CCNA Super Lab 3
Technologies Covered
Basic Device Configuration
Interface Configuration
Virtual LAN (VLAN) Configuration
VLAN Trunking Protocol (VTP)
Spanning Tree Protocol (STP)
Frame Relay
OSPF Routing
Standard and Extended Access Control Lists (ACL)
TCL Scripts / Lab Verification
Your goal for this lab is to configure a fully routed network so that each device can communicate with every other device.
Basic Device Configuration
When starting a lab, there are some basic things that will need to be done on every device. The following should be done at the start of every lab:
Configure the device hostname
Disable domain-name lookup
Configure password encryption
Set console timeout
Configure “logging synchronous” on the console line
Configure passwords
Important: When configuring passwords on any lab, on any device, always use ‘ccie’.
Here is an example from router R1:
Router>
Router>enable
Router#config
Configuring from terminal, memory, or network [terminal]? t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#no ip domain-lookup
R1(config)#service password-encryption
R1(config)#enable secret ccie
R1(config)#line con 0
R1(config-line)#exec-timeout 0 0
R1(config-line)#password ccie
R1(config-line)#logging synchronous
Using the example above as a guide, do the basic device configuration on the remaining devices in your pod.
Interface Configuration
|
Layer 7 - Application |
|
Layer 6 - Presentation |
|
Layer 5 - Session |
|
Layer 4 - Transport |
|
Layer 3 – Network |
|
Layer 2 - Data Link · CDP · Ethernet |
|
Layer 1 - Physical |
Disable all unnecessary interfaces on the switches, and enable all necessary interfaces on the routers. Use the Physical Lab diagram as a guide to determine which interfaces are needed. Use the previous labs for examples on how to do this.
Confirmation: Use the show cdp neighbors command to verify layer 2 adjacencies.
R1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
CAT2 Fas 0/1 168 S I WS-C3560- Fas 0/1
R2#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R5 Ser 0/1/0 161 R S I 2811 Ser 0/0/0
CAT1 Fas 0/0 171 S I WS-C3560- Fas 0/2
R3#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R5 Ser 0/1/0 146 R S I 2811 Ser 0/0/1
CAT1 Fas 0/0 156 S I WS-C3560- Fas 0/3
R4#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
CAT2 Fas 0/1 151 S I WS-C3560- Fas 0/4
R5#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R2 Ser 0/0/0 157 R S I 2811 Ser 0/1/0
R3 Ser 0/0/1 156 R S I 2811 Ser 0/1/0
CAT1 Fas 0/0 141 S I WS-C3560- Fas 0/5
R6#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
CAT1 Fas 0/0 136 S I WS-C3560- Fas 0/6
CAT1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
R2 Fas 0/2 145 R S I 2811 Fas 0/0
R3 Fas 0/3 145 R S I 2811 Fas 0/0
CAT4 Fas 0/22 129 S I WS-C3560-2Fas 0/22
R6 Fas 0/6 168 R S I 2811 Fas 0/0
CAT3 Fas 0/19 120 S I WS-C3560-2Fas 0/19
R5 Fas 0/5 145 R S I 2811 Fas 0/0
CAT2#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
CAT4 Fas 0/19 122 S I WS-C3560-2Fas 0/19
R1 Fas 0/1 141 R S I 2811 Fas 0/1
CAT3 Fas 0/22 174 S I WS-C3560-2Fas 0/22
R4 Fas 0/4 141 R S I 2811 Fas 0/1
VLAN Trunks between Switches
To configure a trunk between two switches, use the switchport trunk encapsulation dot1q command, the switchport trunk allowed vlan command, and the switchport mode trunk command.
Using previous labs as a guide, configure the following links as trunks:
CAT1 and CAT4 on ports Fa0/22
CAT2 and CAT3 on ports Fa0/22
CAT1 and CAT3 on ports Fa0/19
CAT2 and CAT4 on ports Fa0/19
Confirmation: Use the show interface trunk command to verify trunking
CAT1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/19 on 802.1q trunking 1
Fa0/22 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/19 15,24,36,99
Fa0/22 15,24,36,99
Port Vlans allowed and active in management domain
Fa0/19 none
Fa0/22 none
Port Vlans in spanning tree forwarding state and not pruned
Fa0/19 none
Fa0/22 none
CAT2#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/19 on 802.1q trunking 1
Fa0/22 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/19 15,24,36,99
Fa0/22 15,24,36,99
Port Vlans allowed and active in management domain
Fa0/19 none
Fa0/22 none
Port Vlans in spanning tree forwarding state and not pruned
Fa0/19 none
Fa0/22 none
CAT3#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/19 on 802.1q trunking 1
Fa0/22 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/19 15,24,36,99
Fa0/22 15,24,36,99
Port Vlans allowed and active in management domain
Fa0/19 none
Fa0/22 none
Port Vlans in spanning tree forwarding state and not pruned
Fa0/19 none
Fa0/22 none
CAT4#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/19 on 802.1q trunking 1
Fa0/22 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/19 15,24,36,99
Fa0/22 15,24,36,99
Port Vlans allowed and active in management domain
Fa0/19 none
Fa0/22 none
Port Vlans in spanning tree forwarding state and not pruned
Fa0/19 none
Fa0/22 none
VLAN Trunking Protocol (VTP)
To configure a switch as a VTP server, use the vtp mode server, vtp domain, vtp password, and vtp version 2 commands.
CAT4(config)#vtp mode server
Device mode already VTP SERVER.
CAT4(config)#vtp domain lab3
Changing VTP domain name from NULL to lab3
CAT4(config)#vtp password ccie
Setting device VLAN database password to ccie
To configure a switch as a VTP client, use the vtp mode client, vtp domain,
and vtp
password commands.
CAT3(config)#vtp mode client
Setting device to VTP CLIENT mode.
CAT3(config)#vtp domain lab3
Changing VTP domain name from NULL to lab3
CAT3(config)#vtp password ccie
Setting device VLAN database password to ccie
To configure VLANs on switches configured in server mode use the vlan command.
CAT4(config)#vlan 15,24,36,99
CAT4(config-vlan)#exit
Using the above example, configure CAT4 as a VTP server, and CAT1, CAT2 and CAT3 as VTP clients. Use VTP domain ‘lab3’ and VTP password ‘ccie.’ Configure VLANs 15, 24, 36, 99 on CAT4.
Confirmation: Use the show vtp status command to verify VTP configuration.
CAT1#show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Client
VTP Domain Name : lab3
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xEA 0xDA 0xEC 0x80 0x2F 0x56 0x79 0xE4
Configuration last modified by 0.0.0.0 at 3-1-93 00:17:31
CAT2#show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Client
VTP Domain Name : lab3
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xEA 0xDA 0xEC 0x80 0x2F 0x56 0x79 0xE4
Configuration last modified by 0.0.0.0 at 3-1-93 00:17:31
CAT3#show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Client
VTP Domain Name : lab3
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xEA 0xDA 0xEC 0x80 0x2F 0x56 0x79 0xE4
Configuration last modified by 0.0.0.0 at 3-1-93 00:17:31
CAT4#show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : lab3
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xEA 0xDA 0xEC 0x80 0x2F 0x56 0x79 0xE4
Configuration last modified by 0.0.0.0 at 3-1-93 00:17:31
Local updater ID is 0.0.0.0 (no valid interface found)
Use the show vlan brief command to verify that the VLAN information was propagated.
CAT1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/24, Gi0/1, Gi0/2
15 VLAN0015 active
24 VLAN0024 active
36 VLAN0036 active
99 VLAN0099 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CAT2#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/24, Gi0/1, Gi0/2
15 VLAN0015 active
24 VLAN0024 active
36 VLAN0036 active
99 VLAN0099 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CAT3#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/24, Gi0/1, Gi0/2
15 VLAN0015 active
24 VLAN0024 active
36 VLAN0036 active
99 VLAN0099 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CAT4#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/24, Gi0/1, Gi0/2
15 VLAN0015 active
24 VLAN0024 active
36 VLAN0036 active
99 VLAN0099 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Configuration
|
Layer 7 - Application |
|
Layer 6 - Presentation |
|
Layer 5 - Session |
|
Layer 4 - Transport |
|
Layer 3 – Network |
|
Layer 2 - Data Link · VLANs · Switches |
|
Layer 1 - Physical |
To configure a port to be in a VLAN, use the switchport access vlan command and the switchport mode access command on the switch.
CAT1(config)#interface fa0/2
CAT1(config-if)#switchport access vlan 24
CAT1(config-if)#switchport mode access
To configure a trunk to a router, configure the switchport just as you would a trunk between two switches.
CAT1(config)#interface fa0/6
CAT1(config-if)#switchport trunk encapsulation dot1q
CAT1(config-if)#switchport trunk allowed vlan 36,99
CAT1(config-if)#switchport mode trunk
CAT1(config-if)#
00:27:01: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6, changed state to down
00:27:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6, changed state to up
On the router, use the interface and encapsulation commands. The syntax for the encapsulation command is
encapsulation dot1q <VLAN>
R6(config)#interface fa0/0.36
R6(config-subif)#encapsulation dot1q 36
R6(config-subif)#interface fa0/0.99
R6(config-subif)#encapsulation dot1q 99
R6(config-subif)#exit
Configure all Ethernet ports to be in the correct VLAN. Use the physical and logical diagrams to determine which VLAN each port should be in. Configure the trunk between CAT1 and R6. Use the sub-interface configuration example above to configure the router’s interfaces.
Confirmation: Use the show vlan brief command to verify VLAN port configuration.
CAT1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/4, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/20, Fa0/21
Fa0/23, Fa0/24, Gi0/1, Gi0/2
15 VLAN0015 active Fa0/5
24 VLAN0024 active Fa0/2
36 VLAN0036 active Fa0/3
99 VLAN0099 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CAT2#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/20, Fa0/21, Fa0/23, Fa0/24
Gi0/1, Gi0/2
15 VLAN0015 active Fa0/1
24 VLAN0024 active Fa0/4
36 VLAN0036 active
99 VLAN0099 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Use the show interfaces trunk command to verify VLAN trunking.
CAT1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/6 on 802.1q trunking 1
Fa0/19 on 802.1q trunking 1
Fa0/22 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/6 36,99
Fa0/19 15,24,36,99
Fa0/22 15,24,36,99
Port Vlans allowed and active in management domain
Fa0/6 36,99
Fa0/19 15,24,36,99
Fa0/22 15,24,36,99
Port Vlans in spanning tree forwarding state and not pruned
Fa0/6 36,99
Fa0/19 15,24,36,99
Fa0/22 none
CAT2#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/19 on 802.1q trunking 1
Fa0/22 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/19 15,24,36,99
Fa0/22 15,24,36,99
Port Vlans allowed and active in management domain
Fa0/19 15,24,36,99
Fa0/22 15,24,36,99
Port Vlans in spanning tree forwarding state and not pruned
Fa0/19 15,24,36,99
Fa0/22 15,24,36,99
Spanning Tree Protocol (STP)
To configure the root priority of a switch, use the spanning-tree vlan root primary command. The syntax for this command is
spanning-tree vlan <vlan range> root primary
CAT3(config)#spanning-tree vlan 15,24 root primary
This command changes the root priority of that switch for vlans in the <vlan range> to a value of 24577. To manually change the priority of the switch, use the spanning-tree vlan priority command. The syntax for this command is
spanning-tree vlan <vlan range> priority <priority>
CAT4(config)#spanning-tree vlan 36,99 priority 16384
Using the spanning-tree vlan root primary command, configure CAT3 as the spanning-tree root of VLANs 15 and 24. Using the spanning-tree vlan priority command, configure CAT4 as the spanning-tree root of VLANs 36 and 99 with a priority of 16384.
Confirmation: To view spanning-tree information, use the show spanning-tree command.
CAT1#show spanning-tree
VLAN0015
Spanning tree enabled protocol ieee
Root ID Priority 24591
Address 001a.2fbe.2c80
Cost 19
Port 21 (FastEthernet0/19)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32783 (priority 32768 sys-id-ext 15)
Address 001a.2fbe.3100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/5 Desg FWD 19 128.7 P2p
Fa0/19 Root FWD 19 128.21 P2p
Fa0/22 Desg FWD 19 128.24 P2p
VLAN0024
Spanning tree enabled protocol ieee
Root ID Priority 24600
Address 001a.2fbe.2c80
Cost 19
Port 21 (FastEthernet0/19)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32792 (priority 32768 sys-id-ext 24)
Address 001a.2fbe.3100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.4 P2p
Fa0/19 Root FWD 19 128.21 P2p
Fa0/22 Desg FWD 19 128.24 P2p
VLAN0036
Spanning tree enabled protocol ieee
Root ID Priority 16420
Address 001a.2fbe.3780
Cost 19
Port 24 (FastEthernet0/22)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32804 (priority 32768 sys-id-ext 36)
Address 001a.2fbe.3100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/3 Desg FWD 19 128.5 P2p
Fa0/6 Desg FWD 19 128.8 P2p
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/22 Root FWD 19 128.24 P2p
VLAN0099
Spanning tree enabled protocol ieee
Root ID Priority 16483
Address 001a.2fbe.3780
Cost 19
Port 24 (FastEthernet0/22)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32867 (priority 32768 sys-id-ext 99)
Address 001a.2fbe.3100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/6 Desg FWD 19 128.8 P2p
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/22 Root FWD 19 128.24 P2p
CAT2#show spanning-tree
VLAN0015
Spanning tree enabled protocol ieee
Root ID Priority 24591
Address 001a.2fbe.2c80
Cost 19
Port 24 (FastEthernet0/22)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32783 (priority 32768 sys-id-ext 15)
Address 001a.2fa8.2e80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.3 P2p
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/22 Root FWD 19 128.24 P2p
VLAN0024
Spanning tree enabled protocol ieee
Root ID Priority 24600
Address 001a.2fbe.2c80
Cost 19
Port 24 (FastEthernet0/22)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32792 (priority 32768 sys-id-ext 24)
Address 001a.2fa8.2e80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/4 Desg FWD 19 128.6 P2p
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/22 Root FWD 19 128.24 P2p
VLAN0036
Spanning tree enabled protocol ieee
Root ID Priority 16420
Address 001a.2fbe.3780
Cost 19
Port 21 (FastEthernet0/19)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32804 (priority 32768 sys-id-ext 36)
Address 001a.2fa8.2e80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/19 Root FWD 19 128.21 P2p
Fa0/22 Desg FWD 19 128.24 P2p
VLAN0099
Spanning tree enabled protocol ieee
Root ID Priority 16483
Address 001a.2fbe.3780
Cost 19
Port 21 (FastEthernet0/19)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32867 (priority 32768 sys-id-ext 99)
Address 001a.2fa8.2e80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/19 Root FWD 19 128.21 P2p
Fa0/22 Desg FWD 19 128.24 P2p
CAT3#show spanning-tree
VLAN0015
Spanning tree enabled protocol ieee
Root ID Priority 24591
Address 001a.2fbe.2c80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24591 (priority 24576 sys-id-ext 15)
Address 001a.2fbe.2c80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/22 Desg FWD 19 128.24 P2p
VLAN0024
Spanning tree enabled protocol ieee
Root ID Priority 24600
Address 001a.2fbe.2c80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24600 (priority 24576 sys-id-ext 24)
Address 001a.2fbe.2c80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/22 Desg FWD 19 128.24 P2p
VLAN0036
Spanning tree enabled protocol ieee
Root ID Priority 16420
Address 001a.2fbe.3780
Cost 38
Port 24 (FastEthernet0/22)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32804 (priority 32768 sys-id-ext 36)
Address 001a.2fbe.2c80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/19 Altn BLK 19 128.21 P2p
Fa0/22 Root FWD 19 128.24 P2p
VLAN0099
Spanning tree enabled protocol ieee
Root ID Priority 16483
Address 001a.2fbe.3780
Cost 38
Port 24 (FastEthernet0/22)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32867 (priority 32768 sys-id-ext 99)
Address 001a.2fbe.2c80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/19 Altn BLK 19 128.21 P2p
Fa0/22 Root FWD 19 128.24 P2p
CAT4#show spanning-tree
VLAN0015
Spanning tree enabled protocol ieee
Root ID Priority 24591
Address 001a.2fbe.2c80
Cost 38
Port 21 (FastEthernet0/19)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32783 (priority 32768 sys-id-ext 15)
Address 001a.2fbe.3780
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/19 Root FWD 19 128.21 P2p
Fa0/22 Altn BLK 19 128.24 P2p
VLAN0024
Spanning tree enabled protocol ieee
Root ID Priority 24600
Address 001a.2fbe.2c80
Cost 38
Port 21 (FastEthernet0/19)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32792 (priority 32768 sys-id-ext 24)
Address 001a.2fbe.3780
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/19 Root FWD 19 128.21 P2p
Fa0/22 Altn BLK 19 128.24 P2p
VLAN0036
Spanning tree enabled protocol ieee
Root ID Priority 16420
Address 001a.2fbe.3780
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 16420 (priority 16384 sys-id-ext 36)
Address 001a.2fbe.3780
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/22 Desg FWD 19 128.24 P2p
VLAN0099
Spanning tree enabled protocol ieee
Root ID Priority 16483
Address 001a.2fbe.3780
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 16483 (priority 16384 sys-id-ext 99)
Address 001a.2fbe.3780
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/22 Desg FWD 19 128.24 P2p
IP Addressing
|
Layer 7 - Application |
|
Layer 6 - Presentation |
|
Layer 5 - Session |
|
Layer 4 - Transport |
|
Layer 3 – Network · IP Address · Ping |
|
Layer 2 - Data Link |
|
Layer 1 - Physical |
For the purpose of this lab, we will be using only /24, or 255.255.255.0 networks.
To put an IP address on an interface, use the ip address command. The syntax for this command is
ip address <ip address> <mask>
To configure an IP address on a loopback interface, denoted Lo0 for Loopback 0 on the diagram, use the same ip address command under the loopback interface. Loopback interfaces are virtual interfaces that exist only in software on a router. They can be given an IP address like a physical interface.
R1(config)#interface Lo0
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R2(config)#interface Lo0
R2(config-if)#ip address 10.2.2.2 255.255.255.0
To configure an IP address on a VLAN interface, denoted VLAN xx on the diagram, use the same ip address command under the VLAN interface. VLAN interfaces are called Switched Virtual Interfaces (SVI).
CAT1(config)#interface Vlan 99
CAT1(config-if)#ip address 10.99.99.1 255.255.255.0
CAT2(config)#interface vlan 99
CAT2(config-if)#ip address 10.99.99.2 255.255.255.0
Using the diagrams, put IP addresses on the Ethernet, Serial, Loopback and SVI interfaces. Do not configure the interfaces that are connected to the Frame Relay Switch (FRS).
Confirmation: To verify IP addressing, use the show ip interface brief command.
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 10.15.15.1 YES manual up up
Serial0/0/0 unassigned YES unset administratively down down
Serial0/0/1 unassigned YES unset administratively down down
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
Loopback0 10.1.1.1 YES manual up up
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.24.24.2 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
Serial0/0/0 unassigned YES unset administratively down down
Serial0/0/1 unassigned YES unset administratively down down
Serial0/1/0 172.16.25.2 YES manual up up
Serial0/1/1 unassigned YES unset administratively down down
Loopback0 10.2.2.2 YES manual up up
R3#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.36.36.3 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
Serial0/0/0 unassigned YES unset administratively down down
Serial0/0/1 unassigned YES unset administratively down down
Serial0/1/0 172.16.35.3 YES manual up up
Serial0/1/1 unassigned YES unset administratively down down
Loopback0 10.3.3.3 YES manual up up
R4#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 10.24.24.4 YES manual up up
Serial0/0/0 unassigned YES unset administratively down down
Serial0/0/1 unassigned YES unset administratively down down
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
Serial0/2/0 unassigned YES unset administratively down down
Serial0/2/1 unassigned YES unset administratively down down
Loopback0 10.4.4.4 YES manual up up
R5#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.15.15.5 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
Serial0/0/0 172.16.25.5 YES manual up up
Serial0/0/1 172.16.35.5 YES manual up up
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
Serial0/2/0 unassigned YES unset administratively down down
Serial0/2/1 unassigned YES unset administratively down down
Loopback0 10.5.5.5 YES manual up up
R6#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset up up
FastEthernet0/0.36 10.36.36.6 YES manual up up
FastEthernet0/0.99 10.99.99.6 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
Serial0/0/0 unassigned YES unset administratively down down
Serial0/0/1 unassigned YES unset administratively down down
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
Loopback0 10.6.6.6 YES manual up up
To test Layer 3 connectivity, use the ping command. Each device should be able to ping its neighbors. Do not worry if the first one or two pings fail.
R1#ping 10.15.15.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.15.15.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
R2#ping 10.24.24.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.24.24.4, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
R2#ping 172.16.25.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.25.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
R3#ping 10.36.36.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.36.36.6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
R3#ping 172.16.35.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.35.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
R4#ping 10.24.24.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.24.24.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R5#ping 10.15.15.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.15.15.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R5#ping 172.16.25.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.25.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms
R5#ping 172.16.35.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.35.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
R6#ping 10.36.36.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.36.36.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R6#ping 10.99.99.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.99.99.1, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
R6#ping 10.99.99.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.99.99.2, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
R6#ping 10.99.99.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.99.99.3, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
R6#ping 10.99.99.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.99.99.4, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
|
Layer 7 - Application |
|
Layer 6 - Presentation |
|
Layer 5 - Session |
|
Layer 4 - Transport |
|
Layer 3 – Network |
|
Layer 2 - Data Link · Frame Relay |
|
Layer 1 - Physical |
Frame Relay
To configure the Frame Relay Switch (FRS), use the configuration posted on the lab list page.
To configure frame relay on an interface, use the encapsulation frame-relay, no frame-relay inverse-arp and frame-relay map ip commands. The syntax for the frame-relay map ip command is
frame-relay map ip <ip address> <dlci> broadcast
R1(config)#interface s0/0/0
R1(config-if)#ip address 192.168.124.1 255.255.255.0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#frame-relay map ip 192.168.124.1 102
R1(config-if)#frame-relay map ip 192.168.124.2 102 broadcast
R1(config-if)#frame-relay map ip 192.168.124.4 104 broadcast
R1(config-if)#no shutdown
R2(config)#interface s0/0/0
R2(config-if)#ip address 192.168.124.2 255.255.255.0
R2(config-if)#encapsulation frame-relay
R2(config-if)#no frame-relay inverse-arp
R2(config-if)#frame-relay map ip 192.168.124.1 201 broadcast
R2(config-if)#frame-relay map ip 192.168.124.2 201
R2(config-if)#frame-relay map ip 192.168.124.4 204 broadcast
R2(config-if)#no shutdown
R3(config)#interface s0/0/0
R3(config-if)#ip address 192.168.23.3 255.255.255.0
R3(config-if)#encapsulation frame-relay
R3(config-if)#no frame-relay inverse-arp
R3(config-if)#frame-relay map ip 192.168.23.2 302 broadcast
R3(config-if)#frame-relay map ip 192.168.23.3 302
R3(config-if)#no shutdown
R4(config)#interface s0/0/0
R4(config-if)#ip address 192.168.124.4 255.255.255.0
R4(config-if)#encapsulation frame-relay
R4(config-if)#no frame-relay inverse-arp
R4(config-if)#frame-relay map ip 192.168.124.1 401 broadcast
R4(config-if)#frame-relay map ip 192.168.124.2 402 broadcast
R4(config-if)#frame-relay map ip 192.168.124.4 401
R4(config-if)#no shutdown
To configure frame relay on a point to point sub-interface, use the frame-relay interface-dlci command.
R2(config)#interface s0/0/0.23 point-to-point
R2(config-subif)#ip address 192.168.23.2 255.255.255.0
R2(config-subif)#frame-relay interface-dlci 203
Using the commands above, configure frame relay on all applicable devices.
Confirmation: To verify frame relay, use the show frame-relay pvc, show frame-relay map, and show frame-relay lmi commands.
R1#show frame-relay pvc
PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)
Active Inactive Deleted Static
Local 2 0 0 0
Switched 0 0 0 0
Unused 1 0 0 0
DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 31 output pkts 31 in bytes 3180
out bytes 3180 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:07:24, last time pvc status changed 00:00:38
DLCI = 103, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 0 output pkts 0 in bytes 0
out bytes 0 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:00:59, last time pvc status changed 00:00:29
DLCI = 104, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 2 output pkts 5 in bytes 208
out bytes 520 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:07:14, last time pvc status changed 00:00:40
R1#show frame-relay map
Serial0/0/0 (up): ip 192.168.124.2 dlci 102(0x66,0x1860), static,
broadcast,
CISCO, status defined, active
Serial0/0/0 (up): ip 192.168.124.1 dlci 102(0x66,0x1860), static,
CISCO, status defined, active
Serial0/0/0 (up): ip 192.168.124.4 dlci 104(0x68,0x1880), static,
broadcast,
CISCO, status defined, active
R1#show frame-relay lmi
LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 7 Num Status msgs Rcvd 8
Num Update Status Rcvd 0 Num Status Timeouts 0
Last Full Status Req 00:00:10 Last Full Status Rcvd 00:00:10
R2#show frame-relay pvc
PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)
Active Inactive Deleted Static
Local 3 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0
DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 31 output pkts 31 in bytes 3180
out bytes 3180 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:06:53, last time pvc status changed 00:01:18
DLCI = 203, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0.23
input pkts 16 output pkts 18 in bytes 1620
out bytes 2613 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 3 out bcast bytes 1053
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:02:47, last time pvc status changed 00:01:19
DLCI = 204, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 5 output pkts 5 in bytes 520
out bytes 520 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:06:38, last time pvc status changed 00:01:11
R2#show frame-relay map
Serial0/0/0 (up): ip 192.168.124.1 dlci 201(0xC9,0x3090), static,
broadcast,
CISCO, status defined, active
Serial0/0/0 (up): ip 192.168.124.2 dlci 201(0xC9,0x3090), static,
CISCO, status defined, active
Serial0/0/0 (up): ip 192.168.124.4 dlci 204(0xCC,0x30C0), static,
broadcast,
CISCO, status defined, active
Serial0/0/0.23 (up): point-to-point dlci, dlci 203(0xCB,0x30B0), broadcast
status defined, active
R2#show frame-relay lmi
LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 10 Num Status msgs Rcvd 11
Num Update Status Rcvd 0 Num Status Timeouts 0
Last Full Status Req 00:00:25 Last Full Status Rcvd 00:00:25
R3#show frame-relay pvc
PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)
Active Inactive Deleted Static
Local 1 0 0 0
Switched 0 0 0 0
Unused 2 0 0 0
DLCI = 301, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 0 output pkts 0 in bytes 0
out bytes 0 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:02:23, last time pvc status changed 00:02:13
DLCI = 302, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 17 output pkts 16 in bytes 2262
out bytes 1620 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:06:26, last time pvc status changed 00:02:04
DLCI = 304, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 0 output pkts 0 in bytes 0
out bytes 0 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:02:26, last time pvc status changed 00:02:06
R3#show frame-relay map
Serial0/0/0 (up): ip 192.168.23.2 dlci 302(0x12E,0x48E0), static,
broadcast,
CISCO, status defined, active
Serial0/0/0 (up): ip 192.168.23.3 dlci 302(0x12E,0x48E0), static,
CISCO, status defined, active
R3#show frame-relay lmi
LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 15 Num Status msgs Rcvd 17
Num Update Status Rcvd 0 Num Status Timeouts 0
Last Full Status Req 00:00:23 Last Full Status Rcvd 00:00:23
R4#show frame-relay pvc
PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)
Active Inactive Deleted Static
Local 2 0 0 0
Switched 0 0 0 0
Unused 1 0 0 0
DLCI = 401, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 5 output pkts 2 in bytes 520
out bytes 208 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:05:45, last time pvc status changed 00:02:32
DLCI = 402, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 5 output pkts 5 in bytes 520
out bytes 520 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:05:38, last time pvc status changed 00:02:33
DLCI = 403, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 0 output pkts 0 in bytes 0
out bytes 0 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:02:54, last time pvc status changed 00:02:24
R4#show frame-relay map
Serial0/0/0 (up): ip 192.168.124.1 dlci 401(0x191,0x6410), static,
broadcast,
CISCO, status defined, active
Serial0/0/0 (up): ip 192.168.124.2 dlci 402(0x192,0x6420), static,
broadcast,
CISCO, status defined, active
Serial0/0/0 (up): ip 192.168.124.4 dlci 401(0x191,0x6410), static,
CISCO, status defined, active
R4#show frame-relay lmi
LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 18 Num Status msgs Rcvd 19
Num Update Status Rcvd 0 Num Status Timeouts 0
Last Full Status Req 00:00:02 Last Full Status Rcvd 00:00:02
To test Layer 3 connectivity, use the ping command. Each device should be able to ping its neighbors.
R1#ping 192.168.124.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/114/120 ms
R1#ping 192.168.124.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
R1#ping 192.168.124.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
R2#ping 192.168.124.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
R2#ping 192.168.124.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/112/116 ms
R2#ping 192.168.124.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60 ms
R2#ping 192.168.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/112/116 ms
R2#ping 192.168.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/56 ms
R3#ping 192.168.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60 ms
R3#ping 192.168.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/115/124 ms
R4#ping 192.168.124.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
R4#ping 192.168.124.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
R4#ping 192.168.124.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/115/124 ms
OSPF Routing
|
Layer 7 - Application |
|
Layer 6 - Presentation |
|
Layer 5 - Session |
|
Layer 4 - Transport |
|
Layer 3 – Network · Routing |
|
Layer 2 - Data Link |
|
Layer 1 - Physical |
At this point in the lab, each router can send data to routers that are adjacent to itself. In this lab we will be configuring the OSPF routing protocol.
To configure OSPF, use the router ospf 1, and the network commands. The syntax for the network command is
network <network address> <inverse mask> area <area>
The network command does two things. It enables network updates out all interfaces that match that network address, and it starts advertising all networks that match that network address
R1(config)#router ospf 1
R1(config-router)#network 10.1.1.0 0.0.0.255 area 0
R1(config-router)#network 10.15.15.0 0.0.0.255 area 0
R1(config-router)#network 192.168.124.0 0.0.0.255 area 0
R2(config)#router ospf 1
R2(config-router)#network 10.2.2.0 0.0.0.255 area 0
R2(config-router)#network 10.24.24.0 0.0.0.255 area 0
R2(config-router)#network 172.16.25.0 0.0.0.255 area 0
R2(config-router)#network 192.168.124.0 0.0.0.255 area 0
R2(config-router)#network 192.168.23.0 0.0.0.255 area 0
R3(config)#router ospf 1
R3(config-router)#network 10.3.3.0 0.0.0.255 area 0
R3(config-router)#network 10.36.36.0 0.0.0.255 area 0
R3(config-router)#network 172.16.35.0 0.0.0.255 area 0
R3(config-router)#network 192.168.23.0 0.0.0.255 area 0
R4(config)#router ospf 1
R4(config-router)#network 10.4.4.0 0.0.0.255 area 0
R4(config-router)#network 10.24.24.0 0.0.0.255 area 0
R4(config-router)#network 192.168.124.0 0.0.0.255 area 0
R5(config)#router ospf 1
R5(config-router)#network 10.5.5.0 0.0.0.255 area 0
R5(config-router)#network 172.16.25.0 0.0.0.255 area 0
R5(config-router)#network 172.16.35.0 0.0.0.255 area 0
R5(config-router)#network 10.15.15.0 0.0.0.255 area 0
R6(config)#router ospf 1
R6(config-router)#network 10.6.6.0 0.0.0.255 area 0
R6(config-router)#network 10.36.36.0 0.0.0.255 area 0
R6(config-router)#network 10.99.99.0 0.0.0.255 area 0
In order for OSPF to work over this Frame Relay, the network type needs to be changed. By default, OSPF uses Non-Broadcast Multi Access (NBMA), which does not discover neighbors automatically. By changing the network type to Broadcast, neighbor adjacencies will be formed automatically. Use the ip ospf network broadcast command to change the network type.
R1(config)#interface s0/0/0
R1(config-if)#ip ospf network broadcast
R2(config)#interface s0/0/0
R2(config-if)#ip ospf network broadcast
R3(config)#int s0/0/0
R3(config-if)#ip ospf network broadcast
R4(config)#int s0/0/0
R4(config-if)#ip ospf network broadcast
By default, OSPF advertises loopback interfaces with a host mask. A host mask is a subnet mask with a value of 255.255.255.255 or /32. Use the ip ospf network point-to-point command to advertise a loopback with its actual mask.
R1(config)#interface lo0
R1(config-if)#ip ospf network point-to-point
R2(config)#interface lo0
R2(config-if)#ip ospf network point-to-point
R3(config)#interface lo0
R3(config-if)#ip ospf network point-to-point
R4(config)#interface lo0
R4(config-if)#ip ospf network point-to-point
R5(config)#interface lo0
R5(config-if)#ip ospf network point-to-point
R6(config)#interface lo0
R6(config-if)#ip ospf network point-to-point
In order for the switches to be able to communicate with the rest of the network, they need default routes. Use the ip default-gateway command to create a default route.
CAT1(config)#ip default-gateway 10.99.99.6
CAT2(config)#ip default-gateway 10.99.99.6
CAT3(config)#ip default-gateway 10.99.99.6
CAT4(config)#ip default-gateway 10.99.99.6
Using the examples above and the network diagrams, finish configuring OSPF on all of the routers. Make sure OSPF advertises all loopback addresses with a /24 mask, and not a /32 mask. Configure the default gateway on the switches to point to 10.99.99.6.
Confirmation: To verify routing, there are a number of commands at your disposal. Over time, you will learn many ways to diagnose and troubleshoot routing problems. Start off with the show ip protocols command.
R1#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.1.1.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.1.1.0 0.0.0.255 area 0
10.15.15.0 0.0.0.255 area 0
192.168.124.0 0.0.0.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
10.2.2.2 110 00:08:49
10.3.3.3 110 00:08:49
10.1.1.1 110 00:09:22
10.6.6.6 110 00:08:39
10.4.4.4 110 00:08:39
10.5.5.5 110 00:08:39
Distance: (default is 110)
R2#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.2.2.2
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.2.2.0 0.0.0.255 area 0
10.24.24.0 0.0.0.255 area 0
172.16.25.0 0.0.0.255 area 0
192.168.23.0 0.0.0.255 area 0
192.168.124.0 0.0.0.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
10.3.3.3 110 00:09:04
10.1.1.1 110 00:09:04
10.6.6.6 110 00:09:04
10.4.4.4 110 00:09:04
10.5.5.5 110 00:09:04
Distance: (default is 110)
R3#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.3.3.3
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.3.3.0 0.0.0.255 area 0
10.36.36.0 0.0.0.255 area 0
172.16.35.0 0.0.0.255 area 0
192.168.23.0 0.0.0.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
10.2.2.2 110 00:09:08
10.1.1.1 110 00:09:08
10.6.6.6 110 00:09:08
10.4.4.4 110 00:09:08
10.5.5.5 110 00:09:08
Distance: (default is 110)
R4#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.4.4.4
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.4.4.0 0.0.0.255 area 0
10.24.24.0 0.0.0.255 area 0
192.168.124.0 0.0.0.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
10.2.2.2 110 00:09:11
10.3.3.3 110 00:09:11
10.1.1.1 110 00:09:11
10.6.6.6 110 00:09:11
10.5.5.5 110 00:09:11
Distance: (default is 110)
R5#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.5.5.5
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.5.5.0 0.0.0.255 area 0
10.15.15.0 0.0.0.255 area 0
172.16.25.0 0.0.0.255 area 0
172.16.35.0 0.0.0.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
10.2.2.2 110 00:09:15
10.3.3.3 110 00:09:15
10.1.1.1 110 00:09:15
10.6.6.6 110 00:09:15
10.4.4.4 110 00:09:15
Distance: (default is 110)
R6#show ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.6.6.6
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.6.6.0 0.0.0.255 area 0
10.36.36.0 0.0.0.255 area 0
10.99.99.0 0.0.0.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
10.2.2.2 110 00:09:24
10.3.3.3 110 00:09:24
10.1.1.1 110 00:09:24
10.4.4.4 110 00:09:24
10.5.5.5 110 00:09:24
Distance: (default is 110)
Now try the show ip route command. You will use this command a lot. Using your book or the internet, find out what each of the columns means.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.35.0 [110/65] via 10.15.15.5, 00:02:19, FastEthernet0/1
O 172.16.25.0 [110/65] via 10.15.15.5, 00:02:19, FastEthernet0/1
C 192.168.124.0/24 is directly connected, Serial0/0/0
10.0.0.0/24 is subnetted, 10 subnets
O 10.99.99.0 [110/67] via 10.15.15.5, 00:02:19, FastEthernet0/1
O 10.36.36.0 [110/66] via 10.15.15.5, 00:02:19, FastEthernet0/1
O 10.24.24.0 [110/65] via 192.168.124.4, 00:01:49, Serial0/0/0
[110/65] via 192.168.124.2, 00:01:50, Serial0/0/0
C 10.15.15.0 is directly connected, FastEthernet0/1
O 10.6.6.0 [110/67] via 10.15.15.5, 00:02:10, FastEthernet0/1
O 10.5.5.0 [110/2] via 10.15.15.5, 00:02:10, FastEthernet0/1
O 10.4.4.0 [110/65] via 192.168.124.4, 00:01:50, Serial0/0/0
O 10.3.3.0 [110/66] via 10.15.15.5, 00:02:46, FastEthernet0/1
O 10.2.2.0 [110/65] via 192.168.124.2, 00:02:16, Serial0/0/0
C 10.1.1.0 is directly connected, Loopback0
O 192.168.23.0/24 [110/128] via 192.168.124.2, 00:02:16, Serial0/0/0
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.35.0 [110/128] via 172.16.25.5, 00:01:51, Serial0/1/0
C 172.16.25.0 is directly connected, Serial0/1/0
C 192.168.124.0/24 is directly connected, Serial0/0/0
10.0.0.0/24 is subnetted, 10 subnets
O 10.99.99.0 [110/130] via 172.16.25.5, 00:01:51, Serial0/1/0
O 10.36.36.0 [110/129] via 172.16.25.5, 00:01:51, Serial0/1/0
C 10.24.24.0 is directly connected, FastEthernet0/0
O 10.15.15.0 [110/65] via 192.168.124.1, 00:01:52, Serial0/0/0
[110/65] via 172.16.25.5, 00:01:52, Serial0/1/0
O 10.6.6.0 [110/130] via 172.16.25.5, 00:01:52, Serial0/1/0
O 10.5.5.0 [110/65] via 172.16.25.5, 00:01:52, Serial0/1/0
O 10.4.4.0 [110/2] via 10.24.24.4, 00:01:52, FastEthernet0/0
O 10.3.3.0 [110/129] via 172.16.25.5, 00:01:55, Serial0/1/0
C 10.2.2.0 is directly connected, Loopback0
O 10.1.1.0 [110/65] via 192.168.124.1, 00:01:55, Serial0/0/0
C 192.168.23.0/24 is directly connected, Serial0/0/0.23
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.35.0 is directly connected, Serial0/1/0
O 172.16.25.0 [110/128] via 172.16.35.5, 00:01:57, Serial0/1/0
O 192.168.124.0/24 [110/129] via 172.16.35.5, 00:01:57, Serial0/1/0
10.0.0.0/24 is subnetted, 10 subnets
O 10.99.99.0 [110/2] via 10.36.36.6, 00:01:57, FastEthernet0/0
C 10.36.36.0 is directly connected, FastEthernet0/0
O 10.24.24.0 [110/129] via 172.16.35.5, 00:01:57, Serial0/1/0
O 10.15.15.0 [110/65] via 172.16.35.5, 00:01:58, Serial0/1/0
O 10.6.6.0 [110/2] via 10.36.36.6, 00:01:58, FastEthernet0/0
O 10.5.5.0 [110/65] via 172.16.35.5, 00:01:58, Serial0/1/0
O 10.4.4.0 [110/130] via 172.16.35.5, 00:01:58, Serial0/1/0
C 10.3.3.0 is directly connected, Loopback0
O 10.2.2.0 [110/129] via 172.16.35.5, 00:02:18, Serial0/1/0
O 10.1.1.0 [110/66] via 172.16.35.5, 00:02:18, Serial0/1/0
C 192.168.23.0/24 is directly connected, Serial0/0/0
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.35.0 [110/129] via 192.168.124.1, 00:03:39, Serial0/0/0
[110/129] via 10.24.24.2, 00:03:39, FastEthernet0/1
O 172.16.25.0 [110/65] via 10.24.24.2, 00:03:39, FastEthernet0/1
C 192.168.124.0/24 is directly connected, Serial0/0/0
10.0.0.0/24 is subnetted, 10 subnets
O 10.99.99.0 [110/131] via 192.168.124.1, 00:03:39, Serial0/0/0
[110/131] via 10.24.24.2, 00:03:39, FastEthernet0/1
O 10.36.36.0 [110/130] via 192.168.124.1, 00:03:40, Serial0/0/0
[110/130] via 10.24.24.2, 00:03:40, FastEthernet0/1
C 10.24.24.0 is directly connected, FastEthernet0/1
O 10.15.15.0 [110/65] via 192.168.124.1, 00:03:40, Serial0/0/0
O 10.6.6.0 [110/131] via 192.168.124.1, 00:03:40, Serial0/0/0
[110/131] via 10.24.24.2, 00:03:40, FastEthernet0/1
O 10.5.5.0 [110/66] via 192.168.124.1, 00:03:40, Serial0/0/0
[110/66] via 10.24.24.2, 00:03:40, FastEthernet0/1
C 10.4.4.0 is directly connected, Loopback0
O 10.3.3.0 [110/130] via 192.168.124.1, 00:03:40, Serial0/0/0
[110/130] via 10.24.24.2, 00:03:40, FastEthernet0/1
O 10.2.2.0 [110/2] via 10.24.24.2, 00:03:40, FastEthernet0/1
O 10.1.1.0 [110/65] via 192.168.124.1, 00:03:40, Serial0/0/0
O 192.168.23.0/24 [110/65] via 10.24.24.2, 00:03:40, FastEthernet0/1
R5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.35.0 is directly connected, Serial0/0/1
C 172.16.25.0 is directly connected, Serial0/0/0
O 192.168.124.0/24 [110/65] via 10.15.15.1, 00:02:07, FastEthernet0/0
10.0.0.0/24 is subnetted, 10 subnets
O 10.99.99.0 [110/66] via 172.16.35.3, 00:02:07, Serial0/0/1
O 10.36.36.0 [110/65] via 172.16.35.3, 00:02:07, Serial0/0/1
O 10.24.24.0 [110/65] via 172.16.25.2, 00:02:07, Serial0/0/0
C 10.15.15.0 is directly connected, FastEthernet0/0
O 10.6.6.0 [110/66] via 172.16.35.3, 00:02:08, Serial0/0/1
C 10.5.5.0 is directly connected, Loopback0
O 10.4.4.0 [110/66] via 172.16.25.2, 00:02:08, Serial0/0/0
[110/66] via 10.15.15.1, 00:02:08, FastEthernet0/0
O 10.3.3.0 [110/65] via 172.16.35.3, 00:02:09, Serial0/0/1
O 10.2.2.0 [110/65] via 172.16.25.2, 00:02:09, Serial0/0/0
O 10.1.1.0 [110/2] via 10.15.15.1, 00:02:09, FastEthernet0/0
O 192.168.23.0/24 [110/128] via 172.16.35.3, 00:02:09, Serial0/0/1
[110/128] via 172.16.25.2, 00:02:09, Serial0/0/0
R6#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.35.0 [110/65] via 10.36.36.3, 00:02:11, FastEthernet0/0.36
O 172.16.25.0 [110/129] via 10.36.36.3, 00:02:11, FastEthernet0/0.36
O 192.168.124.0/24 [110/130] via 10.36.36.3, 00:02:11, FastEthernet0/0.36
10.0.0.0/24 is subnetted, 10 subnets
C 10.99.99.0 is directly connected, FastEthernet0/0.99
C 10.36.36.0 is directly connected, FastEthernet0/0.36
O 10.24.24.0 [110/130] via 10.36.36.3, 00:02:11, FastEthernet0/0.36
O 10.15.15.0 [110/66] via 10.36.36.3, 00:02:12, FastEthernet0/0.36
C 10.6.6.0 is directly connected, Loopback0
O 10.5.5.0 [110/66] via 10.36.36.3, 00:02:12, FastEthernet0/0.36
O 10.4.4.0 [110/131] via 10.36.36.3, 00:02:12, FastEthernet0/0.36
O 10.3.3.0 [110/2] via 10.36.36.3, 00:02:12, FastEthernet0/0.36
O 10.2.2.0 [110/130] via 10.36.36.3, 00:02:12, FastEthernet0/0.36
O 10.1.1.0 [110/67] via 10.36.36.3, 00:02:12, FastEthernet0/0.36
O 192.168.23.0/24 [110/65] via 10.36.36.3, 00:02:12, FastEthernet0/0.36
Standard Access Lists
Access Lists are lists of networks used to match packets in Cisco IOS. They are often applied to interfaces using the ip access-group command to filter traffic.
Access Lists are not used to block traffic through an interface. They are only for matching packets. Only when an access list is applied to an interface using the ip access-group command does it block traffic. Be sure you understand this distinction.
Standard access lists match on the source IP address of a packet. For example, the following access list will match traffic from 10.0.3.1, but will not match traffic from 10.0.1.1.
access-list 10 deny 10.0.1.0
0.0.0.255
access-list 10 deny 10.0.2.0 0.0.0.255
access-list 10 permit 10.0.0.0 0.255.255.255
Access lists are evaluated from top to bottom. Any time a packet is matched by a permit statement, the access list is said to have matched that packet. Any time a packet is matched by a deny statement, the access list is said to not match the access list.
Using your command reference book as a guide, construct a standard access list on Router R1 that blocks traffic from the 10.99.99.0 /24 network to R1. Allow traffic from R6 no matter which interface it is sourced from. This access list should consist of 3 entries.
Confirmation: Use ping to verify the access lists. Then use show ip access-lists to verify matching traffic.
CAT1#ping 10.15.15.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.15.15.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
CAT1#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
CAT1#ping 192.168.124.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
R6#ping 10.1.1.1 source Fa0/0.99
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.99.99.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
R6#ping 10.1.1.1 source 10.99.99.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.99.99.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
Extended Access Lists
Extended access lists are similar to standard access lists except that they match on both source and destination IP addresses.
Using your command reference book as a guide, construct an extended access list on Router R6 that will block traffic from the 10.99.99.0/24 network to R2s loopback. Apply it to R6s FastEthernet 0/0.99 interface. Write a second extended access list that will block traffic from Router 2 to R4s loopback interface. Apply it to both R4s Serial and FastEthernet interfaces. It should consist of 6 entries.
Confirmation: Use ping to verify the access lists. Then use show ip access-lists to verify matching traffic.
CAT1#ping 10.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
R6#show ip access-lists
Extended IP access list 100
10 deny ip 10.99.99.0 0.0.0.255 host 10.2.2.2 (11 matches)
20 permit ip any any (5 matches)
R2#ping 10.4.4.4 source 10.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 10.2.2.2
U.U.U
Success rate is 0 percent (0/5)
R2#ping 10.4.4.4 source 10.24.24.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 10.24.24.2
U.U.U
Success rate is 0 percent (0/5)
R2#ping 10.4.4.4 source 172.16.25.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 172.16.25.2
U.U.U
Success rate is 0 percent (0/5)
R2#ping 10.4.4.4 source 192.168.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 192.168.23.2
U.U.U
Success rate is 0 percent (0/5)
R2#ping 10.4.4.4 source 192.168.124.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 192.168.124.2
U.U.U
Success rate is 0 percent (0/5)
TCL Scripts / Lab Verification
|
Layer 7 - Application |
|
Layer 6 - Presentation |
|
Layer 5 - Session |
|
Layer 4 - Transport |
|
Layer 3 – Network · Ping |
|
Layer 2 - Data Link |
|
Layer 1 - Physical |
At the end of each lab, you will need to verify that everything is working. To do this, you will need to ping from each device to every IP address in your network. This is not practical to do by hand, so we will use a handy tool called TCL (Pronounced tickle) scripts.
The basic syntax for this command is
tclsh
foreach address {
<address 1>
<address 2>
<address 3>
<…>
} {
ping $address
}
tclquit
R1(tcl)#tclsh
R1(tcl)#foreach address {
+>(tcl)#10.1.1.1
+>(tcl)#10.2.2.2
+>(tcl)#10.3.3.3
+>(tcl)#10.4.4.4
+>(tcl)#10.5.5.5
+>(tcl)#10.6.6.6
+>(tcl)#10.15.15.1
+>(tcl)#10.15.15.5
+>(tcl)#10.24.24.2
+>(tcl)#10.24.24.4
+>(tcl)#10.36.36.3
+>(tcl)#10.36.36.6
+>(tcl)#10.99.99.1
+>(tcl)#10.99.99.2
+>(tcl)#10.99.99.3
+>(tcl)#10.99.99.4
+>(tcl)#10.99.99.6
+>(tcl)#172.16.25.2
+>(tcl)#172.16.25.5
+>(tcl)#172.16.35.3
+>(tcl)#172.16.35.5
+>(tcl)#192.168.23.2
+>(tcl)#192.168.23.3
+>(tcl)#192.168.124.1
+>(tcl)#192.168.124.2
+>(tcl)#192.168.124.4
+>(tcl)#} {
+>(tcl)# ping $address
+>(tcl)#
+>(tcl)#}
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.15.15.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.15.15.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.24.24.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.24.24.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.36.36.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.36.36.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.99.99.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.99.99.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.99.99.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.99.99.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.99.99.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.25.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/42/44 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.25.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.35.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.35.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/56 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/70/72 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/115/120 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.124.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
For any ping that fails, go back and recheck the previous sections of the lab. Do the best you can to troubleshoot. If you cannot figure it out, call over a TA to give you a hand. Remember, the pings that are blocked by the access lists will fail.
Once you have verified that the script works on every device, submit it to WebCT to be graded.