abcd::/48 2001:db8:feed:77::2
d. Verify connectivity by pinging across each of the local networks

connected to each router.
e. Issue the show ipv6 interface brief command on each router. This
command displays a brief listing of the interfaces, their
status, and their IPv6 addresses. Router R1 is shown as an
example.
Em0/0 [administratively down/down]
unassigned
GigabitEthernet0/0 [up/up]
FE80::1
2001:DB8:CAFE:1::1
GigabitEthernet0/1 [administratively down/down]
unassigned
58
Serial0/0/0 [up/up]
FE80::1
2001:DB8:CAFE:2::1
Serial0/0/1 [administratively down/down]
unassigned
R1#
Step 2: Configure EIGRP for IPv6 Routing.

g. Enable IPv6 unicast routing and EIGRP for IPv6 on each router.
Since there are no active IPv4 addresses configured, EIGRP for
IPv6 requires the configuration of a 32-bit router ID. Use the
router-id command to configure the router ID in the router
configuration mode.
Note: Prior to IOS 15.2 the EIGRP IPv6 routing process is shut
down by default and the no shutdown router configuration mode
command is required to enable the routing process. Although not
required with the IOS used in creating this lab, an example of
the no shutdown command is shown for router R1.
R1(config)# ipv6 router eigrp 1
R1(config-rtr)# eigrp router-id 1.1.1.1
R1(config-rtr)# no shutdown

R2(config-rtr)# router-id 2.2.2.2

R3(config-rtr)# eigrp router-id 3.3.3.3
Step 3: Configure EIGRP for IPv6 on Serial, Gigabit

Ethernet and Loopback interfaces on all routers.
f. Issue the ipv6 eigrp 1 command on the interfaces that
participate in the EIGRP routing process. EIGRP for IPv6 does
not use the network command. IPv6 prefixes are enabled on the
interface. Similar to EIGRP for IPv4, the AS number must match
the neighbor’s configuration for the router to form an
adjacency.
R1(config)# interface g0/0
R1(config-if)# ipv6 eigrp 1
R1(config-if)# exit
R1(config)# interface s0/0/0

59
R2(config-if)# exit
R2(config-if)# exit

R3(config-if)# exit
R3(config-if)# exit
R3(config)# interface loop1
R3(config-if)# exit
R3(config-if)# exit
R3(config-if)# exit
R3(config-if)# exit
h. When you assign EIGRP for IPv6 on R2’s serial 0/0/0 interface
you will see the neighbor adjacency message as the interface is
added to the EIGRP routing process.
R1#
*Sep 24 15:28:13.911: %DUAL-5-NBRCHANGE: EIGRP-IPv6 1: Neighbor FE80::2
(Serial0/0/0) is up: new adjacency
R1#
What address on R2 is used to form the neighbor adjacency with
R1? What type of IPv6 address is used to establish the
adjacencies?
________________________________________________________________
______________
The link-local address FE80::2 of the neighbor’s interface,
which was manually configured in Step 1.
Step 4: Verify EIGRP for IPv6 routing.

g. On R2, issue the show ipv6 eigrp neighbors command to verify the
adjacency has been established with its neighboring routers. The
link-local addresses of the neighboring routers are displayed in
the adjacency table.
60
EIGRP-IPv6 Neighbors for AS(1)
SRTT RTO Q Seq
(sec)
(ms) Cnt Num
31 186 0 8
FE80::3
288 1728 0 10
FE80::1
R2#
h. Verify reachability by pinging the IPv6 addresses on R3 from R1.
R1# ping 2001:db8:cafe:5::1
Sending 5, 100-byte ICMP Echos to 2001:DB8:CAFE:5::1, timeout is
2 seconds:
!!!!!
56/56/56 ms
R1# ping 2001:db8:abcd:1::1
Sending 5, 100-byte ICMP Echos to 2001:DB8:ABCD:1::1, timeout is
2 seconds:
!!!!!
52/55/56 ms
R1#
i. Use the show ipv6 route eigrp command to display IPv6 specific
EIGRP routes on all the routers. The output of R1’s routing
table is displayed below.
route
EIGRP
DCE - Destination
OSPF ext 1
ext 2
a - Application
D 2001:DB8:ABCD:1::/64 [90/2809856]
D 2001:DB8:ABCD:2::/64 [90/2809856]
D 2001:DB8:ABCD:3::/64 [90/2809856]
D 2001:DB8:ABCD:4::/64 [90/2809856]
61
D 2001:DB8:ABCD:5::/64 [90/2809856]
D 2001:DB8:CAFE:3::/64 [90/2172416]
D 2001:DB8:CAFE:4::/64 [90/2681856]
D 2001:DB8:CAFE:5::/64 [90/2684416]
R1#
j. Examine R1’s EIGRP for IPv6 topology table using the show ipv6
eigrp topology command.
EIGRP-IPv6 Topology Table for AS(1)/ID(1.1.1.1)
Reply,

via FE80::2 (2684416/2172416), Serial0/0/0
P 2001:DB8:ABCD:1::/64, 1 successors, FD is 2809856
via FE80::2 (2809856/2297856), Serial0/0/0
via FE80::2 (2809856/2297856), Serial0/0/0
via FE80::2 (2172416/28160), Serial0/0/0
via FE80::2 (2681856/2169856), Serial0/0/0
via FE80::2 (2809856/2297856), Serial0/0/0
via FE80::2 (2809856/2297856), Serial0/0/0
via FE80::2 (2809856/2297856), Serial0/0/0
R1#
Why are there no feasible successors?
________________________________________________________________
___________________
R1 does not have any other paths to these networks. There are no
redundant paths in this topology.
Why are there two more entries in R1’s EIGRP topology table than
there is when displaying R1’s EIGRP routes with the show ipv6
route eigrp command?
________________________________________________________________
___________________
The show ipv6 route eigrp command does not include the directly
connected networks.
62
k. Issue the show ipv6 protocols command to verify the configured
parameters. Examining the output, EIGRP for IPv6 is the
configured IPv6 routing protocol with 1.1.1.1 as the router ID
for R1. This routing protocol is associated with autonomous
system 1 with two active interfaces: G0/0 and S0/0/0.
EIGRP-IPv6 Protocol for AS(1)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
Router-ID: 1.1.1.1
Topology : 0 (base)
Active Timer: 3 min
Maximum path: 16
Interfaces:
GigabitEthernet0/0
Serial0/0/0
Redistribution:
None
R1#
Step 5: Configure and verify passive interfaces.

l. A passive interface does not allow outgoing and incoming routing
updates over the configured interface. The passive-interface
interface command causes the router to stop sending and
receiving Hello packets over an interface but continues to
advertise that network in it’s routing updates. Configure
passive interfaces on each of the three routers’ LAN interfaces.
R1(config-rtr)# passive-interface g0/0


What would be the result if the ipv6 eigrp 1 commands were

removed from the G0/0 interfaces instead of using the passive-
interface command? _____________________
The routers would not include their G0/0 IPv6 prefixes in their
EIGRP updates to their neighbors.
m. Issue the show ipv6 protocols command on R1 and verify that G0/0
has been configured as passive.
63
Router-ID: 1.1.1.1
Topology : 0 (base)
Active Timer: 3 min
Maximum path: 16
Interfaces:
Serial0/0/0
Redistribution:
None
R1#
n. Issue the show ipv6 route eigrp command on R3 to verify it is

still receiving EIGRP updates containing the IPv6 prefixes that
were configured as passive-interfaces.
route
EIGRP
DCE - Destination
OSPF ext 1
ext 2
a - Application
D 2001:DB8:CAFE:1::/64 [90/2684416]
D 2001:DB8:CAFE:2::/64 [90/2681856]
D 2001:DB8:CAFE:3::/64 [90/2172416]
R3#
64
Step 6: Configure and verify a summary route.
o. Issue the show ipv6 route eigrp command on R1 and verify that is
has all five of R3’s loopback prefixes in its IPv6 routing
table.
route
EIGRP
DCE - Destination
OSPF ext 1
ext 2
a - Application
D 2001:DB8:ABCD:1::/64 [90/2809856]
D 2001:DB8:ABCD:2::/64 [90/2809856]
D 2001:DB8:ABCD:3::/64 [90/2809856]
D 2001:DB8:ABCD:4::/64 [90/2809856]
D 2001:DB8:ABCD:5::/64 [90/2809856]
D 2001:DB8:CAFE:3::/64 [90/2172416]
D 2001:DB8:CAFE:4::/64 [90/2681856]
D 2001:DB8:CAFE:5::/64 [90/2684416]
R1#
p. To optimize EIGRP for IPv6, on R3 summarize the loopback
addresses as a single route and advertise the summary route in
R3’s EIGRP updates to R2. Using the same summarization method
used for IPv4, The IPv6 loopback addresses can be summarized as
2001:DB8:ABCD::/61. The loopback addresses have the first 61
bits in common. After configuring the summary route on the
interface, notice that the neighbor adjacency between R3 and R2
is resynchronized (restarted).
R3(config-if)# ipv6 summary-address eigrp 1 2001:db8:abcd::/61
FE80::2 (Serial0/0/1) is resync: summary configured
q. Examine R1’s routing table and verify that R1 is now only

receiving a summary route for R3’s loopback prefixes.
65
route
EIGRP
DCE - Destination
OSPF ext 1
ext 2
a - Application
D 2001:DB8:ABCD::/61 [90/2809856]
D 2001:DB8:CAFE:3::/64 [90/2172416]
D 2001:DB8:CAFE:4::/64 [90/2681856]
D 2001:DB8:CAFE:5::/64 [90/2684416]
R1#
r. From R1, ping R3’s loopback addresses to verify reachability to

each address.
2 seconds:
!!!!!
52/55/56 ms
2 seconds:
!!!!!
52/55/56 ms
2 seconds:
!!!!!
56/56/56 ms
2 seconds:
!!!!!
56/56/56 ms
R1#R1# ping 2001:db8:abcd:5::1
2 seconds:
66
!!!!!
52/56/60 ms
R1#
s. Issue the show ipv6 protocols command on R3 to verify the

configured summary route. From the output, EIGRP for IPv6 is
still advertising the loopback addresses and that there is
address summarization in effect.
Router-ID: 3.3.3.3
Topology : 0 (base)
Active Timer: 3 min
Maximum path: 16
Interfaces:
Serial0/0/1
Loopback1
Loopback2
Loopback3
Loopback4
Loopback5
Redistribution:
None
Address Summarization:
2001:DB8:ABCD::/61 for Se0/0/1
Summarizing 5 components with metric 128256
R3#
Step 7: Configure and verify a default route and CEF.

t. On R3 configure an IPv6 default static route using the next-hop
address of R4. Redistribute the static route in EIGRP using the
redistribute static command.
Note: With the use of CEF (Cisco Express Forwarding) it is
recommended practice that a next-hop IP address is used instead
of an exit-interface. There is a bug in IOS 15.4 that prevents
an IPv6 static route with only a next-hop address from being
redistributed. A fully specified static route with both an exit-
interface and a next-hop address is used in the example.
67
R3(config)# ipv6 route ::/0 serial0/1/0 2001:db8:feed:77::1
R3(config-rtr)# redistribute static
u. Issue the show ipv6 route eigrp command on R1 to verify it has
received the default route using EIGRP.
route
EIGRP
DCE - Destination
OSPF ext 1
ext 2
a - Application
EX ::/0 [170/3193856]
D 2001:DB8:ABCD::/61 [90/2809856]
D 2001:DB8:CAFE:3::/64 [90/2172416]
D 2001:DB8:CAFE:4::/64 [90/2681856]
D 2001:DB8:CAFE:5::/64 [90/2684416]
R1#
Why does the default route have a code of “EX”?
________________________________________________________________
_______________
The redistributed route is considered an external EIGRP route
with an administrative distance of 170.
v. Verify reachability to R4 by pinging its serial interface.
R1# ping 2001:db8:feed:77::1
Sending 5, 100-byte ICMP Echos to 2001:DB8:FEED:77::1, timeout
is 2 seconds:
!!!!!
80/83/84 ms
R1#
w. IPv6 Routing CEF is a forwarding mechanism to optimize the layer
3 and layer 2 lookup processes into a single process. Starting
with IOS 15.4 CEF for IPv6 is enabled automatically when ipv6
unicast-routing is configured. The show ipv6 cef command can be
used to verify the status of CEF for IPv6. If CEF is disabled,
it can be enabled with the ipv6 cef global configuration
68
command. The output below shows an example of CEF currently
disabled and then enabled.
Note: CEF for IPv4 is enabled by default.
R1# show ipv6 cef summary
IPv6 CEF is disabled.
VRF Default
1 prefix (1/0 fwd/non-fwd)
Table id 0x1E000000
Database epoch: 0 (1 entry at this epoch)
R1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# ipv6 cef
R1(config)# exit
R1# show ipv6 cef summary
IPv6 CEF is enabled and running centrally.
VRF Default
14 prefixes (14/0 fwd/non-fwd)
Table id 0x1E000000
Database epoch: 0 (14 entries at this epoch)
Router R1
hostname R1
!
no shutdown
!
clock rate 64000
no shutdown
!
end
Router R2
hostname R2
!
no shutdown
!
69
no shutdown
!
clock rate 64000
no shutdown
!
end
Router R3
hostname R3
!
interface Loopback1
ipv6 address 2001:DB8:ABCD:1::1/64
!
interface Loopback2
!
interface Loopback3
!
interface Loopback4
!
interface Loopback5
!
no shutdown
!
no shutdown
!
clock rate 64000
no shutdown
!
end
Router R4
hostname R4
!
70
no shutdown
!
!
end
Final Configurations
Router R1
hostname R1
!
ipv6 cef
!
ipv6 eigrp 1
!
ipv6 eigrp 1
clock rate 64000
!
ipv6 router eigrp 1
passive-interface GigabitEthernet0/0
!
end
Router R2
hostname R2
!
ipv6 cef
!
ipv6 eigrp 1
!
ipv6 eigrp 1
!
ipv6 eigrp 1
71
clock rate 64000
!
ipv6 router eigrp 1
!
end
Router R3
hostname R3
!
ipv6 cef
!
interface Loopback1
ipv6 eigrp 1
!
interface Loopback2
ipv6 eigrp 1
!
interface Loopback3
ipv6 eigrp 1
!
interface Loopback4
ipv6 eigrp 1
!
interface Loopback5
ipv6 eigrp 1
!
ipv6 eigrp 1
!
ipv6 eigrp 1
ipv6 summary-address eigrp 1 2001:DB8:ABCD::/61
!
clock rate 64000
!
ipv6 route ::/0 Serial0/1/0 2001:DB8:FEED:77::1
ipv6 router eigrp 1
redistribute static
72
!
end
Router R4
hostname R4
!
!
!
end
OSPF V3
Show Commands
R1# show ipv6 ospf neighbor
R1# show ipv6 ospf database
R3# show ipv6 route ospf
Configurando Interfaces
Chapter 3 Lab 3-1, OSPF Virtual Links Instructor Version

Topology
73
Objectives
• Configure multi-area OSPF on a router.
• Verify multi-area behavior.
• Create an OSPF virtual link.
• Summarize an area.
• Generate a default route into OSPF.
Background
You are responsible for configuring the new network to connect
your company’s engineering, marketing, and accounting
departments, represented by loopback interfaces on each of the
three routers. The physical devices have just been installed and
connected by serial cables. Configure multiple-area OSPFv2 to
allow full connectivity between all departments.
In addition, R1 has a loopback interface representing a
connection to the Internet. This connection will not be added
into OSPFv2. R3 will have four additional loopback interfaces
representing connections to branch offices.
Note: This lab uses Cisco 1941 routers with Cisco IOS Release
15.4 with IP Base. The switches are Cisco WS-C2960-24TT-L with
Fast Ethernet interfaces, therefore the router will use routing
metrics associated with a 100 Mb/s interface. Depending on the
router or switch model and Cisco IOS Software version, the
commands available and output produced might vary from what is
shown in this lab.
Required Resources
a. Apply the following configuration to each router along with
the appropriate hostname. The exec-timeout 0 0 command should
only be used in a lab environment.
Step 1: Configure addressing and loopbacks.
74
Using the addressing scheme in the diagram, apply IP addresses
to the serial interfaces on R1, R2, and R3. Create loopbacks on
R1, R2, and R3, and address them according to the diagram.
R1# configure terminal
R1(config-if)# description Engineering Department
R1(config-if)# interface loopback 30
R1(config-if)# interface serial 0/0/0
R1(config-if)# clockrate 64000

R2(config-if)# description Marketing Department

75
R3(config-if)# description Accounting Department
Step 2: Add interfaces into OSPF.
a. Create OSPF process 1 and OSPF router ID on all three
routers. Using the network command, configure the subnet of the
serial link between R1 and R2 to be in OSPF area 0. Add loopback
1 on R1 and loopback 2 on R2 into OSPF area 0.
Note: The default behavior of OSPF for loopback interfaces is to
advertise a 32-bit host route. To ensure that the full /24
network is advertised, use the ip ospf network point-to-point
command. Change the network type on the loopback interfaces so
that they are advertised with the correct subnet.
R1(config)# router ospf 1
R1(config-router)# router-id 1.1.1.1
R1(config-router)# network 10.1.12.0 0.0.0.255 area 0
R1(config-if)# ip ospf network point-to-point
R1(config-if)# end
76
The show ip ospf command should be used to verify the OSPF
router ID. If the OSPF router ID is using a 32-bit value other
than the one specified by the router-id command, you can reset
the router ID by using the clear ip ospf pid process command and
re-verify using the command show ip ospf.
R1# show ip ospf

Routing Process "ospf 1" with ID 172.30.30.1
Start time: 04:19:23.024, Time elapsed: 00:31:01.416
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
R1# clear ip ospf 1 process

77
Reset OSPF process 1? [no]: yes
R1# show ip ospf
Start time: 04:19:23.024, Time elapsed: 00:31:01.416
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
R1#

78
R2(config-if)# end
Again, the show ip ospf command should be used to verify the

OSPF router ID. If the OSPF router ID is using a 32-bit value
other than the one specified by the router-id command, you can
reset the router ID by using the clear ip ospf pid process
command and re-verify using the command show ip ospf.
b. Verify that you can see OSPF neighbors in the show ip ospf
neighbors output on both routers. Verify that the routers can
see each other’s loopback with the show ip route command.
R1# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address

Interface
2.2.2.2 0 FULL/ - 00:00:30 10.1.12.2
Serial0/0/0
R1# show ip route

mobile, B - BGP
area
type 2
IS-IS level-2
user static route
79
l - LISP
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

C 10.1.1.0/24 is directly connected, Loopback1
L 10.1.1.1/32 is directly connected, Loopback1
O 10.1.2.0/24 [110/65] via 10.1.12.2, 00:05:04,
Serial0/0/0
C 10.1.12.0/24 is directly connected, Serial0/0/0
L 10.1.12.1/32 is directly connected, Serial0/0/0
R1#

Interface
1.1.1.1 0 FULL/ - 00:00:30 10.1.12.1
Serial0/0/0
R2# show ip route

mobile, B - BGP
area
type 2
80
IS-IS level-2
user static route
l - LISP

O 10.1.1.0/24 [110/65] via 10.1.12.1, 00:06:33,
Serial0/0/0
R2#
c. Add the subnet between R2 and R3 into OSPF area 23 using
the network command. Add loopback 3 on R3 into area 23.

81
Again, the show ip ospf command should used to verify the OSPF
router ID. If the OSPF router ID is using a 32-bit value other
than the one specified by the router-id command, you can reset
the router ID by using the clear ip ospf pid process command and
re-verify using the command show ip ospf.
d. Verify that this neighbor relationship comes up with the

show ip ospf neighbors command.

Interface
1.1.1.1 0 FULL/ - 00:00:35 10.1.12.1
Serial0/0/0
3.3.3.3 0 FULL/ - 00:00:33 10.1.23.3
Serial0/0/1
R2#
Step 3: Create a virtual link.
e. Add loopbacks 100 through 103 on R3 to R3’s OSPF process in
area 100 using the network command. Change the network type to
advertise the correct subnet mask.
82
f. Look at the output of the show ip route command on R2.
Notice that the routes to those networks do not appear. The
reason for this behavior is that area 100 on R3 is not connected
to the backbone. It is only connected to area 23. If an area is
not connected to the backbone, its routes are not advertised
outside of its area.
R2#show ip route
mobile, B - BGP
area
type 2
IS-IS level-2
user static route
l - LISP

O 10.1.1.0/24 [110/65] via 10.1.12.1, 00:09:22,
Serial0/0/0
O 10.1.3.0/24 [110/65] via 10.1.23.3, 00:08:03,
Serial0/0/1
83
R2#
What would happen if routes could pass between areas without

going through the backbone?
Routing loops might occur because any route could get advertised
to different areas. By passing through the backbone, type 3 LSAs
are generated by their respective areas and not sent back in.
You can get around this situation by creating a virtual link. A
virtual link is an OSPF feature that creates a logical extension
of the backbone area across a regular area, without actually
adding any physical interfaces into area 0.
Note: Prior to creating a virtual link you need to identify the
OSPF router ID for the routers involved (R2 and R3), using a
command such as show ip ospf, show ip protocols or show ip ospf
interface. The output for the show ip ospf command on R1 and R3
is shown below.
R2# show ip ospf
<output omitted>
R3# show ip ospf

<output omitted>
g. Create a virtual link using the area transit_area virtual-

link router-id OSPF configuration command on both R2 and R3.
R2(config-router)# area 23 virtual-link 3.3.3.3
R2(config-router)#
84
R3(config-router)# area 23 virtual-link 2.2.2.2
*Aug 9 12:47:46.110: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on
OSPF_VL0 from LOADING to FULL, Loading Done
R3(config-router)#
Notice after virtual links are established IOS will report full
adjacency between both routers.
h. After you see the adjacency over the virtual interface come
up, issue the show ip route command on R2 and see the routes
from area 100. You can verify the virtual link with the show ip
ospf neighbor and show ip ospf interface commands.
R2# show ip route
mobile, B - BGP
area
type 2
IS-IS level-2
user static route
l - LISP

O 10.1.1.0/24 [110/65] via 10.1.12.1, 00:18:16,
Serial0/0/0
85
O 10.1.3.0/24 [110/65] via 10.1.23.3, 00:16:57,
Serial0/0/1
O IA 192.168.100.0/24 [110/65] via 10.1.23.3, 00:03:28,
Serial0/0/1
O IA 192.168.101.0/24 [110/65] via 10.1.23.3, 00:03:28,
Serial0/0/1
O IA 192.168.102.0/24 [110/65] via 10.1.23.3, 00:03:28,
Serial0/0/1
O IA 192.168.103.0/24 [110/65] via 10.1.23.3, 00:03:28,
Serial0/0/1
R2#

Interface
3.3.3.3 0 FULL/ - - 10.1.23.3
OSPF_VL0
1.1.1.1 0 FULL/ - 00:00:38 10.1.12.1
Serial0/0/0
3.3.3.3 0 FULL/ - 00:00:35 10.1.23.3
Serial0/0/1
R2# show ip ospf interface

OSPF_VL0 is up, line protocol is up
Internet Address 10.1.23.2/24, Area 0, Attached via Not
Attached
Process ID 1, Router ID 2.2.2.2, Network Type VIRTUAL_LINK,
Cost: 64
Topology-MTID Cost Disabled Shutdown Topology
Name
86
0 64 no no Base
Configured as demand circuit
Run as demand circuit
DoNotAge LSA allowed
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Retransmit 5
oob-resync timeout 40
Hello due in 00:00:02
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 3/4, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 3.3.3.3 (Hello suppressed)
Suppress hello for 1 neighbor(s)
<output omitted>
When are virtual links useful?
Virtual links are useful when there needs to be a temporary

extension of the backbone, either because the backbone became
discontiguous or a new area got added onto an existing area.
Why are virtual links a poor long-term solution?
87
Virtual links are a poor long-term solution because they add
processing overhead and basically extend the backbone area onto
routers where it might not belong. They can also add a lot of
complexity to troubleshooting.
Step 4: Summarize an area.
Loopbacks 100 through 103 can be summarized into one supernet of
192.168.100.0 /22. You can configure area 100 to be represented
by this single summary route.
i. Configure R3 (the ABR) to summarize this area using the
area area range network mask command.
R3(config-router)# area 100 range 192.168.100.0 255.255.252.0
j. You can see the summary route on R2 with the show ip route
and show ip ospf database commands.
R2#show ip route
mobile, B - BGP
area
type 2
IS-IS level-2
user static route
l - LISP
88
O 10.1.1.0/24 [110/65] via 10.1.12.1, 00:24:14,
Serial0/0/0
O 10.1.3.0/24 [110/65] via 10.1.23.3, 00:22:55,
Serial0/0/1
O IA 192.168.100.0/22 [110/65] via 10.1.23.3, 00:00:04,
Serial0/0/1
R2#
R2# show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum

Link count
1.1.1.1 1.1.1.1 98 0x80000006 0x00AA98
3
2.2.2.2 2.2.2.2 608 0x80000006 0x00AF0B
4
3.3.3.3 3.3.3.3 1 (DNA) 0x80000002 0x00ADFC
1
Summary Net Link States (Area 0)

10.1.3.0 2.2.2.2 1408 0x80000001 0x002ABB
89
10.1.3.0 3.3.3.3 1 (DNA) 0x80000002 0x008799
10.1.23.0 2.2.2.2 1482 0x80000001 0x00438F
10.1.23.0 3.3.3.3 1 (DNA) 0x80000002 0x0023AA
192.168.100.0 3.3.3.3 1 (DNA) 0x80000003 0x00243F
Router Link States (Area 23)

Link count
2.2.2.2 2.2.2.2 608 0x80000003 0x0099A1
2
3.3.3.3 3.3.3.3 609 0x80000005 0x00E92B
3
Summary Net Link States (Area 23)

10.1.1.0 2.2.2.2 1482 0x80000002 0x003EA8
10.1.2.0 2.2.2.2 1482 0x80000002 0x00B075
10.1.12.0 2.2.2.2 1482 0x80000002 0x00BA22
192.168.100.0 3.3.3.3 43 0x80000002 0x00263E
R2#
k. Notice on R3 that OSPF has generated a summary route

pointing toward Null0.
R3#show ip route
mobile, B - BGP
area
type 2
90
IS-IS level-2
user static route
l - LISP

O 10.1.1.0/24 [110/129] via 10.1.23.2, 00:02:17,
Serial0/0/1
O 10.1.2.0/24 [110/65] via 10.1.23.2, 00:02:17,
Serial0/0/1
O 10.1.12.0/24 [110/128] via 10.1.23.2, 00:02:17,
Serial0/0/1
O 192.168.100.0/22 is a summary, 00:02:17, Null0
91
R3#
This behavior is known as sending unknown traffic to the “bit

bucket.” This means that if the router advertising the summary
route receives a packet destined for something covered by that
summary but not in the routing table, it drops it.
What is the reasoning behind this behavior?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
The reason that summaries generate local routes to Null0 is that

when a router creates a summary address, it should have routes to
all the existent more-specific routes. If the router lacks a more-
specific route for a prefix within the summary, it is assumed that
the route does not exist, and packets destined for that prefix
should be dropped. If the route did not exist, bandwidth could be
wasted if this router has a less specific route (such as a default
route) and forwards the packet to the route until it is dropped
further down the line.
The discard route also solves another problem. Depending on the
contents of the routing table, a routing loop can be formed between
two routers, one receiving a summary route from the second one,
while the second one uses the first one as its default gateway.
If a packet for a nonexistent component of the summary route was
received and there was no discard route installed in the second
router, the packet would loop between the routers until its TTL
was decremented to 0.
Step 5: Generate a default route into OSPF.
92
You can simulate loopback 30 on R1 to be a connection to the
Internet. You do not need to advertise this specific network to
the rest of the network. Instead, you can just have a default
route for all unknown traffic to go to R1.
l. To have R1 generate a default route, use the OSPF
configuration command default-information originate always. The
always keyword is necessary for generating a default route in
this scenario. Without this keyword, a default route is
generated only into OSPF if one exists in the routing table.
R1(config-router)# default-information originate always
m. Verify that the default route appears on R2 and R3 with the
show ip route command.
R2#show ip route
mobile, B - BGP
area
type 2
IS-IS level-2
user static route
l - LISP
O*E2 0.0.0.0/0 [110/1] via 10.1.12.1, 00:00:13, Serial0/0/0

O 10.1.1.0/24 [110/65] via 10.1.12.1, 00:28:42,
Serial0/0/0
93
O 10.1.3.0/24 [110/65] via 10.1.23.3, 00:27:23,
Serial0/0/1
O IA 192.168.100.0/22 [110/65] via 10.1.23.3, 00:04:32,
Serial0/0/1
R2#
R3#show ip route
mobile, B - BGP
area
type 2
IS-IS level-2
user static route
l - LISP
O*E2 0.0.0.0/0 [110/1] via 10.1.23.2, 00:00:45, Serial0/0/1

94
O 10.1.1.0/24 [110/129] via 10.1.23.2, 00:05:08,
Serial0/0/1
O 10.1.2.0/24 [110/65] via 10.1.23.2, 00:05:08,
Serial0/0/1
O 10.1.12.0/24 [110/128] via 10.1.23.2, 00:05:08,
Serial0/0/1
O 192.168.100.0/22 is a summary, 00:05:08, Null0
R3#
n. You should be able to ping the interface connecting to the
Internet from R2 or R3, despite never being advertised into
OSPF.
R3# ping 172.30.30.1

Sending 5, 100-byte ICMP Echos to 172.30.30.1, timeout is 2
seconds:
95
!!!!!
28/30/32 ms

hostname R1
!
interface Loopback1
description Engineering Department
ip address 10.1.1.1 255.255.255.0
!
interface Loopback30
ip address 172.30.30.1 255.255.255.252
!
ip address 10.1.12.1 255.255.255.0
clock rate 64000
no shutdown
!
end
Router R2
hostname R2
!
interface Loopback2
description Marketing Department
ip address 10.1.2.1 255.255.255.0
!
96
ip address 10.1.12.2 255.255.255.0
no shutdown
!
ip address 10.1.23.2 255.255.255.0
clock rate 64000
no shutdown
!
end
Router R3
hostname R3
!
interface Loopback3
description Accounting Department
ip address 10.1.3.1 255.255.255.0
!
ip address 192.168.100.1 255.255.255.0
!
ip address 192.168.101.1 255.255.255.0
!
ip address 192.168.102.1 255.255.255.0
!
ip address 192.168.103.1 255.255.255.0
!
97
ip address 10.1.23.3 255.255.255.0
no shutdown
!
end

Router R1
hostname R1
!
interface Loopback1
description Engineering Department
ip address 10.1.1.1 255.255.255.0
ip ospf network point-to-point
!
ip address 172.30.30.1 255.255.255.252
!
ip address 10.1.12.1 255.255.255.0
clock rate 64000
no shutdown
!
router ospf 1
router-id 1.1.1.1
network 10.1.1.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0
default-information originate always
!
98
end
Router R2
hostname R2
!
interface Loopback2
description Marketing Department
ip address 10.1.2.1 255.255.255.0
!
ip address 10.1.12.2 255.255.255.0
no shutdown
!
ip address 10.1.23.2 255.255.255.0
clock rate 64000
no shutdown
!
router ospf 1
router-id 2.2.2.2
area 23 virtual-link 3.3.3.3
network 10.1.2.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 23
!
end
Router R3
hostname R3
99
!
interface Loopback3
description Accounting Department
ip address 10.1.3.1 255.255.255.0
!
ip address 192.168.100.1 255.255.255.0
!
ip address 192.168.101.1 255.255.255.0
!
ip address 192.168.102.1 255.255.255.0
!
ip address 192.168.103.1 255.255.255.0
!
ip address 10.1.23.3 255.255.255.0
no shutdown
!
router ospf 1
router-id 3.3.3.3
area 23 virtual-link 2.2.2.2
area 100 range 192.168.100.0 255.255.252.0
100
network 10.1.3.0 0.0.0.255 area 23
network 10.1.23.0 0.0.0.255 area 23
network 192.168.100.0 0.0.3.255 area 100
!
end
RADIUS Server
Show Commands
R1# show aaa servers
R1# show radius server-group all
Dialer Interface
Router (config-if)#ip address negotiated
Router (config-if)#encapsulation ppp
Router (config-if)#dialer pool number
Configurar Externally Facing Ethernet Interface

Router(config-if)#ppoe-client dial-pool-number number
Router(config-if)#ip nat outside
101
Switching
VLANS
Crear un Vlan
Switch# configure terminal
Switch(config)# vlan 5
Switch(config-vlan)# name Engineering
Switch(config-vlan)# exit
Configuración de un Puerto Troncal

Switch(config)# interface FastEthernet 5/8
Switch(config-if)# switchport trunk encapsulation dot1q -----
Varios switchs ya no necesitan este commando
Switch(config-if)# switchport mode trunk --- Por defecto pasa
todas las VLANs
Switch(config-if)# switchport nonegotiate optional
Switch(config-if)# switchport trunk allowed vlan 1-100
Switch(config-if)# no shutdown
Switch(config-if)# end
Configurando Puertos de Acesso

ALS1(config)# inter fa 0/6
ALS1(config-if)# switchport mode access
Configurar VLAN
Switch# configure terminal
Switch(config)# hostname DLS1
DLS1(config)# interface vlan 1
DLS1(config-if)# ip address 10.1.1.101 255.255.255.0
DLS1(config-if)# no shutdown
DLS1(config)# end
Asignando un Puerto a una VLAN

Switch(config)# interface FastEthernet 5/6
Switch(config-if)# description PC A
Switch(config-if)# switchport access vlan 200
102
Switch(config-if)# no shutdown
Switch(config-if)# end
Borrando VLANs
DLS1(config)# inter fa 0/1
DLS1(config-if)# no switchport access vlan 55
DLS1(config-if)# exit
DLS1(config)# no vlan 55
DLS1(config)# end
Configurando VLAN Nativa

DLS2(config)# interface fa 0/11
DLS2(config-if)# switchport trunk native vlan 2
Configurando Private Vlans

Creando PVlans
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# private-vlan community
Switch(config-vlan)# private-vlan community
Switch(config-vlan)# private-vlan isolated
Switch(config-vlan)# private-vlan association 200,201,300
Switch(config)# interface vlan 100
Switch(config-if)# private-vlan mapping add 200,201,300
Configurando Asociaciones de puertos en PVlans

Switch(config)# interface range fa 0/1 – 5
Switch(config-if)# switchport mode private-vlan promiscuous
Switch(config-if)# exit
Switch(config-if)# switchport mode private-vlan host
103
Switch(config-if)# switchport private-vlan host-association 100
200
201
300
Troubleshooting
Switch# show vlan id [numero de vlan]
Switch# show running-config interface FastEthernet [interface]
Switch# show interfaces f0/18 switchport
Switch# show mac-address-table interface GigabitEthernet 0/1
vlan 1
ALS1# show interface trunk
Vlan de Voz
Switch(config-if)# switchport voice vlan {vlan-id | dot1p |
untagged | none}
Switchport voice vlan none

Switch(config-if)# switchport voice vlan none
Switchport voice vlan dot1p

Switch(config-if)# switchport voice vlan dot1p
Switchport voice vlan untagged

Switch(config-if)# switchport voice vlan untagged
104
Switchport voice vlan vvid (opción recomendada)
Switch(config-if)# switchport voice vlan vlan-id
VTP
Configurando Dominios
Servidor
DLS1(config)# vtp domain SWLAB
DLS1(config)# vtp password cisco
Cliente
ALS1(config)# vtp domain Cabrillo
ALS1(config)# vtp password cisco
Configurando el servidor y cliente

DLS1(config)# vtp mode server
ALS1(config)# vtp mode client
Configurando VTP Pruning

DLS1(config)# vtp pruning
DLS1(config)# end
EtherChannel
Configurando EtherChannel Load Balancing
Switch(config)# port-channel load-balance src-dst-ip
Asignando puertos y configurando el protocolo

DLS1(config)# interface range fa 0/1 - 4
DLS1(config-if-range)# channel-protocol ?
lacp Prepare interface for LACP protocol
pagp Prepare interface for PAgP protocol
DLS1(config-if-range)# channel-protocol pagp
Configurando metodos en Pagp

Desirable - auto
DLS1(config-if-range)# channel-group 1 mode ?
active Enable LACP unconditionally
105
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
DLS1(config-if-range)# channel-group 1 mode desirable
DLS2(config-if-range)# channel-group 1 mode auto
Configurando LACP
DLS1(config-if-range)# switchport trunk encapsulation dot1q
DLS1(config-if-range)# switchport mode trunk
DLS1(config-if-range)# channel-protocol lacp
DLS1(config-if-range)# channel-group 1 mode active
DLS1(config-if-range)# lacp port-priority 99

DLS2(config)# port-channel load-balance src-dst-ip

DLS2(config-if-range)# channel-group 1 mode passive

106
Troubleshooting
DLS1# show etherchannel protocol
DLS1# show etherchannel summary
Spanning tree (STP)

Configurando STP
Switch(config)# spanning-tree vlan vlan-id
Switch(config)# no spanning-tree vlan vlan-id
Configurando un Root Bridge

Switch(config)# spanning-tree vlan 1 priority priority
Este comando configura estáticamente la prioridad (en múltiplos
de 4096). Los valores válidos son de 0 a 61.440, Default is
32768. Los valores más bajos se convierten en root Bridge.
Switch(config)# spanning-tree vlan 1 root secondary
Este comando configura este modificador como la raíz secundaria
en caso de que falle el puente raíz. El comando secundario de la
raíz del árbol de expansión modifica la prioridad de puente de
esta conmutación a 28.672.
Cambiar el Root Bridge

Core(config)# spanning-tree vlan 1-30 root primary
Distribution1(config)# spanning-tree vlan 1-30 root secondary
Configurando PortFast
Access2(config)#interface range fa 0/10 - 24
Access2(config-if-range)#switchport mode access
<Previously configured>
Access2(config-if-range)#spanning-tree portfast
O
Access2(config)#spanning-tree portfast default
ADVERTENCIA: PortFast sólo se debe activar en los puertos que
están conectados a un solo host.
Configuración de BPDU GUARD

Distribution1(config)#interface range fa 0/10 - 24
Distribution1(config-if-range)#spanning-tree bpduguard
Configuración de Root Guard

Distribution1(config)#interface fa 0/3
Distribution1(config-if-range)#spanning-tree guard root
107
Distribution1(config)#interface gig 0/2
Access2(config)#no spanning-tree uplinkfast
Implementar PVST
Switch(config)# spanning-tree mode pvst
Implementar PVST+
Switch(config)# spanning-tree mode rapid-pvst
Switch(config-if)# spanning-tree portfast
Implementar Multiple Spanning Tree Protocol (MSTP)
Distribution1(config)# spanning-tree mode mst

Distribution1(config)# spanning-tree mst configuration
Distribution1(config-mst)# name region1
Distribution1(config-mst)# revision 10
Distribution1(config-mst)# instance 1 vlan 10, 30, 100
Distribution1(config-mst)# exit
Distribution1(config)# spanning-tree mst 0-1 root primary
Distribution1(config)# spanning-tree mst 2 root secondary
108
Distribution2(config)# spanning-tree mode mst
Distribution2(config)# spanning-tree mst configuration
Distribution2(config-mst)# name region1
Distribution2(config-mst)# revision 10
Distribution2(config-mst)# exit
Distribution2(config)# spanning-tree mst 2 root primary
Distribution2(config)# spanning-tree mst 0-1 root secondary
Troubleshooting
Switch(config)# show spanning-tree inteface type mod/num
portfast
DHCPv6
COMANDOS EJEMPLO
Router(config)#ipv6 unicast- R1(config)#ipv6 unicast-routing
routing
Router(config)#ipv6 dhcp pool R1(config)#ip dhcp pool IPV6-
pool-name STATELESS
Router(config-dhcpv6)# R1(config-dhcpv6)#
Router(config-dhcpv6)#dns-server R1(config-dhcpv6)#dns-server
dns-server-address 2001:db8:cafe:aaaa::5
Router(config-dhcpv6)#domain- R1(config-dhcpv6)#domain-name
name domain-name example.com
Router(config)#interface type R1(config)#interface g0/1
number R1(config-if)#ipv6 dhcp server
Router(config-if)#ipv6 dhcp IPV6-STATELESS
server pool-name R1(config-if)#ipv6 nd other-
Router(config-if)#ipv6 nd config-flag
other-config-flag ----------------o----------------
--- Managed configuration --
R1(config-if)#ipv6 nd managed- R1(config-if)#ipv6 nd managed-
config-flag config-flag
DHCPv6 Relay Agent Commands
R1(config)#interface g0/0 R1(config)#interface g0/0
R1(config-if)#ipv6 dhcp relay R1(config-if)#ipv6 dhcp relay
destination 2001:db8:cafe:1::6 destination 2001:db8:cafe:1::6
R1(config-if)#end R1(config-if)#end
R3(config)#interface g0/0 R3(config)#interface g0/0

R3(config-if)#ipv6 dhcp relay R3(config-if)#ipv6 dhcp relay
destination 2001:db8:cafe:1::6 destination 2001:db8:cafe:1::6
R3(config-if)# R3(config-if)#
109
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 dhcp pool IPV6-STATELESS
R1(config-dhcpv6)#dns-server 2001:db8:cafe:aaaa::5
R1(config-dhcpv6)#domain-name example.com
R1(config-dhcpv6)#exit
R1(config)#interface g0/1
R1(config-if)#ipv6 address 2001:db8:cafe:1::1/64
R1(config-if)#ipv6 dhcp server IPV6-STATELESS
R1(config-if)#ipv6 nd other-config-flag
R3(config)#interface g0/1
R3(config-if)#ipv6 enable
R3(config-if)#ipv6 address autoconfig
R3(config-if)#
Troublesooting
R1#show ipv6 dhcp pool
DHCPv6 pool: IPV6-STATELESS
DNS server: 2001:DB8:CAFE:AAAA::5
Domain name: example.com
Active clients: 0
R3#show ipv6 interface g0/1
110
R3#debug ipv6 dhcp detail
R1#show ipv6 dhcp binding
WAN
Comandos PPP
Configurar PPP
Router#configure terminal
Router(config)#interface serial 0/0
Router(config-if)#encapsulation ppp
111
Verificación de PPP
Configuración de la autenticación (PAP o CHAP)

Rtr(config)# username remote-host password remote-password
Esto debe coincidir con el nombre de usuario PAP enviado por PPP
en el host remoto.
Rtr(config-if)# ppp pap sent-username this-host username
password this-host-password
Las contraseñas no necesitan coincidir entre el control remoto y
el host. No debe ser lo mismo que la contraseña de enable-
Secret.
112
Router(config-if)#ppp authentication {chap | chap pap | pap chap
| pap}
Dos opciones: primera opción | segunda opción
Si ambos métodos están habilitados, se solicitará el primer
método especificado durante la negociación de vínculos.
Si el par sugiere usar el segundo método o simplemente rechaza
el primer método, entonces se intentará el segundo método.
113
Configuring PPP Multilink (MLP)
Router(config-if)#ppp multilink
Error Detection
Router(config-if)#ppp quality percentage
Troubleshooting
Router1#show interfaces s0/0
Router1#show controllers serial 0/0
Router1#debug ppp negotiation
Comando para verificar el tipo de negociacion en la
autenticacion chap
114
BGP
Puerto 179 TCP
115
Configuración de EBGP
Router(config)#router bgp AS-number
RTA(config)#router bgp 100
Router(config-router)#neighbor ip-address remote-as AS-number
RTA(config-router)#neighbor 10.1.1.1 remote-as 200
RTA(config)#router bgp 100
Router(config-router)#network 192.0.2.0 mask 255.255.255.0
Configurar rutas de descarte

Ip route 192.0.2.0 255.255.255.0 null0
Show Commands
R1# show ip bgp
R1# show ip bgp summary
R1# show tcp brief
Primero, el comando show tcp brief muestra todas las conexiones
TCP que termnan en este enrutador (RI ya sea BGP o no. Cada
linea enumera la dirección IP del enrutador local)
R1# show ip route [network mask] longer-prefixes
R1# show ip route 192.0.2.0 255.255.255.0 longer-prefixes
Directamente el proceso BGP añadira a la entrada BGP con
prefijo/mascara si el prefijo/mascara existe en la table IP
Estado vecino con el Neighbor Shut Down

R1(config)# router bgp 1001
R1(config-router)# neighbor 198.51.100.2 shutdown
Alta disponibilidad
HSRP
Configuración HSRP Switchs
Switch(config-if)#standby group-number ip virtual-ip-address
Switch(config-if)#standby version 2 ------se configura la
versión 2 HSRP por defecto viene la versión 1----
Switch(config-if)#standby group-number priority priority-value
116
El valor de prioridad indica el número que prioriza un enrutador
de reserva potencial. La gama es 0 a 255; el valor por defecto
es 100
Switch(config-if)#standby group-number preempt [delay [minimum
seconds] [reload seconds]]
Minimo: 0-3600
Reload: 0-3600
Para habilitar un enrutador para reanudar el estado activo
después de un cambio de estado, introduzca el siguiente comando
en el modo de configuración de interfaz
Switch(config-ig)# standby group timers [msec] hellotime [msec]
holdtime
Autenticación texto plano

Switch(config-if)# standby group-number authentication string
Switch(config-if)# standby 1 authentication password
Autenticación MD5
Switch(config-if)#standby group-number authentication md5 key-
string [0|7] string
Switch(config-if)#standby 1 authentication md5 key-string
password
Configurando HSRP Interface Tracking
Hellotime
Default = 3 seconds
Value varies from 1 to 255.
Holdtime
Default = 10 seconds
Value varies from 1 to 255
group-number: se refiere al número de grupo de espera HSRP, el
número de grupo puede variar entre 0 y 255.
virtual-ip-address: indica la dirección IP virtual del grupo
HSRP
117
DLS1 DLS2
interface vlan 10 interface vlan 10
ip add 172.16.10.201 ip add 172.16.10.202
255.255.255.0 ---- Ip deben estar 255.255.255.0 ---- Ip deben
en la misma subnet------ estar en la misma subnet------
standby 1 priority 200 standby 1 priority 100
standby 1 ip 172.16.10.1 standby 1 ip 172.16.10.1
standby 1 preempt standby 1 preempt
Configuración HSRP Routers
R1 R2
interface gig 0/2 interface gig 0/2
ip address 10.10.10.10 ip address 10.10.10.11
255.255.255.0 255.255.255.0
118
Configurar HSRP Interface Tracking
Router A Router B
interface Ethernet0 interface Ethernet0
ip address 171.16.6.5 /24 ip address 171.16.6.6 /24
no ip redirects no ip redirects
standby 1 track Serial1 standby 1 track Serial1
interface Serial1 interface Serial1
ip address 171.16.2.5 /24 ip address 171.16.7.6 /24
Diferencias entre HSRPv1 y HSRPv2
Troubleshooting
R1#show standby brief
R1#show standby
119
VRRP (Virtual Router Redundancy Protocol)
RouterA(config)#interface fa 0/1
RouterA(config-if)#ip address 10.0.0.1 255.255.255.0
RouterA(config-if)#vrrp 1 ip 10.0.0.1
RouterA(config-if)#vrrp 1 priority 255
RouterB(config)#interface fa 0/1
RouterB(config-if)#ip address 10.0.0.2 255.255.255.0
RouterB(config-if)#vrrp 1 ip 10.0.0.1
RouterC(config)#interface fa 0/1
RouterC(config-if)#ip address 10.0.0.3 255.255.255.0
RouterC(config-if)#vrrp 1 ip 10.0.0.1
GBLP
Configurar GBLP
Switch(config-ig)# glbp group timers [msec] hellotime [msec]
holdtime
RouterA(config)#interface vlan 21
RouterA(config-if)#ip address 10.21.8.1 255.255.255.0
RouterA(config-if)#glbp 21 ip 10.21.8.10
RouterA(config-if)#glbp 21 priority 254
120
RouterB(config)#interface fa 0/1
RouterB(config-if)#ip address 10.21.8.2 255.255.255.0
RouterA(config-if)#glbp 21 ip 10.21.8.10
RouterA(config-if)#glbp 21 priority 100
GLBP Interface Tracking

Router(config-if)# track 1 interface serial1/0
Netflow IOS
R1#show ip cache Flow
SPAN
Configurar Local SPAN
Monitor Session 1
Switch1(config)# monitor session 1 source interface Gi1/0/11 -
12 rx
Switch1(config)#monitor session 1 destination interface Gi1/0/21
Monitor Session 2
121
Switch2(config)# monitor session 2 source vlan 11
Switch2(config)#monitor session 2 destination interface Gi1/0/22
Configurar SPAN
Switch(config)#monitor session 1 source interface F0/1
Switch(config)#monitor session 1 destination interface F0/2
Troubleshooting
S1# show monitor session all
S1# show monitor detail

S1# show monitor sesión
122
Seguridad
Switch Security
BPDU GUARD
Distribution1(config)#interface range fa 0/10 - 24

Distribution1(config-if-range)#spanning-tree bpduguard enable
Root Guard
123
Access2(config)#no spanning-tree uplinkfast
Port Security
S1(config)#interface FastEthernet0/2
S1(config-if)# switchport port-security
S1(config-if)# switchport port-security maximum 6
S1(config-if)# switchport port-security aging time 5
S1(config-if)# switchport port-security mac-address
0000.0000.000b
S1(config-if)# switchport port-security mac-address sticky
Opcional habilita aprendizaje stick sobre la interfaz
S1(config-if)# switchport port-security violation shutdown
Switch(config-if)# switchport port-security [maximum value]
violation {protect | restrict | shutdown} mac-address mac-
address
Troubleshooting Port security

Switch#show port-security
Switch# show port-security interface type mod/port
Switch#show port-security address
124
DHCP SNOOPING
Switch(config)# ip dhcp snooping

Switch(config)# ip dhcp snooping vlan 10 50
Switch(config)# interface gig 0/1

Switch(config-if)# ip dhcp snooping trust
125
IP Source Guard
Switch(config)# interface fastethernet0/1
Switch(config-if)# ip verify source
Ejemplo
Switch(config)# interface fastethernet0/1
Switch(config-if)# ip verify source port-security
Switch(config)# ip source binding 0100.0022.0010 vlan 10

10.0.0.2 interface gigabitethernet0/1
Switch(config)# ip source binding 0100.0230.0002 vlan 11

10.0.0.4 interface gigabitethernet0/1
Troubleshooting DHCP SNOOPING

Switch# show ip dhcp snooping
Prevencion de ARP Spoofing

Switch(config)#ip arp inspection vlan id
126
Switch(config-if)#ip arp inspection trust
Switch(config)#ip arp inspection validate
Ejemplo
Switch(config)# ip arp inspection vlan 10 50
Switch(config)# interface gig 0/1

Switch(config-if)# ip arp inspection trust
Mejorando seguridad en Telnet

Sw(config)#access-list 100 permit ip 10.1.1.0 0.0.0.255 any
Sw(config)#line vty 0 15
Sw(config-line)#access-class 100 in
HTTP Secure Server

Step 1. Configure username and password.
Step 2. Configure domain name.
Step 3. Generate RSA keys.
Step 4. Enable HTTPS (SSL) server.
Step 5. Configure HTTP authentication.
Step 6. Configure an access list to limit access
sw(config)# access-list 100 permit ip 10.1.9.0 0.0.0.255 any
127
sw(config)# username xyz password abc123
sw(config)# ip domain-name xyz.com
sw(config)# crypto key generate rsa
sw(config)# no ip http server
sw(config)# ip http secure-server
sw(config)# http access-class 100 in
sw(config)# http authentication local
Authentication, Authorization, and Accounting (AAA)
Switch(config)# aaa new-model

Switch(config)# aaa authentication login TEST tacacs+
Switch(config)# tacacs-server host 192.168.100.100
Switch(config)# line vty 0 4
Switch(config-line)# login authentication TEST
TACACS+
RTA(config)#tacacs-server host 192.168.0.11
RTA(config)#tacacs-server host 192.168.0.12
RTA(config)#tacacs-server key topsecret
RTA(config)# aaa new-model
RTA(config)#aaa authentication enable default group tacacs+
enable none
Radius
RTB(config)#radius-server host 192.168.0.22
RTB(config)#radius-server host 192.168.0.23
RTB(config)#radius-server key topsecret
128
RTB(config)# aaa new-model
RTB(config)#aaa authentication login default local
RTB(config)#aaa authentication login PASSPORT group radius local
none
The default list se aplica a la consola (con 0), todas las
líneas TTY incluyendo la línea auxiliar o el puerto AUX, y todas
las líneas VTY.
Para reemplazar la lista de métodos predeterminada, aplique una
lista con nombre a una o varias de estas líneas.
RTB es configurado con el comando radius-server host y radius-
server key porque la lista de métodos con nombre se basa en
RADIUS.
El comando aaa authentication login default local configura el
método por defecto como username/password database
Este método se aplica a todos los ttys, VTYs y la consola de
forma predeterminada.
El comando aaa authentication login PASSPORT group radius local
none crea una lista de métodos con nombre denominada Passport.
El primer método de esta lista es el group of RADIUS servers
Si RTB no puede ponerse en contacto con un servidor RADIUS,
entonces RTB intentará contactar con la base de datos local de
usuario/contraseña.
Por último, la palabra clave None asegura que, si no hay nombres
de usuario en la base de datos local, se concede acceso al
usuario.
Accounting
Switch(config)# aaa accounting exec default start-stop group
tacacs+
Switch(config)# line vty 0 4
Switch(config-line)# accounting exec default
Security Using IEEE 802.1X Port-Based Authentication

Step 1. Enable AAA:
Step 2. Create an 802.1X port-based authentication method list:
129
Switch(config)# aaa authentication dot1x {default} method1
[method2...]
Step 3. Globally enable 802.1X port-based authentication:
Switch(config)# dot1x system-auth-control
Step 4. Enter interface configuration mode and specify the
interface to be enabled for 802.1X port-based authentication:
Switch(config)# interface type slot/port
Step 5. Enable 802.1X port-based authentication on the
interface:
Switch(config-if)# dot1x port-control auto
Ejemplo
sw(config)# aaa new-model

sw(config)# radius-server host 10.1.1.50 auth-port 1812 key
xyz123
sw(config)# aaa authentication dot1x default group radius
sw(config)# dot1x system-auth-control
sw(config)# interface fa0/1
sw(config-if)# description Access Port
sw(config-if)# switchport mode access
sw(config-if)# dot1x port-control auto
QoS
Configurando CoS trust using the IOS
switch(config)# mls qos
switch(config-if)# mls qos trust cos
130
Asignando CoS on a per-port basis
switch(config-if)# mls qos cos default-cos
Reescribiendo el CoS
Switch(config-if)# mls qos cos override
Implementing QoS for Voice
1 Habilitar QoS en el switch

Switch(config)# mls qos
2 Defina el parámetro QoS a ser de confianza
Switch(config-if)# mls qos trust {cos | ip-precedence | dscp}
3 Hacer que la confianza condicional sólo si un teléfono IP
de Cisco está presente
Switch(config-if)# mls qos trust device cisco-phone
4 (opcional) instruya al teléfono IP para extender su límite
de confianza al puerto de datos del PC
Switch(config-if)# switchport priority extend {cos value |
trust}
Configuración de QoS para voz

Switch(config-if)# mls qos trust cos
Ejemplo
Switch(config)# interface FastEthernet0/24
Switch(config-if)# switchport access vlan 100
Switch(config-if)# switchport voice vlan 200
Switch(config-if)# mls qos trust cos
Switch(config-if)# mls qos trust cisco-phone
Switch(config-if)# switchport priority extend trust
Auto QoS
Switch(config-if)# auto qos voip {cisco-phone | cisco-softphone
| trust}
131
Interfaz de línea de comandos de QoS modular (CLI)
Classification of traffic – The class-map
Switch(config)# class-map cisco
Switch(config-cmap)# match access-group name test
Switch(config-cmap)# match interface fastethernet 0/1
Definiendo the QoS policy – The policy-map

Switch(config)# policy-map policy1
Switch(config-pmap)# class cisco
Switch(config-pmap-c)# bandwidth 3000
Switch(config-pmap)# class class-default

Switch(config-pmap-c)# bandwidth 2000
Aplicando the policy to an interface – The service-policy

Switch(config-if)# service-policy output policy1
Switch(config-if)#exit
IP Precedence and DSCP

Configuración de la confianza cos mediante el iOS
switch(config)# mls qos
132
El fideicomiso se configura en el puerto del switch usando el
comando:
Asignando CoS on a per-port basis

Rescribiendo the CoS

Switch(config-if)# mls qos cos override
Usando a MAC ACL to assign a DSCP value

Switch(config)# mac access-list extended name
Configurando DSCP usando a MAC ACL

Identificar los flujos de tráfico o tráfico
Switch(config)# class-map match-all ipphone
Switch(config-cmap)# match access-group name receptionphone
Cree los criterios de condición.
Switch(config)# mac access-list extended receptionphone
Switch(config-ext-macl)# permit host 000.0a00.0111 any
Verificando
Switch# show class-map
Class Map match-any class-default (id 0)
Match any
Class Map match-all ipphone (id 2)
Match access-group name receptionphone
Identificar las características de QoS de una directiva

Switch(config)# policy-map inbound-accesslayer
Switch(config-pmap)# class ipphone
Switch(config-pmap-c)# set ip dscp 40
Adjunte la Directiva de tráfico a una interfaz.
Switch(config)# interface range fastethernet 0/1 - 24
Switch(config-if-range)# service-policy input inbound-
accesslayer
133
Uso de una ACL IP para definir el DSCP o la precedencia
Cree los criterios de condición.
Switch(config)# ip access-list extended 100

Switch(config-ext-nacl)# permit tcp any any eq ftp
Identificar los flujos de tráfico o tráfico
Switch(config)# class-map reducedservice
Switch(config-cmap)# match access-group 100
Switch(config-pmap)# class reducedservice
Switch(config-pmap-c)# set ip dscp 0
Switch(config-pmap)# class reducedservice
Switch(config-pmap-c)# set ip precedence 0
Adjunte la Directiva de tráfico a una interfaz.
Switch(config)# interface range fastethernet 0/1 - 24
Switch(config-if-range)# service-policy input inbound-
accesslayer
Configuración weighted fair queuing (WFQ)

Router(config-if)#fair-queue {congestive-discard-threshold}
134
Configuración Class-Based Weighted Fair Queuing
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 64
Router(config-pmap-c)# queue-limit 30
CBWFQ Using WRED Packet Drop

Router(config)# class-map class1
Router(config-cmap)# match input-interface FastEthernet0/1
Router(config)# policy-map policy1

Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 1000
Router(config-pmap-c)# random-detect
Router(config)# interface serial0/0

Router(config-if)# service-policy output policy1
Low Latency Queuing (LLQ)

Router(config)# policy-map policy-map-name
Router(config-pmap)# class class-name
Router(config-pmap-c)#priority bandwith-kbps
Ejemplo
router(config)# access-list 102 permit udp host 10.10.10.10 host
10.10.10.20 range 16384 20000
router(config)# access-list 102 permit udp host 10.10.10.10 host
10.10.10.20 range 53000 56000
router(config)# class-map voice

router(config-cmap)# match access-group 102
router(config)# policy-map policy1

135
router(config-pmap)# class voice
router(config-pmap-c)# priority 50
router(config-pmap)# class bar
router(config-pmap-c)# bandwidth 20
router(config-pmap)# class class-default
router(config-pmap-c)# fair-queue
router(config)# interface atm1/0

router(config-subif)# pvc 0/102
router(config-subif-vc)# service-policy output policy1
Multicast
PIM
1. En primer lugar, habilite enrutamiento multicast
(deshabilitado de forma predeterminada):
136
Router(config)#ip multicast-routing
2. A continuación, habilite PIM en cada interfaz.

El método recomendado para habilitar la multidifusión en una interfaz
es el uso de la ip pim sparse-dense-mode
Router(config-if)#ip pim {dense-mode | sparse mode | sparse-
dense-mode}
Configuración RPs
Router(config)#ip pim rp-address <address>
Auto RP
• Configure un agente de asignación para que aprenda acerca
de todos los candidatos RPS, de modo que pueda compicar
una lista de los routers RP para los que grpups y anuncie
la lista a los enrutadores de cliente.
Router(config)#ip pim send-rp-discovery scope <ttl>
• Configure un candidato RP para anunciarse como RP posible

para un rango de multidifusión.
Router(config)#ip pim send-rp-announce <interface> scope <ttl>
BSR
• Definir el BSR
Router(config)#ip pim bsr-candidate <interface> <hashing-
function>
• Configure un candidato RP
Router(config)#ip pim rp-candidate <interface>
IGMP - Internet Group Management Protocol

• El modo de versión 2 de IGMP es el predeterminado para
todos los sistemas que utilicen Cisco IOS Release 11.3 (2)
T o posterior. Para determinar el uso de la versión
actual:
Router#show ip igmp interface type-number
Para cambiar las versiones (sólo por interfaz):
Router(config-if)#ip igmp version {2 | 1}
Configuración de las joins IGMP

Router(config-if)#ip igmp join-group group-address
CGMP
Router(config-if)#ip cgmp
Switch(config) cgmp
137
Switch(enable) set cgmp enable
VPN
GRE
R1(config)#interface tunnel number global
R1(config)#tunnel mode gre ip (opcional)
R1(config-if)#ip address ip mask
R1(config-if)#tunnel source ip address or interface id
R1(config-if)# tunnel destination ip address
Habilitar las rutas del tunnel en los protocolos de enrutamiento sea dinámico o estático
Ejemplo
R1(config)# interface Tunnel1 R2(config)# interface Tunnel1

R1(config)#tunnel mode gre ip R1(config)#tunnel mode gre ip
R1(config-if)# ip address 172.16.1.1 R2(config-if)# ip address 172.16.1.2
255.255.255.0 255.255.255.0
R1(config-if)# tunnel source 1.1.1.1 R2(config-if)# tunnel source 2.2.2.2
R1(config-if)# tunnel destination 2.2.2.2 R2(config-if)# tunnel destination 1.1.1.1
138
IPSEC VPN
Paso 1 Configurar las interfaces

R1(config)# interface loopback0
R1(config-if)# interface fastethernet0/0
R2(config)# interface fastethernet0/0
R2(config-if)# interface serial0/0/1
R3(config)# interface loopback0

139
R3(config-if)# interface serial0/0/1
Paso 2 Configurar EIGRP

R1(config)# router eigrp 1
R1(config-router)# network 172.16.0.0
Paso 3 Crear Políticas IKE

R1(config)# crypto isakmp enable
R1(config)# crypto isakmp policy 10

R1(config)# crypto isakmp policy 10 R1(config)# crypto isakmp policy 10
R1(config-isakmp)#authentication pre-shared R1(config-isakmp)#authentication pre-shared
R1(config-isakmp)#encryption aes 256 R1(config-isakmp)#encryption aes 256
R1(config-isakmp)#hash sha R1(config-isakmp)#hash sha
R1(config-isakmp)#group 5 R1(config-isakmp)#group 5
R1(config-isakmp)#lifetime 3600 R1(config-isakmp)#lifetime 3600
Paso 4 Configurar pre-shared keys

R(config)#crypto isakmp key key-string address address
R1(config)# cypto isakamp key cisco address 192.168.23.3
R3(config)# cypto isakamp key cisco address 192.168.12.1
140
Paso 5 configurar IPsec transform set Lifetimes
R1(config)#crypto ipsec transform-set 50 esp-aes esp-sha-hmac ah-sha-hmac
Paso 6 definir interesting traffic

R1(config)# access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.3.0 0.0.0.255
R3(config)# access-list 101 permit ip 172.16.3.0 0.0.0.255 172.16.1.0 0.0.0.255
Paso 7 Crear y aplicar Crypto Maps

R1(config)# crypto map MYMAP 10 ipsec-isakamp
R1(config-crypto-map)# match address 101
R1(config-crypto-map)# set peer 192.168.23.3
R1(config-crypto-map)# set pfs group5
R1(config-crypto-map)# set transform-set 50
R1(config-crypto-map)# set security-association lifetime seconds 900
R1(config)#interface fastethernet 0/0
R1(config-if)# crypto map MYMAP
R3(config)# interface serial0/0/1
R3(config-if)#crypto-map MYMAP
Paso 8 Verificar Ipsec configuration

R1# show crypto ipsec transform-set
R1# show crypto map
Paso 9 Verificar operación IPSEC

R1#show crypto isakmp sa
R3#show crypto isakmp sa
141
Paso 10 Probar
R1(config)#ping 172.16.3.1 source 172.16.1.1
142
MPLS
Step 1: Configuraciones iniciales.
Configure the routers using the following partial running-configs.
Router R1
hostname R1
no ip domain lookup
ip address 192.168.1.1 255.255.255.0
ip address 10.0.0.2 255.255.255.252
router ospf 1
network 10.0.0.0 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
line con 0
143
exec-timeout 0 0
logging synchronous
end
Router R2
hostname R2
no ip domain lookup
ip address 192.168.2.1 255.255.255.0
ip address 10.0.0.6 255.255.255.252
clock rate 64000
router ospf 1
network 10.0.0.4 0.0.0.3 area 0
network 192.168.2.0 0.0.0.255 area 0
line con 0
exec-timeout 0 0
logging synchronous
end
Router R3
hostname R3
144
ip address 10.0.0.1 255.255.255.252
clock rate 64000
ip address 10.0.0.5 255.255.255.252
ip address 10.0.0.9 255.255.255.252
clock rate 64000
router ospf 1
network 10.0.0.0 0.0.0.255 area 0
line con 0
exec-timeout 0 0
logging synchronous
end
Router R4
hostname R4
no ip domain lookup
ip address 192.168.3.1 255.255.255.0
ip address 10.0.0.10 255.255.255.252
!
145
router ospf 1
network 10.0.0.8 0.0.0.3 area 0
network 192.168.3.0 0.0.0.255 area 0
line con 0
exec-timeout 0 0
logging synchronous
end
Step 2: Verifique el alcance.
a. After configuring the routers, all routers should be able to reach all networks.
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet0/1 unassigned YES unset administratively down down
Serial0/0/0 10.0.0.1 YES manual up up
Serial0/1/1 unassigned YES unset administratively down down
R3#
R3#
Neighbor ID Pri State Dead Time Address Interface
192.168.3.1 0 FULL/ - 00:00:32 10.0.0.10 Serial0/1/0

146
192.168.2.1 0 FULL/ - 00:00:38 10.0.0.6 Serial0/0/1
192.168.1.1 0 FULL/ - 00:00:32 10.0.0.2 Serial0/0/0
R3#
R3# show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
O 192.168.1.0/24 [110/65] via 10.0.0.2, 00:07:30, Serial0/0/0
O 192.168.2.0/24 [110/65] via 10.0.0.6, 00:07:30, Serial0/0/1
O 192.168.3.0/24 [110/65] via 10.0.0.10, 00:07:30, Serial0/1/0
R3#
R1# show ip route ospf

147
O 10.0.0.4/30 [110/128] via 10.0.0.1, 00:00:13, Serial0/0/1
O 10.0.0.8/30 [110/128] via 10.0.0.1, 00:00:13, Serial0/0/1
O 192.168.2.0/24 [110/129] via 10.0.0.1, 00:00:03, Serial0/0/1
O 192.168.3.0/24 [110/129] via 10.0.0.1, 00:00:03, Serial0/0/1
R1#
R1# ping 192.168.2.1
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/68 ms
R1# ping 192.168.3.1
!!!!!
R1#
Step 3: Configure VRF-Lite.
148
a. La configuración del reenvío de VRF en una interfaz con el comando IP VRF reenvío
elimina todas las direcciones IP de esa interfaz. Las interfaces deben tener las direcciones IP re-
configuradas. Necesitará un proceso OSPF independiente para cada VRF.
R3(config)# ip vrf SharedSites
R3(config-vrf)# exit
R3(config)# ip vrf LoneSite
R3(config-vrf)# exit
R3(config)#
R3(config)# interface s 0/0/0
R3(config-if)# ip vrf forwarding SharedSites
% Interface Serial0/0/0 IPv4 disabled and address(es) removed due to disabling VRF
SharedSites
*Jan 15 23:38:23.827: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on Serial0/0/0 from FULL

to DOWN, Neighbor Down: Interface down or detached
R3(config-if)# exit
R3(config)#
R3(config-if)# ip vrf forwarding SharedSites
% Interface Serial0/0/1 IPv4 disabled and address(es) removed due to disabling VRF
SharedSites

R3(config-if)# exit
R3(config)#
R3(config-if)# ip vrf forwarding LoneSite
% Interface Serial0/1/0 IPv4 disabled and address(es) removed due to disabling VRF LoneSite
149
R3(config-if)# exit
R3(config)#
R3(config)# no router ospf 1
R3(config)#
R3(config)# router ospf 1 vrf SharedSites
*Jan 15 23:41:52.767: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.1 on Serial0/0/1 from

LOADING to FULL, Loading Done

R3(config)#
R3(config)# router ospf 2 vrf LoneSite

R3(config)#
R3#
Step 4: Verify VRF-Lite.
Verify VRF-Lite.
Router R3
150
R3# show ip route
R3#
R3# show ip route vrf SharedSites
Routing Table: SharedSites

151
O 192.168.1.0/24 [110/65] via 10.0.0.2, 00:02:35, Serial0/0/0
O 192.168.2.0/24 [110/65] via 10.0.0.6, 00:02:35, Serial0/0/1
R3#
R3# show ip route vrf LoneSite
Routing Table: LoneSite

152
O 192.168.3.0/24 [110/65] via 10.0.0.10, 00:02:26, Serial0/1/0
R3#
R3# show ip vrf
Name Default RD Interfaces
SharedSites <not set> Se0/0/0
Se0/0/1
LoneSite <not set> Se0/1/0
R3#
R3# show ip vrf SharedSites
SharedSites <not set> Se0/0/0
Se0/0/1
R3#
R3# show ip vrf LoneSite
LoneSite <not set> Se0/1/0
R3#
Neighbor ID Pri State Dead Time Address Interface
192.168.3.1 0 FULL/ - 00:00:33 10.0.0.10 Serial0/1/0
192.168.2.1 0 FULL/ - 00:00:32 10.0.0.6 Serial0/0/1
192.168.1.1 0 FULL/ - 00:00:31 10.0.0.2 Serial0/0/0
R3#
153
Router R1
R1# show ip route
O 10.0.0.4/30 [110/128] via 10.0.0.1, 00:06:22, Serial0/0/1
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0
O 192.168.2.0/24 [110/129] via 10.0.0.1, 00:06:17, Serial0/0/1
R1#
R1# ping 192.168.2.1

154
!!!!!
R1# ping 192.168.3.1
.....
Success rate is 0 percent (0/5)
R1#
Router R3
R3# ping 192.168.1.1
.....
Success rate is 0 percent (0/5)
R3# ping vrf SharedSites 192.168.1.1
!!!!!
R3#
Router R3
hostname R3
no ip domain lookup
155
!
ip vrf forwarding SharedSites
ip address 10.0.0.1 255.255.255.252
clock rate 64000
ip vrf forwarding SharedSites
ip address 10.0.0.5 255.255.255.252
ip vrf forwarding LoneSite
ip address 10.0.0.9 255.255.255.252
clock rate 64000
router ospf 1 vrf SharedSites
network 10.0.0.0 0.0.0.255 area 0
router ospf 2 vrf LoneSite
network 10.0.0.0 0.0.0.255 area 0
line con 0
exec-timeout 0 0
logging synchronous
156

Comandos Cisco

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Comandos Cisco

Uploaded by

Copyright:

Available Formats

GUÍA DE REFERENCIA

Copiar el Running config al Startup

Router# show ip route

Router# show ip interface brief

Router# show interfaces

R1# show interfaces fastethernet 0/0

R1# show controllers serial 0/0/0

Router(config)# no cdp run -------------- Deshabilitar CDP

Habilitar CDP por interfaz

Switch(config-if)# cdp enable

Switch(config)# interface fastethernet 5/1

Switch(config-if)# no cdp enable

Monitorear y mantener CDP

Switch# clear cdp table

Switch# show cdp

R3# show cdp neighbors

R3# show cdp neighbors detail ----Se puede visualizar la IP del

Configurar enlaces WAN SERIALES

R1(config-if)# ip address 192.168.2.1 255.255.255.0

R1(config-if)# description Link to R2

R1(config-if)# clock rate 64000 DCE Only

Configurar interfaces fastethernet

R1(config-if)# ip address 172.16.3.1 255.255.255.0

R1(config-if)# description R1 LAN

Mensajes no solicitados de iOS

R1(config)# line console 0

R1(config-line)# logging synchronous

Configurar Mensaje de Ingreso a los router o switchs

Router(config)# line console 0 console password

Router(config-line)# password password

Router(config-line)# password password

• Switch(config)# Hostname SW1

• SW1(config)#ip ssh version 2

R1(config)#ip nat inside source static 10.1.1.1 192.168.1.2

Configurando Dynamic NAT

Configurar PAT OVERLOAD

Configurando IP-Helper Address

Default Forwarded UDP services

R1(config)# ip sla monitor 11

R1(config)# ip sla monitor 22

Configurar SNMPv2c Support for Trap and Inform

R1(config)# snmp-server group

Configurar Rutas Estáticas

R2(config)# ip route 172.16.3.0 255.255.255.0 172.16.2.1

Borrar rutas estáticas

Configurar rutas por defecto

R1(config)# ip route 0.0.0.0 0.0.0.0 serial 0/0/0

R2# undebug all

R2# undebug ip routing

Verificando distancia administrativa y tipo de Protocolo

R2# show ip route

R1(config)# router rip

R1(config-router)# network [IP NETWORK]

R1(config)# no router rip ----- Borra toda la configuración incluido

Verificación y solución de problemas

R2# show ip protocols

Configurar Passive Interface

R2(config)# router rip

R2(config-router)# passive-interface FastEthernet 0/0

Desabilitando Automatic Summarization

Configurar Default-Information Originate

R2(config-router)# default-information originate

R1(config)# router rip

R1(config-router)# network [IP NETWORK]