You are on page 1of 120

1

Cisco DEVICE AND


IOS BASICS
2

Device connectivity Basics

The series of diagrams below reveal the cable types used for various
device connectivity.

I. Console Connectivity to configure a switch using management host

a. PC serial port to Switch Console port

Catalyst Switch

Rollover cable is being used

Management Console

b. For remote Configuration through Auxiliary interface

Internet cloud
Aux 0
Modem
Remote computer Modem
3

II. Network Connection

a. To cascade same type of device use Cross-Over cable.

b. For HUB/SWICH to PC/ROUTER – straight through cable is used & Cross-


over cable is used between PC – Router & Hub – Switch.

Switch
Host Straight Through cable
Cross Over cable Cross Over cable

Router HUB

Setting up the Management Console (windows environment):

First let’s setup the Hyperterminal from windows – for interfacing with
the Cisco Devices and issue commands. Here we go…
4

Path to trigger the emulation software from your Desktop


Click start  Programs  Accessories  Communications  Hyper
Terminal

We’ll name our Session My_Lab. The next screen requires us to configure
the COM port to which we are going to connect our Cisco Device.
5

Next, choose the default settings, else communication will be a


problem !

On clicking OK, we’ll see the below screen & we are ready to talk to
our CISCO Switch/Router !
6

IOS BASICS
Pressing the RETURN key takes us to the USER EXEC mode.

Switch con0 is now available

Press RETURN to get started.

Switch>

The “>” prompt denotes user exec mode. To move into Privilege mode, we
use the “enable” command.

Switch>enable
Switch#

Privilege mode is identified with the “#” symbol. “configure terminal”


command takes us into the global configuration mode where we can
configure global parameters like hostname etc for the entire device.

Switch#configure terminal
Switch(config)#

To get into any specific interface mode we have use the “interface”
command with relevant interface number. To configure parameters
specific to interface 1 of module 0, we issue the command as shown
below.
7

Switch(config)#interface fastethernet 0/1


Switch(config-if)#

This is the sequence with which we change modes in the forward


direction. Let’s now move backwards now.

Switch(config-if)#exit
Switch(config)#

To go one step backward we have to use the command “exit”

Switch(config)#exit
Switch#

However, we must use the command “disable” to move from privilege to


user exec mode. If we use “exit”, it’ll log us out (and we’ll again see
the first message
Switch con0 is now available

Press RETURN to get started)

Switch#disable
Switch>

To logout, we use the “exit” command again.

Switch>exit

Switch con0 is now available

Press RETURN to get started

NOTE : We can use ^Z to directly move backward 2 steps – from interface


mode to privilege mode.

Config-if# ^Z

Switch#

Also note that we can use “?” whenever we want to see the various
commands available in a particular mode or want to find out what
commands begin with a certain letter etc. This can be easily observed
in the below case.

Router#?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
access-template Create a temporary Access-List entry
archive manage archive files
cd Change current directory
<output omitted>

Router#s? (displays all commands beginning with “s”)


*s=show send setup slip squeeze start-chat systat
8

If we typed a wrong spelling & try to use help the output will display
as “Unrecognized command”. The same message is displayed even if we try
to use help when no further arguments are possible (or wrong arguments
used). Look at the below examples...
Router#show router ?
% unrecognized command

Router#show ip a
% Ambiguous command: "show ip a"

Router#show ?
access-expression List access expression
access-lists List access lists
accounting Accounting data for active sessions
aliases Display alias commands
arp ARP table
<output omitted>

Another interesting aspect is that we don’t have to type the entire


command. We can just type the first few letters of a command (to the
extent that only one command begins with the typed letters) and press
tab – the command is completed for us! (Even if we don’t complete the
command, it’ll accept!)

Using tab key


Let‟s just type “sh” and use the tab key tab key

Router#sh (tab)
Router#show

There are some shortcut keys that’ll help us to work with IOS faster.
Their description & use is given below.
Shortcut keys to access your CLI mode

CTRL-A Moves the cursor to the beginning of the line


CTRL-E Moves the cursor to the end of the line
ESC-B Moves the cursor back one word at a time
ESC-F Moves the cursor forward one word at a time
CTRL-B Moves the cursor back one character at a time
LEFT ARROW Moves the cursor back one character at a time
CTRL-F Moves the cursor forward one character at a
time
RIGHT ARROW Moves the cursor forward one character at a
time
CTRL-P Recalls the last command
UP ARROW Recalls the last command
CTRL-N Recalls the most previously executed command
DOWN ARROW Recalls the most previously executed command
CTRL-D Deletes the character the cursor is under
BACKSPACE Deletes the character preceding the cursor
CTRL-R Redisplays the current line
CTRL-U Erases the line completely
9

CTRL-W Erases the word the cursor is under


CTRL-Z Takes you from Configuration mode back to
Privilege EXEC mode
TAB Once you enter a few characters and hit the TAB
key, the IOS device completes the word,
assuming that you typed in enough characters to
make the command or parameter unique
$ When this appears at the beginning of a command
line, it indicates that there are more
characters to the right of the $.
10

Switching Labs
11

General Experiments with Basic Switch Commands

Assume we are on a Switch console and the switch’s ready – we see the
below message

Switch con0 is now available

Press RETURN to get started.

(press the return key)

Switch> this is our user exec mode

To get into privilege mode use the command “enable”

Switch>enable

Switch# The prompt has changed from “>” to “#”. if you see “#” after
the hostname you are in Privilege mode

To get back from privilege mode to user exec mode use the command
disable

Switch#disable

Switch>

To get into global configuration mode use the following commands

Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# This prompt indicates global configuration mode

To get into specific interface mode use the following commands

Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface Fastethernet 0/1
Switch(config-if)#

Let’s add some description to the interface fastethernet 0/1 –


indicating that Host1 is connected to this interface. We do this from
the specific interface mode

Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface Fastethernet 0/1
Switch(config-if)#description Host1

Check out this description in running configuration using the command


“show running configuration”

Switch#show running-config
Building configuration...
12

Current configuration : 130 bytes


!
interface FastEthernet0/1
description Host1
no ip address
end (irrelevant output omitted)

Let’s see some more basic show commands. (All show commands work only
in privilege mode)

To view details of interfaces/particular interface use


“show interfaces” (or) “show interfaces <interface type interface id>
e.g.
Switch#show interfaces Fa 0/1
FastEthernet0/1 is down, line protocol is down
Hardware is FastEthernet,address is 000d.ed5b.49c1(bia 000d.ed5b.49c1)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
<output omitted>

We can also observe that it’s sufficient to use the first few letters
of the keyword Fastethernet – once these letters identify the unique
command, the balance letters needn’t be typed !

Switch#show interface vlan 1


Vlan1 is administratively down, line protocol is down
Hardware is CPUInterface,address is 000d.ed5b.49c0(bia 000d.ed5b.49c0)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
<output omitted>

Switch#Show spanning-tree
No spanning tree instances exist.

Following is the command to see the current device configuration which


is in the RAM.

Switch#show running-config
Building configuration...
Current configuration : 866 by
version 12.1
!
hostname Switch
!
interface FastEthernet0/1
description Host1
no ip address
<output omitted>
!
interface FastEthernet0/12
no ip address
!
interface Vlan1
no ip address
no ip route-cache
13

shutdown
!
line con 0
line vty 5 15
!
End

Switch#Show startup-config
Building configuration...
Current configuration : 866 bytes
!
version 12.1
!
hostname Switch
!
!
interface FastEthernet0/1
description Host1
no ip address
!
!
interface FastEthernet0/12
no ip address
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
line con 0
line vty 5 15
!
end

Another interesting command to view the connectivity status of various


interfaces is “show interface status”

Switch#show interface status

Port Name Status Vlan Duplex Speed Type


Fa0/1 Host1 connected 1 a-half a-10 10/100BaseTX
Fa0/2 notconnect 1 auto auto 10/100BaseTX
Fa0/3 notconnect 1 auto auto 10/100BaseTX
Fa0/4 notconnect 1 auto auto 10/100BaseTX
Fa0/5 notconnect 1 auto auto 10/100BaseTX
Fa0/6 notconnect 1 auto auto 10/100BaseTX
Fa0/7 notconnect 1 auto auto 10/100BaseTX
Fa0/8 notconnect 1 auto auto 10/100BaseTX
Fa0/9 notconnect 1 auto auto 10/100BaseTX
Fa0/10 notconnect 1 auto auto 10/100BaseTX
Fa0/11 notconnect 1 auto auto 10/100BaseTX
Fa0/12 notconnect 1 auto auto 10/100BaseTX

Now, let’s see the content of the mac-address-table of our switch -


after disconnecting all connected computers (no devices connected to
any interface of the switch) – using the “show mac-address-table”
command
14

Switch#show mac-address-table
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----

No entries are seen! Let’s connect a host (computer) to port no. 1 and
generate some traffic from it.

As soon as we connect the host to the switch in the port 1 the


following message can be observed on the screen

02:18:06:%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up


02:18:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/1, changed state to up

To generate traffic (for the switch to learn from source address of


frame) we’ll ping from the host to some IP address & then execute the
show mac-address-table command again.

Switch2950#sh mac-address-table
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0040.33a0.4bc7 Dynamic Fa0/1

Total Mac Addresses for this criterion: 1

The above table reveals the mac address of the host connected to
interface fa0/1. It also reveals that this is a dynamically learnt
entry.

If 2 switches are interconnected directly to each other (cascading)


let’s see what happens. We shall use this simple diagram for better
understanding.

F0/12 F0/12

Switch A Switch B

F0/1 F0/2 F0/1 F0/2

0000.0000.0002 0000.0000.0001 0000.0000.000A 0000.0000.000B


15

Now we see Switch A’s mac address table as below

SwitchA#sh mac-address-table
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0000.0000.0002 Dynamic Fa0/1
1 0000.0000.0001 Dynamic Fa0/2
1 0000.0000.000A Dynamic Fa0/12
1 0000.0000.000B Dynamic Fa0/12
1 0000.0000.00B1 Dynamic Fa0/12
1 0000.0000.00B2 Dynamic Fa0/12
Total Mac Addresses for this criterion: 6

We observe that this switch reveals the cascaded switch B’s connected
host mac addresses and switch B’s Base Mac address (0000.0000.00B1) &
switch B’s cascade interface Fa0/12 Mac address (0000.0000.00B2) also.
A similar output would be seen for switch B’s mac table (shown below).
The base Mac Address is common for the entire switch while every
interface of the switch has a unique Mac address of its own also.

SwitchB#sh mac-address-table
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0000.0000.000A Dynamic Fa0/1
1 0000.0000.000B Dynamic Fa0/2
1 0000.0000.0001 Dynamic Fa0/12
1 0000.0000.0002 Dynamic Fa0/12
1 0000.0000.00A1 Dynamic Fa0/12
1 0000.0000.00A2 Dynamic Fa0/12
Total Mac Addresses for this criterion: 4

Let’s see what “show interface status” command reveals

SwitchA#show interface status


Port Name Status Vlan Duplex Speed Type
<output omitted>
Fa0/9 notconnect 1 auto auto 10/100BaseTX
Fa0/10 notconnect 1 auto auto 10/100BaseTX
Fa0/11 notconnect 1 auto auto 10/100BaseTX
Fa0/12 Trunk 1 auto auto 10/100BaseTX

SwitchB#show interface status


Port Name Status Vlan Duplex Speed Type
<output omitted>
Fa0/9 notconnect 1 auto auto 10/100BaseTX
Fa0/10 notconnect 1 auto auto 10/100BaseTX
Fa0/11 notconnect 1 auto auto 10/100BaseTX
Fa0/12 Trunk 1 auto auto 10/100BaseTX

It displays the cascade link as TRUNK.

Another interesting command to view various details regarding the


switch’s configuration is “show version”
16

Switch#show version
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 24-Nov-02 23:31 by antonino
Image text-base: 0x80010000, data-base: 0x80562000

ROM: Bootstrap program is CALHOUN boot loader

Switch uptime is 4 hours, 33 minutes


System returned to ROM by power-on
System image file is "flash:/c2950-i6q4l2-mz.121-12c.EA1.bin"

cisco WS-C2950-12 (RC32300) processor (revision K0) with 21002K bytes


of memory.
Processor board ID FOC0739W1K0
Last reset from system-reset
Running Standard Image
12 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.


Base ethernet MAC Address: 00:0D:ED:5B:49:C0
Motherboard assembly number: 73-5782-12
Power supply part number: 34-0965-01
Motherboard serial number: FOC07391MM3
Power supply serial number: PHI073402LD
Model revision number: K0
Motherboard revision number: A0
Model number: WS-C2950-12
System serial number: FOC0739W1K0
Configuration register is 0xF

To save our current configuration from RAM to NVRAM (startup


configuration) we use the command copy running-configuration startup-
configuration (Alternately the “write” command may also be used)

Switch#copy running-config startup-config


Destination filename [startup-config]?
Building configuration...
[OK]

If we want to restart the switch use the following command

Switch#Reload – (used to warm boot the switch)

To clear all the contents of the mac table, use the below command (this
will remove only dynamic entries. Static/Permanent entries will not be
removed).

Switch#clear mac-address-table *

To delete the startup configuration, use

Switch#erase startup-config

To change our switch name to “Switch2950”


17

Switch(config)#hostname Switch2950
Switch2950(config)#

To configure secret (encrypted) password for privilege mode (password


is set as “cisco1” in the below example)

Switch2950(config)#enable secret cisco1

After configuring the secret password let see the output in show
running-config command

Switch2950#show run
Building configuration...
Current configuration : 939 bytes
<output omitted>
hostname Switch2950
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/ (this is how the
encrypted password is seen)
!
<output omitted>
End

To configure enable password for privilege mode

Switch2950(config)#enable password cisco (to configure enable password


for privilege mode)

Switch2950#sh run
Building configuration...
Current configuration : 939 bytes
<output omitted>
hostname Switch2950
!
enable password cisco (our password is in clear text which is in
readable format)
!
<output omitted>
end

To configure the console password, the following is the sequence.

Switch2950(config)#line console 0
Switch2950(config-line)#login
% Login disabled on line 0, until 'password' is set
Switch2950(config-line)#password cisco

show running-config reveals

Switch#show running-config
!
line con 0
password cisco
login
!
<Out put omitted>
18

If we restart / relogin into the switch, it asks for the password in


the beginning itself

Switch2950 con0 is now available

Press RETURN to get started.

User Access Verification

Password: (here we have to supply the console 0 password to get into


user exec mode)

Let’s observe the whole running-config output

Switch# show running-config


Building configuration...

Current configuration : 1154 bytes


!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/
enable password cisco
!
ip subnet-zero
!
!
interface FastEthernet0/1
description Host1
no ip address
!
interface FastEthernet0/2
no ip address
!
interface FastEthernet0/3
no ip address
!
interface FastEthernet0/4
no ip address
!
interface FastEthernet0/5
no ip address
!
interface FastEthernet0/6
no ip address
!
interface FastEthernet0/7
no ip address
!
interface FastEthernet0/8
19

no ip address
!
interface FastEthernet0/9
no ip address
!
interface FastEthernet0/10
no ip address
!
interface FastEthernet0/11
no ip address
!
interface FastEthernet0/12

!
interface Vlan1
no ip address
shutdown
!
ip http server
!
!
line con 0
password cisco
login
line vty 0 4
line vty 5 15
!
End

Note: if both secret and enable passwords exist, only secret will be
used to get into privilege mode.

Let’s say we have some remote administrators who’ll logon into this
switch remotely. (They can do so because Cisco switches run terminal
services). However, setting the vty password is a must for telnet
access & this is how we do it.

Lets start configuring the VTY sessions

Switch2950(config)#line vty 0 15
Switch2950(config-line)#login
% Login disabled on line 1, until 'password' is set
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
% Login disabled on line 6, until 'password' is set
% Login disabled on line 7, until 'password' is set
% Login disabled on line 8, until 'password' is set
% Login disabled on line 9, until 'password' is set
% Login disabled on line 10, until 'password' is set
% Login disabled on line 11, until 'password' is set
% Login disabled on line 12, until 'password' is set
% Login disabled on line 13, until 'password' is set
% Login disabled on line 14, until 'password' is set
% Login disabled on line 15, until 'password' is set
% Login disabled on line 16, until 'password' is set
20

This reveals that 16 simultaneous telnet sessions are possible! we have


to configure the password to enable all these 16 sessions
Switch2950(config-line)#password cisco
Switch2950(config-line)#

This config alone is not sufficient for telnetting. We need to define


an IP address to the switch and only then telnet is possible. Where do
we configure an IP address in the switch ?

Switch2950>enable
Switch2950#configure terminal
Switch2950(config)#interface vlan 1
Switch2950(config-if)#ip address 1.1.1.1 255.0.0.0 (this is the command
to configure ip address for an interface).

So, we configure the IP address to VLAN1 (we’ll learn more about vlan
later).

Switch2950(config-if)#no shutdown (after assigning the ip address we


have enable the interface using the “NO SHUTDOWN” command). We will be
able to see the below message.

01:33:27: %LINK-3-UPDOWN: Interface Vlan1, changed state to up


01:33:29: %LINK-3-UPDOWN: Interface Vlan1, Line Protocol changed state
to up

Let’s now see how we can control the speed & Duplex operation of the
switch

Switch2950(config)#interface fastethernet 0/1


Switch2950(config-if)#duplex half

Note : Duplex will not be set until speed is set to non-auto value

Switch2950(config-if)#speed 10
Switch2950(config-if)#duplex half

Now check the out put in show interface status command


Switch#show interface status

Port Name Status Vlan Duplex Speed Type


Fa0/1 Host1 connected 1 half 10 10/100BaseTX
Fa0/2 notconnect 1 auto auto 10/100BaseTX
Fa0/3 notconnect 1 auto auto 10/100BaseTX
Fa0/4 notconnect 1 auto auto 10/100BaseTX
Fa0/5 notconnect 1 auto auto 10/100BaseTX
Fa0/6 notconnect 1 auto auto 10/100BaseTX
Fa0/7 notconnect 1 auto auto 10/100BaseTX
Fa0/8 notconnect 1 auto auto 10/100BaseTX
Fa0/9 notconnect 1 auto auto 10/100BaseTX
Fa0/10 notconnect 1 auto auto 10/100BaseTX
Fa0/11 notconnect 1 auto auto 10/100BaseTX
Fa0/12 notconnect 1 auto auto 10/100BaseTX
21

Had the switch auto negotiated, the output would have been
Port Name Status Vlan Duplex Speed Type
Fa0/1 Host1 connected 1 a-half a-10 10/100BaseTX
Fa0/2 notconnect 1 auto auto 10/100BaseTX
Fa0/3 notconnect 1 auto auto 10/100BaseTX
Fa0/4 notconnect 1 auto auto 10/100BaseTX
Fa0/5 notconnect 1 auto auto 10/100BaseTX
Fa0/6 notconnect 1 auto auto 10/100BaseTX
Fa0/7 notconnect 1 auto auto 10/100BaseTX
Fa0/8 notconnect 1 auto auto 10/100BaseTX
Fa0/9 notconnect 1 auto auto 10/100BaseTX
Fa0/10 notconnect 1 auto auto 10/100BaseTX
Fa0/11 notconnect 1 auto auto 10/100BaseTX
Fa0/12 notconnect 1 auto auto 10/100BaseTX

a-half a-10 means auto negotiated with connected device to half


duplex & 10 Mbps.

PORT SECURITY : Let’s now learn how switch interfaces can be configured
to allow connectivity only for pre-defined hosts (based on their Mac-
Addresses). This is done on a per interface basis.

Before configuring port security for the interfaces, let’s see the
output of “show port-security” command

Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Total Addresses in System : 0
Max Addresses limit in System : 1024

Now let’s configure port security for interface Fa 0/1 – only system
with mac id 0000.0000.a111 should be allowed connectivity – any other
device connection to this interface should result in the interface
shutting down.

Manual port security


Switch2950(config)#interface fastethernet 0/1
Switch2950(config-if)#switchport mode access
Switch2950(config-if)#switchport port-security
Switch2950(config-if)#switchport port-security mac-address
0000.0000.A111

See the output in show running-config & show port-security

Switch2950#sh run
Building configuration...
Current configuration : 1089 bytes
!
hostname Switch2950
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/
enable password cisco
!
!
22

interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.A111
no ip address
duplex half
speed 10
<output omitted>

Switch2950#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
-----------------------------------------------------------------------
Fa0/1 1 1 0 Shutdown
-----------------------------------------------------------------------
Total Addresses in System : 0
Max Addresses limit in System : 1024

We can also ask the switch to auto-learn the mac address of the
connected host using the keyword “sticky”

Switch2950(config)#interface fastethernet 0/2


Switch2950(config-if)#switchport mode access
Switch2950(config-if)#switchport port-security
Switch2950(config-if)#switchport port-security mac-address sticky

After configuring sticky if any traffic comes to the interface


fastethernet 0/2 of the switch will learn the mac-address and secure
it.

Switch2950#show running-config
Building configuration...
Current configuration : 1089 bytes
!
hostname Switch2950
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/
enable password cisco
!
!
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address 0000.0000.A112
no ip address
<output ommitted>

Switch2950#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
-----------------------------------------------------------------------
Fa0/1 1 1 0 Shutdown
Fa0/2 1 1 0 Shutdown
-----------------------------------------------------------------------
Total Addresses in System : 0
Max Addresses limit in System : 1024
23

By default, only one mac-address will be locked to the interface – this


can be changed as demonstrated below.

Increasing the maximum count of mac-address secured for the interface

Switch2950(config)#interface fastethernet 0/3


Switch2950(config-if)#switchport mode access
Switch2950(config-if)#switchport port-security
Switch2950(config-if)#switchport port-security maximum 4 <0-132>

Switch2950#sh run
Building configuration...
Current configuration : 1089 bytes
!
hostname Switch2950
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/
enable password cisco
!
interface FastEthernet0/3
switchport mode access
switchport port-security
switchport port-security maximum 4
no ip address
<output omitted>

Switch2950#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
-----------------------------------------------------------------------
Fa0/1 1 1 0 Shutdown
Fa0/2 1 1 0 Shutdown
Fa0/3 4 0 0 Shutdown
-----------------------------------------------------------------------
Total Addresses in System : 0
Max Addresses limit in System : 1024

The security action is shutdown by default & we can change this among
one of 3 modes.

Shutdown (default) - if violation happens interface will shutdown


automatically
Protect (don’t log) - if violation happens interface won’t shutdown,
won’t allow for communication, won’t log any error
Restrict (do log) - if violation happens interface won’t shutdown but
no communication will be allowed & an alert would be sent / SNMP trap
sent.

The configuration may be done as shown below.

Switch2950(config)#interface fastethernet 0/4


Switch2950(config-if)#switchport mode access
Switch2950(config-if)#switchport port-security
Switch2950(config-if)#switchport port-security violation shutdown /
protect / restrict

If we chose protect
24

Switch2950#sh run
Building configuration...
Current configuration : 1089 bytes
!
hostname Switch2950
!
enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/
enable password cisco
!
interface FastEthernet0/4
switchport mode access
switchport port-security
switchport port-security violation protect
switchport port-security mac-address 0000.0000.A131
no ip address
<output omitted>

Switch2950#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
-----------------------------------------------------------------------
Fa0/1 1 1 0 Shutdown
Fa0/2 1 1 0 Shutdown
Fa0/3 4 0 0 Shutdown
Fa0/4 1 0 0 Protect
-----------------------------------------------------------------------
Total Addresses in System : 0
Max Addresses limit in System : 1024

Spanning-tree protocol - L et’s n ext d o som e b asic ob servation on S T P


F0/11 F0/11

Switch A Switch B

1000.0000.000A 0000.0000.000A
With reference to the above diagram, the Root Bridge is Switch B
because it has the lowest mac-address 0000.0000.000A. Switch A will be
the non-root bridge. Let’s see the output of show spanning-tree command
now.

SwitchB#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0000.0000.000A
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address 0000.0000.000A
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
25

Interface Port ID Designated Port ID


Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr
------------ -------- --------- --- ------ --------------------------
Fa0/11 128.1 100 FWD 0 32769 1000.0000.000A 128.1

SwitchA#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0000.0000.000A
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address 1000.0000.000A
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Port ID Designated Port ID


Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr
----------- -------- --------- --- --------- -------------------- -----
Fa0/11 128.1 100 FWD 0 32769 0000.0000.000A 128.1

The next major topic we would like to see is VLAN.

The output of “show vlan” command when no vlans are configured is

Switch2950#show vlan
VLAN Name Status Ports
---- ------------------------ --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Tran1 Tran2
---- ----- ------ ---- ------ ------ -------- --- ------- ----- -----
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs


-----------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- -----------------------------------

We can observe that all the interfaces are associated with the default
VLAN1.

Now let’s get on to creating STATIC VLANs & define port associations.
Two possibilities exist. One from the privilege mode (using VLAN
Database) & the second from global config mode.
26

Creating vlan using “vlan database” method

Switch2950#vlan database
Switch2950(vlan)#vlan 2 name CCNA – creating VLAN with id 2 & name CCNA
VLAN 2 added:
Name: CCNA
Switch2950(vlan)#apply – to save the configuration
APPLY completed.
Switch2950(vlan)#exit – implicit save & exit
APPLY completed.
Exiting....

Using “^Z” will not save the config & we will also exit from vlan
database.

After Vlan is created see the output of “show vlan” command

Switch2950#show vlan

VLAN Name Status Ports


---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
2 CCNA active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
<output omitted>

Assigning vlan membership – let’s make interface fa0/4 a member of Vlan


2

Switch2950(config)#int fastEthernet 0/4


Switch2950(config-if)#switchport mode access
Switch2950(config-if)#switchport access vlan 2
Switch2950(config-if)# ^z

Interface 4 is now assigned to vlan 2

Switch2950#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12
2 CCNA active Fa0/4
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
<output omitted>

You are seeing the output from show run command after assigning the
membership for the interface 4

Switch2950#show run
Building configuration...
27

!
Current configuration : 98 bytes
!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
no ip address
end

Let’s repeat the above using the second method - Creating vlan using
global configuration mode

Switch2950#configure terminal
Switch2950(config)#vlan 3
Switch2950(config-vlan)#name CCNP
Switch2950(config-vlan)#exit

Output of show vlan command after creating vlan 3 in global


configuration mode
Switch2950#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12
2 CCNA active Fa0/4
3 CCNP active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

We can see that the outcome is the same wherever we create the VLAN
from.

If we wanted to know the VTP Domain name, version used, VTP switch
mode, we use the command “show vtp status”

Switch2950#show vtp status


VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 64
Number of existing VLANs : 6
VTP Operating Mode : Server
VTP Domain Name : Null
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled

Let’s change the switch mode to CLIENT.

Switch2950#vlan database
Switch2950(vlan)#vtp client
Setting device to VTP CLIENT mode.

The same task using global configuration mode -

Switch2950#configure terminal
28

Switch2950(config)#vtp mode Server / Client / Transparent

Switch2950#show vtp status


VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 64
Number of existing VLANs : 6
VTP Operating Mode : Client
VTP Domain Name : Null
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled

Now we are going to change vtp domain name from “Null” to “Cisco” using
vlan database method

Switch2950#vlan database
Switch2950(vlan)#vtp domain Cisco
Changing VTP domain name from Null to Cisco
Switch2950(vlan)#exit
APPLY completed.
Exiting....

Same task using global configuration mode

Switch2950#configure terminal
Switch(config)#vtp domain Cisco
Changing VTP domain name from Null to Cisco

Switch2950#show vtp status


VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 6
VTP Operating Mode : Server
VTP Domain Name : Cisco
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
29

Let’s see how mac address table reflects the vlan configuration in the
below case.

F0/12 F0/12

Switch A Switch B

F0/1 F0/2 F0/1 F0/2

0000.0000.0002 0000.0000.0001 0000.0000.000A 0000.0000.000B

Vlan 1

Vlan 2
Switch A & B’s mac address table & interface status reveal -

SwitchA#sh mac-address-table
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0000.0000.0002 Dynamic Fa0/1
2 0000.0000.0001 Dynamic Fa0/2
1 0000.0000.000A Dynamic Fa0/12
2 0000.0000.000B Dynamic Fa0/12

<other entries omitted>

SwitchB#sh mac-address-table
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0000.0000.000A Dynamic Fa0/1
2 0000.0000.000B Dynamic Fa0/2
1 0000.0000.0001 Dynamic Fa0/12
1 0000.0000.0002 Dynamic Fa0/12

<other entries omitted>


30

SwitchA#show interface status


Port Name Status Vlan Duplex Speed Type
Fa0/1 connected 1 full 100 10/100BaseTX
Fa0/2 connected 2 full 100 10/100BaseTX
Fa0/3 notconnect 1 auto auto 10/100BaseTX
Fa0/4 notconnect 1 auto auto 10/100BaseTX
Fa0/5 notconnect 1 auto auto 10/100BaseTX
Fa0/6 notconnect 1 auto auto 10/100BaseTX
Fa0/7 notconnect 1 auto auto 10/100BaseTX
Fa0/8 notconnect 1 auto auto 10/100BaseTX
Fa0/9 notconnect 1 auto auto 10/100BaseTX
Fa0/10 notconnect 1 auto auto 10/100BaseTX
Fa0/11 notconnect 1 auto auto 10/100BaseTX
Fa0/12 Trunk 1 auto auto 10/100BaseTX

SwitchB#show interface status


Port Name Status Vlan Duplex Speed Type
Fa0/1 connected 1 full 100 10/100BaseTX
Fa0/2 connected 2 full 100 10/100BaseTX
Fa0/3 notconnect 1 auto auto 10/100BaseTX
Fa0/4 notconnect 1 auto auto 10/100BaseTX
Fa0/5 notconnect 1 auto auto 10/100BaseTX
Fa0/6 notconnect 1 auto auto 10/100BaseTX
Fa0/7 notconnect 1 auto auto 10/100BaseTX
Fa0/8 notconnect 1 auto auto 10/100BaseTX
Fa0/9 notconnect 1 auto auto 10/100BaseTX
Fa0/10 notconnect 1 auto auto 10/100BaseTX
Fa0/11 notconnect 1 auto auto 10/100BaseTX
Fa0/12 Trunk 1 auto auto 10/100BaseTX

To view trunk details we use the commands “show interface <interface


id> trunk” & “show interface <interface id> switchport”

SwitchA#show interface fastethernet 0/12 switchport


Name: Fa0/12
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: dynamic
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)

We can even configure the mac-address statically. The following command


is used.

SwitchA(config)#mac-address static 0000.0000.AAAA vlan 3 interface


fastEthernet 0/11

Then our mac-address table looks like this

SwitchA#sh mac-address-table
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0000.0000.000A Dynamic Fa0/1
2 0000.0000.000B Dynamic Fa0/2
3 0000.0000.AAAA Static Fa0/11
1 0000.0000.0001 Dynamic Fa0/12
31

1 0000.0000.0002 Dynamic Fa0/12

Total Mac Addresses for this criterion: 5


32

Routing
33

Static Routes

There are actually two ways that a router can learn a static route.
First, a router will look at its active interfaces, examine the
addresses configured on the interfaces and determine the corresponding
network numbers, and populate the routing table with this information.
This is commonly called a connected route.

The following example shows the routing table of a Router whose


Ethernet 0 interface has been configured with an IP Address 10.0.0.1 &
Serial 0 with 192.168.1.1. To view the Routing table, use the command
“show ip route”

Router_1#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –


BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is not set

C 10.0.0.0/8 is directly connected, Ethernet0


C 192.168.1.0/24 is directly connected, Serial0

Explanation of the Routing Table Entries :

The top portion of the display for this command has a table of codes.
These codes, which describe a type of route that may appear in the
routing table, are shown in the first column at the bottom part of the
display.

“C” represents that it’s a directly connected network.


This is followed by Network ID & to which interface that network is
connected.

In 10.0.0.0/8, the “/8” represents the subnet mask – 255.0.0.0

Note : If we hadn’t configured any IP address on the router, there


would be no entries in the routing table – it would have been empty.
34

The second way is when we manually configure it. A static route is a


manually configured route on the router. Consider the below network
with IP addresses configured as shown.

192.168.1.1 172.16.0.1
S0 172.16.0.2
S0 192.168.1.2
S1 S1
R1 R2 R3
E0 E0 E0
10.0.0.1 20.0.0.1 30.0.0.1

Static Route Configuration

To configure a static route for IP, use one of these two commands:

Router(config)#ip route <Dest_Net_ID><subnet_mask><next_hop IP_address>

-or-

Router(config)#ip route <Dest_Net_ID>< subnet_mask>< interface_to_exit>

The first parameter that you must specify is the destination network
number.

After the subnet mask parameter, you have two ways to specify how to
reach the destination network:

(i)By specifying the next hop neighbor’s IP address (safe to use this
– as this is suitable for all environments)

or

(ii)The router’s specific exit interface to reach a destination


network. (Use this method if it is a point-to-point link only). In this
instance, you must specify the name of the interface on the router,
like serial0.

Here below is the configuration of Router R1 with the next hop


neighbor’s IP address.

R1#sh run
Building configuration...

Current configuration : 908 bytes

version 12.2

(irrelevant output omitted)


35

interface Ethernet0
ip address 10.0.0.1 255.0.0.0
!
interface Serial0
ip address 192.168.1.1 255.255.255.0
no fair-queue
clockrate 64000
!
ip route 20.0.0.0 255.0.0.0 192.168.1.2
ip route 30.0.0.0 255.0.0.0 192.168.1.2
ip route 172.16.0.0 255.255.0.0 192.168.1.2
ip http server
!
line con 0
transport input none
line aux 0
!
end

The following shows the routing table of a Router (R1 – the leftmost
Router) with Static Routes configured.

R1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is not set

S 20.0.0.0/8 [1/0] via 192.168.1.2


S 172.16.0.0/16 [1/0] via 192.168.1.2
C 10.0.0.0/8 is directly connected, Ethernet0
C 192.168.1.0/24 is directly connected, Serial0
S 30.0.0.0/8 [1/0] via 192.168.1.2

This shows additional entries (configuration discussed next) with “S” –


representing manually configured static routes.

Consider the entry - S 20.0.0.0/8 [1/0] via 192.168.1.2

Two values in “[1 / 0]” represent the Administrative Distance (AD) &
Metric value respectively (details discussed in separate section).
Suffice to remember that the first value is the AD value and its
default value is “1” for a static route. The next value indicates the
metric & the default value of a statically configured route is always
“0”.

via 192.168.1.2 represents the gateway address, i.e. the next router’s
interface IP address – this is the interface through which the data has
to travel from R1 to reach destination Network 20.0.0.0 (which is
connected to router R2).
36

Here below is the configuration of Router R2 with the exit interface


configuration.

R2#sh run
Building configuration...
Current configuration : 654 bytes
(irrelevant output omitted)
!
interface Ethernet0
ip address 20.0.0.1 255.0.0.0
!
interface Serial0
ip address 172.16.0.1 255.255.0.0
clockrate 64000
!
interface Serial1
ip address 192.168.1.2 255.255.255.0
!
no ip http server
ip classless
ip route 10.0.0.0 255.0.0.0 Serial1
ip route 30.0.0.0 255.0.0.0 172.16.0.2
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
!
end

The following table shows the routing table of R2

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2 ia - IS-IS inter area, * - candidate default, U - per-
user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 20.0.0.0/8 is directly connected, Ethernet0


C 172.16.0.0/16 is directly connected, Serial0
S 10.0.0.0/8 is directly connected, Serial1
C 192.168.1.0/24 is directly connected, Serial1
S 30.0.0.0/8 [1/0] via 172.16.0.2

In this example, there are three connected routes, and two static
routes. The static route (10.0.0.0) is treated as a directly connected
route, since it was created by specifying the interface to exit the
router – “SERIAL1”.
37

BACKUP ROUTE

While configuring static route, optionally you can change the


administrative distance of a static route. If you omit this value, it
will have one of two defaults, depending on the configuration of the
previous parameter. If you specified the next hop neighbor’s IP
address, then the administrative distance defaults to 1. If you
specified the interface on the router it should use to reach the
destination, the router treats the route as a connected route and
assigns an administrative distance of 0 to it.

Please note that you can create multiple static routes to the same
destination. For instance, you might have primary and backup paths to
the destination. For the primary path, use the default administrative
distance value. For the backup path, use a number higher than this,
such as 2. Once you have configured a backup path, the router will use
the primary path, and if the interface on the router fails for the
primary path, the router will use the backup route.

The configuration of Router R3 with the interface the router should


exit to reach the destination network with a administrative distance
value of 2 and also with the next hop neighbor’s IP address pointing to
Router R2.

192.168.1.1
S0 172.16.0.2
192.168.1.2 172.16.0.1
S0 S1
S1
R1 R2 S1 R3
200.0.0.1 S0
E0 E0 E0
200.0.0.2
10.0.0.1 20.0.0.1 30.0.0.1

R3#sh run
Building configuration...
Current configuration : 725 bytes
!
version 12.2
!
enable password cisco
(irrelevant output omitted)

!
interface Ethernet0
ip address 30.0.0.1 255.0.0.0
duplex auto
speed auto
!
interface Serial0
ip address 172.16.0.2 255.255.0.0
!
interface Serial1
ip address 200.0.0.2 255.255.255.0
38

!
ip route 20.0.0.0 255.0.0.0 172.16.0.1
ip route 20.0.0.0 255.0.0.0 Serial0 2
ip http server
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
!
end

The following example shows the routing table of R3

R3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is not set

S 20.0.0.0/8 [1/0] via 172.16.0.1


C 172.16.0.0/16 is directly connected, Serial1
C 200.0.0.0/24 is directly connected, Serial0
C 30.0.0.0/8 is directly connected, Ethernet0

Mark here that even though we have configured 20.0.0.0 network with the
outgoing interface Serial0 , it has not been populated in the routing
table because of higher Administrative Distance number.

172.16.0.1 172.16.0.2
S0 S1
R2 R3
E0 E0
20.0.0.1 30.0.0.1

Default Route Configuration


A default route is a special type of static route. Where a static route
specifies a path a router should use to reach a specific destination, a
default route specifies a path the router should use if it doesn’t know
39

how to reach the destination. Sometimes this is also referred to as a


“gateway of last resort”.

Note that if a router does not have any path in its routing table
telling it how to reach a destination, and the router receives a packet
destined for this network, the router will drop the packet. Therefore,
a default route can serve as a catch-all: if there is no specific path
to the destination, the router will use the default route to reach it.

To set up a default route, use the following syntax for a static route:

Router(config)#ip route 0.0.0.0 0.0.0.0 IP_address_of_next_hop_neighbor

-or-

Router(config)# ip route 0.0.0.0 0.0.0.0 interface_to_exit

The network number of 0.0.0.0/0 represents all networks, and a mask of


all 0’s in the bit position represents all hosts in the specified
network.

The configuration of Router R3 with a default route is shown below.

R3#sh run
Building configuration...
(irrelevant output omitted)
interface Ethernet0
ip address 30.0.0.1 255.0.0.0
duplex auto
speed auto
!
interface Serial1
ip address 172.16.0.2 255.255.0.0
!
ip route 0.0.0.0 0.0.0.0 Serial1
line con 0

!
end

The following table shows the routing table of R3

R3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is Serial0 to network 0.0.0.0

C 172.16.0.0/16 is directly connected, Serial0


C 30.0.0.0/8 is directly connected, Ethernet0
S* 0.0.0.0/0 [1/0] via Serial0
40

RIP
We shall have a simple setup to learn how RIP routing is enabled and
also try to find out what happens dynamically when a network change
occurs.

In this exercise, to emulate connected networks, we’ll create “virtual


interfaces” called loopback interfaces. We’ll identify and configure
clockrate on DCE interfaces. We’ll verify our IP configuration using
the “show ip interface brief” command & finally enable RIP routing
protocol.

1.1.1.1 3.3.3.3
L0
11.0.0.1 L0
11 11.0.0.2
Router1 Serial 1 Router3
2
Serial 0
1. To create a loopback interface use the “interface loopback <id>”
command. This is very similar to a regular interface command – a
loopback automatically gets created.

Create a loopback interface in Router1

Router1(config)#int loopback 0
Router1(config-if)#ip address 1.1.1.1 255.0.0.0
Rotuer1(config-if)#exit

Create a loopback interface in Router3

Rotuer3(config)#int loopback 0
Rotuer3(config-if)#ip address 3.3.3.3 255.0.0.0
Rotuer3(config-if)#exit

2. We also need to identify if the WAN serial interface is a DCE or DTE


using “show controllers serial 0” command because the DCE provides
clocking.

Router1#sh controller s 1
HD unit 0, idb = 0x29A524, driver structure at 0x2A1AE8
buffer size 1524 HD unit 0, V.35 DTE cable
cpb = 0xE1, eda = 0x4940, cda = 0x4800
RX ring with 16 entries at 0xE14800
00 bd_ptr=0x4800 pak=0x2A5AFC ds=0xE1ECC8 status=00 pak_size=0
01 bd_ptr=0x4814 pak=0x2A584C ds=0xE1E60C status=00 pak_size=0
02 bd_ptr=0x4828 pak=0x2A559C ds=0xE1DF50 status=00 pak_size=0
03 bd_ptr=0x483C pak=0x2A52EC ds=0xE1D894 status=00 pak_size=0
04 bd_ptr=0x4850 pak=0x2A503C ds=0xE1D1D8 status=00 pak_size=0

<output omitted>

Rotuer3#show controllers serial 0


HD unit 0, idb = 0x2A1B80, driver structure at 0x2A9140
41

buffer size 1524 HD unit 0, V.35 DCE cable


cpb = 0xE2, eda = 0x2940, cda = 0x2800
RX ring with 16 entries at 0xE22800
00 bd_ptr=0x2800 pak=0x2AD158 ds=0xE2C60C status=80 pak_size=0
01 bd_ptr=0x2814 pak=0x2ACEA8 ds=0xE2BF50 status=80 pak_size=0
02 bd_ptr=0x2828 pak=0x2ACBF8 ds=0xE2B894 status=80 pak_size=0
03 bd_ptr=0x283C pak=0x2AC948 ds=0xE2B1D8 status=80 pak_size=0
04 bd_ptr=0x2850 pak=0x2AC698 ds=0xE2AB1C status=80 pak_size=0

<output omitted>

The above reveals that Router3’s serial interface is the DCE end &
implies that we need to configure the clockrate on Router3’s S0
interface using the “clock rate <value>” command.

Router3(Config-if)#clock rate 64000

We can also view the enabled ROUTED PROTOCOL using “show protocols”
command.
(This reveals that IP is enabled).

Rotuer3#show protocols
Global values:
Internet Protocol routing is enabled
Ethernet0 is administratively down, line protocol is down
Ethernet1 is administratively down, line protocol is down
Loopback0 is up, line protocol is up
Internet address is 3.3.3.3/8
Serial0 is up, line protocol is up
Internet address is 11.0.0.2/8
Serial1 is administratively down, line protocol is down

When no routing protocol is configured, the Routing table displays


directly connected routes only (after configuring serial interface ip
address also).

Router3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area * - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 3.0.0.0/8 is directly connected, Loopback0


C 11.0.0.0/8 is directly connected, Serial0

3. Another useful command (to view various interface status) is the


“show ip interface brief”.

Router1#show ip interface brief

Interface IP-Address OK? Method Status Protocol


42

Ethernet0 unassigned YES NVRAM administratively down down


Loopback0 1.1.1.1 YES manual up up
Serial0 unassigned YES NVRAM administratively down down
Serial1 11.0.0.1 YES manual up up

The “method” column tells us whether the interface configuration was


taken from NVRAM (startup-config) or was manually configured by the
administrator. The status & Protocol reveal the link (connected
network) status.

If status shows as up, the link is OK. If it shows as down, the network
is down. If it’s administratively down, it means that the network has
been manually shut down using the “shutdown” command. If protocol shows
as down, it means that the line protocol is not properly configured.
Typically either the encapsulation or the clock rate is not configured
properly.

ENABLING RIP PROTOCOL


Let’s now enable the RIP Routing Protocol using “Router RIP” command &
publish directly connected Networks using “Network <Network id>”
command

Router3(config)#router rip
Router3(config-router)#Network 3.0.0.0
Router3(config-router)#Network 11.0.0.0
Router3(config-router)#end
Router3#

Let’s see if the above 3 configurations are reflected in the running-


config output…

Router3#show running-config
Building configuration...

Current configuration : 769 bytes


!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router3
!
logging rate-limit console 10 except errors
enable password cisco
!
ip subnet-zero
no ip finger
!
no ip dhcp-client network-discovery
!
interface Loopback0
ip address 3.3.3.3 255.0.0.0
!
interface Ethernet0
43

no ip address
shutdown
!
interface Ethernet1
no ip address
shutdown
!
interface Serial0
ip address 11.0.0.2 255.0.0.0
clockrate 64000 <DCE interface>
!
interface Serial1
no ip address
shutdown
!
router rip
network 3.0.0.0
network 11.0.0.0
!
ip kerberos source-interface any
ip classless
ip http server
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end

similarly in Router1,

Router1(config)#router rip
Router1(config-router)#network 1.0.0.0
Router1(config-router)#network 11.0.0.0
Router1(config-router)#end

Router1#show running-config
Building configuration...

hostname Router1
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
no ip address
shutdown
!
interface Serial1
ip address 11.0.0.1 255.0.0.0
44

!
router rip
network 1.0.0.0
network 11.0.0.0
!
end

<output omitted>

We are clearly able to see the configuration changes in the running-


config of both the routers. If we view Router1's routing table, we’ll
be able to see what routes have been learnt through RIP.

Router1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 1.0.0.0/8 is directly connected, Loopback0


R 3.0.0.0/8 [120/1] via 11.0.0.2, 00:00:05, Serial1
C 11.0.0.0/8 is directly connected, Serial1

Consider the second entry of the routing table

“R” represents RIP learnt routes


“[120/1]” represents AD value of 120 for RIP & hop count of 1 to reach
network 3.0.0.0
“via 11.0.0.2” denotes the gateway and also specifies that it is
reachable through router1's Serial 1 interface.

Router3's routing table displays similar entries

Rotuer3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area * - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

R 1.0.0.0/8 [120/1] via 11.0.0.1, 00:00:00, Serial0


C 3.0.0.0/8 is directly connected, Loopback0
C 11.0.0.0/8 is directly connected, Serial0

To view more details regarding the configured Routing Protocol (RIP in


our case), let's use the “show ip protocols” command.
45

This will display routing protocol details along with certain


parameters like timers, default AD value, routed networks, RIP version
etc
Router3#sh ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 2 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Triggered RIP Key-chain
Loopback0 1 1 2
Serial0 1 1 2
Automatic network summarization is in effect
Routing for Networks:
3.0.0.0
11.0.0.0
Routing Information Sources:
Gateway Distance Last Update
11.0.0.1 120 00:00:17
Distance: (default is 120)

Router1#sh ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 24 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
(Displays various timer values)
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
(Configured RIP Version is 1)
Interface Send Recv Triggered RIP Key-chain
Loopback0 1 1 2
Serial1 1 1 2
Automatic network summarization is in effect
Routing for Networks: (Displays networks published)
1.0.0.0
11.0.0.0
Routing Information Sources:
Gateway Distance Last Update
11.0.0.2 120 00:00:16
Distance: (default is 120) (Displays default AD value)

To view what information is exchanged between routers running RIP,


let's debug the RIP's operation using debug ip rip command

Rotuer3#debug ip rip
RIP protocol debugging is on
Rotuer3#
01:05:49: RIP: received v1 update from 11.0.0.1 on Serial0
(V1 represents version 1)
01:05:49: 1.0.0.0 in 1 hops (This is what is received from router1)
01:05:59: RIP: sending v1 update to 255.255.255.255 via Loopback0 (3.3.3.3)
(Broadcast update sent)
01:05:59: RIP: build update entries
46

01:05:59: network 1.0.0.0 metric 2 (metric refers to hop count)


01:05:59: network 11.0.0.0 metric 1
01:05:59: RIP: sending v1 update to 255.255.255.255 via Serial0 (11.0.0.2)
01:05:59: RIP: build update entries
01:05:59: network 3.0.0.0 metric 1
01:06:18: RIP: received v1 update from 11.0.0.1 on Serial0
(30 sec periodic update)
01:06:18: 1.0.0.0 in 1 hops
01:06:27: RIP: sending v1 update to 255.255.255.255 via Loopback0 (3.3.3.3)
01:06:27: RIP: build update entries
01:06:27: network 1.0.0.0 metric 2
01:06:27: network 11.0.0.0 metric 1
01:06:27: RIP: sending v1 update to 255.255.255.255 via Serial0 (11.0.0.2)
01:06:27: RIP: build update entries
01:06:27: network 3.0.0.0 metric 1
Rotuer3#undebug all (to switch off all debugging)

Observe that full routing table is not sent as updates in all directions –
because of split horizon rule. Let’s see how similar the debug output is in
router1

Router1#debug ip rip
RIP protocol debugging is on
Router1#
01:07:50: RIP: received v1 update from 11.0.0.2 on Serial1
01:07:50: 3.0.0.0 in 1 hops
01:08:05: RIP: sending v1 update to 255.255.255.255 via Loopback0 (1.1.1.1)
01:08:05: RIP: build update entries
01:08:05: network 3.0.0.0 metric 2
01:08:05: network 11.0.0.0 metric 1
01:08:05: RIP: sending v1 update to 255.255.255.255 via Serial1 (11.0.0.1)
01:08:05: RIP: build update entries
01:08:05: network 1.0.0.0 metric 1
01:08:18: RIP: received v1 update from 11.0.0.2 on Serial1
01:08:18: 3.0.0.0 in 1 hops
01:08:33: RIP: sending v1 update to 255.255.255.255 via Loopback0 (1.1.1.1)
01:08:33: RIP: build update entries
01:08:33: network 3.0.0.0 metric 2
01:08:33: network 11.0.0.0 metric 1
01:08:33: RIP: sending v1 update to 255.255.255.255 via Serial1 (11.0.0.1)
01:08:33: RIP: build update entries
01:08:33: network 1.0.0.0 metric 1

Rotuer1#undebug all

To verify the dynamic nature of the routing protocol, let's emulate a


network going down by shutting down the loopback 0 of router1 & observe
the debug output

X 1.1.1.1 3.3.3.3
L0 L0
11.0.0.1
11.0.0.2
Router1 Serial 1 Router3
Serial 0
Router1(config)#int loopback 0
Router1(config-if)#shut
47

Router1(config-if)#
01:21:17: %LINK-5-CHANGED: Interface Loopback0, changed state to
administratively down
Router1#debug ip rip
RIP protocol debugging is on
01:21:17: RIP: sending v1 flash update to 255.255.255.255 via Serial1
(11.0.0.1) (this indicates a Triggered Update)
01:21:17: RIP: build flash update entries
01:21:17: network 1.0.0.0 metric 16
(metric 16 means infinity for RIP – route poisoning)
01:21:19: RIP: received v1 update from 11.0.0.2 on Serial1
01:21:19: 1.0.0.0 in 16 hops (inaccessible)
(“inaccessible” implies that Poison-Reverse message is received from Router3)
01:21:22: RIP: sending v1 update to 255.255.255.255 via Serial1 (11.0.0.1)
01:21:22: RIP: build update entries
01:21:22: network 1.0.0.0 metric 16
Router1(config-if)#^Z

Now this change is also reflected in the routing table – a network


that’s gone down is immediately removed from the routing table.

Router1#sh ip route
01:21:30: %SYS-5-CONFIG_I: Configured from console by consoleroute
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

R 3.0.0.0/8 [120/1] via 11.0.0.2, 00:00:22, Serial1


C 11.0.0.0/8 is directly connected, Serial1

The above experiment reveals that the routers exchange network


connectivity information

(i) During Startup


(ii) Periodically (once in 30 secs)
(iii) Triggered (whenever network changes occur)

We are also able to observe how split horizon functions to ensure


routing updates are not sent in the direction from where they were
learnt.

Route poisoning & poison reverse were also observed.


48

IGRP

1.1.1.1 3.3.3.3
L0
100.0.0.1 L0
11 100.0.0.2
Router1 Serial 1 Router3
2
Serial 0

In this scenario, let’s complete the basic interface configurations,


check the routing table content without configuring the routing
protocol & then proceed with protocol configuration & verification.

A partial running-config output reveals interface configuration

Router1#sh run
Building configuration...

<output omitted>
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial1
ip address 100.0.0.1 255.0.0.0
<output omitted>
!
End

The routing table reveals that the connected networks are up

Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area * - candidate default, U - per-user static route, o –
ODR P - periodic downloaded static route

Gateway of last resort is not set

C 1.0.0.0/8 is directly connected, Loopback0


C 100.0.0.0/8 is directly connected, Serial1

Let’s now configure IGRP routing protocol using

“router igrp <AS number>” command & publish connected networks using
“network <network id>” command.

Router1(config)#router igrp 100 (100 is the Autonomous System)


Router1(config-router)#network 1.0.0.0
49

Router1(config-router)#network 100.0.0.0
(publish directly connected networks)

The running config on routers 1 & 3 now display the protocol


configuration too.

Router1#sh run
Building configuration...

<output omitted>
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
!
interface Serial1
ip address 100.0.0.1 255.0.0.0
!
router igrp 100
network 1.0.0.0
network 100.0.0.0
!
<output omitted>
!
End

Router3(Config)#router igrp 100 (This AS number must be similar on all


the routers)
Router3(Config-router)# network 3.0.0.0
Router3(Config-router)# network 100.0.0.0

Router3#sh run
Building configuration...
Current configuration : 776 bytes
!
<output omitted>
!
interface Loopback0
ip address 3.3.3.3 255.0.0.0
!
interface Serial0
ip address 100.0.0.2 255.0.0.0
clockrate 64000
!
router igrp 100
network 3.0.0.0
network 100.0.0.0
!
<output omitted>
!
end

After configuring IGRP let’s see if the routing tables of Routers 1 & 3
have information about IGRP learnt routes.

Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
50

BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter


area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is not set

C 1.0.0.0/8 is directly connected, Loopback0


C 100.0.0.0/8 is directly connected, Serial1
I 3.0.0.0/8 [100/8976] via 100.0.0.2, 00:00:01, Serial1

Router3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is not set

I 1.0.0.0/8 [100/8976] via 100.0.0.1, 00:01:03, Serial0


C 100.0.0.0/8 is directly connected, Serial0
C 3.0.0.0/8 is directly connected, Loopback0

The I implies that this is an IGRP learnt route.


100 stands for the AD value &
8976 is the metric (composite – BW & Delay)

“sh ip protocols” command gives us other useful information – same as


what we saw for RIP.

Router1#sh ip protocols
Routing Protocol is "igrp 100"
Sending updates every 90 seconds, next due in 37 seconds
Invalid after 270 seconds, hold down 280, flushed after 630
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing: igrp 100
Routing for Networks:
1.0.0.0
100.0.0.0
Routing Information Sources:
Gateway Distance Last Update
100.0.0.2 100 00:00:09
Distance: (default is 100)

Router3#sh ip protocols
Routing Protocol is "igrp 100"
51

Sending updates every 90 seconds, next due in 17 seconds


Invalid after 270 seconds, hold down 280, flushed after 630
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing: igrp 100
Routing for Networks:
3.0.0.0
100.0.0.0
Routing Information Sources:
Gateway Distance Last Update
100.0.0.1 100 00:00:13
Distance: (default is 100)

“Debug ip igrp transactions” command give us details reg the metric,


updates etc

Rotuer3#debug ip igrp transactions


IGRP protocol debugging is on
Rotuer3#
00:29:14:IGRP: received update from 100.0.0.1 on Serial0
00:29:14: network 1.0.0.0, metric 8976 (neighbor 501)
00:29:19:IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)
00:29:19: network 1.0.0.0, metric=8976
00:29:19: network 100.0.0.0, metric=8476
00:29:19:IGRP: sending update to 255.255.255.255 via Serial0 (100.0.0.2)
00:29:19: network 3.0.0.0, metric=501
00:30:32:IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)
00:30:32: network 1.0.0.0, metric=8976
00:30:32: network 100.0.0.0, metric=8476
00:30:32:IGRP: sending update to 255.255.255.255 via Serial0 (100.0.0.2)
00:30:32: network 3.0.0.0, metric=501
00:30:38:IGRP: received update from 100.0.0.1 on Serial0
00:30:38: network 1.0.0.0, metric 8976 (neighbor 501)

Let’s simulate a problem of network going down - on Router1. We’ll


shutdown the loopback 0 interface and this should reflect in router3’s
Routing Table – will display possibly down message for the hold-down
time period (280 secs).

X 1.1.1.1 3.3.3.3
L0 L0
100.0.0.1
100.0.0.2
Router1 Serial 1 Router3
Serial 0

Router1(config)#int loopback 0
Router1(config-if)#shutdown
52

Router1#sh run
Building configuration...

Current configuration : 693 bytes


!
hostname Router1
!
interface Loopback0
ip address 1.1.1.1 255.0.0.0
Shutdown

Observe the debug output after shutting down the loopback 0 interface
of router1 the metric value for network 1.0.0.0 goes to 4294967295 –
representing infinity.

Router3#debug ip igrp transactions


IGRP protocol debugging is on
00:47:00: IGRP: received update from 100.0.0.1 on Serial0
00:47:00: network 1.0.0.0, metric 4294967295 (inaccessible)
00:47:00: IGRP: edition is now 3
00:47:00: IGRP: sending update to 255.255.255.255 via Loopback0 (3.3.3.3)

The routing table now reflects this change as “possibly down” – doesn’t
remove the entry immediately – waits for hold-down timer to expire and
then decides to remove the entry/reinstate the entry if the network has
come up!

Rotuer3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

I 1.0.0.0/8 is possibly down, routing via 100.0.0.1, Serial0


C 100.0.0.0/8 is directly connected, Serial0
C 3.0.0.0/8 is directly connected, Loopback0

Note : If the entry were to be removed, it’s not done so immediately


after hold down timer expires. It’s removed only after the flush timer
(630 secs) expires.
53

EIGRP

S0
25.0.0.1 S0
1.1.1.1 25.0.0.2 3.3.3.3
L0 Router1 L0
50.0.0.1 Router3
50.0.0.2
S1 S1

BASIC CONFIGURATION
In this case, we’ll consider a slightly different scenario where we
have two paths to a destination. We’ll be able to understand redundancy
& load balancing also with this case study.

Let’s first configure the Routers according to the above diagram &
observe the routing table without configuring the routing protocols.

Router1(config)#
Router1(config)#int loop 0
Router1(config-if)#ip add 1.1.1.1 255.0.0.0
Router1(config-if)#exit
Router1(config)#int s0
Router1(config-if)#ip add 25.0.0.1 255.0.0.0
Router1(config-if)#no shut
Router1(config-if)#exit
Router1(config)#int s1
Router1(config-if)#ip add 50.0.0.1 255.0.0.0
Router1(config-if)#no shut

Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is not set

C 1.0.0.0/8 is directly connected, Loopback0


C 50.0.0.0/8 is directly connected, Serial1
C 25.0.0.0/8 is directly connected, Serial0

Similarly Configure Router3 & check out it’s Routing Table

Router3(config)#int loop 0
Router3(config-if)#ip add 3.3.3.3 255.0.0.0
Router3(config-if)#exit
Router3(config)#int s0
Router3(config-if)#ip add 25.0.0.2 255.0.0.0
Router3(config-if)#clock rate 64000
Router3(config-if)#no shut
54

Router3(config-if)#exit
Router3(config)#int s1
Router3(config-if)#ip add 50.0.0.2 255.0.0.0
Router3(config-if)#clock rate 64000
Router3(config-if)#no shut

Router3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is not set

C 50.0.0.0/8 is directly connected, Serial1


C 3.0.0.0/8 is directly connected, Loopback0
C 25.0.0.0/8 is directly connected, Serial0

I)EIGRP OPERATION WITH EQUAL COST LOAD BALANCING

ENABLING EIGRP

Now, we’ll enable the routing protocol on both the routers using
“Router EIGRP <AS number>” command & publish Networks using
“Network <Network id>” command

Router1(config)#router eigrp 200


Router1(config-router)#net 1.0.0.0
Router1(config-router)#net 25.0.0.0
Router1(config-router)#net 50.0.0.0

Router3(config)#router eigrp 200


Router3(config-router)#net 3.0.0.0
Router3(config-router)#net 25.0.0.0
Router3(config-router)#net 50.0.0.0

Let’s see how this configuration reflects in the running configuration


of Router1 & Router3

Router1#sh run
Building configuration...
<output omitted>
interface Serial0
ip address 25.0.0.1 255.0.0.0
!
interface Serial1
ip address 50.0.0.1 255.0.0.0
!
router eigrp 200
network 1.0.0.0
network 25.0.0.0
network 50.0.0.0
auto-summary (Observe this is automatically added!)
55

no eigrp log-neighbor-changes
!
<output omitted>
End

Router3#sh run
Building configuration...
<output omitted>
interface Serial0
ip address 25.0.0.2 255.0.0.0
clockrate 64000
!
interface Serial1
ip address 50.0.0.2 255.0.0.0
clockrate 64000
!
router eigrp 200
network 3.0.0.0
network 25.0.0.0
network 50.0.0.0
auto-summary (Automatically added indicating Auto-summarisation)
no eigrp log-neighbor-changes)
<output omitted>
End

THE ROUTING TABLE

As there are 2 equally good paths between the routers, 2 routes must be
seen in the routing table of these routers. We can also see “D” in the
first column of the highlighted entry indicating EIGRP learnt routes.

Router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is not set

C 1.0.0.0/8 is directly connected, Loopback0


C 50.0.0.0/8 is directly connected, Serial1
D 3.0.0.0/8 [90/2297856] via 25.0.0.2, 00:02:25, Serial0
[90/2297856] via 50.0.0.2, 00:02:25, Serial1
C 25.0.0.0/8 is directly connected, Serial0

The above indicates two paths to reach network 3.0.0.0 from Router1. A
similar table can be seen in Router3.

Router3#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –
BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
56

EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-


IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is not set

D 1.0.0.0/8 [90/2297856] via 25.0.0.1, 00:03:08, Serial0


[90/2297856] via 50.0.0.1, 00:03:08, Serial1
C 50.0.0.0/8 is directly connected, Serial1
C 3.0.0.0/8 is directly connected, Loopback0
C 25.0.0.0/8 is directly connected, Serial0

The “show ip route eigrp” command displays only EIGRP learnt routes.

Router1#sh ip route eigrp


D 3.0.0.0/8 [90/2297856] via 25.0.0.2, 00:04:43, Serial0
[90/2297856] via 25.0.0.2, 00:04:43, Serial0

Router3#sh ip route eigrp


D 1.0.0.0/8 [90/2297856] via 25.0.0.1, 00:03:19, Serial0
[90/2297856] via 50.0.0.1, 00:03:19, Serial1

THE NEIGHBOR TABLE

Let’s look at the neighbor table contents next.


We use the “sh ip eigrp neighbors” command.

In this case, the same neighbor is learnt via 2 paths & hence 2
entries. Had there been only one path between the 2 routers, only one
entry would be seen.

Router1#sh ip eigrp neighbors


IP-EIGRP neighbors for process 200
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
1 50.0.0.2 Se1 14 00:01:47 28 200 0 6
0 25.0.0.2 Se0 14 00:09:34 30 200 0 5

The first column indicates the order of learning Neighbors.


The next column points the connected interface IP of the neighbor.
Third column is this router’s interface through which the neighbor is
connected.

A similar table is seen on Router3 as well.

Router3#sh ip eigrp neighbors


IP-EIGRP neighbors for process 200
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
1 50.0.0.1 Se1 11 00:03:32 28 200 0 6
0 25.0.0.1 Se0 11 00:11:12 726 4356 0 7
57

THE TOPOLOGY TABLE


Let’s now view the topology table entries using the “sh ip eigrp
topology” command. We should be able to see the “successor” & “feasible
successor” apart from Feasible & Advertised Distance values.

Router1#sh ip eigrp topology


IP-EIGRP Topology Table for AS(200)/ID(1.1.1.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,


r - reply Status, s - sia Status

P 1.0.0.0/8, 1 successors, FD is 128256


via Connected, Loopback0
via Summary (128256/0), Null0
P 3.0.0.0/8, 2 successors, FD is 2297856
via 50.0.0.2 (2297856/128256), Serial1 (Both are equally good)
via 25.0.0.2 (2297856/128256), Serial0 (Hence two successors )
P 25.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial0
via Summary (2169856/0), Null0
P 50.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial1
via Summary (2169856/0), Null0

In the highlighted entry “(2297856/128256)” 2297856 is the feasible


distance & 128256 is the advertised distance.

If both paths were with different metrics, the one with the best metric
would have been the successor & the other feasible successor. Then it
would display 1 successor & not 2 successors as we’ll see in the next
section.

“P”in the first column indicates that it’s in the passive state.

Let’s observe Router3’s Topology Table – much the same !

Router3#sh ip eigrp topology


IP-EIGRP Topology Table for AS(200)/ID(3.3.3.3)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,


r - reply Status, s - sia Status

P 1.0.0.0/8, 2 successors, FD is 2297856


via 50.0.0.1 (2297856/128256), Serial1
via 25.0.0.1 (2297856/128256), Serial0
P 3.0.0.0/8, 1 successors, FD is 128256
via Connected, Loopback0
via Summary (128256/0), Null0
P 25.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial0
via Summary (2169856/0), Null0
P 50.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial1
via Summary (2169856/0), Null0
58

II) EIGRP REDUNDANCY – BACKUP PATH

S0
25.0.0.1 S0
1.1.1.1 25.0.0.2 3.3.3.3
L0 Router1 L0
50.0.0.1 Router3
50.0.0.2
S1 S1

We’ll change the bandwidth of both the paths ensuring they have
different metrics.

Router1#conf t
Router1(config)#int s1
Router1(config-if)#bandwidth 128

Another useful command to view the running config of a specific


interface is “sh run interface <type id>”

Router1#sh run int s1


Building configuration...
Current configuration : 88 bytes
!
interface Serial1
bandwidth 128
ip address 50.0.0.2 255.0.0.0
end

Let’s change on Router3 also

Router3#conf t
Router3(config)#int s1
Router3(config-if)#bandwidth 128

Router3#sh run int s1


Building configuration...
Current configuration : 88 bytes
!
interface Serial1
bandwidth 128
ip address 50.0.0.2 255.0.0.0
clockrate 64000
end

Having changed the metrics, we now have one path which is better than
the other. So we’ll be able to see only the best path in the Routing
table.

Router1#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –


BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
59

IS inter area * - candidate default, U - per-user static route,


o – ODR P - periodic downloaded static route

Gateway of last resort is not set

C 1.0.0.0/8 is directly connected, Loopback0


C 50.0.0.0/8 is directly connected, Serial1
D 3.0.0.0/8 [90/2297856] via 25.0.0.2, 00:01:36, Serial0
C 25.0.0.0/8 is directly connected, Serial0

If we see the topology table, we’ll be able to see both – the best
(successor) & the next best (feasible successor) paths

Router1#sh ip eigrp topology


IP-EIGRP Topology Table for AS(200)/ID(1.1.1.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,


r - reply Status, s - sia Status

P 1.0.0.0/8, 1 successors, FD is 128256


via Connected, Loopback0
via Summary (128256/0), Null0
P 3.0.0.0/8, 1 successors, FD is 2297856 (1 successor is displayed)
via 25.0.0.2 (2297856/128256), Serial0 (Successor)
via 50.0.0.2 (20640000/128256), Serial1 (Feasible Successor)
P 25.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial0
via Summary (2169856/0), Null0
P 50.0.0.0/8, 1 successors, FD is 20512000
via Connected, Serial1
via Summary (20512000/0), Null0

However, the neighbor table is still the same.

Router1#sh ip eigrp nei


IP-EIGRP neighbors for process 200
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 25.0.0.2 Se0 10 00:00:44 32 200 0 25
1 50.0.0.2 Se1 14 00:25:33 36 1140 0 24

Let’s see the tables of Router3

Router3#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –


BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-
IS inter area * - candidate default, U - per-user static route,
o – ODR P - periodic downloaded static route

Gateway of last resort is not set

D 1.0.0.0/8 [90/2297856] via 25.0.0.1, 00:00:40, Serial0


C 50.0.0.0/8 is directly connected, Serial1
60

C 3.0.0.0/8 is directly connected, Loopback0


C 25.0.0.0/8 is directly connected, Serial0

Router3#sh ip eigrp topology


IP-EIGRP Topology Table for AS(200)/ID(3.3.3.3)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,


r - reply Status, s - sia Status

P 1.0.0.0/8, 1 successors, FD is 2297856


via 25.0.0.1 (2297856/128256), Serial0
via 50.0.0.1 (20640000/128256), Serial1
P 3.0.0.0/8, 1 successors, FD is 128256
via Connected, Loopback0
via Summary (128256/0), Null0
P 25.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial0
via Summary (2169856/0), Null0
P 50.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial1
via Summary (20512000/0), Null0

Router3#sh ip eigrp neighbors


IP-EIGRP neighbors for process 200
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 25.0.0.1 Se0 13 00:01:56 29 200 0 23
1 50.0.0.1 Se1 10 00:26:51 38 1140 0 22

Back up path
If the best path goes down, the feasible successor immediately gets
installed in the routing table. This is how the feasible successor
works like a backup path.

To simulate this situation, let’s bring down Router1’s Serial 0.

S0
25.0.0.1 S0
1.1.1.1 X 25.0.0.2 3.3.3.3
L0 Router1 L0
50.0.0.1 Router3
50.0.0.2
S1 S1

Router1#conf t
Router1(config)#int s0
Router1(config-if)#shutdown

Router1#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B –


BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E –
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-

You might also like