177164697-ccna-day3
TRANSCRIPT
-
8/2/2019 177164697-CCNA-Day3
1/125
1
Distance Vector
Link State
Hybrid
Distance Vector vs. Link State
Route tableTopology Incremental Update
Periodic UpdateRouting by rumor
A B C D
X
E
-
8/2/2019 177164697-CCNA-Day3
2/125
-
8/2/2019 177164697-CCNA-Day3
3/125
3
Comparison Continued
Distance Vector
Fewer router resourcesrequired
Updates require morebandwidth
Does not "understand"the topology of thenetwork
Link State
More router resourceintensive
Updates require lessbandwidth
Has detailed knowledgeof distant networks androuters
-
8/2/2019 177164697-CCNA-Day3
4/125
5
Link State
Example
OSPF
IS-IS
OSPF is used for corporate networks
IS-IS is used for ISPs
-
8/2/2019 177164697-CCNA-Day3
5/125
6
-
8/2/2019 177164697-CCNA-Day3
6/125
7
Open Shortest Path First (OSPF)
OSPF is an open standards routing protocol
This works by using the Dijkstra algorithm
OSPF provides the following features:
Minimizes routing update trafficAllows scalability (e.g. RIP is limited to 15 hops)
Has unlimited hop count
Supports VLSM/CIDR
Allows multi-vendor deployment (open standard)
-
8/2/2019 177164697-CCNA-Day3
7/125
8
Link State
There are two types of Packets
Hello
LSAs
-
8/2/2019 177164697-CCNA-Day3
8/125
9
OSPF Hello
When router A starts it send Hello packet uses 224.0.0.5
Hello packets are received by all neighbors
B will write As name in its neighbor table
C also process the same way
A
B C
-
8/2/2019 177164697-CCNA-Day3
9/125
-
8/2/2019 177164697-CCNA-Day3
10/125
-
8/2/2019 177164697-CCNA-Day3
11/125
12
Link State
There are three type of tables
Neighbor
Topology
Routing
-
8/2/2019 177164697-CCNA-Day3
12/125
13
Tables
Neighbor
Contain information about the neighbors
Neighbor is a router which shares a link on same
networkAnother relationship is adjacency
Not necessarily all neighbors
LSA updates are only when adjacency is established
-
8/2/2019 177164697-CCNA-Day3
13/125
14
Tables
Topology
Contain information about all network and path toreach any network
All LSAs are entered in to topology tableWhen topology changes LSAs are generated and send
new LSAs
On topology table an algorithm is run to create a
shortest path, this algorithm is known as SPF ordijkstra algorithm
-
8/2/2019 177164697-CCNA-Day3
14/125
15
Tables
Routing Table
Also knows as forwarding database
Generated when an algorithm is run on the topology
databaseRouting table for each router is unique
-
8/2/2019 177164697-CCNA-Day3
15/125
16
OSPF Terms
Link
Router ID
Neighbours
Adjacency
OSPF Area
Backbone area
Internal routers
Area Border Router
(ABR)
Autonomous SystemBoundary Router
(ASBR)
-
8/2/2019 177164697-CCNA-Day3
16/125
17
Link
A network or router interface assigned to agiven network
Link (interface) will have "state" information
associated with itStatus (up or down)
IP Address
Network type (e.g. Fast Ethernet)
BandwidthAddresses of other routers attached to this
interface
-
8/2/2019 177164697-CCNA-Day3
17/125
18
OSPF Term: Link
A link is a network or router interface assigned to any givennetworkThis link, or interface, will have state information associated
with it (up or down) as well as one or more IP addresses
-
8/2/2019 177164697-CCNA-Day3
18/125
19
OSPF Term: Link State
Status of a link between two routersInformation is shared between directly connected routers.This information propagates throughout the network unchanged andis also used to create a shortest path first (SPF) tree.
-
8/2/2019 177164697-CCNA-Day3
19/125
-
8/2/2019 177164697-CCNA-Day3
20/125
21
Neighbours
Neighbours are two or more routers thathave an interface on a common network
E.g. two routers connected on a serial link
E.g. several routers connected on a commonEthernet or Frame relay network
Communication takes place between /
among neighboursneighbours form "adjacencies"
-
8/2/2019 177164697-CCNA-Day3
21/125
-
8/2/2019 177164697-CCNA-Day3
22/125
23
OSPF Design
Each router connects to the backbone called area 0, or the backbone area.
Routers that connect other areas to the backbone within an AS are called Area Border Routers (ABRs). Oneinterface must be in area 0.
OSPF runs inside an autonomous system, but can also connect multiple autonomous systems together. Therouter that connects these ASes together is called an Autonomous System Boundary Router (ASBR).
-
8/2/2019 177164697-CCNA-Day3
23/125
24
OSPF Areas
An OSPF area is a grouping of contiguous networks androuters
Share a common area ID
A router can be a member of more than one area (areaborder router)
All routers in the same area have the same topologydatabase
When multiple areas exist, there must always be an area0 (the backbone) to which other areas connect
-
8/2/2019 177164697-CCNA-Day3
24/125
-
8/2/2019 177164697-CCNA-Day3
25/125
26
Area Terminology
-
8/2/2019 177164697-CCNA-Day3
26/125
27
LSAs in Area
LSAs communicate with adjacent routers in the sameOSPF area
Subsequently, a change in a link state is "flooded" to all
area routers via LSAs
In larger networks, multiple areas may be created
LSAs are sent only to adjacent routers in the same
area "Area border routers" connect areas, passing
summarized route information between
-
8/2/2019 177164697-CCNA-Day3
27/125
28
Path Calculation
Changes to the topological database of a router trigger arecalculation to re-establish the best route(s) to knownnetworks
Uses the SPF (shortest path first) algorithm developed
by a computer scientist named Dijkstra
This is done by each individual router using itsdetailed "knowledge" of the whole network
Leads to rapid and accurate convergence
Based on detailed knowledge of every link in the areaand the OSPF "cost" of each
builds an OSPF treewith itself at the route
-
8/2/2019 177164697-CCNA-Day3
28/125
29
Terminology: Cost
Various criteria can be selected bythe administrator to determine themetric
Usually,OSPF cost=108/bandwidth
Do not forget toconfigure thebandwidth`
command on seriallinks to ensurecorrectdefault OSPF cost
-
8/2/2019 177164697-CCNA-Day3
29/125
30
Pros and Cons
Note that OSPF is a more sophisticated routing protocol
Converges rapidly and accurately
Can use a metric calculation that effectively selectsthe "best" route(s) primarily based on bandwidth,although an OSPF cost can be administrativelyassigned
Use of OSPF requires
More powerful routing hardware
More detailed knowledge by the administrator,especially when large multi-area networks are used
-
8/2/2019 177164697-CCNA-Day3
30/125
31
Types of Neighbors
OSPF can be defined for three type of neighbors
Broadcast Multi Access (BMA) ex- Ethernet
Point to Point
Non-Broadcast Multi Access (NBMA)
-
8/2/2019 177164697-CCNA-Day3
31/125
32
OSPF Network Types
-
8/2/2019 177164697-CCNA-Day3
32/125
33
Adjacencies
Point to Point all routers form adjacencies
BMA & NBMA one router is elected as DR
DR establish adjacency with every neighbor router
LSA updates are exchanged only to DR
DR is the router which has highest priority
All CISCO routers has priority 1
If priority is same then router id is seen
The RID is highest IP address of all interfaces
-
8/2/2019 177164697-CCNA-Day3
33/125
34
Point-to-Point Links
Usually a serial interface running either PPPor HDLC
No DR or BDR election required
OSPF autodetects this interface type
OSPF packets are sent using multicast 224.0.0.5
All routers form adjacencies
-
8/2/2019 177164697-CCNA-Day3
34/125
35
Multi-access Broadcast Network
Generally LAN technologies like Ethernet and Token Ring
DR and BDR selection required
All neighbor routers form full adjacencies with the DR andBDR only
Packets to the DR use 224.0.0.6
Packets from DR to all other routers use 224.0.0.5
-
8/2/2019 177164697-CCNA-Day3
35/125
36
Electing the DR and BDR
Hello packets are exchanged via IP multicast.
The router with the highest priority isselected as the DR.
If Priority is same then Router ID is seen
Use the OSPF router ID as the tie breaker.
-
8/2/2019 177164697-CCNA-Day3
36/125
37
Terminology: DRs and BDRs
Thedesignatedrouter (DR) isresponsible for
generatingLSAs onbehalf of allroutersconnected to
the samesegment
-
8/2/2019 177164697-CCNA-Day3
37/125
38
DR Responsibility
When a router sees a new or changed link-state, it sendsan LSA to its DR using a particular multicast address
The DR then forwards the LSA to all the other routerswith whom it is adjacent
Minimizes the number of formal adjacencies thatmust be formed and therefore the amount of LSU(link state update) packet traffic in a multi-router
network
-
8/2/2019 177164697-CCNA-Day3
38/125
39
OSPF Summary
AD -100
Hop count is unlimited
Metric = Cost 108/BW
Classless, VLSM
Load balance up to SIX routers
Require more processing power
-
8/2/2019 177164697-CCNA-Day3
39/125
40
Basic OSPF Configuration
Router(config)# router ospf 1 The number 1 in this example is a process-id # that
begins an OSPF process in the routerMore than one process can be launched in a router,
but this is rarely necessaryUsually the same process-id is used throughout theentire network, but this is not required
The process-id # can actually be any value from 1 to"very large integer
The process-id # cannot be ZEROThis is NOT the same as the AS# used in IGRP and
EIGRP
-
8/2/2019 177164697-CCNA-Day3
40/125
41
Configuring OSPF Areas
After identifying the OSPF process, you need to identify the interfaces thatyou want to activate OSPF communications
Lab_A#config t
Lab_A(config)#router ospf 1
Lab_A(config-router)#network 10.0.0.0 0.255.255.255
area ? OSPF area ID as a decimal value
A.B.C.D OSPF area ID in IP address format
Lab_A(config-router)#network 10.0.0.0 0.255.255.255
area 0
Every OSPF network must have an area 0 (the backbone area) to whichother areas connect So in a multiple area network, there must be an area 0 The wildcard mask represents the set of hosts supported by the
network and is really just the inverse of the subnet mask.
-
8/2/2019 177164697-CCNA-Day3
41/125
-
8/2/2019 177164697-CCNA-Day3
42/125
43
OSPF Configuration -1
R2
R1 R3
S0 S1
E0
S0
E0
S0
10.0.0.1
20.0.0.1
20.0.0.2 30.0.0.1
30.0.0.2 40.0.0.1
10.0.0.240.0.0.2
A B
-
8/2/2019 177164697-CCNA-Day3
43/125
44
OSPF Configuration -1
R2
R1 R3
S0 S1
E0
S0
E0
S0
10.0.0.1 20.0.0.1
20.0.0.2 30.0.0.1
30.0.0.2 40.0.0.1
10.0.0.240.0.0.2
R1#config tEnter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1R1(config-router)#network 10.0.0.0 0.255.255.255 area 0R1(config-router)#network 20.0.0.0 0.255.255.255 area 0R1(config-router)#^Z
A B
-
8/2/2019 177164697-CCNA-Day3
44/125
45
OSPF Configuration -2
R2
R1 R3
S0 S1
E0
S0
E0
S0
200.0.0.16/28
200.0.0.8/30200.0.0.12/30
200.0.0.32/27
A B
-
8/2/2019 177164697-CCNA-Day3
45/125
-
8/2/2019 177164697-CCNA-Day3
46/125
-
8/2/2019 177164697-CCNA-Day3
47/125
48
OSPF and Loopback Interfaces
Configuring loopback interfaces when using the OSPF routingprotocol is important
Cisco suggests using them whenever you configure OSPF on arouter
Loopback interfaces are logical interfaces, which are virtual,software-only interfaces; they are not real router interfaces
Using loopback interfaces with your OSPF configuration ensures thatan interface is always active for OSPF processes.
The highest IP address on a router will become that routers RID The RID is used to advertise the routes as well as elect the DR and
BDR.
If you configure serial interface of your router with highest IPAddress this Address becomes RID of t is the RID of the routerbecause e router
If this interface goes down, then a re-election must occur It can have an big impact when the above link is flapping
-
8/2/2019 177164697-CCNA-Day3
48/125
49
Configuring Loopback Interfaces
R1#config t
Enter configuration commands, one per line. Endwith CNTL/Z.
R1(config)#int loopback 0R1(config-if)#ip address 172.16.10.1
255.255.255.255
R1(config-if)#no shutR1(config-if)#^Z
R1#
-
8/2/2019 177164697-CCNA-Day3
49/125
50
show ip protocols
Router#
Verifies the configured IP routing protocolprocesses, parameters and statistics
Verifying OSPF Operation
show ip route ospf
Router#
Displays all OSPF routes learned by the router
show ip ospf interface
Router#
Displays the OSPF router ID, area ID andadjacency information
Verifying OSPF Operation
-
8/2/2019 177164697-CCNA-Day3
50/125
51
show ip ospf
Router#
Displays the OSPF router ID, timers, and statistics
Verifying OSPF Operation(Cont.)
show ip ospf neighbor [detail]
Router#
Displays information about the OSPF neighbors,including Designated Router (DR) and BackupDesignated Router (BDR) information onbroadcast networks
-
8/2/2019 177164697-CCNA-Day3
51/125
52
The show ip route ospfCommand
RouterA# show ip route ospf
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile,
B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF,
IA - OSPF inter area, E1 - OSPF external type 1,E2 - OSPF external type 2, E - EGP, i - IS-IS, L1 - IS-IS
level-1, L2 - IS-IS level-2, * - candidate default
Gateway of last resort is not set
10.0.0.0 255.255.255.0 is subnetted, 2 subnets
O 10.2.1.0 [110/10] via 10.64.0.2, 00:00:50, Ethernet0
The show ip ospf interface
-
8/2/2019 177164697-CCNA-Day3
52/125
53
The show ip ospf interfaceCommand
RouterA# show ip ospf interface e0
Ethernet0 is up, line protocol is up
Internet Address 10.64.0.1/24, Area 0
Process ID 1, Router ID 10.64.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DROTHER, Priority 1
Designated Router (ID) 10.64.0.2, Interface address 10.64.0.2
Backup Designated router (ID) 10.64.0.1, Interface address 10.64.0.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:04
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.64.0.2 (Designated Router)
Suppress hello for 0 neighbor(s)
-
8/2/2019 177164697-CCNA-Day3
53/125
54
The show ip ospf neighborCommand
RouterB# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.64.1.1 1 FULL/BDR 00:00:31 10.64.1.1 Ethernet0
10.2.1.1 1 FULL/- 00:00:38 10.2.1.1 Serial0
h i f i hb d t il
-
8/2/2019 177164697-CCNA-Day3
54/125
55
show ip ospf neighbor detail
show ip ospf database
S tti P i it f DR El ti
-
8/2/2019 177164697-CCNA-Day3
55/125
56
Setting Priority for DR Election
ip ospf priority number
This interface configuration command assigns the OSPFpriority to an interface.Different interfaces on a router may be assigned different
values.
The default priority is 1. The range is from 0 to 255.0 means the router is a DROTHER; it cant be the DR or
BDR.
Router(config-if)#
-
8/2/2019 177164697-CCNA-Day3
56/125
57
-
8/2/2019 177164697-CCNA-Day3
57/125
O e ie
-
8/2/2019 177164697-CCNA-Day3
58/125
59
Overview
Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietary routing protocol based on Interior Gateway Routing Protocol(IGRP).
Released in 1994, Unlike IGRP, which is a classful routing protocol,EIGRP supports CIDR and VLSM.
it is probably one of the two most popular routing protocols in usetoday.
Compared to IGRP, EIGRP boasts faster convergence times, improvedscalability, and superior handling of routing loops.
EIGRP is often described as a hybrid routing protocol, offering thebest of distance vector and link-state algorithms.
Comparing EIGRP with IGRP
-
8/2/2019 177164697-CCNA-Day3
59/125
60
Comparing EIGRP with IGRP
IGRP and EIGRP are compatible with each other.EIGRP offers multiprotocol support, but IGRP does not.
Communication via Reliable Transport Protocol (RTP)Best path selection via Diffusing Update Algorithm (DUAL)Improved convergence timeReduced network overhead
Introducing EIGRP
-
8/2/2019 177164697-CCNA-Day3
60/125
Introducing EIGRP
EIGRP supports:Rapid convergence
Reduced bandwidth usage
Multiple network-layer protocols
-
8/2/2019 177164697-CCNA-Day3
61/125
-
8/2/2019 177164697-CCNA-Day3
62/125
63
Neighbor Discovery
There are three conditions that must bemet for neighborship establishment
Hello or ACK received
AS numbers match
Identical metrics (K values)? AS? K
K1 BWK2- DelayK3-LoadK3-ReliabilityK5-MTU
-
8/2/2019 177164697-CCNA-Day3
63/125
64
The metrics used by EIGRP in making routing decisions are (lower the metric thebetter): bandwidth
delay
load
Reliability
MTU
By default, EIGRP uses only: Bandwidth
Delay
Analogies:
Think ofbandwidth as the width of the pipeand
delay as the length of the pipe.
Bandwidth is the carrying capacity
Delay is the end-to-end travel time.
Metric Calculation
-
8/2/2019 177164697-CCNA-Day3
64/125
65
Neighbor Table
The neighbor table is the most important table in EIGRP
Stores address and interface of neighbor
-
8/2/2019 177164697-CCNA-Day3
65/125
66
Topology Table
Network
-
8/2/2019 177164697-CCNA-Day3
66/125
-
8/2/2019 177164697-CCNA-Day3
67/125
-
8/2/2019 177164697-CCNA-Day3
68/125
69
EIGRP Concepts &Terminology
EIGRP routers that belong to different autonomoussystems (ASes) dont automatically share routinginformation
The only time EIGRP advertises its entire routing table is
when it discovers a new neighbor and forms anadjacency with it through the exchange of Hello packets
When this happens, both neighbors advertise their entirerouting tables to one another
After each has learned its neighbors routes, onlychanges to the routing table are propagated
-
8/2/2019 177164697-CCNA-Day3
69/125
70
172.16.100.0
1.544Mbps
56Kbps
1.544Mbps
Dist to 172.16.100.0 =100Dist to 172.16.100.0 =100
Dist to 172.16.100.0 =350
10Mbps
10Mbps 1001,544Mbps 25056Kbps -1000
Chennai receives an update from Mumbai with a cost of 100, which is Mumbai's cost to reach 172.16.100.0, This
cost is referred to as the reported distance (RD)Bangalore will report its cost to reach 172.16.100.0. Bangalore's RD is 350Chennai will compute its cost to reach 172.16.100.0 via Mumbai and Bangalore and compare the metrics for thetwo pathsChennai's cost via Mumbai is 1100. Chennai's cost via Bangalore is 600. The lowest cost to reach a destination isreferred to as the feasible distance (FD) for that destinationChennai's FD to 172.16.100.0 is 600. The next-hop router in the lowest-cost path to the destination is referred toas the successor.
A feasible successor is a path whose reported distance is less than the feasible distance, and it is considered abackup route.
-
8/2/2019 177164697-CCNA-Day3
70/125
71
EIGRP Terms
Feasible distance (FD) - This is the lowest calculated metric toreach destination. This is the route that you will find in therouting table, because it is considered the best path
Reported distance (RD) - The distance reported by an
adjacent neighbor to a specific destination.
Interface information - The interface through which thedestination can be reached.
Route status - The status of a route. Routes are identified asbeing either passive, which means that the route is stable andready for use, or active, which means that the route is in theprocess of being recomputed by DUAL
EIGRP Terminology and
-
8/2/2019 177164697-CCNA-Day3
71/125
72
SuccessorCurrent Route
A successor is a route selected as the primary route to use to reacha destination.
Successors are the entries kept in the routing table.
Feasible Successor-A backup route
A feasible successor is a backup route.
These routes are selected at the same time the successors areidentified, but they are kept in the topology table.
Multiple feasible successors for a destination can be retained in thetopology table.
EIGRP Terminology andOperations
-
8/2/2019 177164697-CCNA-Day3
72/125
73
Reliable Transport Protocol (RTP)
Used by EIGRP for its routing updates in place of TCP EIGRP can call on RTP to provide reliable or unreliable service
EIGRP uses reliable service for route updates Unreliable for Hellos
Reliable Transport Protocol (RTP) is a transport layer protocol thatguarantees ordered delivery of EIGRP packets to all neighbors. On an IP network, hosts use TCP to sequence packets and ensure
their timely delivery. RIP uses UDP However, EIGRP is protocol-independent and does not rely on TCP/IP
to exchange routing information the way that RIP, IGRP, and OSPF
do. EIGRP uses RTP as its own proprietary transport layer protocol to
guarantee delivery of routing information. With RTP, EIGRP can multicast and unicast to different peers
simultaneously.
Diffusing Update Algorithm
-
8/2/2019 177164697-CCNA-Day3
73/125
74
Diffusing Update Algorithm(DUAL)
All route computations in EIGRP are handled by DUAL One of DUAL's tasks is maintaining a table of loop-free paths to
every destination.
This table is referred to as the topology table
DUAL saves all paths in the topology table
The least-cost path(s) is copied from the topology table to therouting table
In the event of a failure, the topology table allows for very quickconvergence if another loop-free path is available
If a loop-free path is not found in the topology table, a route
recomputation must occur DUAL queries its neighbors, who, in turn, may query their
neighbors, and so on...
Hence the name "Diffusing" Update Algorithm
-
8/2/2019 177164697-CCNA-Day3
74/125
75
VLSM Support
EIGRP supports the use of Variable- Length SubnetMasks
Can use 30-bit subnet masks for point-to-point networks
Because the subnet mask is propagated with every routeupdate, EIGRP also supports the use of discontiguoussubnets
Discontiguous network is the one that has two or moresubnetworks of a classful network connected together bydifferent classful networks
-
8/2/2019 177164697-CCNA-Day3
75/125
76
Discontiguous Network
-
8/2/2019 177164697-CCNA-Day3
76/125
Configuring EIGRP
Router(config-router)#network network-number Selects participating attached networks
Router(config)#router eigrp autonomous-system Defines EIGRP as the IP routing protocol
-
8/2/2019 177164697-CCNA-Day3
77/125
EIGRP Configuration Example
-
8/2/2019 177164697-CCNA-Day3
78/125
80
EIGRP Configuration
R2
R1 R3
S0S1
E0
S0
E0
S0
200.0.0.17
200.0.0.9
200.0.0.10 200.0.0.13
200.0.0.14 200.0.0.33
200.0.0.18 200.0.0.34255.255.255.240
255.255.255.252 255.255.255.252
255.255.255.224
R1#config tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#router eigrp 10R1(config-router)#network 200.0.0.16R1(config-router)#network 200.0.0. 8R1(config-router)#^Z
A B
R3#config tEnter configuration commands, one per line. End with CNTL/Z.R3(config)#router eigrp 10R3(config-router)#network 200.0.0. 32R3(config-router)#network 200.0.0. 12R3(config-router)#^Z
-
8/2/2019 177164697-CCNA-Day3
79/125
show ip eigrp topology
-
8/2/2019 177164697-CCNA-Day3
80/125
82
show ip eigrp topology
show ip eigrp topology[active | pending | successors]
show ip eigrp topology
-
8/2/2019 177164697-CCNA-Day3
81/125
83
show ip eigrp topologyall-links
show ip eigrp traffic
Administrative Distances
-
8/2/2019 177164697-CCNA-Day3
82/125
84
Administrative Distances
TELNET
-
8/2/2019 177164697-CCNA-Day3
83/125
85
TELNET
Getting information about remote device
Can connect to remote device and configure a device
Password must be set
R1(config)# line vty 0 4
Password cisco
login
-
8/2/2019 177164697-CCNA-Day3
84/125
86
2002, Cisco Systems, Inc. All rights reserved. 86
Discovering Neighbors on the
Network
Ci Di P t l
-
8/2/2019 177164697-CCNA-Day3
85/125
Cisco Discovery Protocol
CDP is a proprietary utility that gives you a summary of directlyconnected switches, routers, and other Cisco devices.
CDP discovers neighboring devices regardless of which protocolsuite they are running.
Runs on the Data link layer
Physical media must support the Subnetwork Access Protocol(SNAP) encapsulation.
Only give directly connected device
By default enabled, you can enable or disable
Discovering Neighbors with
-
8/2/2019 177164697-CCNA-Day3
86/125
Discovering Neighbors withCDP
CDP runs on routers with Cisco IOS
software Release 10.3 or later and on Ciscoswitches.
Show CDP ?
Summary information
includes: Device ID Local Interface Port ID Capabilities list Platform
CDP
-
8/2/2019 177164697-CCNA-Day3
87/125
89
CDP
CDP timeris how often CDP packets are transmitted toall active interfaces.
Router(config)#cdp timer 90
CDP holdtimeis the amount of time that the device willhold packets received from neighbor devices.
Router(config)#cdp holdtime 240
U i CDP
-
8/2/2019 177164697-CCNA-Day3
88/125
90
Using CDP
Using the show cdp
-
8/2/2019 177164697-CCNA-Day3
89/125
91
neighbors Command
The show cdp neighbor command (sh cdp nei for short) deliversinformation about directly connected devices.
CDP
-
8/2/2019 177164697-CCNA-Day3
90/125
92
CDP
show cdp neighbor detail
This command can be run on both routersand switches, and it displays detailedinformation about each device connectedto the device
Using the show cdp entry
-
8/2/2019 177164697-CCNA-Day3
91/125
93
g p yCommand
The show cdp entry * command displays the same information as the show cdpneighbor details command.
Additional CDP Commands
-
8/2/2019 177164697-CCNA-Day3
92/125
94
Additional CDP Commands
The show cdp traffic command displays information aboutinterface traffic, including the number of CDP packets sent andreceived and the errors with CDP.
CDP Commands
-
8/2/2019 177164697-CCNA-Day3
93/125
95
CDP Commands
To disable the CDP on particular interface usethe "no cdp enable" command
To disable CDP on the entire router use the "nocdp run" in global configuration mode.
Summary
-
8/2/2019 177164697-CCNA-Day3
94/125
96
Summary
Cisco Discovery Protocol is an information-gathering tool used
by network administrators to get information about directlyconnected devices.
CDP exchanges hardware and software device informationwith its directly connected CDP neighbors.
You can enable or disable CDP on a router as a whole or on aport-by-port basis.
The show cdp neighbors command displays information abouta routers CDP neighbors.
The show cdp entry, show cdp traffic, and show cdp interfacecommands display detailed CDP information on a Cisco device.
-
8/2/2019 177164697-CCNA-Day3
95/125
97
Why Use Access Lists?
-
8/2/2019 177164697-CCNA-Day3
96/125
Manage IP traffic as network access grows
Filter packets as they pass through the router
Why Use Access Lists?
-
8/2/2019 177164697-CCNA-Day3
97/125
Reasons to Create ACLs
-
8/2/2019 177164697-CCNA-Day3
98/125
100
The following are some of the primary reasons to createACLs:
Limit network traffic and increase network performance.Provide traffic flow control.
Provide a basic level of security for network access.Decide which types of traffic are forwarded or blocked at the routerinterfacesFor example: Permit e-mail traffic to be routed, but block all telnet traffic.If ACLs are not configured on the router, all packets passing through the
router will be allowed onto all parts of the network.
ACLs
-
8/2/2019 177164697-CCNA-Day3
99/125
101
ACL s
Different access list for TelnetWhen configuring ISDN you need to use access list
Implicit deny at bottom
All restricted statements should be on first
There are two types
Standard
Extended
Network
-
8/2/2019 177164697-CCNA-Day3
100/125
102
Network
N1 N2
N3 N4 N5 N6
192.168.12.0
A
B C
192.168.34.0192.168.56.0
192.168.12.2
192.168.12.3
IP Packet
-
8/2/2019 177164697-CCNA-Day3
101/125
103
IP Packet
SRC IP AddressDEST IP AddressProtocol typeSRC PortDEST Port
The first 2 bytes in the TCP/UDP header are the source port numberThe next 2 bytes in the TCP/UDP header are the Destination port number
Types of Access Lists
-
8/2/2019 177164697-CCNA-Day3
102/125
104
Standard
Checks source address
Permits or denies entire protocol suite
Extended
Checks source and destination address
Generally permits or denies specific protocols
Types of Access Lists
How to Identify Access Lists
-
8/2/2019 177164697-CCNA-Day3
103/125
How to Identify Access Lists
Standard IP lists (1-99) test conditions of all IP packets fromsource addresses.
Extended IP lists (100-199) test conditions of source and destination
addresses, specific TCP/IP protocols, and destination ports. Standard IP lists (1300-1999) (expanded range).
Extended IP lists (2000-2699) (expanded range).
Standard ACLs
-
8/2/2019 177164697-CCNA-Day3
104/125
106
The full syntax of the standard ACL command is:
Router(config)#access-list access-list-number {deny | permit} source[source-wildcard]
The no form of this command is used to remove a standard ACL. This isthe syntax:Router(config)#no access-listaccess-list-number
Config# Access-list 1 deny 192.168.1.0 0.0.0.255Config# access-list 1 permit any
Wildcard Mask
-
8/2/2019 177164697-CCNA-Day3
105/125
107
Wildcard Mask
Access-list 99 permit 192.168.1.1 wildcard maskAll 32 bits of an IP Address can be filtered
Wildcard inverse mask
0=must match
1= ignoreMASK (192.168.1.1) Matching IP
0.0.0.0 (host) 192.168.1.1
0.0.0.255 192.168.1.0-255
0.0.255.255 192.168.0-255.0-255
0.255.255.255 192.0-255.0-255.0-255
255.255.255.255 0-255.0-255.0-255.0-255 (any)
The ANY and HOST keyword
-
8/2/2019 177164697-CCNA-Day3
106/125
108
The ANY and HOST keyword
Access-list 1 permit 200.0.0.9 0.0.0.0
Or
permit host 200.0.0.9
Access-list 1 permit 0.0.0.0 255.255.255.255
Or
permit any
Testing Packets with
-
8/2/2019 177164697-CCNA-Day3
107/125
Standard Access Lists
Outbound ACL Operation
-
8/2/2019 177164697-CCNA-Day3
108/125
Outbound ACL Operation
If no access list statement matches, then discard the packet.
Reading an ACL
-
8/2/2019 177164697-CCNA-Day3
109/125
111
Reading an ACL
First Hit or Best Fit?1. Access-list 99 deny host 192.168.1.1 0.0.0.0
access-list 99 permit any 255.255.255.255
2. Access-list 99 permit 192.168.1.0 0.0.0.255
Access-list 99 deny host 192.168.1.1
access-list 99 permit any
3. Access-list 99 deny host 192.168.1.1
Implicit deny at the end of every ACL
Creating ACLs
-
8/2/2019 177164697-CCNA-Day3
110/125
112
ACLs are created in the global configuration mode. There are manydifferent types of ACLs including standard, extended, IPX, AppleTalk, andothers. When configuring ACLs on a router, each ACL must be uniquelyidentified by assigning a number to it. This number identifies the type ofaccess list created and must fall within the specific range of numbers thatis valid for that type of list.
Since IP is by far the mostpopular routed protocol,addition ACL numbers havebeen added to newer routerIOSs.Standard IP: 1300-1999Extended IP: 2000-2699
The ip access-group command
-
8/2/2019 177164697-CCNA-Day3
111/125
113
{ in | out }
Exercise Standard Access List
-
8/2/2019 177164697-CCNA-Day3
112/125
114
Exercise Standard Access List
A B
Account should be denied access to Sales
To steps to configure
Create a standard Access listApply ACL to proper interface inbound or outbound
S0 S0
E0
E0
192.168.0.18
255.255.255.248
S0S1192.168.0.17
255.255.255.248
192.168.0.5
255.255.255.252
192.168.0.6255.255.255.252
192.168.0.9
255.255.255.252
192.168.0.10255.255.255.252
192.168.0.33255.255.255.240
192.168.0.34
255.255.255.240
Exercise Standard Access List
-
8/2/2019 177164697-CCNA-Day3
113/125
115
Exercise Standard Access List
A B
S0 S0
E0
E0
192.168.0.18
255.255.255.248
S0S1192.168.0.17
255.255.255.248
192.168.0.5
255.255.255.252
192.168.0.6255.255.255.252
192.168.0.9
255.255.255.252
192.168.0.10255.255.255.252
192.168.0.33255.255.255.240
192.168.0.34
255.255.255.240
Config# Access-list 1 deny 192.168.0.18 0.0.0.7Config# access-list 1 permit any
Config#int e 0Config-if# ip access-group 1 out
Extended ACLs
-
8/2/2019 177164697-CCNA-Day3
114/125
116
Extended ACLs are used more often than standard ACLs because they provide agreater range of control.
Extended ACLs check the source and destination packet addresses as well asbeing able to check for protocols and port numbers.
At the end of the extended ACL statement, additional precision is gained from afield that specifies the optional Transmission Control Protocol (TCP) or UserDatagram Protocol (UDP) port number.
Logical operations may be specified such as, equal (eq), not equal (neq), greaterthan (gt), and less than (lt), that the extended ACL will perform on specific
protocols.
Extended ACLs use an access-list-number in the range 100 to 199 (also from 2000to 2699 in recent IOS).
Configuration
-
8/2/2019 177164697-CCNA-Day3
115/125
117
Configuration
Access-list acl# {permit/Deny}
Protocol Src IP src WCM
Dst IP dst WCM
Opetrator port Protocol
OSPF EIGRP
ICMP
TCP
UDP
RP If you need to Block a routing protocol
IP Operator
eq
gt
lt
neq
-
8/2/2019 177164697-CCNA-Day3
116/125
Extended ACL Syntax
-
8/2/2019 177164697-CCNA-Day3
117/125
119
Extended ACL LAB -2
-
8/2/2019 177164697-CCNA-Day3
118/125
121
Extended ACL LAB 2
S0
S0
E0E0
A B
192.168.0.34 should be denied FTP of 192.168.0.18
On Router R1Config# Access-list 100 deny tcp 192.168.0.34 0.0.0.0 192.168.0.18
0.0.0.0 eq 21Config# access-list 100 permit IP any any
Config#int s0Config-if# ip access-group 100 IN
192.168.0.18 should be denied website of 192.168.0.34
On Router R3Config# Access-list 100 deny tcp 192.168. 0.18 0.0.0.0 192.168.0.34
0.0.0.0 eq 80Config# access-list 100 permit IP any any
Config#int s0Config-if# ip access-group 100 IN
S1S0
192.168.0.18255.255.255.248
192.168.0.17255.255.255.248
192.168.0.5255.255.255.252
192.168.0.6255.255.255.252
192.168.0.9
255.255.255.252
192.168.0.10255.255.255.252
192.168.0.33255.255.255.240
192.168.0.34255.255.255.240
-
8/2/2019 177164697-CCNA-Day3
119/125
Rules
-
8/2/2019 177164697-CCNA-Day3
120/125
123
Rules
For extended access list apply near to thesource
For standard access list apply near to the
destination
Named ACLs
-
8/2/2019 177164697-CCNA-Day3
121/125
124
IP named ACLs were introduced in Cisco IOS Software Release 11.2,allowing standard and extended ACLs to be given names instead ofnumbers.
The characteristics of named accesslist:
Identify an ACL using an alphanumeric name. You can delete individual statements in a named access list Named access lists must be specified as standard or extended You can use the ip access-list command to create named access
lists.
Named ACLs are not compatible with Cisco IOS releases prior to Release11.2.
The same name may not be used for multiple ACLs.
Named ACLs
-
8/2/2019 177164697-CCNA-Day3
122/125
125
Named ACL s
Numbered Access list did not give you any hint, What isfiltered
NamedACLs are both basic and advanced filtering tool
Name cannot start with a number or !
Cannot have space in the name
Should not have ? Character anywhere in the name
Name is case sensitive
Named ACL Example
-
8/2/2019 177164697-CCNA-Day3
123/125
126
Named ACL Example
R1(config)#ip access-list standard blocksales R1(config-std-nacl)#deny 172.16.40.0 0.0.0.255
R1(config-std-nacl)#permit any
R1(config-std-nacl)#exit
R1(config)#^Z
R1#
#Int e 0#Ip access-group blocksales out
Verify Access List
-
8/2/2019 177164697-CCNA-Day3
124/125
127
e y ccess st
Basic Rules for ACLs
-
8/2/2019 177164697-CCNA-Day3
125/125
Standard IP access lists should be applied closest to the destination.
Extended IP access lists should be applied closest to the source. Use the inbound or outbound interface reference as if looking at the port
from inside the router. Statements are processed sequentially from the top of list to the bottom
until a match is found, if no match is found then the packet is denied.
There is an implicit deny at the end of all access lists. This will not appearin the configuration listing. Access list entries should filter in the order from specific to general.
Specific hosts should be denied first, and groups or general filters shouldcome last.
Never work with an access list that is actively applied.
New lines are always added to the end of the access list. Ano access-listxcommand will remove the whole list. It is not possible
to selectively add and remove lines with numbered ACLs. O tb d filt d t ff t t ffi i i ti f th l l t