bevezetés a cisco routerek konfigurálásába. szemmelveisz andrás e-mail: [email protected]
TRANSCRIPT
Synergon Informatika Rt.
Bevezetés a Cisco routerek konfigurálásába
Szemmelveisz András
E-mail: [email protected]
Tematika I.
A 7 rétegű OSI modell
Az alkalmazási és a felsõbb rétegek
A fizikai és adatkapcsolati réteg
A hálózati réteg és az útvonal-meghatározás
A routerek felhasználói intefésze
Routing alapok
A router kiindulási konfigurációja
Tematika II.
Konfigurálási módszerek és módok
A Cisco IOS szoftver betöltésének módjai
TCP/IP áttekintés
IP címek beállítása
IP routing beállítása
A Novell IPX beállítása
Az AppleTalk beállítása
Tematika III.
Szűrőlisták használata
Soros vonali alapok
Az ISDN BRI használata
X.25 alapok
Frame Relay alapok
Az Autoinstall opció
Egyéb protokollok
Synergon Informatika Rt.
The Internetworking model
The Layered Model
Why a Layered Network Model?
Reduces complexity
Standardizes interfaces
Facilitates modular engineering
Ensure interoperable technology
Accelerates evolution
Simplifies teaching and learning
Application
Presentation
Session
Transport
Network
Data Link
Physical
7
6
5
4
3
2
1
Layer Functions
Network processes to applications
Data representation
Interhost communication
End-to-end connections
Addresses and best path
Access to media
Binary transmission
Application
Presentation
Session
Transport
Network
Data Link
Physical
7
6
5
4
3
2
1
Peer-to-Peer Communication
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application
Presentation
Session
Transport
Network
Data Link
Physicalbits
HOST A HOST B
segments
packets
frames
Data Encapsulation
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application
Presentation
Session
Transport
Network
Data Link
Physical
Network Header
Network Header
Frame Header
Frame Trailer
DATA
DATA
DATA
0101101010110001
Data Encapsulation Example
Segment Header DATA
Network Header DATA
Network Header
Frame Header DATA
Frame Trailer
Segment Header
DATA
Segment Header
0111111010101100010101101010110001
Segment
E-mail message
Data
Packet
Frame
Bits
(Medium dependent)
Remaining Chapter Sequence
Application
Presentation
Session
transport
Network
Data Link
Physical
7
6
5
4
3
2
1
Network Applications
End-to-end services
Routing
Data Transmission
Summary
The OSI reference model organizes network functions
into seven categories called layers
Data flows from upper-level user applications to lower-
level bits transmitted over network media
Peer-to-Peer functions use encapsulation and de-
encapsulation at layer interfaces
Most network manager task configure the lower three
layers
Synergon Informatika Rt.
Application and Upper Layers
Objectives
Upon complention of this chapter, you will be able to: – Name and describe computer, network, and internetwork
applications – Describe the OSI presentation functions and identify common
standards– Describe the OSI session functions and identify common
standards– Describe the OSI transport functions for end-to-end network
services– Identify common processes for establishing connections, flow
control, and windowing
Synergon Informatika Rt.
Application, Presentation and Session Layers
Application Layer
COMPUTER
APPLICATIONS
Word processing
Presentation Graphics
Spreadsheet
Database
Design/Manufacturing
Project Planning
Others
NETWORK
APPLICATIONS
Electronic Mail
File transfer
Remote Access
Client/Server Process
Information Location
Network Management
Others
Selects network application to support user’s application
Application Layer (cont.)
INTERNETWORK
APPLICATIONS Electronic Data Interchange
World Wide Web E-Mail Gateways
Special-Interest Bulletin Boards
Financial Transaction Services
Internet Navigation Utilities
Conferencing (Video, Voice, Data)
Others
NETWORK
APPLICATIONS Electronic Mail
File transfer
Remote Access
Client/Server Process
Information Location
Network Management
Others
•Internetwork applications can extend beyond the enterprise
Presentation Layer
• Text• Data
ASCII
EBCDIC
Encrypted• Sound• Video MIDI MPEG QuickTime
• Sound• Video MIDI MPEG QuickTime
• Graphics• Visual Images PICT TIFF JPEG GIF
• Graphics• Visual Images PICT TIFF JPEG GIF
• Provides code formatting and conversion for applications
Session Layer
Network File System (NFS)
Structured Query Language (SQL)
X Window System
AppleTalk Session Protocol (ASP)
DNA Session Control Protocol (SCP)
Service Request
Service Reply
• Coordinates applications as they interact on different hosts
Synergon Informatika Rt.
Transport Layer
Transport Layer Overview
Segments upper-layer applications
Establishes an end-to-end connection
Sends segments from one end host to another
Optionally, ensures data reliability
Segment Upper-Layer Applications
Application
Presentation
Session
Transport
FileTransfer
FileTransfer
TerminalSession
TerminalSession
Electronic Mail
Application Data Application Data port port
Segments
• Transport segments share traffic stream
Establishes Connection
SENDER RECEIVER
Synchronize
Negotiate ConnectionSynchronize
Acknowledge
Connection Established
Data Transfer
(Send Segments)
Sends Segments with Flow Control
SENDER RECEIVERTransmit
Buffer Full Process Segments
Buffer OK
Buffer Full Process Segments
Buffer OK
Not ReadyStop
ReadyGo
Resume Transmission
Reliability with Windowing
SENDER RECEIVER
SENDER RECEIVER
Send 1
Send 2
Receive 1Ack 2
Receive 2Ack 3
Send 1Send 2Send 3
Send 4
• Window size = 3Receive 1Receive 2Receive 3Ack 4
An Acknowledgment Technique
SENDER RECEIVER
1 2 3 654 1 2 3 654
Send 1Send 2Send 3
Send 4Send 5Send 6
Send 5
Ack 4
Ack 5
XX
Ack 7
Transport to Network Layer
End-to-end segments
Routed packets
Summary
The ISO/OSI reference model describes network applications Presentation layer formats and converts network application data
to represent text, graphics, images, video, and audio Session-layer functions coordinate communication interactions
between applications Reliable transport-layer functions include
Multiplexing
Connection synchronization
Flow control
Error recovery
Reliability through windowing
Synergon Informatika Rt.
Physical and Data Link Layers
Objectives
Upon completion of this chapter, you will be able
to perform the following tasks:
Identify and describe the data link sublayers and
their functions
Explain the use of MAC addresses
Describe the topology and functionally of LANs
Differentiate between LAN and WAN protocols
Describe the characteristics of WAN based
protocols
Synergon Informatika Rt.
Physical and Data Link Layers
Physical and Data-link standards
Data Link (frames)
Physical (bits,
signals, clocking)
802.2 LLC
FDDI
802.5
802.3
Ethernet
Dial on
Demand
ISDN
SDLC HDLC
X.25 Link
Frame Relay PPP
V.24
V.35
HSSI
G.703
EAI-530
EAI/TIA-232
EAI/TIA-449
LAN WAN
• Separate physical and data link layers for LAN and WAN
LAN Data Link Sublayer
LLC refers upward to higher-layer software functions
MAC refers downward to lower-layer hardware functions
Network
Data Link
PhysicalMedia Access Control
LLC
MAC
Logical Link Control
Packet or Datagram802.2 LLCMAC Frame
LLC Sublayer Functions
Enable upper layer to gain independence over
LAN media access
Allow service access point (SAPs) from interface
sublayers to upper-layer functions
Provide optional connection, flow control, and
sequencing service
MAC Address
MAC address is burned into ROM on a network interface
card
0000.0c12.3456
Vendor Code Serial Number
24 bits 24 bits
ROM
RAM
Finding the MAC address
An Example:TCP/IP Address Resolution Protocol (ARP) ARP find the MAC address for a data-link connection
Host Z MAC ?
Host Y Host ZARP Request
Broadcast
Example 1: TCP/IP destination local
Host Z
Host Z MAC
ARP Reply
Host Y MAC
Host Z MAC ?
ARP Request
Broadcast Host Z
Host Y Host Z
Router MAC
ARP Reply
Host Y MAC
Example 2: TCP/IP destination not local
Synergon Informatika Rt.
Common LAN Technologies
LAN Technology Overview
TokenRing
FDDI Dual Ring
FDDI Dual Ring
Ethernet
Token Ring
FDDI
Ethernet and IEEE 802.s
Several framing variations exist for this common LAN
technology
Physical Layer: Ethernet/802.3
MacPC Sun Sun
10BaseT- Twisted Pair
10Base2 - Thin Ethernet
10Base5 - Thick EthernetHUB
The Ethernet/802.3 Interface
Cisco router’s data link to Ethernet/802.3 uses an interface
named E plus a number (for example, E0)
0800.089c.34d5 0800.2006.1a56E0
Ethernet/802.3 Operation
A B C D
ApplicationPresentationSessionTransportNetworkData LinkPhysical
ApplicationPresentationSessionTransportNetworkData LinkPhysical
D B and C
Ethernet/802.3 Broadcast
ApplicationPresentationSessionTransportNetworkData LinkPhysical
ApplicationPresentationSessionTransportNetworkData LinkPhysical
ApplicationPresentationSessionTransportNetworkData LinkPhysical
ApplicationPresentationSessionTransportNetworkData LinkPhysical
Ethernet Frame Variations
Preamble DA SA Type Data FCS
8 6 6 2 4
Ethernet Frame
Preamble DA SA Length 802.2 Header FCS
8 6 6 2 4and Data
802.3 Frame
Ethernet/802.3 Reliability
Carrier sense multiple access collision detect
(CSMA/CD)
A B C D
Collosion
A B C D
JAM JAM JAM JAM JAM JAM
High-Speed Ethernet Options
100BaseFX,100BaseTX
100BaseVG AnyLAN
1000BaseSX,1000BaseLX
1000BaseCX
Token Ring and IEEE 802.5
IBM’s Token Ring is equivalent to IEEE 802.5
TokenRing
Physical Layer: Token Ring/802.5
Logically a ring, but physically a star configuration to MAU relays
MAU
Shielded or Unshielded Twisted Pair
Logical Technology
The Token Ring/802.5 Interface
Cisco router’s data link to Token Ring/802.5 uses interface named To
plus a number (for example, To0)
TokenRing To0
Token Ring/802.5 Operation
Token Ring LANs continuously pass a token or a Token
Ring frame
T = 0
T = 1
T = 0
T
T
T Data
Token Ring/802.5 Media Control
Fields in a frame determine priority and reservation
for sharing media
Access Control Field
P Priority bits
T Token bit
M Monitor bit
R Reservation bits
P P P T M R R R
Token Ring/802.5 Active Monitor
Active monitor ensure token operation on the ring for media access
XT
M = 1M = 0
M = 1
T Data
Token Ring/802.5 Reliability
Sending station receives status information in a frame
A
A C r r A C r r
Frame Status Field
0 0 Destination not found
0 1 Copied but not acknowledged
1 0 Unable to copy data from frame
1 1 Station found or frame copied to another ring by a bridge
Fiber Distributed Data Interface (FDDI)
Devices on FDDI maintain connectivity on dual counter-
rotating rings
FDDI Dual Ring
100 Mbps
Physical Layer: FDDI
Devices attached to FDDI use token passing
DAC
DAC
Dual-HomedSAS
SAS
DAS
The FDDI Interface
Cisco router’s data link to FDDI uses an interface named F
plus a number (for example, F0)
FDDI Dual Ring
F0
FDDI Dual-Ring Reliability
1. When a failure domain occurs ...
2. … wrap primary and secondary rings ...
2. … wrap primary and secondary rings ...
3. … maintaining network integrity
X
Synergon Informatika Rt.
Common WAN Technologies
WAN Technology Overview
SDLC
HDLC LAPB PPP
X.25 Frame RelayISDN
Physical Layer: WAN
DSU/CSU
EIA/TIA-232V.35X.21HSSI
others
DTE DCE
(Modem)
Data Terminal Equipment End of the user’s device on
the WAN link
Data Circuit-Terminal Equipment End of the WAN provider’s side of
the communication facility
DTE to DCEInterface Standards
Data Link Layer: WAN protocols
SDLC - Synchronous Data Link Control
HDLC - High-Level Data Link Control
LAPB - Link Access Procedure Balanced
Frame Relay - Simplified version of HDLC framing
PPP - Point-to-Point Protocol
X.25 - Packet level protocol (PLP)
ISDN - Integrated Services Digital Network (data-link signaling)
DSU/CSUDSU/CSU
(Modem) (Modem)
Summary
The physical layer provides access to the wires of an internetwork
The data link layer provides support for communication over several types of data links:
LAN (Ethernet/IEEE 802.3, Token Ring/IEEE 802.5, FDDI)
Dedicated WAN (SDLC, HDLC, PPP, LAPB)
Switched WAN (X.25, Frame Relay, ISDN)
Synergon Informatika Rt.
Network Layer and Path Determination
Objectives
Upon completion of this chapter, you will be able to:
List the key internetworking functions of the OSI network layer and how they are performed in a router
Describe the two parts of network addressing, then identify the parts in specific protocol address examples
Contrast the network discovery and update processes in distance vector routing with those in link-state routing
List problems that each routing type encounters when dealing with topology changes, and describe techniques to reduce the number of these problems
Explain the services of separate and integrated multiprotocol routing
Synergon Informatika Rt.
Network Layer Basics
Network Layer: Path Determination
Layer 3 functions to find the best path through
the internetwork
Which Path?
Network Layer: Communicate Path
Addresses represent the path of media
connections
1
2
3
4
5
6
7
8
9
1011
Addressing: Network and Host
Network address - Path part used by the router
Host address - Specific port or device on the network
Network Host
1
2
3
1
1
123
1.3
1.2
1.1 3.1
2.1
Protocol Addressing Variations
Network Node
1 1
Network Node
10. 8.2.48
Network Node
1ac.eb0b 0000.0c00.6e25
GeneralExample
TCP/IPExample
Novell IPXExample
(Mask 255.0.0.0)
• Routing = building maps and giving directions
• Switching = moving packets between interfaces
Router Functions
198.113.181.0198.113.181.0 [170/304793][170/304793]192.150.42.177192.150.42.177 02:03:5002:03:50 DD
198.113.178.0198.113.178.0
192.168.96.0192.168.96.0
192.168.97.0192.168.97.0
[110/9936][110/9936]192.150.42.177192.150.42.177 02:03:5002:03:50 OO
192.150.42.177192.150.42.177 00:00:2000:00:20 RR
CC
[120/3][120/3]
Ethernet0Ethernet0
Ethernet0Ethernet0
Ethernet0Ethernet0
Ethernet0Ethernet0
Network #Network # InterfaceInterface Next HopNext Hop MetricMetric AgeAge SourceSource
Routing Table
Routing protocols need to handle issues associated with larger networks:• Maintain route information• Select routes
Routing in Internetworks
Routing protocols need to handle issues associated with larger networks:• Support flexible network address management• Redistribute routes• Route multiple protocols
Routing in Internetworks (cont.)
TokenRing
FDDI Dual Ring
FDDI Dual Ring
Source
Dest.
• Which is the best path from Source to Destination?
Route selection: Metrics
Route selection: Load Balancing
FDDI Dual Ring
FDDI Dual Ring
TokenRing
• Load balancing can provide increased bandwidth and redundancy
Route selection: Routing Hierarchy
• A hierarchical network can reflect the corporation’s organization
Hierarchical Network
Corporate Headquarters
National Office
Remote Office
Static Route
Uses a protocol route that a network
administrators enters into the router
Static Route
Uses a protocol route that a network
administrators enters into the router
Dynamic Route
Uses a route that a network routing protocol adjusts automatically for topology or
traffic changes
Dynamic Route
Uses a route that a network routing protocol adjusts automatically for topology or
traffic changes
Static versus Dynamic Routes
AA
BB
Point-to-point or circuit-switched
connection
Only a single network connection with no need for
routing updates “Stub” Network
• Fixed route to address reflects administrator’s knowledge
Static Route Example
• Use if next hop is not explicitly listed in the routing table
AA BB CC192.34.56.0
10.0.0.0
Company X Internet
Routing Table
No entry for destination net
Try router B deafult route
Default Route Example
CC
BBAA
DD
X
• Can alternate route substitute for a failed route ?
Adapting to Topology Change
• Routing protocol maintains and distributes routing information
NetworkNetwork Routing ProtocolRouting Protocol Routing ProtocolRouting Protocol
Routingtable
Routingtable
Routingtable
Routingtable
Dynamic Routing Operations
• Information used to select the best path for routing
BB
AA
E1
E1
64
64
Bandwidth
Delay
Load
Reliability
Bandwidth
Delay
Load
Reliability
Hop count
Ticks
Cost
Hop count
Ticks
Cost
Representing Distance with Metrics
Synergon Informatika Rt.
Routing Protocols
CC
BBAA
DD
CC
BBAA
DD
Distance VectorDistance Vector
Hybrid RoutingHybrid Routing
Link StateLink State
Classes of Routing Protocols
Convergence occurs when all routers use a consistent perspective of network topology
Convergence occurs when all routers use a consistent perspective of network topology
After a topology changes, routers must recompute routes, which disrupts routing
After a topology changes, routers must recompute routes, which disrupts routing
The process and time required for router reconvergence varies in routing protocols
The process and time required for router reconvergence varies in routing protocols
One Issue: Time to Convergence
• Pass periodic copies of routing table to neighbor routers and accumulate distance vectors
CC
BBAA
DD
DD CC BB AA
RoutingTable
RoutingTable
RoutingTable
RoutingTable
RoutingTable
RoutingTable
RoutingTable
RoutingTable
Distance Vector Concept
BBAA CC
W X Y Z
Routing Table
X 0
Y 0
Z 1
W 1
Routing Table
X 0
Y 0
Z 1
W 1
Routing Table
Y 0
Z 0
X 1
W 2
Routing Table
Y 0
Z 0
X 1
W 2
• Routers discover the best path to destinations from each neighbor
Routing Table
W 0
X 0
Y 1
Z 2
Routing Table
W 0
X 0
Y 1
Z 2
Distance Vector Network Discovery
• Updates proceed step-by-step from router to router
BB AA
TopologyTopologyChangeChangeCausesCausesRoutingRoutingTableTableUpdateUpdate
Process to Update This Routing Table
Process to Update This Routing Table
Router ARouter ASends Sends
Out ThisOut ThisUpdatedUpdatedRoutingRoutingTableTable
Process to Update This Routing Table
Process to Update This Routing Table
Distance Vector Topology Changes
AA EE
DD
CC
BB
X1
Alternate Route:Network 1, Distance 3
Alternate Route:Network 1, Distance 3
Network 1, UnreachableNetwork 1, Unreachable
Alternate Route: Use ANetwork 1, Distance 4
Alternate Route: Use ANetwork 1, Distance 4
• Alternate routes, slow convergence, inconsistent routing
Network 1Down
Problem: Routing Loops
AA EE
DD
CC
BB
X1
Network 1, Distance 5Network 1, Distance 5
Network 1, Distance 7Network 1, Distance 7
Network 1, Distance 4Network 1, Distance 4
Network 1, Distance 6Network 1, Distance 6
• Routing loops increment the distance vector
Network 1Down
Problem: Counting to Infinity
Routing TableMaximum metric is 16
Network 1 is Unreachable
Routing TableMaximum metric is 16
Network 1 is Unreachable
AA EE
DD
CC
BB
X1
Network 1, Distance 12Network 1, Distance 12
Network 1, Distance 14Network 1, Distance 14
Network 1, Distance 15Network 1, Distance 15
Network 1, Distance 13Network 1, Distance 13
• Specify a maximum distance vector metric as infinity
Network 1Down
Solution: Defining a Maximum
Network 1, unreachableNetwork 1, unreachable
• If you learn a protocol’s route on an interface, do not send information about that route back out that interface
AA EE
DD
CC
BB
X1
Network 1Down
B:Do not update router Aabout routes to network 1
D: Do not update router Aabout routes to network 1
Solution: Split Horizon
Network 1route to network 1has infinite Cost
Network 1route to network 1has infinite Cost
• Router keeps an entry for the network down state, allowing time for other routers to recompute for this topology change
AA EE
DD
CC
BB
X1
Network 1Down
Solution: Route Poisoning
• Routers ignore network update information for some period
AA EE
DD
CC
BB
?,X1
Network 1 DownNetwork 1 Down
Update afterHold-Down Time
Update afterHold-Down Time
Network 1Down
Update afterHold-Down Time
Update afterHold-Down Time
Update afterHold-Down Time
Update afterHold-Down Time
Update afterHold-Down Time
Update afterHold-Down Time
Solution: Hold Down Timers
• After initial flood, pass small event-triggered link-state updates to all other routers
AA
DD
CC
BB
Link-State Packets
TopologicalDatabase
Shortest Path First Tree
RoutingTable
RoutingTable
SPFAlgorithm
Link-State Concept
BBAA CC
W X Y Z
Link-State Packet
W 0
X 0
Link-State Packet
W 0
X 0
Link-State Packet
X 0
Y 0
Link-State Packet
X 0
Y 0
Link-State Packet
Y 0
Z 0
Link-State Packet
Y 0
Z 0
TopologicalDatabase
TopologicalDatabase
TopologicalDatabaseSPF SPF SPF
A RoutingTable
A RoutingTable B Routing
Table
B RoutingTable
C RoutingTable
C RoutingTable
SPF Tree SPF Tree SPF Tree
• Routers calculate the shortest path to destinations in paralell
Link-State Network Discovery
Topology Topology Change in Change in Link- Link- State State UpdateUpdate Process to
Update This Routing Table
Process to Update This Routing Table
• Update processes proceed using the same link-state update
Process to Update This Routing Table
Process to Update This Routing Table
Process to Update This Routing Table
Process to Update This Routing Table
Link-State Topology Changes
TopologicalDatabase
SPF
RoutingTable
RoutingTable
SPF Tree
• Processing and memory required for link-state routing
• Bandwidth consumed for initial link state „flood”
Link-State Concerns
AA
DD
CC
BB
Network 1, Back Up NowNetwork 1, Back Up Now
Network 1, UnreachableNetwork 1, Unreachable
Network 1, UnreachableNetwork 1, Unreachable
Network 1, UnreachableNetwork 1, Unreachable
X,ok
Slow path update Slow path update arrives last
Network 1goes down then comes up
Fast path updates arrive first
Which SPF tree to use for routing?
• Unsynchronized updates, inconsistent path decisions
Problem: Link-State Updates
• Synchronizing large networks-which network topology updates are correct?
• Router startup-order of start alters the topology learned
• Partitioned regions-slow updating part separated from fast updating part
Link State Update Problems (cont.)
• Reduce the need for resources
”Dampen” update frequency
Target link-state updates to multicast
Use link-state area hierarchy for topology
Exchange route summaries at area borders
• Reduce the need for resources
”Dampen” update frequency
Target link-state updates to multicast
Use link-state area hierarchy for topology
Exchange route summaries at area borders
• Coordinate link-state updates
Use time stamps
Update numbering and counters
Manage partitioning using an area hierarchy
• Coordinate link-state updates
Use time stamps
Update numbering and counters
Manage partitioning using an area hierarchy
Solution: Link State Mechanisms
Distance Vector Link-State Views net topology from Gets common view ofneighbor’s perspective entire network topology
Adds distance vectors Calculates the shortestfrom router to router path to other routers
Frequent, periodic updates: Event-triggered updates:slow convergence faster convergence
Passes copies of routing Passes link-state routing updatestable to neighbor routers to other routers
Distance Vector Link-State Views net topology from Gets common view ofneighbor’s perspective entire network topology
Adds distance vectors Calculates the shortestfrom router to router path to other routers
Frequent, periodic updates: Event-triggered updates:slow convergence faster convergence
Passes copies of routing Passes link-state routing updatestable to neighbor routers to other routers
Comparing Distance Vector Routing to Link-State Routing
Choose a
routing path based
on distance vectors
Convergence rapidly using
change-based
updates
Ballanced Hybrid RoutingBallanced Hybrid Routing
• Share attributes of both distance-vector and link-state routing
EIGRP
Hybrid Routing
Summary
•Internetworking functions of the network layer include network addressing and best path selection for traffic
•Network addressing uses one part to identify the path used by the router and one part for ports or devices on the net
•Routed protocols direct user traffic, while routing protocols work between routers to maintain path tables
•Network discovery for distance vector involves exchange of routing tables; problems can include slower convergence
•For link-state, routers calculate the shortest paths to other routers; problems can include inconsistent updates
•Balanced hybrid routing uses attributes of both link-state and distance vector, applying paths to several protocols
Synergon Informatika Rt.
Basic Router Operations
External Configuration Sources
Configuraion information can come from many sources
Virtual Terminal
VTY 0-4
TFTP Server
Network Management Statio
InterfacesConsole port
Auxiliary port
RAM NVRAM Flash ROM
Console
Auxiliary Interfaces
Internal Configuration Components
Check hardware
Find and load Cisco IOSsoftware image
Find and apply routerconfiguration information
Check hardware
Find and load Cisco IOSsoftware image
Find and apply routerconfiguration information
• System startup routines initiate router software• Fallback routines provide startup alternatives as needed
An Overview of System Startup
Bootstrap
RAM
CiscoInternetworking
OperatingSystem
ConfigurationFile
Load Bootstrap
Locate and LoadOperating System
Locate and LoadConfiguration File orEnter „setup” mode
ROM
Flash
NVRAM
TFTP Server
ROM
TFTP Server
Console
Startup Sequence
RAM
Command
ExecutiveInternetwork Operation System
ActivePrograms Configuration Tables Buffers
File
BootstrapProgramExecutes
RAM for Working Storage
User EXEC ModeLimited examination ofrouter. Remote access.
Router>
Privileged EXEC ModeDetailed examination of
router. Debugging and testing. File manipulation. Remote access
Router#
SETUP ModePrompted dialog used to establish an
initial configuration.
Global Configuration ModeSimple configuration commands.
Router (config)#
Other Configuration ModeComlex and multiline configuration.
Router (config - mode)#
RXBOOT ModeRecovery from a catastrophe in the
case of a lost password or the operating system being accidentally
erased from Flash
Router Modes
Router con0 is now available
Press RETURN to get started
User Access VerificationPassword:Router>Router> enablePassword:Router#Router# disableRouter>Router> exit
User-mode promptUser-mode prompt
Privileged-mode promptPrivileged-mode prompt
Console
Logging in to the Router:Cisco IOS
Symbolic translation Keyword completion Last command recall <Ctrl><P>
Command prompting
Syntax checking
Router# clockTranslating „CLOCK”%Unknown command or computer name, or unable to find computer address
Router# clock clear clock
Router# clock%Incomplete command
Router# clock?Set set the time and date
Router# clock set%Incomplete command
Router# clock set?Current time (hh:mm:ss)
Router# clock set 19:56:00%Incomplete command
Router# clock set 19:56:00 ?<1-31> Day of the monthMONTH Month of the year
Router# clock set 19:56:00 04 8.%Invalid input detected at the ‘^ ‘ maker
Router# clock set 19:56:00 04 August%Incomplete command
Router# clock set 19:56:00 04 August ?<1993-2035> Year
Context-Sensitive Help
Router> $ value for our customers, emplyees, investors, and partnersRouter> $ value for our customers, emplyees, investors, and partners
Automatic scrolling of long lines.
<Ctrl><A> Move to the begenning of the command line
<Ctrl><E> Move to the end of the command line
<Esc><B> Move back one word
<Ctrl><F> Move forward one character
<Ctrl><B> Move back one character
<Esc><F> Move forward one character
<Ctrl><I> Refresh line
Automatic scrolling of long lines.
<Ctrl><A> Move to the begenning of the command line
<Ctrl><E> Move to the end of the command line
<Esc><B> Move back one word
<Ctrl><F> Move forward one character
<Ctrl><B> Move back one character
<Esc><F> Move forward one character
<Ctrl><I> Refresh line
Using Editing Commands
<Ctrl><P> or Up arrow Last (previous) command recall
<Ctrl><N> or Down arrow More recent command recall
Router> show history Show command buffer
Router>terminal history size number-of-lines
Set command buffer size
Router> no terminal editing Disable advanced editing features
Router> terminal editing Reenable advanced editing
<tab> Entry completion
<Ctrl><P> or Up arrow Last (previous) command recall
<Ctrl><N> or Down arrow More recent command recall
Router> show history Show command buffer
Router>terminal history size number-of-lines
Set command buffer size
Router> no terminal editing Disable advanced editing features
Router> terminal editing Reenable advanced editing
<tab> Entry completion
Reviewing Command History
Summary
Using the routerLog in with user passwordEnter privileged mode with enable passwordDisable or quit
Advanved help featuresCommand completion and promptingSyntax checking
Advanced editing featuresAutomatic line scrollingCursor controlsHistory buffer with command recallCopy and paste using most laptop computers
Synergon Informatika Rt.
Examining Router Status
RAM NVRAM Flash
Internetwork Operating System
Active Tables Backup Operating
Programs Configuration and Configuration System
File Buffer File
Interfaces
Router# show processes CPURouter# show protocols
Router# show processes CPURouter# show protocols
Router# show memRouter# show stackRouter# show buffers
Router# show memRouter# show stackRouter# show buffers Router# show startup-config
Router# show config
Router# show startup-configRouter# show config
Router# show versionRouter# show version Router# show flashRouter# show flash Router# show interfaceRouter# show interface
Router Status Commands
Router# show running-congifRouter# write term
Router# show running-congifRouter# write term
Router# show versionCisco Internetwork Operating System SoftwareIOS ™ 4500 Software (C4500-J-M), Experimental Version 11.2 (199600626:214907)Copyright © 1986-1996 by cisco System, Inc.Complied Fri 28-Jun-96 16:32 by rbeachImage test-base: 0x600088A0, data-base: 0x6076E000
ROM: System Bootstrap, Version5.1 (1) [daveu 1], RELEASE SOFTWARE (fc1)ROM: 4500-XBOOT Bootstrap Software, Version 10.1(1), RELEASE SOFTWARE (fc1)
router uptime is 1 week, 3 days, 32 minutesSystem restarted by reloadSystem image file is „c4500-j-mz”, booted via tftp from 171.69.1.129
- - - More - - -
Router# show versionCisco Internetwork Operating System SoftwareIOS ™ 4500 Software (C4500-J-M), Experimental Version 11.2 (199600626:214907)Copyright © 1986-1996 by cisco System, Inc.Complied Fri 28-Jun-96 16:32 by rbeachImage test-base: 0x600088A0, data-base: 0x6076E000
ROM: System Bootstrap, Version5.1 (1) [daveu 1], RELEASE SOFTWARE (fc1)ROM: 4500-XBOOT Bootstrap Software, Version 10.1(1), RELEASE SOFTWARE (fc1)
router uptime is 1 week, 3 days, 32 minutesSystem restarted by reloadSystem image file is „c4500-j-mz”, booted via tftp from 171.69.1.129
- - - More - - -
show version Command
Use write terminal with
Release 10.3 and earlier
Use show config with
Release 10.3 and earlier
Router# show running-configBuilding configuration . . .
Current configuration:
!
Version 11.2
!
- - - More - - -
Router# show running-configBuilding configuration . . .
Current configuration:
!
Version 11.2
!
- - - More - - -
Router# show startup-configUsing 1108 out of 130048 bytes
!
Version 11.2
!
Hostname router
- - - More - - -
Router# show startup-configUsing 1108 out of 130048 bytes
!
Version 11.2
!
Hostname router
- - - More - - -
show running-config Command and show startup-config Command
Synergon Informatika Rt.
Configuring a Router
Objectives
Upon completion of this chapter, you will be able to
perform the following tasks:
Load an existing configuration file
Change the router identification
Assign a password to both the user and privileged
EXEC modes
Configure a serial interface
Save the changes to NVRAM
Cisco IOS software version
Router identification
Boot file locations
Protocols information
Interface configurations
Router Configuration Overview
Global Configuration ModeRouter# config termRouter (config)# : : :Router (config) # (command)Router (config)#Router (config)# exitRouter#
Router# config term : : :Router (config)# router protocolRouter (config-router) # : : :Router (config-router) # (command)Router (config-router) # : : :Router (config-router) # exitRouter (config) # interfacetype portRoute (config-if) # : : :Router (config-if) # (command)Router (config-if) # : : :Router (config-if) # exitRouter (config) # exitRouter#
Router# config termRouter (config)# : : :Router (config) # (command)Router (config)#Router (config)# exitRouter#
Router# config term : : :Router (config)# router protocolRouter (config-router) # : : :Router (config-router) # (command)Router (config-router) # : : :Router (config-router) # exitRouter (config) # interfacetype portRoute (config-if) # : : :Router (config-if) # (command)Router (config-if) # : : :Router (config-if) # exitRouter (config) # exitRouter#
• Other Configuration Mode
Used for system-wide configuration requiring one command line. Includes commands to enter other configuration modes
Usedforother configurations requiring multiple command lines
Configuration Modes
Use these commands for routers running Cisco IOS Release 11.0 or later
NVRAM
show startup-configshow startup-config
erase startup-configerase startup-config
Copy tftp startup-config
Copy tftp startup-config
show running-configshow running-config
copy running-config tftpcopy running-config tftp
copy tftp running-configcopy tftp running-config
copy running-config startup-config
copy running-config startup-config
config termconfig term
config memoryconfig memory
RAM
TFTP Server (IP Only)
Console or Terminal
Bit bucket
Working with 11.x Config Files
Tokyo# copy running-config tftpRemote host []? 131.108.3.155name of configuration file to write [tokzo-confg] ? Tokyo.2Write file tokyo.2 to 131.108.2.155? [confirm] yWriting tokyo.2 ! ! ! ! ! ! ! ! [OK]tokyo#
Tokyo# copy running-config tftpRemote host []? 131.108.3.155name of configuration file to write [tokzo-confg] ? Tokyo.2Write file tokyo.2 to 131.108.2.155? [confirm] yWriting tokyo.2 ! ! ! ! ! ! ! ! [OK]tokyo#
Router# copy tftp running-configHost or network configuration file [host]?IP address of remote host [255.255.255.255]? 131.108.2.155Name of configuration file [router-confg] ? Tokyo.2configure using tokyo.2 from 131.108.2.155? [confirm] yBooting tokyo.2 from 131.108.2.155: ! ! [OK - 874/16000 bytes]tokyo#
Router# copy tftp running-configHost or network configuration file [host]?IP address of remote host [255.255.255.255]? 131.108.2.155Name of configuration file [router-confg] ? Tokyo.2configure using tokyo.2 from 131.108.2.155? [confirm] yBooting tokyo.2 from 131.108.2.155: ! ! [OK - 874/16000 bytes]tokyo#
RAM
RAM
Using a TFTP Server
User EXEC mode
Privileged EXEC mode
Global configuration mode
Router>
Router#
Router(config)#
<Ctrl><z>
Exit
Other configuration modes
Configuration Mode Prompt
InterfaceSubinterfaceControllerMap-list
Map-classLine
RouterIPX-routerRoute-map
Router (config.if)#Router (config-subif)#Router (config-controllr) #Router (config-map-list) #Router (config-map-class)#Router (config-line)#Router (config-router) #Router (config-ipx-router)#Router (config-route-map)#
Overview of Router Modes
Sets local identify or message for the accessed router or interface
Router (config) # hostname TokyoTokyo#
Router (config) # hostname TokyoTokyo#
Tokyo (config) # banner motd# Welcome to router Tokyo Accounting Department 3rd Floor
Tokyo (config) # banner motd# Welcome to router Tokyo Accounting Department 3rd Floor
Tokyo (config) # interface e 0Tokyo (config-if) # description EngineeringLAN, Bldg. 18
Tokyo (config) # interface e 0Tokyo (config-if) # description EngineeringLAN, Bldg. 18
Router Name
Login Banner
Interface Decsription
Configuring Router Identification
Router (config) # line console 0Router (config-line) # loginRouter (config-line) # password cisco
Router (config) # line console 0Router (config-line) # loginRouter (config-line) # password cisco
Router (config) # line vty 0 4Router (config-line) # loginRouter (config-line) # password cisco
Router (config) # line vty 0 4Router (config-line) # loginRouter (config-line) # password cisco
Router (config) # enable-password san-franRouter (config) # enable-password san-fran
Router (config) # service password-encryption(set password here)
Router (config) # no service password-encryption
Router (config) # service password-encryption(set password here)
Router (config) # no service password-encryption
Console Password
Virtual Terminal Password
Enable Password
Perform PasswordEncryption
Password Configuration
• Type includes serial, ethernet, tokenring, fddi, hssi, loopback, dialer null async atm bri and tunnel
Router (config) # interface type portRouter (config) # interface type slot/port
Router (config) # interface type portRouter (config) # interface type slot/port
Router (config-if) # shutdownRouter (config-if) # shutdown
• Use this commadn to administratively turn off an interface without altering its other configuration entries
Router (config-if) # exitRouter (config-if) # exit
• Turn on an interface that has been shutdown
Router (config-if) # no shutdownRouter (config-if) # no shutdown
• Quit from current config-interface mode
Router (config) # interface type number.subinterfaceRouter (config) # interface type number.subinterface
• After designating the primary interface, use this to establish virtual interfaces on the single physical interface
Interface Configuration Mode
Make changes in configuration modes
Examine resultsRouter# show running-config
Intended results?
Save changes to backupRouter# copy running-config startup-configRouter# copy running-config tftp
Examine backup fileRouter# show startup-config
Remove changes
Router (config) # no . . . .
Router# config mem
Router# copy tftp running-config
Router# erase startup-configRouter# reload
Yes
No
Verifying Configuration Changes
Using NVRAM with Release 11.x
Router# configure memory[OK]Router#
Router# configure memory[OK]Router#
Router# erase startup-config[OK]Router#
Router# erase startup-config[OK]Router#
Router# copy runnning-config startup-configRouter#
Router# copy runnning-config startup-configRouter#
Router# show startup-config
using 5057 out of 32768 bytes!Enable-password san-fran!Interface Ethernet 0ip address 131.108.100.5 255.255.255.0!----More ----
Router# show startup-config
using 5057 out of 32768 bytes!Enable-password san-fran!Interface Ethernet 0ip address 131.108.100.5 255.255.255.0!----More ----
NVRAM
NVRAM
NVRAM
NVRAM
RAM
RAM
Bit bucket
Summary
Configuration files can come from the console, NVRAM, or a TFTP server
The router has several modes:
Privileged mode used for copying and managing entire configuration files
Global configuration mode used for one-line commands and commands that change the entire router
Other configuration modes used for multiple command lines and detailed configurations
The router provides a host name, a banner, and interface descriptions to aid in identification
Synergon Informatika Rt.
Managing the Configuration Environment
Configuration registersRegisters in NVRAM for modifying fundamental Cisco IOS software
Identifies where to boot Cisco IOS image (for examle, use config-mode commands)
Configuration registersRegisters in NVRAM for modifying fundamental Cisco IOS software
Identifies where to boot Cisco IOS image (for examle, use config-mode commands)
Router# configure terminalRouter(config)# boot system flash IOS_filenameRouter(config)# boot system tftp IOS_filename tftp_addressRouter(config)# boot system rom[Ctrl-Z]Router# copy running-config startup-config
Router# configure terminalRouter(config)# boot system flash IOS_filenameRouter(config)# boot system tftp IOS_filename tftp_addressRouter(config)# boot system rom[Ctrl-Z]Router# copy running-config startup-config
Boot system commands not found in NVRAMBoot system commands not found in NVRAM
Get default Cisco IOS software from flashGet default Cisco IOS software from flash
Flash memory emptyFlash memory empty
Get default Cisco IOS software from tftp serverGet default Cisco IOS software from tftp server
Locating the Cisco IOS Software
Router>show versionCisco Internetwork Operating System Software
Copyright (c) 1986-1998 by cisco Systems, Inc.Compiled Tue 26-May-98 17:50 by dschwartImage text-base: 0x60010900, data-base: 0x60974000
ROM: System Bootstrap, Version 11.1(8)CA1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)BOOTFLASH: RSP Software (RSP-BOOT-M), Version 11.2(14)P, RELEASE SOFTWARE (fc1)
Router uptime is 23 hours, 24 minutesSystem restarted by reload at 15:44:39 CET-DST Tue Sep 1 1998
--More--
Router>show versionCisco Internetwork Operating System Software
Copyright (c) 1986-1998 by cisco Systems, Inc.Compiled Tue 26-May-98 17:50 by dschwartImage text-base: 0x60010900, data-base: 0x60974000
ROM: System Bootstrap, Version 11.1(8)CA1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)BOOTFLASH: RSP Software (RSP-BOOT-M), Version 11.2(14)P, RELEASE SOFTWARE (fc1)
Router uptime is 23 hours, 24 minutesSystem restarted by reload at 15:44:39 CET-DST Tue Sep 1 1998
--More--
IOS (tm) RSP Software (RSP-ISV-M), Version 11.2(14)P, RELEASE SOFTWARE (fc1)
System image file is "slot0:rsp-isv-mz.112-14.P", booted via slot0
show version Command
cisco RSP4 (R5000) processor with 32768K/2072K bytes of memory.R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache)Last reset from power-onG.703/E1 software, Version 1.0.Channelized E1, Version 1.0.Bridging software.X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.Chassis Interface.4 VIP2 controllers (2 FastEthernet)(12 E1).2 FastEthernet/IEEE 802.3 interface(s)218 Serial network interface(s)123K bytes of non-volatile configuration memory.
20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).8192K bytes of Flash internal SIMM (Sector size 256K).
cisco RSP4 (R5000) processor with 32768K/2072K bytes of memory.R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache)Last reset from power-onG.703/E1 software, Version 1.0.Channelized E1, Version 1.0.Bridging software.X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.Chassis Interface.4 VIP2 controllers (2 FastEthernet)(12 E1).2 FastEthernet/IEEE 802.3 interface(s)218 Serial network interface(s)123K bytes of non-volatile configuration memory.
20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).8192K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x102
show version Command (cont.)
Router# configure terminalRouter(config)# config-register 0x10F[Ctrl-Z]
Router# configure terminalRouter(config)# config-register 0x10F[Ctrl-Z]
• Configuration register bits 3,2,1, and 0 set boot option
Configuration-Register Value Meaning
0x0 Use ROM monitor mode(Manually boot using the bcommand
0x1 Automatically boot from ROM(default if router has no flash)
0x2 to 0xF Examine NVRAM for boot systemcommands (0x2 default if router hasFlash)
Configuration-Register Value Meaning
0x0 Use ROM monitor mode(Manually boot using the bcommand
0x1 Automatically boot from ROM(default if router has no flash)
0x2 to 0xF Examine NVRAM for boot systemcommands (0x2 default if router hasFlash)
• Check configuration register setting with show version
Configuration Register Values
Router> show flash (dir)-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name1 .. unknown 81E4BFDC 64D114 19 6475924 Jun 11 1998 09:32:10 rsp-isv-mz.112-14.P
14102252 bytes available (6476052 bytes used)
Router> show flash (dir)-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name1 .. unknown 81E4BFDC 64D114 19 6475924 Jun 11 1998 09:32:10 rsp-isv-mz.112-14.P
14102252 bytes available (6476052 bytes used)
Router> show flash bootflash: (show flash device:)-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name1 .. unknown D607A4A1 3FCDD4 20 3919188 Jun 11 1998 10:13:04 rsp-boot-mz.112-14.P
3682860 bytes available (3919316 bytes used)
Router> show flash bootflash: (show flash device:)-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name1 .. unknown D607A4A1 3FCDD4 20 3919188 Jun 11 1998 10:13:04 rsp-boot-mz.112-14.P
3682860 bytes available (3919316 bytes used)
• Display the layout and contents of current device
• Display the layout and contents of the specified device
show flash Command
Router>show flash devicesslot0, slot1, bootflash, slaveslot0, slaveslot1, slavebootflash,slavenvram, nvram, tftp, rcp
Router>show flash devicesslot0, slot1, bootflash, slaveslot0, slaveslot1, slavebootflash,slavenvram, nvram, tftp, rcp
Router> pwdslot0
Router> pwdslot0
• List possible devices
• Display current directory
• Change directory
Router> cd device:Router> cd device:
Flash devices
Flash
RAM
TFTPServercopy device: tftp
Router# copy slot0: tftpEnter source file name: rsp-isv-mz.112-14.PEnter destination file name [rsp-isv-mz.112-14.P]:CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCAddress or name of remote host [sun]? 192.168.7.120!
Router# copy slot0: tftpEnter source file name: rsp-isv-mz.112-14.PEnter destination file name [rsp-isv-mz.112-14.P]:CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCAddress or name of remote host [sun]? 192.168.7.120!
• Back up files from flash devices
Creating a Software Image Backup
Flash
RAM
TFTPServercopy tftp device:
Tozsde_1#copy tftp slot0:Enter source file name: rsp-isv-mz.112-15a.P14102124 bytes available on device slot0, proceed? [confirm]Address or name of remote host [sun]?Accessing file "rsp-isv-mz.112-15a.P" on sun ...FOUNDLoading rsp-isv-mz.112-15a.P from 192.168.7.120 (via FastEthernet4/0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!![OK - 6480440/9797440 bytes]CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Tozsde_1#copy tftp slot0:Enter source file name: rsp-isv-mz.112-15a.P14102124 bytes available on device slot0, proceed? [confirm]Address or name of remote host [sun]?Accessing file "rsp-isv-mz.112-15a.P" on sun ...FOUNDLoading rsp-isv-mz.112-15a.P from 192.168.7.120 (via FastEthernet4/0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!![OK - 6480440/9797440 bytes]CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Downloading the Image from the Net
Summary
Create running and startup configuration
Configure interface
Determine the load location of the Cisco IOS image
Synergon Informatika Rt.
Access to Other Routers
Media and protocol interaction
TCP/IP Novell AppleTalk Others IPX
CDP discovers and show Information about directly connected Cisco devices
LANs Frame ATM Others Relay
TCP/IP Novell AppleTalk Others IPX
CDP discovers and show Information about directly connected Cisco devices
LANs Frame ATM Others Relay
Upper Layer Entry Addresses
Cisco Proprietary Data-Link Protocol
Media Supporting SNAP
Cisco Discovery Protocol (CDP) Overview
Single command summarizes protocols and adresses on target (for example, neighboring Cisco router)
IP, IPXRouterIP, AppleTalk
CDPRouterIP, CLNS, DECnet
CDP
RouterIP, CLNS
#sho cdp
Show CDP Neighbor Entries
Enable CDP on each interface
Router A
Router B
S0E0
S0E0
Frame RelayWAN routerA (confi-if)# cdp enablerouterA (confi-if)# cdp enable
routerA# show cdp interfaceSerial0 is up, line protocol is up, encapsulation is Frame Relay Sending CDP packets every 60 seconds Holdtime is 180 secondsEthernet0 is up, line protocol is up, encapsulation is ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds
routerA# show cdp interfaceSerial0 is up, line protocol is up, encapsulation is Frame Relay Sending CDP packets every 60 seconds Holdtime is 180 secondsEthernet0 is up, line protocol is up, encapsulation is ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds
CDP Configuration Example
routerA#sho cdp neighborsCapabality Codes: R - Router, T - Trans Bridge,
B - Source-Route Bridge, S - Switch, H - Host, I - IGMP
Device ID Local Intrfce Holdtime Capabality Platform Port IDrouterB.cisco.com Eth0 151 R T AGS Eth0routerB.cisco.com Ser0 165 R T AGS Ser3
routerA#show cdp neighbors detail------------------------------------------Device ID: routerB.cisco.comEntry aaddress(es): IP address: 196.92.68.18 CLNS address: 490001.1111.1111.1111.00 Appletalk address: 10.1Platform: AGS, Capabalities: Router Trans-BridgeInterface: Ethernet0, port ID (outgoing port): Ethernet0Holdtime: 143 sec
routerA#sho cdp neighborsCapabality Codes: R - Router, T - Trans Bridge,
B - Source-Route Bridge, S - Switch, H - Host, I - IGMP
Device ID Local Intrfce Holdtime Capabality Platform Port IDrouterB.cisco.com Eth0 151 R T AGS Eth0routerB.cisco.com Ser0 165 R T AGS Ser3
routerA#show cdp neighbors detail------------------------------------------Device ID: routerB.cisco.comEntry aaddress(es): IP address: 196.92.68.18 CLNS address: 490001.1111.1111.1111.00 Appletalk address: 10.1Platform: AGS, Capabalities: Router Trans-BridgeInterface: Ethernet0, port ID (outgoing port): Ethernet0Holdtime: 143 sec
Showing CDP Neighbors
routerA#sho cdp entry routerB---------------------------------Device ID: routerBEntry address(es): IP address: 198.92.68.18 CLNS address: 490001.1111.1111.1111.00 APPLETALK ADDRESS: 10.1Platform: AGS, Capabalities: Router Trans-BridgeInterface: Ethernet0, Port ID (outgouing port): Ethernet0Holdtime: 155 sec
Version:IOS ™ GS Software (GS3), 11.2(13337) [asastry]Copyright © 1986-1996 by cisco System, Inc.complied Tue 14-May-96 1:04
routerA#sho cdp entry routerB---------------------------------Device ID: routerBEntry address(es): IP address: 198.92.68.18 CLNS address: 490001.1111.1111.1111.00 APPLETALK ADDRESS: 10.1Platform: AGS, Capabalities: Router Trans-BridgeInterface: Ethernet0, Port ID (outgouing port): Ethernet0Holdtime: 155 sec
Version:IOS ™ GS Software (GS3), 11.2(13337) [asastry]Copyright © 1986-1996 by cisco System, Inc.complied Tue 14-May-96 1:04
Showing CDP Entries for a Device
Synergon Informatika Rt.
TCP/IP Overview
Objectives
Upon completion of this chapter, you will be able to
perform the following tasks:
Describe how the TCP/IP implementation relates to the OSI
reference Model
Identify the functions of the TCP/IP transport-layer protocols
Identify the functions of the TCP/IP network-layer protocols
Identify the functions performed by ICMP
TCP/IP Protocol Stack
Application
Presentation
Session
Transport
Network
Data Link
Physical
7
6
5
4
3
2
1
Application
Transport
Internet
Network Interface
OSI Reference Model TCP/IP Conceptual Layers
Ethernet, 802.3, 802.5, FDDI, and so on
Application Layer Overview
*Used by the router
Application
Transport
Internet
Network Interface
Hardware
File Transfer•TFTP*•FTP•NFS
E-mail•SMTP
Remote Login•Telnet*•rLogin
Network Management•SNMP*
Name Management•DNS*
Synergon Informatika Rt.
Transport Layer
Transport Layer Overview
*Used by the router
Application
Transport
Internet
Network Interface
Hardware
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
TCP Segment Format
Source Port
Dest. Port
Sequence Number
Acknowledgment Number
HLEN Reserved Code Bits
#Bits 16 16 32 32 4 66
Window Check-sum
Urgent Pointer
Option Data...
16 16 16 0 or 32
Port Numbers
161
FTP
TELNET
SMTP
DNS
TFTP
SNMP
TCP UDP
21 23 25 53 69Port
Numbers
Application Layer
Transport Layer
TCP Port Numbers
Source Port
Dest. Port
...
Dest.port = 23 Send packet to
my Telnet application.
1028 ……...23
SP DP
Host A Host ZTelnet Z
TCP Handshake/Open Connection
Host A Host Z
Receive SYN (seq = y, ack = x+1)
Send SYN (seq = x)
Send ACK (ack = y+1)
Receive SYN (seq = x)
Send SYN (seq = y, ack = x+1)
Receive ACK (ack = y+1)
TCP Simple Acknowledgement
Sender
Send ACK 2
• Window size = 1
Receiver
Send 1
Send 2
Send 3Receive 3
Receive 1
Receive 2Send ACK 3
Send ACK 4
Receive ACK 2
Receive ACK 3
Receive ACK 4
TCP Sliding Window
Sender
Send ACK 7
• Window size = 3
ReceiverSend 1
Send 2Send 3
Receive 3
Receive 1
Receive 2
Send ACK 4Receive ACK 4
Send 4
Send 5
Send 6
Receive ACK 7
Receive 4
Receive 5
Receive 6
UDP Segment Format
No sequence or acknowledgement fields
Source Port
Destination Port
Length Data ….
#Bits 16 16 16 16
Checksum
Synergon Informatika Rt.
Network Layer
Internet Layer Overview
OSI network layer corresponds to the TCP/IP
Internet layer
Application
Transport
Internet
Network Interface
Hardware
Internet Protocol (IP)
Internet Control Message Protocol (ICMP)
Address Resolution Protocol (ARP)
Reserve Address resolution Protocol (RARP)
IP Diagram
VERS HLEN Type of service
Total Length Identification Flags Frag Offset
#Bits 4 4 8 16 16 3 13 8
ProtocolHeader
ChecksumDestination IP Address
IP Option
Data...
8 16 32 32 var
TTL
Source IP Address
Protocol Field
Determines destination upper-layer protocol
TCP UDP
IP
176
Transport Layer
Internet Layer
Protocol Numbers
Internet Control Message Protocol (ICMP)
Application
Transport
Internet
Network Interface
Hardware
Destination Unreachable
Echo (Ping)
Other
ICMP
ICMP Testing
Destination unreachable– Host or port unreachable
– Network unreachable
I do not know how to get to Z!
Send ICMP
Send data to Z Host A
To Z
Destination unreachable
Data Network
ICMP Testing (cont.)
Generated by the ping command
Is B reachable ?Host A
ICMP Echo Reply
Yes, I am here.Host B
ICMP Echo Request
Address Resolution Protocol (ARP)
Map IP Ethernet Local ARP
I need the Ethernet
address of 172.16.3.2 172.16.3.1
IP: 12.16.3.2 = Ethernet: 0800.0020.1111
I heard that broadcast, that is me. Here is my
Ethernet address.Host B
IP: 172.16.3.2 = ???
Reserve ARP (RARP)
Map Ethernet IP ARP and RARP are implemented directly on
top of the data link layer
What is my IP address?
Ethernet: 0800.0020.1111 IP: 12.16.3.25
I heard thatbroadcast.
IP address is172.16.3.25
Ethernet: 0800.0020.1111 IP = ???
Summary
The TCP/IP protocol stack has the following
components:Protocols to support file transfer, e-mail, remote login, and other
applications
Reliable and “unreliable” transports
Connectionless datagram delivery at the network layer
ICMP provides control and message functions at the
network layer
Synergon Informatika Rt.
IP Address Configuration
Objectives
Upon completion of this chapter, you will be able
to perform the following tasks:
Describe the different classes of IP addresses
Configure IP addresses
Verify IP addresses
Synergon Informatika Rt.
TCP/IP Address Overview
IP Addressing
Network Host
32 Bits
8 Bits 8 Bits 8 Bits 8 Bits
172 . 16 . 122 . 204
Class A:
Class B:
Class C:
Class D: for multicast
Class E: for research
N= Network number assigned by NIC
H= Host number assigned by network administrator
IP Address Classes
N H H H
N N H H
N N N H
Recognizing Classes in IP Addresses (First Octet Rule)
High OrderBits
Octet in Decimal
AddressClass
0
10
110
1 - 126
128 - 191
192 - 223
A
B
C
Synergon Informatika Rt.
Configuring IP Addresses
Host Addresses
172.16.200.1
172.16.3.10
172.16.12.12
10.1.1.1
10.250.8.11
10.180.30.118
IP:172.16.2.1 IP:10.6.24.2
172.16
Network12 . 12
Host
. Routing TableNetwork Interface172.16.0.0 E0 10.0.0.0 E1
E0 E1
Subnetting Addressing
172.16.2.200
172.16.2.2
172.16.2.160
172.16.3.5
172.16.3.100
172.16.3.150
IP:172.16.2.1 IP:172.16.3.1
172.16
Network
2
Subnet
. New Routing TableNetwork Interface172.16.2.0 E0 172.16.3.0 E1
E0 E1
. 160
Host
Subnet Mask
IP Adresses
DefaultSubnet Mask
8-bitSubnet
Mask
172 16 0 0
255 255 0 0
255 255 255 0
Network Host
Network Host
Network HostSubnet
Use host bits, starting at the high order bit position
Broadcast Address
172.16.3.0
172.16.3.0
172.16.1.0
172.16.3.255 (Directed broadcast)
172.16.2.0
255.255.255.255(Local Network broadcast) XX
Assigns an address and subnet mask Start IP processing on an interface
ip address ip-address subnet-maskip address ip-address subnet-mask
term ip netmask-formatterm ip netmask-format
Sets format of network mask as seen in show commands
Router (config) #
Router (config-if) #
IP Address Configuration
Define statics host name to IP address mapping
ip host name [tcp-port-number] address [address] . . .ip host name [tcp-port-number] address [address] . . .
ip host tokyo 1.0.0.5 2.0.0.8ip host tokyo 1.0.0.4
ip host tokyo 1.0.0.5 2.0.0.8ip host tokyo 1.0.0.4
Hosts/interfaces selectable by name or IP address
Router (config) #
IP Host Names
Specifies one or more hosts that
supply host name information
ip name-server server-address1 [[server-address2] . . . [server-address6]
ip name-server server-address1 [[server-address2] . . . [server-address6]
Router (config) #
Name Server Configuration
DNS enables by default
Turns off the name service
ip domain-lookupip domain-lookup
Router (config) #
Router (config) #
no ip domain-lookupno ip domain-lookup
Name System
Test IP network connectivity
Router> ping 172.16.101.1Type escape sequence to abort
timeout is 2 second Success rate is 80 percent, round-trip min/avg/max = 6/6/6 msRouter>
Router> ping 172.16.101.1Type escape sequence to abort
timeout is 2 second Success rate is 80 percent, round-trip min/avg/max = 6/6/6 msRouter>
Sending 5, 100-byte ICMP Echos to 172.16.101.1,
. ! ! ! !
Simple Ping
Ping supported for several protocols
Router# ping
Repeat count [5]:Datagram size [100]:Timeout in second [2]:Extended commands [n] : zSource address:Type of service [0]:
Data pattern [0xABCD]:Loose, Strict, Record, Timestamp, Verbose[none]:Sweep range of siyes [n]:Tzpe escape sequence to abort.Sending 5, 100/bzte ICMP Echos to 192.168.101.162, timeout is 2 second:! ! ! ! !Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 msRouter#
Router# ping
Repeat count [5]:Datagram size [100]:Timeout in second [2]:Extended commands [n] : zSource address:Type of service [0]:
Data pattern [0xABCD]:Loose, Strict, Record, Timestamp, Verbose[none]:Sweep range of siyes [n]:Tzpe escape sequence to abort.Sending 5, 100/bzte ICMP Echos to 192.168.101.162, timeout is 2 second:! ! ! ! !Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 msRouter#
Protocol [ip]:Target IP address: 192.168.101.162
Set DF bit in IP header? [no] : yes
Extended Ping
Shows interface addresses used to reach the
destination
Router# trace aba.nyc.milType escape sequence to abort.
1 debris.cisco.com (172.16.1.6) 1000 msec 8 msec 4 msec 2 barrnet-gw.cisco.com (172.16.16.2) 8 msec 8 msec 8 msec 3 externa-a-gateway.stanford.edu (192.42.110.225) 8 msec 4 msec 4 msec 4 bb2.su.barrnet.net (131.119.254.6) 8msec 8 msec 8 msec 5 su.arc.barrnet.net (131.119.3.8) 12 msec 12 msec 8 msec 6 moffett-fld-mb.in.mil (192.52.195.1) 216 msec 120 msec 132 msec
Router# trace aba.nyc.milType escape sequence to abort.
1 debris.cisco.com (172.16.1.6) 1000 msec 8 msec 4 msec 2 barrnet-gw.cisco.com (172.16.16.2) 8 msec 8 msec 8 msec 3 externa-a-gateway.stanford.edu (192.42.110.225) 8 msec 4 msec 4 msec 4 bb2.su.barrnet.net (131.119.254.6) 8msec 8 msec 8 msec 5 su.arc.barrnet.net (131.119.3.8) 12 msec 12 msec 8 msec 6 moffett-fld-mb.in.mil (192.52.195.1) 216 msec 120 msec 132 msec
7 aba.nyc.mil (26.0.0.73) 412 msec * 664 msec
Tracing the route to aba.nyc.mil (26.0.0.73)
IP Trace
Summary
IP addresses are specified in 32-bit dotted decimal format
Router interface can be configured with an IP address
ping and trace commands can be used to verify IP address configuration
Synergon Informatika Rt.
IP Routing Configuration
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Perform the initial configuration of your router and enable IP
Add the RIP routing protocol to your configuration
Add the EIGRP routing to your configuration
• Static routes
• Default routes
• Dynamic routing
• Static routes
• Default routes
• Dynamic routing
IP Routing Learns Destinations
Define a path to an IP destination network or
subnet
ip route network [mask] {address | interface } [distance]ip route network [mask] {address | interface } [distance]
Router (config) #
Static Route Configuration
Cisco BCisco A
S1
S0S2 S0
E0
172.16.2.1
172.16.2.2
ip route 172.16.1.0 255.255.255.0 172.16.2.1ip route 172.16.1.0 255.255.255.0 172.16.2.1
Static Route Configuration
Define a default route
Router (config) #
ip default-network network-numberip default-network network-number
Default Route Configuration
Network 172.16.0.0Subnet Mask 255.255.255.0
Company X Public Network
192.168.17.0
router ripnetwork 172.16.0.0network 192.168.17.0ip default-network 192.168.17.0
router ripnetwork 172.16.0.0network 192.168.17.0ip default-network 192.168.17.0
Cisco A
Cisco A
Default Route Example
RIP
IGRP
Interior Routing Protocols:
Exterior Routing Protocols
Autonomous System 100 Autonomous System 200
Interior or Exterior Routing Protocols
Router (config)# router ?bgp Border Gateway Protocol (BGP)egp Exterior Gateway Protocol (EGP)eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)igrp Interior Gateway Routing Protocol (IGRP)sisis ISO-IS ISiso-igrp IGRP for OSI networkmobile Mobile routerodr On Demand stub Routerospf Open Shorted Path First (OSPF)rip Routing Information Protocol (RIP)static Static routes
Router (config) # router rip
Router configuration commands: default-information control distribution of default information default-metric Set metric of redistrative router distance Define an administrative distance distance-list Filter network in routing updates exit Exit from routing protocol configuration mode--- More ---
Router (config)# router ?bgp Border Gateway Protocol (BGP)egp Exterior Gateway Protocol (EGP)eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)igrp Interior Gateway Routing Protocol (IGRP)sisis ISO-IS ISiso-igrp IGRP for OSI networkmobile Mobile routerodr On Demand stub Routerospf Open Shorted Path First (OSPF)rip Routing Information Protocol (RIP)static Static routes
Router (config) # router rip
Router configuration commands: default-information control distribution of default information default-metric Set metric of redistrative router distance Define an administrative distance distance-list Filter network in routing updates exit Exit from routing protocol configuration mode--- More ---
Router (config-router) # ?
IP Routing Protocol Mode
Application
Transport
Internet
Network InterfaceHardware
Routing Information Protocols (RIP)
Interior Gateway Routing Protocols (IGRP)
Open Shorted Path First Protocols (OSPF)
Enhanced IGRP (EIGRP)
Interior IP Routing Protocols
Global configuration– Select routing protocol(s)
– Specify network(s)
Interface configuration– Verify address/subnet mask
Network 172.30.0.0
Network 172.16.0.0
IGRP
RIP
RIP
IGRP, RIP
Network 160.89.0.0
IP Routing Configuration Tasks
Defines an IP routing protocol
Router (config) #
router protocol [keyword]router protocol [keyword]
Router (config-router) #
Network network-numberNetwork network-number
The network subcommand is a mandatory configuration command for each IP routing process
Dynamic Routing Configuration
Synergon Informatika Rt.
Routing Information Protocol
Hop count metric selects the path
19.2 kbps
T1T1
T1
RIP Overview
• Starts the RIP routing process
Router (config) #
router riprouter rip
Router (config-router) #
network network-numbernetwork network-number
• Selects participating attached networks
RIP Configuration
Cisco E
Cisco A
Cisco B Cisco CCisco D
T0
S0S1
S2
Token Ring
Token Ring
1.4.0.0
1.1.0.0
1.2.0.0
3.3.0.0
2.3.0.0
2.2.0.0
2.7.0.0
2.6.0.0
2.5.0.0
2.1.0.0
2.4.0.0
Cisco A
router ripnetwork 1.0.0.0network 2.0.0.0
router ripnetwork 1.0.0.0network 2.0.0.0
RIP Configuration Example
Router> show ip protocolRouting Protocol is „rip”
Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing : rip
Routing Information Sources: Gateway Distance Last Update 183.8.128.12 120 0:00:14 183.8.64.130 120 0:00:19 183.8.128.130 120 0:00:03
Router> show ip protocolRouting Protocol is „rip”
Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing : rip
Routing Information Sources: Gateway Distance Last Update 183.8.128.12 120 0:00:14 183.8.64.130 120 0:00:19 183.8.128.130 120 0:00:03
Routing for Network: 183.8.0.0. 144.253.0.0
Sending update every 30 seconds, next due in 13 seconds
Distance: (default is 120)
Monitoring IP
Router> show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, E1 - OSPF external type1, E2 - OSPF external type 2, E - EGP, I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
Gateway of last resort is not set
144.253.0.0 is subnetted (mask is 255.255.255.0), 1 subnetsC 144.253.100.0 is directly connected, Ethernet0R 153.50.0.0 [120/1] via 183.8.128.12, 00:00:09, Ethernet0 183.8.0.0. Is subnetted (mask is 255.255.255.128), 4 subnetsR 183.8.0.128 [120/1] via 183.8.128.130, 00:00:17, Serial0
[120/1] via 183.8.64.130, 00:00:17, Serial1C 183.8.128.0 is directly connected, Ethernet0C 183.8.64.128 is directly connected, Serial1C 183.8.128.128 is directly connected, Serial0R 192.3.63.0
Router> show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, E1 - OSPF external type1, E2 - OSPF external type 2, E - EGP, I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
Gateway of last resort is not set
144.253.0.0 is subnetted (mask is 255.255.255.0), 1 subnetsC 144.253.100.0 is directly connected, Ethernet0R 153.50.0.0 [120/1] via 183.8.128.12, 00:00:09, Ethernet0 183.8.0.0. Is subnetted (mask is 255.255.255.128), 4 subnetsR 183.8.0.128 [120/1] via 183.8.128.130, 00:00:17, Serial0
[120/1] via 183.8.64.130, 00:00:17, Serial1C 183.8.128.0 is directly connected, Ethernet0C 183.8.64.128 is directly connected, Serial1C 183.8.128.128 is directly connected, Serial0R 192.3.63.0
Displaying the IP Routing Table
Synergon Informatika Rt.
Internet Gateway Routing Protocol
IGRP Overview
CC
Composite metric selectss the path
Speed is the primary consideration
19.2 kbps
T1T1 T1
IGRP Configuration
• Defines IGRP as an IP routing process
Router (config) #
router igrp autonomous-systemrouter igrp autonomous-system
Router (config-router) #
network network-numbernetwork network-number
• Selects participating attached networks
IGRP Configuration Example
Cisco E
Cisco A
Cisco B Cisco CCisco D
T0
S0S1
S2
Token Ring
Token Ring
1.4.0.0
1.1.0.0
1.2.0.0
3.3.0.0
2.3.0.0
2.2.0.0
2.7.0.0
2.6.0.0
2.5.0.0
2.1.0.0
2.4.0.0
Cisco A
router igrp 109network 1.0.0.0network 2.0.0.0
router igrp 109network 1.0.0.0network 2.0.0.0
show ip protocol Command
Router> show ip protocol Routing Protocol is „igrp 300”
Invalid after 270 seconds, hold down 280, flushed after 630 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default netwworks flagged in outgoing updates Default networks accepted from incoming updates IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing : igrp 300
Routing Information Sources: Gateway Distance Last Update 183.8.128.12 120 0:00:14 183.8.64.130 120 0:00:19 183.8.128.130 120 0:00:03
--More--
Router> show ip protocol Routing Protocol is „igrp 300”
Invalid after 270 seconds, hold down 280, flushed after 630 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default netwworks flagged in outgoing updates Default networks accepted from incoming updates IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing : igrp 300
Routing Information Sources: Gateway Distance Last Update 183.8.128.12 120 0:00:14 183.8.64.130 120 0:00:19 183.8.128.130 120 0:00:03
--More--
Routing for Network: 183.8.0.0. 144.253.0.0
Sending update every 30 seconds, next due in 55 seconds
Distance: (default is 120)
Summary
Routers can be configured to use one or more IP routing protocols
Two IP routing protocols are:
RIP
IGRP
Synergon Informatika Rt.
Configuring Novell IPX
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Describe the Novell IPX protocol stack
Describe key features of Novell IPX
List the required IPX address and encapsulation type
Enable the Novell IPX protocol and configure interfaces
Monitor Novell IPX operation on the router
Synergon Informatika Rt.
IPX Routing Overview
Novell IPX Protocol Stack
Upper Layer Protocols
Transport
Network
Data Link
Physical
7
6
5
4
3
2
1
OSI Reference Model NetWare 3.x/4.x Protocols
Internetwork Packet Exchange (IPX)
RIP SAP NCP NLSP Other
Protocols
SPX
Open Data-Link Interface (ODI)
Medium Access Protocols (Ethernet, Token Ring, WAN, others)
Key Novell IPX Features
Address is 80 bits (network.node)
Interface MAC address is part of logical address
Multiple encapsulations per interface
Default routing protocol is Novell RIP
Novell service advertisements in SAP traffic
NetWare clients find servers with GNS packets
Novell IPX Addressing
Each interface has a unique address
48 bits (from MAC)
Network.Node
Up to 32 bitsNetwork 4a1d
4a1d.0000.0c56.de33 2c.0000.0c56.de33
3f.0000.0c56.de34
Network 2c
Network 3f
S0E0
E1
Multiple Novell Encapsulations
For example, four types of Ethernet framing
• Ethernet_II
Novell IPX Name Framing Structure
• Ethernet_802.2
• Ethernet_SNAP
• Ethernet_802.3
Default for NetWare 3.11 or earlier
Default for NetWare 3.12 or later
Ethernet IPX
802.3 IPX 802.2 LLC
802.3 IPX 802.2 LLC 802.2 LLC SNAP
802.3 IPX
Cisco Encapsulation Names
Specify encapsulation when you configure IPX network
Novell IPX Name Cisco IOS
Name Ethernet_II arpa
Ethernet_802.2 sap
Ethernet_SNAP snap
Ethernet_802.3 novell-ether
Token-Ring token
Token-Ring_SNAP snap
Exercise: IPX Parameter Planning
R2 Interface Network Name Address Encapsulation
S0S1E1
Network c0b0 S0 hdlc
Network d100Network b001 Network b1b0
arpa
hdlc
snap
arpa S1E0
E0
E1
E0
S1
S0
• Write the IPX addresses and encapsulation types for R2
R1 R2
R0 R3
RIP - The IPX Routing Protocol
Uses ticks (about 1/18 sec.) and hop count (maximum of 15 hops) Broadcasts routing information to neighbor routers every 60 seconds
RIP Table
RIP Table
RIP Table
RIP Table
RIP Table
RIP Table
RIP Table
RIP Table
A
B
C
D
D C B A
SAP - Service Advertisement
SAP packets advertise all NetWare services Can add excessive broadcast traffic to the network
SAP
SAP
SAP tableAdvertiseses
print service
Listens to SAP
Advertiseses file service
GNS - Clients Get Nearest Server
GNS is a broadcast from a client needing a server
File server and Cisco router get this SAP packet
File server provides GNS response
SAP
GNS request
File Server
GNS response
NetWare Client
Synergon Informatika Rt.
Configuring IPX Routing
Novell IPX Configuration Tasks
Global configuration
– IPX routing
– Load sharing
Interface configuration
– Network numbers
– Encapsulation type
Network 9e encap arpa
RIP
RIP
IPX
Network 4a encap arpa
Novell IPX Global Configuration
Configures round-robin load sharing over multiple equal metric paths
Router (config) #
Router (config) #
IPX routing [ node ]IPX routing [ node ]
Enables Novell IPX routing
IPX maximum-path pathIPX maximum-path path
Novell IPX Interface Configuration
Router (config-if) #
IPX network number [encapsulation encapsulation-type] [secondary]
IPX network number [encapsulation encapsulation-type] [secondary]
Assigns primary and secondary network
number and encapsulation
Synergon Informatika Rt.
Verifying and Monitoring IPX Routing
Verifying IPX Operation
Monitoring Commands Troubleshooting Commands
Show ipx interface debug ipx routing activity
Show ipx route debug ipx sap
Show ipx servers
Show ipx traffic
Monitoring IPX Status
Router# show ipx interface ethernet 0Ethernet0 is up, line protocol is up
IPX address is 3010.aa00.0400.0284, NOVELL-ETHER [up] line-up, RIPPQ: 0, SAPPQ: 0Delay of this Novell network, in ticks is 1IPXWAN processing not enabled on this interfaceIPX SAP update interval is 1 minute(s)IPX type 20 propagation packet forwarding is disabledOutgoing access list is not setIPX helper access list is not setSAP Input filter list is not setSAP Output filter list is not setSAP Router filter list is not setSAP GNS output filter list is not setInput filter list is not setOutput filter list is not setRouter filter list is not setNetbios Input host access list is not setNetbios Input bytes access list is not setNetbios Output host access list is not setNetbios Output bytes access list is not setUpdate time is 60 seconds
-- More --
Router# show ipx interface ethernet 0Ethernet0 is up, line protocol is up
IPX address is 3010.aa00.0400.0284, NOVELL-ETHER [up] line-up, RIPPQ: 0, SAPPQ: 0Delay of this Novell network, in ticks is 1IPXWAN processing not enabled on this interfaceIPX SAP update interval is 1 minute(s)IPX type 20 propagation packet forwarding is disabledOutgoing access list is not setIPX helper access list is not setSAP Input filter list is not setSAP Output filter list is not setSAP Router filter list is not setSAP GNS output filter list is not setInput filter list is not setOutput filter list is not setRouter filter list is not setNetbios Input host access list is not setNetbios Input bytes access list is not setNetbios Output host access list is not setNetbios Output bytes access list is not setUpdate time is 60 seconds
-- More --
Monitoring IPX Routing Tables
Router# show ipx routeCodes: C - Connected primary network, C - Connected secondary network
R - RIP, E - EIGRP, S - static, W - IPXWAN connected5 Total IPX routes
Up to 2 parallel paths allowed Novell routing algorithm variant in use
R Net 3030 [6/1] via 3021.0000.0c03.13d3, 23 sec, 1 uses, Serial1via 3020.0000.0c03.13d3, 23 sec, 0 uses, Serial0
C Net 3020 (x25), is directly connected, 15 uses, Serial0C Net 3021 (HDLC), is directly connected, 15 uses, Serial1C Net 3010 (NOVELL_ETHER), is directly connected, 15 uses, Ethernet0C Net 3000 (NOVELL_ETHER), is directly connected, 15 uses, Ethernet1
Router# show ipx routeCodes: C - Connected primary network, C - Connected secondary network
R - RIP, E - EIGRP, S - static, W - IPXWAN connected5 Total IPX routes
Up to 2 parallel paths allowed Novell routing algorithm variant in use
R Net 3030 [6/1] via 3021.0000.0c03.13d3, 23 sec, 1 uses, Serial1via 3020.0000.0c03.13d3, 23 sec, 0 uses, Serial0
C Net 3020 (x25), is directly connected, 15 uses, Serial0C Net 3021 (HDLC), is directly connected, 15 uses, Serial1C Net 3010 (NOVELL_ETHER), is directly connected, 15 uses, Ethernet0C Net 3000 (NOVELL_ETHER), is directly connected, 15 uses, Ethernet1
Router> show ipx serversCodes: P - Periodic, I - Incremental, H- Holddown, S - static1 Total IPX Servers
Table ordering is based on routing and server info
Type Name Net Address Port RouteHops ItfP4 MAXINE AD33000.0000.1b04.0288:0451 332800/1 2
Et3
Router> show ipx serversCodes: P - Periodic, I - Incremental, H- Holddown, S - static1 Total IPX Servers
Table ordering is based on routing and server info
Type Name Net Address Port RouteHops ItfP4 MAXINE AD33000.0000.1b04.0288:0451 332800/1 2
Et3
Monitoring IPX Servers List
Monitoring IPX Traffic
Router# show ipx trafficSystem Traffic for 2018.0000.0000.0001 System-Name: dtp-18Rcvd: 23916 total, 13785 format errors, 0 checksum errors, 0 bad hopcount,
0 packets pitched, 23916 local dastinatio, 0 multicastBcast: 17111 received, 9486 sentSent: 16067 generated, 0 forwarded
0 encapsulation failed, 0 no routeSAP: 6 SAP request, 6 SAP replies, 2309 servers
0 SAP Nearest Name requests, 0 replies0 SAP General Name requests, 0 replies1521 SAP advertisements received, 2212 sent0 SAP flash updates sent, 0 SAP format errors
RIP: 6 RIP request, 6 RIP replies, 2979 routes8033 RIP advertisements received, 4300 sent154 Rip flash updates sent, 0 RIP format eroors
Echo: Rcvd 0 request, 0 repliesSent 0 request, 0 replies0 unknown: 0 no socket, 0 filtered, 0 no helper0 SAPs throttled, freed NDB len 0
-- More --
Router# show ipx trafficSystem Traffic for 2018.0000.0000.0001 System-Name: dtp-18Rcvd: 23916 total, 13785 format errors, 0 checksum errors, 0 bad hopcount,
0 packets pitched, 23916 local dastinatio, 0 multicastBcast: 17111 received, 9486 sentSent: 16067 generated, 0 forwarded
0 encapsulation failed, 0 no routeSAP: 6 SAP request, 6 SAP replies, 2309 servers
0 SAP Nearest Name requests, 0 replies0 SAP General Name requests, 0 replies1521 SAP advertisements received, 2212 sent0 SAP flash updates sent, 0 SAP format errors
RIP: 6 RIP request, 6 RIP replies, 2979 routes8033 RIP advertisements received, 4300 sent154 Rip flash updates sent, 0 RIP format eroors
Echo: Rcvd 0 request, 0 repliesSent 0 request, 0 replies0 unknown: 0 no socket, 0 filtered, 0 no helper0 SAPs throttled, freed NDB len 0
-- More --
Troubleshooting IPX Routing
Router# debug ipx routing activityIPX routing debugging is onRouter#IPXRIP: positing full update to 3010.ffff.fffff.fffff via Ethernet0 (broadcast)IPXRIP: positing full update to 3000.ffff.fffff.fffff via Ethernet1 (broadcast)IPXRIP: positing full update to 3020.ffff.fffff.fffff via Serial0 (broadcast)IPXRIP: positing full update to 3021.ffff.fffff.fffff via Serial1 (broadcast)IPXRIP: sending update to 3020.ffff.fffff.fffff via Serial0 IPXRIP: src=3020.0000.0c23.14d8, dst=3020.ffff.ffff.ffff, packet sent
network 3021, hops 1, delay 6 network 3010, hops 1, delay 6 network 3000, hops 1, delay 6
IPXRIP: sending update to 3021.ffff.fffff.fffff via Serial1IPXRIP: src=3021.0000.0c03.14d8, dst=3021.ffff.ffff.ffff, packet sent
network 3020, hops 1, delay 6 network 3010, hops 1, delay 6 network 3000, hops 1, delay 6
IPXRIP: sending update to 3010.ffff.fffff.fffff via Ethernet0IPXRIP: src=3021.0000.0c03.14d8, dst=3010.ffff.ffff.ffff, packet sent
network 3020, hops 2, delay 7 network 3010, hops 1, delay 1
-- More --
Router# debug ipx routing activityIPX routing debugging is onRouter#IPXRIP: positing full update to 3010.ffff.fffff.fffff via Ethernet0 (broadcast)IPXRIP: positing full update to 3000.ffff.fffff.fffff via Ethernet1 (broadcast)IPXRIP: positing full update to 3020.ffff.fffff.fffff via Serial0 (broadcast)IPXRIP: positing full update to 3021.ffff.fffff.fffff via Serial1 (broadcast)IPXRIP: sending update to 3020.ffff.fffff.fffff via Serial0 IPXRIP: src=3020.0000.0c23.14d8, dst=3020.ffff.ffff.ffff, packet sent
network 3021, hops 1, delay 6 network 3010, hops 1, delay 6 network 3000, hops 1, delay 6
IPXRIP: sending update to 3021.ffff.fffff.fffff via Serial1IPXRIP: src=3021.0000.0c03.14d8, dst=3021.ffff.ffff.ffff, packet sent
network 3020, hops 1, delay 6 network 3010, hops 1, delay 6 network 3000, hops 1, delay 6
IPXRIP: sending update to 3010.ffff.fffff.fffff via Ethernet0IPXRIP: src=3021.0000.0c03.14d8, dst=3010.ffff.ffff.ffff, packet sent
network 3020, hops 2, delay 7 network 3010, hops 1, delay 1
-- More --
Troubleshooting IPX SAP
Router# debug ipx sapIPX sap debugging is onRouter#NovellSAP: at 0023F778I SAP response type 0x2 len 160 src:160.0000.0c00.070d dest: 160.ffff.ffff.ffff(452)
type 0x4, “HELLO2”, 199.0002.0004.0006 (451), 2 hopstype 0x4, “HELLO1”, 199.0002.0004.0006 (451), 2 hops
NovellSAP: sending update to 160NovellSAP: at 00169080
0 SAP Update type 0x2 len 96 ssoc:0x452 dest: 160.ffff.ffff.ffff(452)Novell: type 0x4 “Magnolia”, 42.0000.0000.0001 (451), 2 hops
Router# debug ipx sapIPX sap debugging is onRouter#NovellSAP: at 0023F778I SAP response type 0x2 len 160 src:160.0000.0c00.070d dest: 160.ffff.ffff.ffff(452)
type 0x4, “HELLO2”, 199.0002.0004.0006 (451), 2 hopstype 0x4, “HELLO1”, 199.0002.0004.0006 (451), 2 hops
NovellSAP: sending update to 160NovellSAP: at 00169080
0 SAP Update type 0x2 len 96 ssoc:0x452 dest: 160.ffff.ffff.ffff(452)Novell: type 0x4 “Magnolia”, 42.0000.0000.0001 (451), 2 hops
Summary
Address is network.node
Logical address contains interface MAC address
IPX interface configuration supports multiple data-link
encapsulations
Rip uses the distance vectors of ticks and hops
SAPs and GNS broadcasts function to connect client
and server
Synergon Informatika Rt.
Basic Traffic Management with Access Lists
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Describe the use, value, and processes of access lists
Configure standard and extended access lists to filter IP traffic
Monitor and verify selected access list operations on the router
IPX and AppleTalk access lists later
Synergon Informatika Rt.
Access Lists Overview
Deny traffic you do not want based on packet tests (for example, addressing or traffic type)
Specify packet traffic for dialing remote sites using dial-on-demand routing (DDR)
FDDI Dual Ring
FDDI Dual Ring
TokenRing
Internet172.16.0.0
172.17.0.0
Why use Access Lists?
Standard– Simpler address specifications
– Generally permits or denies entire protocol suite
Access List ProcessesProtocol
Source and Destination
Permit? S0
E0
Optional Dialer
Incoming Packet
Outgoing Packet
Extended– More complex address specification
– Generally permits or denies specific protocols
What Are Access Lists?
Choose Interface
Route/bridge
?
Table Entry
?
Access List?
Permit?
Notify Sender
Unwanted Packet
Packet Discard Bucket
Packet
Packet
Inbound Interfaces
Outbound Interfaces
Packet
Y
Y
Y
Y
N
N N N
Firewall
Test Access List
Statements
How Access Lists Work
Permit
Permit
Permit
Deny
Deny
Deny
Deny
Match Last Test?
Match First Test?
Match Next Test?
Packet Discard Bucket
Destination Interface(s)
Packet to Interface(s) in the Access Group
Y Y
Y
YY
Y
N
N
NImplicit
Deny
A List of Tests: Deny or Permit
Access lists are numbered (for IP, numbered or named)
Step 1: Set parameters for this access list test statement (which can be one of several statements)Router (config) #
access-list access-list-number {permit|deny}{test conditions} access-list access-list-number {permit|deny}{test conditions}
Step 2: Enable an interface to become part of the group that uses the specified access listRouter (config-if) #
{protcol} access-group access-list-number {in|out}{protcol} access-group access-list-number {in|out}
Access List Command Overview
Number identifies the protocol and type Other number ranges for most protocols
Access List Type Number Range/Identifier
IP Standard 1-99Extended 100-199
Named (Cisco IOS 11.2 and later)
IPX Standard 800-899SAP filters 1000-1099
AppleTalk 600-699
Access List Type Number Range/Identifier
IP Standard 1-99Extended 100-199
Named (Cisco IOS 11.2 and later)
IPX Standard 800-899SAP filters 1000-1099
AppleTalk 600-699
How to identify Access Lists
Synergon Informatika Rt.
TCP/IP Access Lists
• Limit traffic and restrict network use
• Enable directed forwarding of broadcasts
FTP X
XBroadcast
Managing IP Traffic Overview
Access lists control packet movement through a network
Transmission of packets on an interface
Virtual terminal line access ( IP)
Access List Application
Access lists are multipurpose
Route filteringRoutingtable
Dial-on-demand routingQueueList
Priority and custom queuing
Other Access List Uses
Standard lists (1 to 99) test conditions of all IP packets from
source addresses
Extended lists (100 to 199) can test conditions of – Source and destination addresses
– Specific TCP/IP-suite protocols
– Destination
Wildcard bits indicate how to check the corresponding
address bits (0=check, 1=ignore)
Key Concepts for IP Access Lists
0 means check corresponding bit value
1 means ignore value of corresponding bit
128 64 32 16 8 4 2 1
0 0 0 0 0 0 0 0 =
0 0 1 1 1 1 1 1 =
0 0 0 0 1 1 1 1 =
0 0 0 0 0 0 1 1 =
1 1 1 1 1 1 1 1 =
Octet bit position and address value for bit
Check all address bits (match all)
Ignore last 6 address bits
Ignore last 4 address bits
Ignore last 2 address bits
Do not check address (ignore bits in octet)
Examples
How to Use Wildcard Mask Bits
Address and wildcard mask: 172.30.16.0 0.0.15.255
IP access list test conditions:Check for IP subnets 172.30.16.0 to 172.30.31.0
network.host 172.30.16.00
0 0 0 1 0 0 0 0
Wildcard mask to match bits: 0000 1111 check ignore
How to Use Wildcard Mask Bits (cont.)
Accept any address: 0.0.0.0 255.255.255.255; abbreviate the expression using the keyword any
Test conditions: Ignore all the address bits (match any)
Any IP address 0 . 0 . 0 . 0
Wildcard mask: 255.255.255.255(ignore all)
How to Use the Wildcard any
Abbreviate the wildcard using the IP address followed by the keyword host. For example, 172.30.16.29 host
Example 172.30.16.29 0.0.0.0 checks all the address bits
Test conditions: Check all the address bits (match all)
An IP host address, for example:172.30.16.29
Wildcard mask: 0.0.0.0(check all bits)
How to Use the Wildcard host
• Sets parameters for this list entry
• IP standard access lists use 1 to 99
Router (config) #
access-list access-list-number { permit | deny } source [source-mask] access-list access-list-number { permit | deny } source [source-mask]
Router (config) #
ip access-group access-list-number { in | out } ip access-group access-list-number { in | out }
• Activates the list on an interface
IP Standard Access List Configuration
For Standard IP Access Lists
Incoming packet Access list?
Next entry in list Does sourceaddress match?
Apply condition
More entries?
Route tointerfaceDeny Permit
No
No
No
Yes
Yes
Yes
ICMP Message Forward Packet
Inbound Access List Processing
For Standard IP Access Lists
Incoming packet Access list?
Next entry in list Does sourceaddress match?
Apply condition
More entries?
Deny Permit
No
No
No
Yes
Yes
Yes
ICMP Message Forward Packet
Route tointerface
Outbound Access List Processing
Permit my network only
E0 E1S0 172.16.4.13
172.16.3.0 Non- 172.16.0.0
172.16.4.0
access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list) (access-list 1 deny 0.0.0.0 255.255.255.255)
interface ethernet 0ip accress-group 1 outinterface ethernet 1ip access-group 1 out
access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list) (access-list 1 deny 0.0.0.0 255.255.255.255)
interface ethernet 0ip accress-group 1 outinterface ethernet 1ip access-group 1 out
Standard Access List Example
Allow more precise filtering conditions
– check source and destination IP address
– Specify an optional IP protocol port number
– Use access list number range 100 to 199
Extended IP Access Lists
• Activates the extended list on an interface
• Sets parameters for this list entry
• IP uses a list number in range 100 to 199
Router (config) #
access-list access-list-number { permit | deny } protocol source source-mask destination destination-mask [operator operand] [established]
access-list access-list-number { permit | deny } protocol source source-mask destination destination-mask [operator operand] [established]
ip access-group access-list-number { in | out } ip access-group access-list-number { in | out }
Extended Access List Configuration
Filters based on icmp messages
Router (config) #
access-list access-list-number { permit | deny } {source source-wildcard |any}
{destination destination-wildcard | any }
access-list access-list-number { permit | deny } {source source-wildcard |any}
{destination destination-wildcard | any } [icmp-type [ icmp-code] | icmp-message ]
icmp
ICMP Command Syntax
Filters based on tcp/tcp port number or name
access-list access-list-number { permit | deny } [ operator source-port| source-port] {destination destination-wildcard | any }
access-list access-list-number { permit | deny } [ operator source-port| source-port] {destination destination-wildcard | any }
Router (config) #
[operator destination-port | destination-port ][established]
{source source-wildcard |any}tcp
TCP Syntax
Filters based on udp protocol or udp port number or name
access-list access-list-number { permit | deny } {source source-wildcard |any}
[ operator source-port| source-port ] {destination destination-wildcard | any }
access-list access-list-number { permit | deny } {source source-wildcard |any}
[ operator source-port| source-port ] {destination destination-wildcard | any }
Router (config) #
udp
[operator destination-port | destination-port ]
UDP Syntax
Access list?
Source address
Destination address
Protocol? *
Protocol options ?
Apply condition
Deny Permit
Next entry in listNext entry in list
ICMP Message
Match
Match
Match
Match
Yes
Forward Packet
Does not match
No
* If present in access list
packet
Extended Access List Processing
Deny FTP for E0
E0 E1S0 172.16.4.13
172.16.3.0 Non- 172.16.0.0
172.16.4.0
access-list 101 deny tcp 172.16.4.0 0.0.0.255. 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip 172.16.4.0 0.0.0.255 0.0.0.0 255.255.255.255 (implicit deny all)
(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)
interface ethernet0ip address-group 101 out
access-list 101 deny tcp 172.16.4.0 0.0.0.255. 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip 172.16.4.0 0.0.0.255 0.0.0.0 255.255.255.255 (implicit deny all)
(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)
interface ethernet0ip address-group 101 out
Extended Access List Example
Router# show ip interface
Ethernet 0 is up, line protocol is up Internet address is 192.54.222.2, subnet mask is 255.255.255.0 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 byte Helper address is 192.52.71.4 Secondary address 131.182.115.2, subnet mask 255.255.255.0
Proxy ARP is enabled Security level is default Slit horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent Ip fast switching is enabled Gateway Discovery is disabled IP accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Router #
Router# show ip interface
Ethernet 0 is up, line protocol is up Internet address is 192.54.222.2, subnet mask is 255.255.255.0 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 byte Helper address is 192.52.71.4 Secondary address 131.182.115.2, subnet mask 255.255.255.0
Proxy ARP is enabled Security level is default Slit horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent Ip fast switching is enabled Gateway Discovery is disabled IP accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Router #
Outgoing access list 10 is setInbound access list is not set
Monitoring Access Lists
• Display access lists from all protocols
Router #
show access-listsshow access-lists
• Display a specific IP access lists
Router #
show ip access-lists [access-list-number]show ip access-lists [access-list-number]
• Clear packet counts
Router #
clear access-lists counters [ access-list-number]clear access-lists counters [ access-list-number]
• Display line configuration
Router #
show lineshow line
Access List show Command
Router> show access-lists
Standard IP access list 19permit 172.16.19.0
Standard Ip access list 49permit 172.16.31.0 wildcard bits 0.0.0.255permit 172.16.194.0 wildcard bits 0.0.0.255permit 172.16.195.0 wildcard bits 0.0.0.255permit 172.16.196.0 wildcard bits 0.0.0.255permit 172.16.197.0 wildcard bits 0.0.0.255
Extended IP access list 101permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 23
Type code access list 201permit 0x6001 0x0000
Type code access list 202permit 0x6004 0x0000deny 0x0000 0xFFFF
Router>
Router> show access-lists
Standard IP access list 19permit 172.16.19.0
Standard Ip access list 49permit 172.16.31.0 wildcard bits 0.0.0.255permit 172.16.194.0 wildcard bits 0.0.0.255permit 172.16.195.0 wildcard bits 0.0.0.255permit 172.16.196.0 wildcard bits 0.0.0.255permit 172.16.197.0 wildcard bits 0.0.0.255
Extended IP access list 101permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 23
Type code access list 201permit 0x6001 0x0000
Type code access list 202permit 0x6004 0x0000deny 0x0000 0xFFFF
Router>
deny 0.0.0.0, wildcard bits 255.255.255.255
Monitoring Access List Statements
Synergon Informatika Rt.
Restricting Virtual Terminal Access
Standard and extended access lists will not block access from the router
For security, virtual terminal (vty) access can be blocked to or from the router
XX
Router#Router#
Virtual Terminal Access Overview
Five virtual terminal lines (0-4)
Set identical restrictions on all the virtual terminal lines
Router#Router#
01 2 3
4 Virtual port (vty 0 4)
Physical port (E0)
How to Control vty Access
Restricts incoming and outgoing connections between a particular virtual terminal line into a device (and the addresses in an access list)
Router (config) #
Line { vty number | vty-range}Line { vty number | vty-range}
• Enters configuration mode for a terminal line or a range of lines
Router (config/line) #
access-class access-list-number { in | out } access-class access-list-number { in | out }
Virtual Terminal Line Commands
Virtual Terminal Access Example
Permits only hosts in netwrok 192.89.55.0 to
connect to the virtual terminal ports on the
router
Controlling Inbound Access
Access-list 12 permit 192.89.55.0 0.0.0.255!Line vty 0 4access-class 12 in
Access-list 12 permit 192.89.55.0 0.0.0.255!Line vty 0 4access-class 12 in
Synergon Informatika Rt.
Novell IPX Access Lists
Key Concepts for IPX Access Lists
IPX addressing uses a network.node and a socket number
Standard lists (800 to 899) can filter source and destination
address
Access list (1000 to 1099) are SAP filters for service types and
servers on one or more networks
Other access list number ranges offer additional Novell
software filters (examples: GNS, RIP, NLSP)
IPX Standard Access List Configuration
Activates the IPX standard access list on an interface
Router (config) #
Router (config) #
Access-list access-list-number { deny| permit} source-network [. Source-node] [ source-node-mask] [destination-network] [.destination-node] [destination-node-mask]
Access-list access-list-number { deny| permit} source-network [. Source-node] [ source-node-mask] [destination-network] [.destination-node] [destination-node-mask]
Sets parameters for this list entry
Standard access list uses list-number in range 800 to 899
ipx access-group access-list-numberipx access-group access-list-number
Standard IPX Access List Example
ipx routingaccess-list 800 permit 2b 4d(implicit deny all)int e 0ipx network 4dipx access-group 800int e 1ipx network 2bint e 2ipx network 3c
ipx routingaccess-list 800 permit 2b 4d(implicit deny all)int e 0ipx network 4dipx access-group 800int e 1ipx network 2bint e 2ipx network 3c
E2
Cilent
Cilent
Server
network 4d
network 2b
network 3c
E0E1
E2
Why to Control IPX Overhead
Frequent updates reduce the bandwidth for user traffic
WAN Link Flooded with Overhead Traffic
server
server
server
server
client
Advertising Routing
Find Server
Advertising Routing
Advertising Routing
Advertising Routing C
A B
SAP Table
SAP Table
Normal IPX SAP Operation
Router does not forward SAP broadcasts
IPX routers send SAP table every 60 seconds
Server/RouterA Server/RouterB
Server/RouterC
Server/RouterD
Client1
Client2
SAP Table
SAP Table
SAP TableSAP
Table
SAP TableSAP
Table
SAP TableSAP
Table
A Big IPX Network
How to Use SAP Filters
Plan for SAP filters and enter global command Note. Must set up SAP filters on all routers
SAP Filter Goalsdeny type 7 (print server) SAP from 2adeny type 98 (access server) SAP from 5bdeny type 24 (router) SAP to 7cdeny type 4 (file server) SAP from 4adeny type 26a (NMS)deny type 7a (NetWare for VMS) SAP from *8permit the remaining SAPs
SAP Filter Goalsdeny type 7 (print server) SAP from 2adeny type 98 (access server) SAP from 5bdeny type 24 (router) SAP to 7cdeny type 4 (file server) SAP from 4adeny type 26a (NMS)deny type 7a (NetWare for VMS) SAP from *8permit the remaining SAPs
Access-list 1000-1099
How to Use SAP Filters (cont.)
Apply the access list to the interface as an input or output SAP filter
SAP TableSAP
Table
SAP TableSAP
TableSAPSAP
SAPSAP
SAP
SAP
SAP
SAP
SAP
SAP SAP
Input filter: Do not add filtered SAPs to SAP table
Output filter: Do not add filtered SAPs to the SAP table sent
SAP Filter Configuration
Router (config) #
access-list access-list-number { deny| permit} network [.node] [ network-mask-node-mask] [server-type [server-name]]
access-list access-list-number { deny| permit} network [.node] [ network-mask-node-mask] [server-type [server-name]]
Creates an entry in a SAP filter list
Router (config-if) #
ipx input -sap-filter access-list-numberipx input -sap-filter access-list-number
Activates the input SAP filter on the interface
Router (config-if) #
ipx output -sap-filter access-list-numberipx output -sap-filter access-list-number
Activates the output SAP filter on the interface
SAP Filter Example 1
TokenRing
access-list 1000 deny 9e.1234.5678.1212 4access-list 1000 permit -1interface ethernet 0ipx network 9einterface ethernet 1ipx network 4ainterface serial 0ipx network 1ipx output-sap-filter 1000
access-list 1000 deny 9e.1234.5678.1212 4access-list 1000 permit -1interface ethernet 0ipx network 9einterface ethernet 1ipx network 4ainterface serial 0ipx network 1ipx output-sap-filter 1000
File services from Novell server C are not advertised to A or B
Network 3d
Network 1
Network 4a
Network 9e
1234.5678.1212
E0 S0
S0 T0E1
A
B
C
D
Cisco B
SAP Filter Example 2
TokenRing
access-list 1001 deny -1 7access-list 1001 permit -1interface ethernet 0ipx network 9einterface ethernet 1ipx network 4ainterface serial 0ipx network 1ipx output-sap-filter 1001
access-list 1001 deny -1 7access-list 1001 permit -1interface ethernet 0ipx network 9einterface ethernet 1ipx network 4ainterface serial 0ipx network 1ipx output-sap-filter 1001
Print services from Novell server C and D are not entered into the SAP table
Network 3d
Network 1
Network 4a
Network 9e
1234.5678.1212
E0 S0
S0 T0E1
A
B
C
D
Cisco B
dtp -19# sh ipx int et1/1Ethernet0 is up, line protocol is up
IPX address is 10.0000.0c0d.724f, NOVELL-ETHER [up] line-upDelay of this IPXl network, in ticks is 1 throughput 0 link delay 0IPXWAN processing not enabled on this interfaceIPX SAP update interval is 1 minute(s)IPX type 20 propagation packet forwarding is disabledIncoming access list is not setOutgoing access list is not setIPX helper access list is not setSAP GNS processing enabled, delay 0 ms, output filter list is not setSAP Input filter list is not setSAP Output filter list is not setSAP Router filter list is not setInput filter list is not setOutput filter list is not setRouter filter list is not setNetbios Input host access list is not setNetbios Input bytes access list is not setNetbios Output host access list is not setNetbios Output bytes access list is not setUpdate time is 60 seconds, aging multiples RIP: 3 SAP: 3
-- More --
dtp -19# sh ipx int et1/1Ethernet0 is up, line protocol is up
IPX address is 10.0000.0c0d.724f, NOVELL-ETHER [up] line-upDelay of this IPXl network, in ticks is 1 throughput 0 link delay 0IPXWAN processing not enabled on this interfaceIPX SAP update interval is 1 minute(s)IPX type 20 propagation packet forwarding is disabledIncoming access list is not setOutgoing access list is not setIPX helper access list is not setSAP GNS processing enabled, delay 0 ms, output filter list is not setSAP Input filter list is not setSAP Output filter list is not setSAP Router filter list is not setInput filter list is not setOutput filter list is not setRouter filter list is not setNetbios Input host access list is not setNetbios Input bytes access list is not setNetbios Output host access list is not setNetbios Output bytes access list is not setUpdate time is 60 seconds, aging multiples RIP: 3 SAP: 3
-- More --
Monitoring IPX Access List
dtp-19# sh access-listsIPX access list 800
deny 8000IPX access list 801
deny FFFFFFFF
dtp-19# sh access-listsIPX access list 800
deny 8000IPX access list 801
deny FFFFFFFF