8/2/2019 177164697-CCNA-Day3

1/125

1

Distance Vector

Link State

Hybrid

Distance Vector vs. Link State

Route tableTopology Incremental Update

Periodic UpdateRouting by rumor

A B C D

X

E

8/2/2019 177164697-CCNA-Day3

2/125

8/2/2019 177164697-CCNA-Day3

3/125

3

Comparison Continued

Distance Vector

Fewer router resourcesrequired

Updates require morebandwidth

Does not "understand"the topology of thenetwork

Link State

More router resourceintensive

Updates require lessbandwidth

Has detailed knowledgeof distant networks androuters

8/2/2019 177164697-CCNA-Day3

4/125

5

Link State

Example

OSPF

IS-IS

OSPF is used for corporate networks

IS-IS is used for ISPs

8/2/2019 177164697-CCNA-Day3

5/125

6

8/2/2019 177164697-CCNA-Day3

6/125

7

Open Shortest Path First (OSPF)

OSPF is an open standards routing protocol

This works by using the Dijkstra algorithm

OSPF provides the following features:

Minimizes routing update trafficAllows scalability (e.g. RIP is limited to 15 hops)

Has unlimited hop count

Supports VLSM/CIDR

Allows multi-vendor deployment (open standard)

8/2/2019 177164697-CCNA-Day3

7/125

8

Link State

There are two types of Packets

Hello

LSAs

8/2/2019 177164697-CCNA-Day3

8/125

9

OSPF Hello

When router A starts it send Hello packet uses 224.0.0.5

Hello packets are received by all neighbors

B will write As name in its neighbor table

C also process the same way

A

B C

8/2/2019 177164697-CCNA-Day3

9/125

8/2/2019 177164697-CCNA-Day3

10/125

8/2/2019 177164697-CCNA-Day3

11/125

12

Link State

There are three type of tables

Neighbor

Topology

Routing

8/2/2019 177164697-CCNA-Day3

12/125

13

Tables

Neighbor

Contain information about the neighbors

Neighbor is a router which shares a link on same

networkAnother relationship is adjacency

Not necessarily all neighbors

LSA updates are only when adjacency is established

8/2/2019 177164697-CCNA-Day3

13/125

14

Tables

Topology

Contain information about all network and path toreach any network

All LSAs are entered in to topology tableWhen topology changes LSAs are generated and send

new LSAs

On topology table an algorithm is run to create a

shortest path, this algorithm is known as SPF ordijkstra algorithm

8/2/2019 177164697-CCNA-Day3

14/125

15

Tables

Routing Table

Also knows as forwarding database

Generated when an algorithm is run on the topology

databaseRouting table for each router is unique

8/2/2019 177164697-CCNA-Day3

15/125

16

OSPF Terms

Link

Router ID

Neighbours

Adjacency

OSPF Area

Backbone area

Internal routers

Area Border Router

(ABR)

Autonomous SystemBoundary Router

(ASBR)

8/2/2019 177164697-CCNA-Day3

16/125

17

Link

A network or router interface assigned to agiven network

Link (interface) will have "state" information

associated with itStatus (up or down)

IP Address

Network type (e.g. Fast Ethernet)

BandwidthAddresses of other routers attached to this

interface

8/2/2019 177164697-CCNA-Day3

17/125

18

OSPF Term: Link

A link is a network or router interface assigned to any givennetworkThis link, or interface, will have state information associated

with it (up or down) as well as one or more IP addresses

8/2/2019 177164697-CCNA-Day3

18/125

19

OSPF Term: Link State

Status of a link between two routersInformation is shared between directly connected routers.This information propagates throughout the network unchanged andis also used to create a shortest path first (SPF) tree.

8/2/2019 177164697-CCNA-Day3

19/125

8/2/2019 177164697-CCNA-Day3

20/125

21

Neighbours

Neighbours are two or more routers thathave an interface on a common network

E.g. two routers connected on a serial link

E.g. several routers connected on a commonEthernet or Frame relay network

Communication takes place between /

among neighboursneighbours form "adjacencies"

8/2/2019 177164697-CCNA-Day3

21/125

8/2/2019 177164697-CCNA-Day3

22/125

23

OSPF Design

Each router connects to the backbone called area 0, or the backbone area.

Routers that connect other areas to the backbone within an AS are called Area Border Routers (ABRs). Oneinterface must be in area 0.

OSPF runs inside an autonomous system, but can also connect multiple autonomous systems together. Therouter that connects these ASes together is called an Autonomous System Boundary Router (ASBR).

8/2/2019 177164697-CCNA-Day3

23/125

24

OSPF Areas

An OSPF area is a grouping of contiguous networks androuters

Share a common area ID

A router can be a member of more than one area (areaborder router)

All routers in the same area have the same topologydatabase

When multiple areas exist, there must always be an area0 (the backbone) to which other areas connect

8/2/2019 177164697-CCNA-Day3

24/125

8/2/2019 177164697-CCNA-Day3

25/125

26

Area Terminology

8/2/2019 177164697-CCNA-Day3

26/125

27

LSAs in Area

LSAs communicate with adjacent routers in the sameOSPF area

Subsequently, a change in a link state is "flooded" to all

area routers via LSAs

In larger networks, multiple areas may be created

LSAs are sent only to adjacent routers in the same

area "Area border routers" connect areas, passing

summarized route information between

8/2/2019 177164697-CCNA-Day3

27/125

28

Path Calculation

Changes to the topological database of a router trigger arecalculation to re-establish the best route(s) to knownnetworks

Uses the SPF (shortest path first) algorithm developed

by a computer scientist named Dijkstra

This is done by each individual router using itsdetailed "knowledge" of the whole network

Leads to rapid and accurate convergence

Based on detailed knowledge of every link in the areaand the OSPF "cost" of each

builds an OSPF treewith itself at the route

8/2/2019 177164697-CCNA-Day3

28/125

29

Terminology: Cost

Various criteria can be selected bythe administrator to determine themetric

Usually,OSPF cost=108/bandwidth

Do not forget toconfigure thebandwidth`

command on seriallinks to ensurecorrectdefault OSPF cost

8/2/2019 177164697-CCNA-Day3

29/125

30

Pros and Cons

Note that OSPF is a more sophisticated routing protocol

Converges rapidly and accurately

Can use a metric calculation that effectively selectsthe "best" route(s) primarily based on bandwidth,although an OSPF cost can be administrativelyassigned

Use of OSPF requires

More powerful routing hardware

More detailed knowledge by the administrator,especially when large multi-area networks are used

8/2/2019 177164697-CCNA-Day3

30/125

31

Types of Neighbors

OSPF can be defined for three type of neighbors

Broadcast Multi Access (BMA) ex- Ethernet

Point to Point

Non-Broadcast Multi Access (NBMA)

8/2/2019 177164697-CCNA-Day3

31/125

32

OSPF Network Types

8/2/2019 177164697-CCNA-Day3

32/125

33

Adjacencies

Point to Point all routers form adjacencies

BMA & NBMA one router is elected as DR

DR establish adjacency with every neighbor router

LSA updates are exchanged only to DR

DR is the router which has highest priority

All CISCO routers has priority 1

If priority is same then router id is seen

The RID is highest IP address of all interfaces

8/2/2019 177164697-CCNA-Day3

33/125

34

Point-to-Point Links

Usually a serial interface running either PPPor HDLC

No DR or BDR election required

OSPF autodetects this interface type

OSPF packets are sent using multicast 224.0.0.5

All routers form adjacencies

8/2/2019 177164697-CCNA-Day3

34/125

35

Multi-access Broadcast Network

Generally LAN technologies like Ethernet and Token Ring

DR and BDR selection required

All neighbor routers form full adjacencies with the DR andBDR only

Packets to the DR use 224.0.0.6

Packets from DR to all other routers use 224.0.0.5

8/2/2019 177164697-CCNA-Day3

35/125

36

Electing the DR and BDR

Hello packets are exchanged via IP multicast.

The router with the highest priority isselected as the DR.

If Priority is same then Router ID is seen

Use the OSPF router ID as the tie breaker.

8/2/2019 177164697-CCNA-Day3

36/125

37

Terminology: DRs and BDRs

Thedesignatedrouter (DR) isresponsible for

generatingLSAs onbehalf of allroutersconnected to

the samesegment

8/2/2019 177164697-CCNA-Day3

37/125

38

DR Responsibility

When a router sees a new or changed link-state, it sendsan LSA to its DR using a particular multicast address

The DR then forwards the LSA to all the other routerswith whom it is adjacent

Minimizes the number of formal adjacencies thatmust be formed and therefore the amount of LSU(link state update) packet traffic in a multi-router

network

8/2/2019 177164697-CCNA-Day3

38/125

39

OSPF Summary

AD -100

Hop count is unlimited

Metric = Cost 108/BW

Classless, VLSM

Load balance up to SIX routers

Require more processing power

8/2/2019 177164697-CCNA-Day3

39/125

40

Basic OSPF Configuration

Router(config)# router ospf 1 The number 1 in this example is a process-id # that

begins an OSPF process in the routerMore than one process can be launched in a router,

but this is rarely necessaryUsually the same process-id is used throughout theentire network, but this is not required

The process-id # can actually be any value from 1 to"very large integer

The process-id # cannot be ZEROThis is NOT the same as the AS# used in IGRP and

EIGRP

8/2/2019 177164697-CCNA-Day3

40/125

41

Configuring OSPF Areas

After identifying the OSPF process, you need to identify the interfaces thatyou want to activate OSPF communications

Lab_A#config t

Lab_A(config)#router ospf 1

Lab_A(config-router)#network 10.0.0.0 0.255.255.255

area ? OSPF area ID as a decimal value

A.B.C.D OSPF area ID in IP address format

Lab_A(config-router)#network 10.0.0.0 0.255.255.255

area 0

Every OSPF network must have an area 0 (the backbone area) to whichother areas connect So in a multiple area network, there must be an area 0 The wildcard mask represents the set of hosts supported by the

network and is really just the inverse of the subnet mask.

8/2/2019 177164697-CCNA-Day3

41/125

8/2/2019 177164697-CCNA-Day3

42/125

43

OSPF Configuration -1

R2

R1 R3

S0 S1

E0

S0

E0

S0

10.0.0.1

20.0.0.1

20.0.0.2 30.0.0.1

30.0.0.2 40.0.0.1

10.0.0.240.0.0.2

A B

8/2/2019 177164697-CCNA-Day3

43/125

44

OSPF Configuration -1

R2

R1 R3

S0 S1

E0

S0

E0

S0

10.0.0.1 20.0.0.1

20.0.0.2 30.0.0.1

30.0.0.2 40.0.0.1

10.0.0.240.0.0.2

R1#config tEnter configuration commands, one per line. End with CNTL/Z.

R1(config)#router ospf 1R1(config-router)#network 10.0.0.0 0.255.255.255 area 0R1(config-router)#network 20.0.0.0 0.255.255.255 area 0R1(config-router)#^Z

A B

8/2/2019 177164697-CCNA-Day3

44/125

45

OSPF Configuration -2

R2

R1 R3

S0 S1

E0

S0

E0

S0

200.0.0.16/28

200.0.0.8/30200.0.0.12/30

200.0.0.32/27

A B

8/2/2019 177164697-CCNA-Day3

45/125

8/2/2019 177164697-CCNA-Day3

46/125

8/2/2019 177164697-CCNA-Day3

47/125

48

OSPF and Loopback Interfaces

Configuring loopback interfaces when using the OSPF routingprotocol is important

Cisco suggests using them whenever you configure OSPF on arouter

Loopback interfaces are logical interfaces, which are virtual,software-only interfaces; they are not real router interfaces

Using loopback interfaces with your OSPF configuration ensures thatan interface is always active for OSPF processes.

The highest IP address on a router will become that routers RID The RID is used to advertise the routes as well as elect the DR and

BDR.

If you configure serial interface of your router with highest IPAddress this Address becomes RID of t is the RID of the routerbecause e router

If this interface goes down, then a re-election must occur It can have an big impact when the above link is flapping

8/2/2019 177164697-CCNA-Day3

48/125

49

Configuring Loopback Interfaces

R1#config t

Enter configuration commands, one per line. Endwith CNTL/Z.

R1(config)#int loopback 0R1(config-if)#ip address 172.16.10.1

255.255.255.255

R1(config-if)#no shutR1(config-if)#^Z

R1#

8/2/2019 177164697-CCNA-Day3

49/125

50

show ip protocols

Router#

Verifies the configured IP routing protocolprocesses, parameters and statistics

Verifying OSPF Operation

show ip route ospf

Router#

Displays all OSPF routes learned by the router

show ip ospf interface

Router#

Displays the OSPF router ID, area ID andadjacency information

Verifying OSPF Operation

8/2/2019 177164697-CCNA-Day3

50/125

51

show ip ospf

Router#

Displays the OSPF router ID, timers, and statistics

Verifying OSPF Operation(Cont.)

show ip ospf neighbor [detail]

Router#

Displays information about the OSPF neighbors,including Designated Router (DR) and BackupDesignated Router (BDR) information onbroadcast networks

8/2/2019 177164697-CCNA-Day3

51/125

52

The show ip route ospfCommand

RouterA# show ip route ospf

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile,

B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF,

IA - OSPF inter area, E1 - OSPF external type 1,E2 - OSPF external type 2, E - EGP, i - IS-IS, L1 - IS-IS

level-1, L2 - IS-IS level-2, * - candidate default

Gateway of last resort is not set

10.0.0.0 255.255.255.0 is subnetted, 2 subnets

O 10.2.1.0 [110/10] via 10.64.0.2, 00:00:50, Ethernet0

The show ip ospf interface

8/2/2019 177164697-CCNA-Day3

52/125

53

The show ip ospf interfaceCommand

RouterA# show ip ospf interface e0

Ethernet0 is up, line protocol is up

Internet Address 10.64.0.1/24, Area 0

Process ID 1, Router ID 10.64.0.1, Network Type BROADCAST, Cost: 10

Transmit Delay is 1 sec, State DROTHER, Priority 1

Designated Router (ID) 10.64.0.2, Interface address 10.64.0.2

Backup Designated router (ID) 10.64.0.1, Interface address 10.64.0.1

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:04

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 10.64.0.2 (Designated Router)

Suppress hello for 0 neighbor(s)

8/2/2019 177164697-CCNA-Day3

53/125

54

The show ip ospf neighborCommand

RouterB# show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.64.1.1 1 FULL/BDR 00:00:31 10.64.1.1 Ethernet0

10.2.1.1 1 FULL/- 00:00:38 10.2.1.1 Serial0

h i f i hb d t il

8/2/2019 177164697-CCNA-Day3

54/125

55

show ip ospf neighbor detail

show ip ospf database

S tti P i it f DR El ti

8/2/2019 177164697-CCNA-Day3

55/125

56

Setting Priority for DR Election

ip ospf priority number

This interface configuration command assigns the OSPFpriority to an interface.Different interfaces on a router may be assigned different

values.

The default priority is 1. The range is from 0 to 255.0 means the router is a DROTHER; it cant be the DR or

BDR.

Router(config-if)#

8/2/2019 177164697-CCNA-Day3

56/125

57

8/2/2019 177164697-CCNA-Day3

57/125

O e ie

8/2/2019 177164697-CCNA-Day3

58/125

59

Overview

Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietary routing protocol based on Interior Gateway Routing Protocol(IGRP).

Released in 1994, Unlike IGRP, which is a classful routing protocol,EIGRP supports CIDR and VLSM.

it is probably one of the two most popular routing protocols in usetoday.

Compared to IGRP, EIGRP boasts faster convergence times, improvedscalability, and superior handling of routing loops.

EIGRP is often described as a hybrid routing protocol, offering thebest of distance vector and link-state algorithms.

Comparing EIGRP with IGRP

8/2/2019 177164697-CCNA-Day3

59/125

60

Comparing EIGRP with IGRP

IGRP and EIGRP are compatible with each other.EIGRP offers multiprotocol support, but IGRP does not.

Communication via Reliable Transport Protocol (RTP)Best path selection via Diffusing Update Algorithm (DUAL)Improved convergence timeReduced network overhead

Introducing EIGRP

8/2/2019 177164697-CCNA-Day3

60/125

Introducing EIGRP

EIGRP supports:Rapid convergence

Reduced bandwidth usage

Multiple network-layer protocols

8/2/2019 177164697-CCNA-Day3

61/125

8/2/2019 177164697-CCNA-Day3

62/125

63

Neighbor Discovery

There are three conditions that must bemet for neighborship establishment

Hello or ACK received

AS numbers match

Identical metrics (K values)? AS? K

K1 BWK2- DelayK3-LoadK3-ReliabilityK5-MTU

8/2/2019 177164697-CCNA-Day3

63/125

64

The metrics used by EIGRP in making routing decisions are (lower the metric thebetter): bandwidth

delay

load

Reliability

MTU

By default, EIGRP uses only: Bandwidth

Delay

Analogies:

Think ofbandwidth as the width of the pipeand

delay as the length of the pipe.

Bandwidth is the carrying capacity

Delay is the end-to-end travel time.

Metric Calculation

8/2/2019 177164697-CCNA-Day3

64/125

65

Neighbor Table

The neighbor table is the most important table in EIGRP

Stores address and interface of neighbor

8/2/2019 177164697-CCNA-Day3

65/125

66

Topology Table

Network

8/2/2019 177164697-CCNA-Day3

66/125

8/2/2019 177164697-CCNA-Day3

67/125

8/2/2019 177164697-CCNA-Day3

68/125

69

EIGRP Concepts &Terminology

EIGRP routers that belong to different autonomoussystems (ASes) dont automatically share routinginformation

The only time EIGRP advertises its entire routing table is

when it discovers a new neighbor and forms anadjacency with it through the exchange of Hello packets

When this happens, both neighbors advertise their entirerouting tables to one another

After each has learned its neighbors routes, onlychanges to the routing table are propagated

8/2/2019 177164697-CCNA-Day3

69/125

70

172.16.100.0

1.544Mbps

56Kbps

1.544Mbps

Dist to 172.16.100.0 =100Dist to 172.16.100.0 =100

Dist to 172.16.100.0 =350

10Mbps

10Mbps 1001,544Mbps 25056Kbps -1000

Chennai receives an update from Mumbai with a cost of 100, which is Mumbai's cost to reach 172.16.100.0, This

cost is referred to as the reported distance (RD)Bangalore will report its cost to reach 172.16.100.0. Bangalore's RD is 350Chennai will compute its cost to reach 172.16.100.0 via Mumbai and Bangalore and compare the metrics for thetwo pathsChennai's cost via Mumbai is 1100. Chennai's cost via Bangalore is 600. The lowest cost to reach a destination isreferred to as the feasible distance (FD) for that destinationChennai's FD to 172.16.100.0 is 600. The next-hop router in the lowest-cost path to the destination is referred toas the successor.

A feasible successor is a path whose reported distance is less than the feasible distance, and it is considered abackup route.

8/2/2019 177164697-CCNA-Day3

70/125

71

EIGRP Terms

Feasible distance (FD) - This is the lowest calculated metric toreach destination. This is the route that you will find in therouting table, because it is considered the best path

Reported distance (RD) - The distance reported by an

adjacent neighbor to a specific destination.

Interface information - The interface through which thedestination can be reached.

Route status - The status of a route. Routes are identified asbeing either passive, which means that the route is stable andready for use, or active, which means that the route is in theprocess of being recomputed by DUAL

EIGRP Terminology and

8/2/2019 177164697-CCNA-Day3

71/125

72

SuccessorCurrent Route

A successor is a route selected as the primary route to use to reacha destination.

Successors are the entries kept in the routing table.

Feasible Successor-A backup route

A feasible successor is a backup route.

These routes are selected at the same time the successors areidentified, but they are kept in the topology table.

Multiple feasible successors for a destination can be retained in thetopology table.

EIGRP Terminology andOperations

8/2/2019 177164697-CCNA-Day3

72/125

73

Reliable Transport Protocol (RTP)

Used by EIGRP for its routing updates in place of TCP EIGRP can call on RTP to provide reliable or unreliable service

EIGRP uses reliable service for route updates Unreliable for Hellos

Reliable Transport Protocol (RTP) is a transport layer protocol thatguarantees ordered delivery of EIGRP packets to all neighbors. On an IP network, hosts use TCP to sequence packets and ensure

their timely delivery. RIP uses UDP However, EIGRP is protocol-independent and does not rely on TCP/IP

to exchange routing information the way that RIP, IGRP, and OSPF

do. EIGRP uses RTP as its own proprietary transport layer protocol to

guarantee delivery of routing information. With RTP, EIGRP can multicast and unicast to different peers

simultaneously.

Diffusing Update Algorithm

8/2/2019 177164697-CCNA-Day3

73/125

74

Diffusing Update Algorithm(DUAL)

All route computations in EIGRP are handled by DUAL One of DUAL's tasks is maintaining a table of loop-free paths to

every destination.

This table is referred to as the topology table

DUAL saves all paths in the topology table

The least-cost path(s) is copied from the topology table to therouting table

In the event of a failure, the topology table allows for very quickconvergence if another loop-free path is available

If a loop-free path is not found in the topology table, a route

recomputation must occur DUAL queries its neighbors, who, in turn, may query their

neighbors, and so on...

Hence the name "Diffusing" Update Algorithm

8/2/2019 177164697-CCNA-Day3

74/125

75

VLSM Support

EIGRP supports the use of Variable- Length SubnetMasks

Can use 30-bit subnet masks for point-to-point networks

Because the subnet mask is propagated with every routeupdate, EIGRP also supports the use of discontiguoussubnets

Discontiguous network is the one that has two or moresubnetworks of a classful network connected together bydifferent classful networks

8/2/2019 177164697-CCNA-Day3

75/125

76

Discontiguous Network

8/2/2019 177164697-CCNA-Day3

76/125

Configuring EIGRP

Router(config-router)#network network-number Selects participating attached networks

Router(config)#router eigrp autonomous-system Defines EIGRP as the IP routing protocol

8/2/2019 177164697-CCNA-Day3

77/125

EIGRP Configuration Example

8/2/2019 177164697-CCNA-Day3

78/125

80

EIGRP Configuration

R2

R1 R3

S0S1

E0

S0

E0

S0

200.0.0.17

200.0.0.9

200.0.0.10 200.0.0.13

200.0.0.14 200.0.0.33

200.0.0.18 200.0.0.34255.255.255.240

255.255.255.252 255.255.255.252

255.255.255.224

R1#config tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#router eigrp 10R1(config-router)#network 200.0.0.16R1(config-router)#network 200.0.0. 8R1(config-router)#^Z

A B

R3#config tEnter configuration commands, one per line. End with CNTL/Z.R3(config)#router eigrp 10R3(config-router)#network 200.0.0. 32R3(config-router)#network 200.0.0. 12R3(config-router)#^Z

8/2/2019 177164697-CCNA-Day3

79/125

show ip eigrp topology

8/2/2019 177164697-CCNA-Day3

80/125

82

show ip eigrp topology

show ip eigrp topology[active | pending | successors]

show ip eigrp topology

8/2/2019 177164697-CCNA-Day3

81/125

83

show ip eigrp topologyall-links

show ip eigrp traffic

Administrative Distances

8/2/2019 177164697-CCNA-Day3

82/125

84

Administrative Distances

TELNET

8/2/2019 177164697-CCNA-Day3

83/125

85

TELNET

Getting information about remote device

Can connect to remote device and configure a device

Password must be set

R1(config)# line vty 0 4

Password cisco

login

8/2/2019 177164697-CCNA-Day3

84/125

86

2002, Cisco Systems, Inc. All rights reserved. 86

Discovering Neighbors on the

Network

Ci Di P t l

8/2/2019 177164697-CCNA-Day3

85/125

Cisco Discovery Protocol

CDP is a proprietary utility that gives you a summary of directlyconnected switches, routers, and other Cisco devices.

CDP discovers neighboring devices regardless of which protocolsuite they are running.

Runs on the Data link layer

Physical media must support the Subnetwork Access Protocol(SNAP) encapsulation.

Only give directly connected device

By default enabled, you can enable or disable

Discovering Neighbors with

8/2/2019 177164697-CCNA-Day3

86/125

Discovering Neighbors withCDP

CDP runs on routers with Cisco IOS

software Release 10.3 or later and on Ciscoswitches.

Show CDP ?

Summary information

includes: Device ID Local Interface Port ID Capabilities list Platform

CDP

8/2/2019 177164697-CCNA-Day3

87/125

89

CDP

CDP timeris how often CDP packets are transmitted toall active interfaces.

Router(config)#cdp timer 90

CDP holdtimeis the amount of time that the device willhold packets received from neighbor devices.

Router(config)#cdp holdtime 240

U i CDP

8/2/2019 177164697-CCNA-Day3

88/125

90

Using CDP

Using the show cdp

8/2/2019 177164697-CCNA-Day3

89/125

91

neighbors Command

The show cdp neighbor command (sh cdp nei for short) deliversinformation about directly connected devices.

CDP

8/2/2019 177164697-CCNA-Day3

90/125

92

CDP

show cdp neighbor detail

This command can be run on both routersand switches, and it displays detailedinformation about each device connectedto the device

Using the show cdp entry

8/2/2019 177164697-CCNA-Day3

91/125

93

g p yCommand

The show cdp entry * command displays the same information as the show cdpneighbor details command.

Additional CDP Commands

8/2/2019 177164697-CCNA-Day3

92/125

94

Additional CDP Commands

The show cdp traffic command displays information aboutinterface traffic, including the number of CDP packets sent andreceived and the errors with CDP.

CDP Commands

8/2/2019 177164697-CCNA-Day3

93/125

95

CDP Commands

To disable the CDP on particular interface usethe "no cdp enable" command

To disable CDP on the entire router use the "nocdp run" in global configuration mode.

Summary

8/2/2019 177164697-CCNA-Day3

94/125

96

Summary

Cisco Discovery Protocol is an information-gathering tool used

by network administrators to get information about directlyconnected devices.

CDP exchanges hardware and software device informationwith its directly connected CDP neighbors.

You can enable or disable CDP on a router as a whole or on aport-by-port basis.

The show cdp neighbors command displays information abouta routers CDP neighbors.

The show cdp entry, show cdp traffic, and show cdp interfacecommands display detailed CDP information on a Cisco device.

8/2/2019 177164697-CCNA-Day3

95/125

97

Why Use Access Lists?

8/2/2019 177164697-CCNA-Day3

96/125

Manage IP traffic as network access grows

Filter packets as they pass through the router

Why Use Access Lists?

8/2/2019 177164697-CCNA-Day3

97/125

Reasons to Create ACLs

8/2/2019 177164697-CCNA-Day3

98/125

100

The following are some of the primary reasons to createACLs:

Limit network traffic and increase network performance.Provide traffic flow control.

Provide a basic level of security for network access.Decide which types of traffic are forwarded or blocked at the routerinterfacesFor example: Permit e-mail traffic to be routed, but block all telnet traffic.If ACLs are not configured on the router, all packets passing through the

router will be allowed onto all parts of the network.

ACLs

8/2/2019 177164697-CCNA-Day3

99/125

101

ACL s

Different access list for TelnetWhen configuring ISDN you need to use access list

Implicit deny at bottom

All restricted statements should be on first

There are two types

Standard

Extended

Network

8/2/2019 177164697-CCNA-Day3

100/125

102

Network

N1 N2

N3 N4 N5 N6

192.168.12.0

A

B C

192.168.34.0192.168.56.0

192.168.12.2

192.168.12.3

IP Packet

8/2/2019 177164697-CCNA-Day3

101/125

103

IP Packet

SRC IP AddressDEST IP AddressProtocol typeSRC PortDEST Port

The first 2 bytes in the TCP/UDP header are the source port numberThe next 2 bytes in the TCP/UDP header are the Destination port number

Types of Access Lists

8/2/2019 177164697-CCNA-Day3

102/125

104

Standard

Checks source address

Permits or denies entire protocol suite

Extended

Checks source and destination address

Generally permits or denies specific protocols

Types of Access Lists

How to Identify Access Lists

8/2/2019 177164697-CCNA-Day3

103/125

How to Identify Access Lists

Standard IP lists (1-99) test conditions of all IP packets fromsource addresses.

Extended IP lists (100-199) test conditions of source and destination

addresses, specific TCP/IP protocols, and destination ports. Standard IP lists (1300-1999) (expanded range).

Extended IP lists (2000-2699) (expanded range).

Standard ACLs

8/2/2019 177164697-CCNA-Day3

104/125

106

The full syntax of the standard ACL command is:

Router(config)#access-list access-list-number {deny | permit} source[source-wildcard]

The no form of this command is used to remove a standard ACL. This isthe syntax:Router(config)#no access-listaccess-list-number

Config# Access-list 1 deny 192.168.1.0 0.0.0.255Config# access-list 1 permit any

Wildcard Mask

8/2/2019 177164697-CCNA-Day3

105/125

107

Wildcard Mask

Access-list 99 permit 192.168.1.1 wildcard maskAll 32 bits of an IP Address can be filtered

Wildcard inverse mask

0=must match

1= ignoreMASK (192.168.1.1) Matching IP

0.0.0.0 (host) 192.168.1.1

0.0.0.255 192.168.1.0-255

0.0.255.255 192.168.0-255.0-255

0.255.255.255 192.0-255.0-255.0-255

255.255.255.255 0-255.0-255.0-255.0-255 (any)

The ANY and HOST keyword

8/2/2019 177164697-CCNA-Day3

106/125

108

The ANY and HOST keyword

Access-list 1 permit 200.0.0.9 0.0.0.0

Or

permit host 200.0.0.9

Access-list 1 permit 0.0.0.0 255.255.255.255

Or

permit any

Testing Packets with

8/2/2019 177164697-CCNA-Day3

107/125

Standard Access Lists

Outbound ACL Operation

8/2/2019 177164697-CCNA-Day3

108/125

Outbound ACL Operation

If no access list statement matches, then discard the packet.

Reading an ACL

8/2/2019 177164697-CCNA-Day3

109/125

111

Reading an ACL

First Hit or Best Fit?1. Access-list 99 deny host 192.168.1.1 0.0.0.0

access-list 99 permit any 255.255.255.255

2. Access-list 99 permit 192.168.1.0 0.0.0.255

Access-list 99 deny host 192.168.1.1

access-list 99 permit any

3. Access-list 99 deny host 192.168.1.1

Implicit deny at the end of every ACL

Creating ACLs

8/2/2019 177164697-CCNA-Day3

110/125

112

ACLs are created in the global configuration mode. There are manydifferent types of ACLs including standard, extended, IPX, AppleTalk, andothers. When configuring ACLs on a router, each ACL must be uniquelyidentified by assigning a number to it. This number identifies the type ofaccess list created and must fall within the specific range of numbers thatis valid for that type of list.

Since IP is by far the mostpopular routed protocol,addition ACL numbers havebeen added to newer routerIOSs.Standard IP: 1300-1999Extended IP: 2000-2699

The ip access-group command

8/2/2019 177164697-CCNA-Day3

111/125

113

{ in | out }

Exercise Standard Access List

8/2/2019 177164697-CCNA-Day3

112/125

114

Exercise Standard Access List

A B

Account should be denied access to Sales

To steps to configure

Create a standard Access listApply ACL to proper interface inbound or outbound

S0 S0

E0

E0

192.168.0.18

255.255.255.248

S0S1192.168.0.17

255.255.255.248

192.168.0.5

255.255.255.252

192.168.0.6255.255.255.252

192.168.0.9

255.255.255.252

192.168.0.10255.255.255.252

192.168.0.33255.255.255.240

192.168.0.34

255.255.255.240

Exercise Standard Access List

8/2/2019 177164697-CCNA-Day3

113/125

115

Exercise Standard Access List

A B

S0 S0

E0

E0

192.168.0.18

255.255.255.248

S0S1192.168.0.17

255.255.255.248

192.168.0.5

255.255.255.252

192.168.0.6255.255.255.252

192.168.0.9

255.255.255.252

192.168.0.10255.255.255.252

192.168.0.33255.255.255.240

192.168.0.34

255.255.255.240

Config# Access-list 1 deny 192.168.0.18 0.0.0.7Config# access-list 1 permit any

Config#int e 0Config-if# ip access-group 1 out

Extended ACLs

8/2/2019 177164697-CCNA-Day3

114/125

116

Extended ACLs are used more often than standard ACLs because they provide agreater range of control.

Extended ACLs check the source and destination packet addresses as well asbeing able to check for protocols and port numbers.

At the end of the extended ACL statement, additional precision is gained from afield that specifies the optional Transmission Control Protocol (TCP) or UserDatagram Protocol (UDP) port number.

Logical operations may be specified such as, equal (eq), not equal (neq), greaterthan (gt), and less than (lt), that the extended ACL will perform on specific

protocols.

Extended ACLs use an access-list-number in the range 100 to 199 (also from 2000to 2699 in recent IOS).

Configuration

8/2/2019 177164697-CCNA-Day3

115/125

117

Configuration

Access-list acl# {permit/Deny}

Protocol Src IP src WCM

Dst IP dst WCM

Opetrator port Protocol

OSPF EIGRP

ICMP

TCP

UDP

RP If you need to Block a routing protocol

IP Operator

eq

gt

lt

neq

8/2/2019 177164697-CCNA-Day3

116/125

Extended ACL Syntax

8/2/2019 177164697-CCNA-Day3

117/125

119

Extended ACL LAB -2

8/2/2019 177164697-CCNA-Day3

118/125

121

Extended ACL LAB 2

S0

S0

E0E0

A B

192.168.0.34 should be denied FTP of 192.168.0.18

On Router R1Config# Access-list 100 deny tcp 192.168.0.34 0.0.0.0 192.168.0.18

0.0.0.0 eq 21Config# access-list 100 permit IP any any

Config#int s0Config-if# ip access-group 100 IN

192.168.0.18 should be denied website of 192.168.0.34

On Router R3Config# Access-list 100 deny tcp 192.168. 0.18 0.0.0.0 192.168.0.34

0.0.0.0 eq 80Config# access-list 100 permit IP any any

Config#int s0Config-if# ip access-group 100 IN

S1S0

192.168.0.18255.255.255.248

192.168.0.17255.255.255.248

192.168.0.5255.255.255.252

192.168.0.6255.255.255.252

192.168.0.9

255.255.255.252

192.168.0.10255.255.255.252

192.168.0.33255.255.255.240

192.168.0.34255.255.255.240

8/2/2019 177164697-CCNA-Day3

119/125

Rules

8/2/2019 177164697-CCNA-Day3

120/125

123

Rules

For extended access list apply near to thesource

For standard access list apply near to the

destination

Named ACLs

8/2/2019 177164697-CCNA-Day3

121/125

124

IP named ACLs were introduced in Cisco IOS Software Release 11.2,allowing standard and extended ACLs to be given names instead ofnumbers.

The characteristics of named accesslist:

Identify an ACL using an alphanumeric name. You can delete individual statements in a named access list Named access lists must be specified as standard or extended You can use the ip access-list command to create named access

lists.

Named ACLs are not compatible with Cisco IOS releases prior to Release11.2.

The same name may not be used for multiple ACLs.

Named ACLs

8/2/2019 177164697-CCNA-Day3

122/125

125

Named ACL s

Numbered Access list did not give you any hint, What isfiltered

NamedACLs are both basic and advanced filtering tool

Name cannot start with a number or !

Cannot have space in the name

Should not have ? Character anywhere in the name

Name is case sensitive

Named ACL Example

8/2/2019 177164697-CCNA-Day3

123/125

126

Named ACL Example

R1(config)#ip access-list standard blocksales R1(config-std-nacl)#deny 172.16.40.0 0.0.0.255

R1(config-std-nacl)#permit any

R1(config-std-nacl)#exit

R1(config)#^Z

R1#

#Int e 0#Ip access-group blocksales out

Verify Access List

8/2/2019 177164697-CCNA-Day3

124/125

127

e y ccess st

Basic Rules for ACLs

8/2/2019 177164697-CCNA-Day3

125/125

Standard IP access lists should be applied closest to the destination.

Extended IP access lists should be applied closest to the source. Use the inbound or outbound interface reference as if looking at the port

from inside the router. Statements are processed sequentially from the top of list to the bottom

until a match is found, if no match is found then the packet is denied.

There is an implicit deny at the end of all access lists. This will not appearin the configuration listing. Access list entries should filter in the order from specific to general.

Specific hosts should be denied first, and groups or general filters shouldcome last.

Never work with an access list that is actively applied.

New lines are always added to the end of the access list. Ano access-listxcommand will remove the whole list. It is not possible

to selectively add and remove lines with numbered ACLs. O tb d filt d t ff t t ffi i i ti f th l l t