ccna configuracion y comandos

of 105 /105
Reference for commands for Cisco products http://www.cisco.com/univercd/home/home.htm CLI Password Configuration Cisco IOS Software Command Help IOS stores the commands that you type in a history buffer, storing ten commands by default. You can change the history size with the terminal history size x user exec command, where x is the number of commands for

Upload: alfonso-saucedo

Post on 06-May-2015

356 views

Category:

Technology


1 download

TRANSCRIPT

Page 1: Ccna configuracion y comandos

Reference for commands for Cisco products

http://www.cisco.com/univercd/home/home.htm

CLI Password Configuration

Cisco IOS Software Command Help

IOS stores the commands that you type in a history buffer, storing ten commands by default. You can change the history size with the terminal history size x user exec command, where x is the number of commands for the CLI to recall; this can be set to a value between 0 and 256. You then can retrieve commands so that you do not have to retype the commands.

Page 2: Ccna configuracion y comandos

Key Sequences for Command Edit and Recall

IOS enables enhanced editing mode by default and has for a long time. However, you can turn off these keystrokes with the no terminal editing exec command, and turn them back on with the terminal editing command.

CLI Configuration Mode Versus Exec Modes

Page 3: Ccna configuracion y comandos

Cisco Router Memory Types

Locations for Copying and Results from Copy Operations

Configuration show Commands

Getting into Setup Mode

Page 4: Ccna configuracion y comandos

The Cisco IOS Software Boot Sequence1. The router performs a power-on self-test (POST) to discover and verify the hardware.2. The router loads and runs bootstrap code from ROM.3. The router finds the IOS or other software and loads it.4. The router finds the configuration file and loads it into running config.

Three OS Categories for Routers

Two configuration tools tell the router what OS to load:_ The configuration register

Page 5: Ccna configuracion y comandos

_ The boot system configuration command

On most Cisco routers, the default Configuration Register setting is hexadecimal 2102.

Binary Version of Configuration Register, Value Hex 2102

The boot field is the name of the low-order 4 bits of the configuration register. This field can be considered a 4-bit value, represented as a single hexadecimal digit. (Cisco represents hexadecimal values by preceding the hex digit[s] with 0x—for example, 0xA would mean a single hex digit A.) If the boot field is hex 0, ROMMON is loaded. If the boot field is hex 1, RXBOOT mode is used. For anything else, it loads a full-featured IOS. But which one?The second method used to determine where the router tries to obtain an IOS image is through the use of the boot system configuration command. If the configuration register calls for a full-featured IOS (boot field 2-F), the router reads the startup-configuration file for boot system commands. If there are no boot system commands, the router takes the default action, which is to load the first file in Flash memory. Table 7-6 summarizes the use of the configuration register and the boot system command at initialization time, when the boot field’s value implies that the router will look for boot commands.

The Boot System Commands

Page 6: Ccna configuracion y comandos

Impact of the boot system Command on Choice of IOS: Boot Field Between 2 and F

Operating Cisco LAN Switches2950 Front Panel and LEDs

2950 Switch LEDs and Meaning

Page 7: Ccna configuracion y comandos

Basic Router Configuration and OperationConfiguring IP AddressesIP Configuration Commands

Page 8: Ccna configuracion y comandos

IP EXEC Commands

Page 9: Ccna configuracion y comandos

Basic Administrative ConfigurationOn most routers, you would configure at least the following:_ A host name for the router_ Reference to a DNS so that commands typed on the router can refer to host names instead of IP addresses_ Set a password on the console port_ Set a password for those Telnetting to the router_ Set the enable secret password to protect access to privileged mode_ Create a banner stating an appropriate warning, depending on the security practices at that company

To make the router ask for a password at the console, you need the login console subcommand; the password console subcommand tells the router what password is required at the console. Similar logic applies to the login and password vty subcommands.Two other things that you might want to configure habitually on routers are the console timeout and the synchronization of unsolicited messages. The exec timeout minutes seconds command sets the inactivity timeout. Also, unsolicited informational

Page 10: Ccna configuracion y comandos

messages and output from the IOS debug command both show up at the console by default. These same messages can be seen at the aux port or when Telnetting into a router by using the terminal monitor command. The logging synchronous line subcommand tells the router not to interrupt the output of a show command with these unsolicited messages, letting you read the output of the command that you typed before the router displays the other messages. logging synchronous can make your life a lot easier when using a router.

Syslog messages also can be sent to another device. Two alternatives exist: sending the messages to a syslog server, and sending the messages as SNMP traps to a management station. The logging host command, where host is the IP address or host name of the syslog server, is used to enable sending messages to the external server. After SNMP is configured, the snmp-server enable traps command tells the IOS to forward traps, including syslog messages.

Configuring IP AddressesThe ip address interface subcommand configures the IP address for each interface. Because each interface has an IP address, the interface configuration command precedes each ip address command, identifying to IOS the interface to which the IP address should be assigned.

Prefix NotationThis notation, called prefix notation, denotes the subnet mask in terms of the number of 1 bits in the subnet mask. The number of bits of value binary 1 in the mask is considered to be the prefix. Prefix notation is simply a shorter way to write the mask. If you prefer to see the subnet masks instead of the prefix, simply use the terminal ip netmask-format decimal exec command.

Seeding the Routing Table with Connected IP RoutesThe Cisco IOS routes IP packets by default—in other words, you do not need to type any commands to tell the router to enable IP routing. Before the router will route packets in or out an interface, the interface must have an IP address.The problem with the configurations shown so far is that the routers do not know routes to all the subnets in the network. The ultimate solution to this problem is to configure a dynamic routing protocol.Routers add routes to their routing tables for the subnets associated with their own physical interfaces.

The show ip route command lists routes to the subnets connected to the router. The output from the command lists a C in the first column, which, according to the notes at the beginning of the command output, means “connected.” In other words, this router is connected directly to these subnets.

The show ip interfaces brief command lists one line per interface, with IP address information and interface status.

The show interfaces {interface} command lists more details about a single interface, with most of thosedetails about the interface itself. Finally, the show ip interfaces {interface} command showsdetailed information about the IP protocol running over interface.

IOS adds connected routes to the routing table that meet the following requirements:_ The interface has been configured with a valid IP address.

Page 11: Ccna configuracion y comandos

_ The interface is in an up and up status according to the various interface-oriented show commands.

All three of the show commands that list interface status information use two designations of up and up. The first status keyword (the first of the two ups in this case) generally refers to OSI Layer 1 status. The second status word generally refers to the status of OSI Layer 2.Another instance in which a router might put an interface in status up and down is when the router does not receive keepalive messages on a regular basis. Cisco routers send, and expect to receive, proprietary keepalive messages on each interface. The purpose of the keepalives is to know whether the interface is usable. You can disable keepalives with the no keepalive interface subcommand, or you can change the timer with the keepalive interval interface subcommand.

To bring down an interface for administrative reasons and, as a side effect, remove the connected route from the routing table, you can use the shutdown interface subcommand. The no shutdown command brings the interface back up.

Bandwidth, Clock Rate, and Serial Lines in the LabTo use a back-to-back WAN connection, one router must supply the clocking. The clock rate command sets the rate in bits per second on the router that has the DCE cable plugged into it. If no cable has been plugged in, the IOS accepts the command. If a DTE cable has been plugged in, IOS rejects the command. If you do not know which router has the DCE cable in it, you can find out by using the show controllers command.

The bandwidth command tells IOS the speed of the link, in kilobits per second, regardless of whether the router is supplying clocking. The bandwidth setting does not change anything that the router does at Layer 1; instead, this setting is used by IOS software for other purposes. bandwidth defaults to T1 speed on serial interfaces. There is no default for clock rate, even with a DCE cable plugged in—it must be configured.

IP Troubleshooting FeaturesInternet Control Message ProtocolTCP/IP includes a protocol specifically to help manage and control the operation of a TCP/IP network, called the Internet Control Message Protocol (ICMP). The ICMP protocol provides a wide variety of information about the health and operational status of a network. The ICMP messages sit inside an IP packet, with no transport layer header at all–so it is truly just an extension of the TCP/IP network layer.

ICMP Message Types

Page 12: Ccna configuracion y comandos

ICMP Echo Request and Echo ReplyThe ICMP echo request and echo reply messages are sent and received by the ping command.The echo request includes some data that can be specified by the ping command; whatever data is sent in the echo request is sent back in the echo reply.

Destination Unreachable ICMP MessageThe ICMP Destination Unreachable message is sent when a message cannot be delivered completely to the application at the destination host. Because packet delivery can fail for many reasons, there are five separate unreachable functions (codes) using this single ICMP unreachable message. All five code types pertain directly to an IP, TCP, or UDP feature.

ICMP Unreachable Codes

Codes That the ping Command Receives in Response to Its ICMP Echo Request

Page 13: Ccna configuracion y comandos

IP Naming CommandsIP Naming Commands

Telnet and SuspendThe telnet IOS exec command enables you to Telnet from one Cisco device to another; in practical use, it is typically to another Cisco device. One of the most important features of the telnet command is the suspend feature.

Telnet Command Options

Page 14: Ccna configuracion y comandos

Cisco Discovery ProtocolThe Cisco Discovery Protocol (CDP) discovers basic information about neighboring routers and switches, without needing to know the passwords for the neighboring devices. CDP supports any LAN, HDLC, Frame Relay, and ATM interface—in fact, it supports any interface that supports the use of SNAP headers. The router or switch can discover Layer 2 and Layer 3 addressing details of neighboring routers without even configuring that Layer 3 protocol—this is because CDP is not dependent on any particular Layer 3 protocol.Devices that support CDP advertise their own information and learn information about others by listening for their advertisements. On media that support multicasts at the data link layer, CDP uses multicast; on other media, CDP sends a copy of the CDP update to any known data-link addresses. So, any CDP-supporting device that shares a physical medium with another CDP-supporting device can learn about the other device.

CDP discovers several useful details from the neighboring device:_ Device identifier—Typically the host name_ Address list—Network and data-link addresses_ Port identifier—Text that identifies the port, which is another name for an interface_ Capabilities list—Information on what type of device it is—for instance, a router or a switch_ Platform—The model and OS level running in the device

CDP is enabled in the configuration by default. The no cdp run global command disables CDP for the entire device, and the cdp run global command re-enables CDP. Likewise, the no cdp enable interface subcommand disables CDP just on that interface, and the cdp enable command switches back to the default state of CDP being enabled.

Page 15: Ccna configuracion y comandos

The show cdp command has four options. THe show cdp neighbor command lists each neighbor, with one line of output per neighbor. The show cdp entry fred command lists the details learned by CDP about the neighbor whose host name is fred. Another command that lists the detailed information is the show cdp neighbor detail command, which is in the same format as show cdp entry but lists the information for every neighbor.

Turning off CDPno cdp run (general)no cdp enable (para una interface)

Gathering CDP Timers and Holdtime Informationshow cdpcdp timercdp holdtime

Gathering Neighbor Informationshow cdp neighborshow cdp neighbor detailshow cdp entry *

Gathering Interface Traffic Informationshow cdp traffic

Gathering Port and Interface Informationshow cdp interface

Managing Configuration Files

copy source destination

The source and the destination parameters can be running-config, startup-config, or tftp for RAM, NVRAM, and a TFTP server respectively.

Two commands can be used to erase the contents of NVRAM. These are the write erase command, which is the older command, and the erase startup-config command, which is the newer command.

Verifying Flash Memoryshow flash

Backing Up the Cisco IOScopy flash tftp

Restoring or Upgrading the Cisco IOS Softwarecopy tftp flash

the router must be reloaded.

Backing Up and Restoring the Cisco Configurationcopy run startcopy running-config tftpcopy startup-config tftpshow running-config

Static Routingip route destination_ip_address subnet_mask { ip-address | interface } [ distance ]

Page 16: Ccna configuracion y comandos

Verifying Routing Tablesshow ip routeclear ip route

Configuring OSPFThe commands used to configure OSPF are:

router ospf < process_number > where process_number is a number local to the router. This command configures OSPF as the routing protocol on the router.

network network_number wildcard_mask defines the networks that are to participate in the OSPF updates and the area that they reside in.

interface loopback < interface_number > ip address < ip_address > <

subnet_mask > defines a loopback interface, which is a virtual interface, on the router. ip ospf cost < cost > sets the default cost for the router. auto-cost reference-bandwidth changes the OSPF cost formula.

Note: The ip ospf cost command overrides the auto-cost reference-bandwidth command.

Configuring EIGRPThe commands used to configure EIGRP on a Cisco router are consistent with the other IP routing protocolcommands. The EIGRP commands are:

router eigrp autonomous_system_number configures EIGRP as the routing protocol on the router.

network network_number [ wildcard_mask ] defines the networks that are to participate in the EIGRP updates. The [ wildcard_mask ] optional parameter identifies which interfaces are running EIGRP.

no network network_number [ wildcard_mask ] disables EIGRP. no autosummary turns off automatic summarization. ip summary address eigrp autonomous_system_number ip_address subnet_mask

configures summarization at the interface level. variance multiplier configures EIGRP to load-balance across unequal paths. bandwidth line_speed overrides the default bandwidth settings on the links.

VTP ConfigurationBefore VLANs can be configured, VTP must be configured.

Configuring a VTP Management Domain Switch# vlan database Switch(vlan)# vtp domain domain_name

To assign a switch to a management domain on a CLI-based switch, Switch(enable) set vtp [ domain domain_name ]

Configuring the VTP Mode Switch# vlan database Switch(vlan)# vtp domain domain_name Switch(vlan)# vtp { server | client | transparent } Switch(vlan)# vtp password password

On a CLI-based switch, the following command can be used to configure the VTP mode: Switch(enable) set vtp [ domain domain_name ] [ mode{ server | client |

transparent }] [ password password ]

Configuring the VTP Version

Page 17: Ccna configuracion y comandos

Switch# vlan database Switch(vlan)# vtp v2-mode

On a CLI-based switch, the VTP version number is configured using the following command: Switch(enable) set vtp v2 enable

Standard IP Access List Configuration ip access-group {number | action [in | out]}, in which action can be either

permit of deny and is used to enable access lists; and access-class number | action [in | out], which can be used to enable either

standard or extended access lists.

The standard access list configuration can be verified using the following show commands: show ip interface[type number], which includes a reference to the access lists

enabled on the interface; show access-lists [access-list-number | access-list-name], which shows

details of configured access lists for all protocols; and show ip access-list [access-list-number | access-list-name], which shows

the access lists.

Extended IP Access Control Lists access-list access-list-number action protocol source source-wildcard

destination destination-wildcard [log | log-input], which can be used to enable access lists;

Basic Configuration and Operation Commands for the Cisco 2950 SwitchCommands for Catalyst 2950 Switch Configuration

Page 18: Ccna configuracion y comandos
Page 19: Ccna configuracion y comandos

Basic Switch OperationPopular show Commands on a 2950 Switch

Page 20: Ccna configuracion y comandos
Page 21: Ccna configuracion y comandos
Page 22: Ccna configuracion y comandos

show interfaces fastethernet 0/13 command lists basic status and configuration information about fastethernet interface 0/13.

show interfaces status lists the status of each interface in a single line, including the speed and duplex settings negotiated on that interface.

show mac-address-table dynamic command lists all the dynamically learned entries in the bridging table.

show mac-address-table shows both static and dynamic entries.

show running-config command lists the default configuration.

show startup-config

erase startup-config

copy running-config startup-config

copy running-config startup-config

Page 23: Ccna configuracion y comandos

reload

Typical Basic Administrative ConfigurationBasic Configuration of a 2950 Switch

Page 24: Ccna configuracion y comandos
Page 25: Ccna configuracion y comandos

hostname name

password password for the consol and vty(telnet)

login commands tell the switch to require a password at the console and for Telnet sessions,

enable password password

enable secret password

interface Fastethernet 0/5 command to enter interface configuration mode.

duplex and speed commands tell the switch to force these settings rather than use the autonegotiated settings.

shutdown puts an interface in a down status administratively

no shutdown command brings the interface back up

To configure the IP address, you first use the interface vlan 1 command, Next, the ip address command sets the IP address and subnet mask.

ip default-gateway sets the default IP gateway for the switch

Port Security ConfigurationTo configure port security, you need to configure several things. You enable port security using the switchport port-security interface configuration command. Also, the 2950 switch IOS allows port security only on ports that do not connect to other switches. To designate an interface as not connecting to another switch, you use the switchport mode access command. Then you can statically configure the MAC

Page 26: Ccna configuracion y comandos

addresses using the switchport portsecurity mac-address mac-address command.

Using Port Security to Define Correct MAC Addresses of Particular Interfaces

Page 27: Ccna configuracion y comandos

switchport port-security mac-addressswitchport mode accessswitchport port-securityswitchport port-security maximum you can configure up to 132 per interface using the switchport port-security maximum command.switchport port-security violationswitchport portsecurity mac-address sticky tells the switch to learn the MAC address from the first frame sent into the switch, and then add the MAC address as a secure MAC to the running configurationshow port-security interface fastethernet 0/1show running-config

Spanning Tree Protocol ConfigurationCisco switches use STP by default.

Configuration and Operations Commands from This Chapter for 2950 Switches

Basic STP show CommandsSTP Status for the Network Shown in Figure 2-12 with Default STP Parameters

Page 28: Ccna configuracion y comandos

show spanning-tree

Changing STP Port Costs and Bridge PriorityManipulating STP Port Cost and Bridge Priority

Page 29: Ccna configuracion y comandos

debug spanning-tree

Page 30: Ccna configuracion y comandos

spanning-tree cost 2

show spanning-tree

spanning-tree vlan 1 root primary

EtherChannel ConfigurationConfiguring and Monitoring EtherChannel

channel-group 1 mode on

Page 31: Ccna configuracion y comandos

show etherchannel 1 summary

VLAN and Trunking Configuration2950 VLAN Command List

VLAN Configuration for a Single Switch

Cisco 2950 switches use a slightly different configuration mode to configure VLAN and VTP information as compared to the other switch configuration commands. You use VLAN configuration mode, which is reached by using the vlan database enable mode EXEC command. So, instead of using the configure terminal enable mode command, you enter vlan database, after which you are placed in VLAN configuration mode. In VLAN configuration mode, you can configure VLAN information as well as VTP settings.

Page 32: Ccna configuracion y comandos
Page 33: Ccna configuracion y comandos

vlan database

vlan 2 name barney-2

exit

apply

abort

switchport access vlan 2

switchport mode access

interface range fastEthernet 0/9 - 12

switchport access vlan 3

if you had entered just the switchport access vlan commands before creating the VLANs in VLAN configuration mode, the switch would have automatically created the VLANs.

show vlan brief

show vlan

show vlan id 2

VLAN Trunking ConfigurationNetwork with Two Switches and Three VLANs

Page 34: Ccna configuracion y comandos
Page 35: Ccna configuracion y comandos
Page 36: Ccna configuracion y comandos

switchport mode dynamic desirable

2950 Trunk Configuration Options with the switchport mode Command

vtp domain fred

show vtp

show interfaces fastEthernet 0/17 switchport

show interfaces fastEthernet 0/17 trunk

Configuring and Testing Static RoutesSample Network Used in Static Route Configuration Examples

Page 37: Ccna configuracion y comandos
Page 38: Ccna configuracion y comandos
Page 39: Ccna configuracion y comandos

Configuring RIP and IGRPIP RIP and IGRP Configuration Commands

Page 40: Ccna configuracion y comandos

IP RIP and IGRP EXEC Commands

Basic RIP and IGRP Configuration

Sample Router with Five Interfaces

Page 41: Ccna configuracion y comandos

Completing the RIP Configuration from Example

IGRP Configuration

Page 42: Ccna configuracion y comandos

Finally, the numbers between the brackets mention some very useful information. The first number represents the administrative distance, which is covered later in this chapter. The second number lists the metric associated with this route.

IGRP uses the value set with the bandwidth command on each interface to determine the interface’s bandwidth. On LAN interfaces, the bandwidth command’s default values reflect the correct bandwidth. However, on serial interfaces, the bandwidth command defaults to 1544—in other words, T1 speed. (The bandwidth command uses units of kbps, so the bandwidth 1544 command sets the bandwidth to 1544 kbps, or 1.544 Mbps.)

Examination of RIP and IGRP debug and show CommandsSample Three-Router Network with Subnet 10.1.2.0 Failing

Page 43: Ccna configuracion y comandos
Page 44: Ccna configuracion y comandos
Page 45: Ccna configuracion y comandos

The following list describes what happens at each point in the process:_ POINT NUMBER 1—Albuquerque sends an update out Serial0, obeying split-horizon rules. Notice that 10.1.2.0, Yosemite’s Ethernet subnet, is not in the update sent out Albuquerque’s S0 interface._ POINT NUMBER 2—This point begins right after Yosemite’s E0 is shut down, simulating a failure. Albuquerque receives an update from Yosemite, entering Albuquerque’s S0 interface. The route to 10.1.2.0 has an infinite metric, which in this case is 16._ POINT NUMBER 3—Albuquerque formerly did not mention subnet 10.1.2.0 because of split-horizon rules (point 1). The update at point 3 includes a poisoned route for 10.1.2.0 with metric 16. This is an example of split horizon with poison reverse._ POINT NUMBER 4—Albuquerque receives an update in S1 from Seville. The update includes a metric 16 (infinite) route to 10.1.2.0. Seville does not suspend any splithorizon rules to send this route, because it saw the advertisement of that route earlier, so this is a simple case of route poisoning.

Migrating to IGRP with Sample show and debug Commands

Page 46: Ccna configuracion y comandos
Page 47: Ccna configuracion y comandos

Issues When Multiple Routes to the Same Subnet ExistBy default, Cisco IOS software includes up to four equal-cost routes to the same subnet in the routing table—essentially as if maximum-paths 4 had been configured. You can configure maximum-paths as low as 1 or as high as 6.

When RIP places more than one route to the same subnet in the routing table, the router balances the traffic across the various routes.

The metric formula used for IGRP (and EIGRP) poses an interesting problem when considering equal-metric routes. IGRP can learn more than one route to the same

Page 48: Ccna configuracion y comandos

subnet with different metrics; however, the metrics are very unlikely to be equal, because the metric is actually calculated with a mathematical formula. So, with IGRP (and EIGRP), you can tell the routing protocol to think of metrics that are “pretty close” as being equal. To do so, Cisco IOS software uses the variance router subcommand to define how different the metrics can be for routes to be considered to have equal metrics.

The variance command defines a multiplier; any metrics lower than the product of the lowest metric and the variance are considered equal.

When IGRP places more than one route to the same subnet in the routing table, the router balances the traffic across the various routes in proportion to the metric values. You can choose to tell the router to use only the lowest-cost route using the traffic-share min router IGRP subcommand. This command tells the router that, even if multiple routes to the same subnet are in the routing table, it should use only the route that truly has the smallest metric.

OSPF ConfigurationIP OSPF Configuration Commands

IP OSPF EXEC Commands

Page 49: Ccna configuracion y comandos

OSPF Single-Area ConfigurationSample Network for OSPF Single-Area Configuration

router ospf 1

network

OSPF Configuration with Multiple AreasMultiarea OSPF Network

Page 50: Ccna configuracion y comandos

OSPF Multiarea Configuration and show Commands on Albuquerque

Page 51: Ccna configuracion y comandos
Page 52: Ccna configuracion y comandos

OSPF Multiarea Configuration and show Commands on Yosemite

network 10.1.4.1 0.0.0.0 area 1

show ip route ospf

show ip route

The OSPF topology database includes information about routers and the subnets, or links, to which they are attached. To identify the routers in the neighbor table’s topology database, OSPF uses a router ID (RID) for each router. A router’s OSPF RID is that router’s highest IP address on a physical interface when OSPF starts running. Alternatively, if a loopback interface has been configured, OSPF uses the highest IP address on a loopback interface for the RID, even if that IP address is lower than

Page 53: Ccna configuracion y comandos

some physical interface’s IP address. Also, you can set the OSPF RID using the router-id command in router configuration mode.

router-id

NOTE If you’re not familiar with it, a loopback interface is a special virtual interface in a Cisco router. If you create a loopback interface using the interface loopback x command, where x is a number, that loopback interface is up and operational as long as the router IOS is up and working. You can assign an IP address to a loopback interface, you can ping the address, and you can use it for several purposes—including having a loopback interface IP address as the OSPF router ID.

show ip ospf neighbor

show ip ospf interface

ip ospf cost x

bandwidth

auto-cost reference-bandwidth 1000

EIGRP ConfigurationIP EIGRP Configuration Commands

IP EIGRP EXEC Commands

Page 54: Ccna configuracion y comandos

router eigrp

network

show ip route

show ip route eigrp

Page 55: Ccna configuracion y comandos

show ip eigrp neighbors

show ip eigrp interfaces

NAT ConfigurationNAT Configuration Commands

NAT EXEC Commands

Static NAT ConfigurationNAT IP Address Swapping: Unregistered Networks

Page 56: Ccna configuracion y comandos

ip nat inside source static

Page 57: Ccna configuracion y comandos

ip nat inside

ip nat outside

show ip nat translations

show ip nat statistics

Dynamic NAT Configuration

Page 58: Ccna configuracion y comandos

The configuration for dynamic NAT includes a pool of inside global addresses, as well as an IP access list to define the inside local addresses for which NAT is performed.

ip nat pool

ip nat inside source

ip nat inside source list 1 pool fred

ip nat pool fred

Page 59: Ccna configuracion y comandos

show ip nat translations

show ip nat statistics

clear ip nat translation

clear ip nat translation *

debug ip nat

NAT Overload Configuration (PAT Configuration)NAT Overload and PAT

Page 60: Ccna configuracion y comandos

ip nat inside source list 1 interface serial 0/0 overload

show ip nat translations,

HDLC and PPP ConfigurationPPP and HDLC Configuration Commands

Point-to-Point-Related show and debug Commands

Page 61: Ccna configuracion y comandos

encapsulation hdlc

no encapsulation ppp,

CHAP Configuration Example

ISDN Configuration and Dial-on-Demand RoutingISDN Configuration Commands

Page 62: Ccna configuracion y comandos
Page 63: Ccna configuracion y comandos

ISDN-Related EXEC Commands

DDR Legacy Concepts and ConfigurationYou can configure DDR in several ways, including Legacy DDR and DDR dialer profiles. The main difference between the two is that Legacy DDR associates dial details with a physical interface, whereas DDR dialer profiles disassociate the dial configuration from a physical interface, allowing a great deal of flexibility.

DDR Step 1: Routing Packets Out the Interface to Be DialedSample DDR Network

Page 64: Ccna configuracion y comandos

DDR does not dial until some traffic is directed (routed) out the dial interface.

The router needs to route packets so that they are queued to go out the dial interface. Cisco’s design for DDR defines that the router receives some user-generated traffic and, through normal routing processes, decides to route the traffic out the interface to be dialed.

Of course, routing protocols cannot learn routes over a BRI line that is not normally up! Therefore, static routes must be configured on SanFrancisco, pointing to subnets in LosAngeles. Then, packets are routed out the interface, which can trigger a dial of a B channel to LosAngeles.

To begin the process of building a DDR configuration, IP routes are added to the configuration so that packets can be directed out BRI0 on SanFrancisco,

DDR Step 2: Determining the Subset of the Packets That Trigger the Dialing ProcessTogether, Steps 1 and 2 of Legacy DDR logic determine when to dial a circuit. These combined steps are typically called triggering the dial. In Step 1, a packet is routed out an interface to be dialed, but that alone does not necessarily cause the dial to occur. The Cisco IOS software allows Step 2 to define a subset of the packets routed in Step 1 to actually cause the route to dial.

Cisco calls packets that are worthy of causing the device to dial interesting packets. Cisco does not name packets that are not worthy of causing the dial; Only interesting packets cause the dial to occur, but when the circuit is up, both interesting and boring traffic can flow across the link.

Two different methods can be used to define interesting packets. In the first method, interesting is defined as all packets of one or more Layer 3 protocols (for example, all IP packets). The second method allows you to define packets as interesting if they are permitted by an access list.

Page 65: Ccna configuracion y comandos

DDR Step 3: Dialing (Signaling)Before the router can dial, or signal, to set up a call, it needs to know the phone number of the other router. The command is dialer string string, where string is the phone number.

With only one site to dial, you can simply configure a single dial string. However, with multiple remote sites, the router needs to know each site’s phone number. It also needs to know which phone number to use when calling each site.

Mapping Between the Next Hop and the Dial String

Page 66: Ccna configuracion y comandos

Two other important configuration elements are included in Example 10-4. First, CHAP authentication is configured. PAP or CHAP is required if you’re dialing to more than one site with ISDN—and PAP and CHAP require PPP. Notice that the usernames and password used with the two remote routers are shown near the top of the configuration.

You should also note the importance of the broadcast keyword on the dialer map commands. Just as with any other point-to-point serial link, there is no true data-link broadcast. If a broadcast must be sent on the interface after the circuit has been

Page 67: Ccna configuracion y comandos

created, you must use the broadcast keyword to tell the interface to forward the packet across the link.

DDR Step 4: Determining When the Connection Is TerminatedThe decision to take down the link is the most interesting part about what happens while the link is up. Although any type of packet can be routed across the link, only interesting packets are considered worthy of keeping the link up and spending more money. The router keeps an idle timer, which counts the time since the last interesting packet went across the link. If no interesting traffic happens for the number of seconds defined by the idle timer, the router brings the link down.Two idle timers can be set. With the dialer idle-timeout seconds command, the idle time is set. However, if the router wants to dial other sites based on receiving interesting traffic for those sites, and all the B channels are in use, another shorter idle timer can be used. The dialer fast-idle seconds command lets you configure a typically lower number than the idle timer so that when other sites need to be dialed, the link that is currently up can be brought down more quickly.

ISDN BRI ConfigurationCompleted SanFrancisco Configuration

LosAngeles Configuration: Receive Only

Page 68: Ccna configuracion y comandos

isdn switch-type

isdn spid1

isdn spid2

Summary of the New Configuration Needed for ISDN BRI Beyond Legacy DDR Configuration

Summary of Legacy DDR ConfigurationSummary Legacy DDR Configuration Commands

Page 69: Ccna configuracion y comandos

ISDN and DDR show and debug CommandsSanFrancisco DDR Commands

Page 70: Ccna configuracion y comandos
Page 71: Ccna configuracion y comandos
Page 72: Ccna configuracion y comandos

show dialer interface bri 0,

show isdn active

show isdn status

debug isdn q921

debug isdn q931

debug dialer packets

ISDN PRI ConfigurationTo configure ISDN BRI, you need to configure only the switch type, plus the SPIDs if the service provider needs to have them configured.

_ Configure the type of ISDN switch to which this router is connected._ Configure the T1 or E1 encoding and framing options (controller configuration mode)._ Configure the T1 or E1 channel range for the DS0 channels used on this PRI (controller configuration mode)._ Configure any interface settings (for example, PPP encapsulation and IP address) on the interface representing the D channel.

Configuring a T1 or E1 ControllerPRI Controller Configuration Example

Full PRI ConfigurationPRI Controller Configuration Example: Completed Configuration on SanFrancisco

Page 73: Ccna configuracion y comandos

The most unusual part of the configuration introduces the concept of actually identifying the D channel in the interface command. Notice the command interface serial 1/0:23. The :x notation, where x identifies one of the channels inside the PRI, tells the IOS which of the 24 channels you want to configure. The DDR interface subcommands should be configured on the D channel, which is channel 23 according to the command! The interface command numbers the channels from 0 through 23, with the D channel as the last channel, so the :23 at the end correctly tells IOS that you are configuring details for the 24th channel—the D channel.

Summary of the New Configuration Needed for ISDN PRI Beyond Legacy DDR Configuration

Page 74: Ccna configuracion y comandos

DDR Configuration with Dialer ProfilesLegacy DDR with Two BRIs and Eight Remote Sites

The problem with Legacy DDR in this case is that it cannot be configured to dial all eight sites using any available B channel on either BRI.

Dialer profiles overcome this problem with Legacy DDR using a slightly different style of DDR configuration. Dialer profiles pool the physical interfaces so that the router simply uses an available B channel on any of the BRIs or PRIs in the pool. Dialer profile configuration allows the Central Site router to dial any of the eight remote routers using either of the BRIs

Dialer Profiles: Pooling Multiple BRIs to Reach Eight Remote Sites

Summary of the New Configuration Needed for Dialer Profiles Versus Legacy DDR

Page 75: Ccna configuracion y comandos

SanFrancisco Configuration Migrated to Use Dialer Profiles and Two BRIs

Page 76: Ccna configuracion y comandos

ip route

isdn switch-type

dialer-list 2

switch-type

dialer pool-member 3

Dialer Profiles: Pooling Multiple BRIs

Multilink PPPMultilink PPP Configuration for Atlanta

ppp multilink

Page 77: Ccna configuracion y comandos

dialer load-threshold.

Summary of the New Configuration Needed for MLP Versus Legacy DDR

Summary Legacy DDR Configuration Commands

Summary of the New Configuration Needed for ISDN BRI Beyond Legacy DDR Configuration

Page 78: Ccna configuracion y comandos

Summary of the New Configuration Needed for ISDN PRI Beyond Legacy DDR Configuration

Summary of the New Configuration Needed for Dialer Profiles Versus Legacy DDR

Summary of the New Configuration Needed for MLP Versus Legacy DDR

Page 79: Ccna configuracion y comandos

Frame Relay Configuration

Frame Relay Configuration Commands

Frame Relay-Related EXEC Commands

Page 80: Ccna configuracion y comandos

A Fully-Meshed Network with One IP Subnet

Mayberry Configuration

Mount Pilot Configuration

Raleigh Configuration

Page 81: Ccna configuracion y comandos

Yes, Frame Relay configuration can be that easy, because IOS uses some very good choices for default settings:_ The LMI type is automatically sensed._ The encapsulation is Cisco instead of IETF._ PVC DLCIs are learned via LMI status messages._ Inverse ARP is enabled (by default) and is triggered when the status message declaring that the VCs are up is received. (Inverse ARP is covered in the next section.)

In some cases, the default values are inappropriate. For example, you must use IETF encapsulation if one router is not a Cisco router. For the purpose of showing an alternative configuration, suppose that the following requirements were added:_ The Raleigh router requires IETF encapsulation on both VCs._ Mayberry’s LMI type should be ANSI, and LMI autosense should not be used.

Mayberry Configuration with New Requirements

Raleigh Configuration with New Requirements

Frame Relay Address MappingFrame Relay “mapping” creates a correlation between a Layer 3 address and its corresponding Layer 2 address.

Full Mesh with IP Addresses

Page 82: Ccna configuracion y comandos

show Commands on Mayberry, Showing the Need for Mapping

Page 83: Ccna configuracion y comandos

Mayberry can use two methods to build the mapping shown. One uses a statically configured mapping, and the other uses a dynamic process called Inverse ARP.

Inverse ARP is enabled by default in Cisco IOS software Release 11.2 and later.

frame-relay map Commands

Page 84: Ccna configuracion y comandos

A Partially-Meshed Network with One IP Subnet Per VCPartial Mesh with IP Addresses

Atlanta Configuration

Page 85: Ccna configuracion y comandos

Charlotte Configuration

Nashville Configuration

Boston Configuration

Output from EXEC Commands on Atlanta

Page 86: Ccna configuracion y comandos
Page 87: Ccna configuracion y comandos

A Partially-Meshed Network with Some Fully-Meshed PartsHybrid of Full and Partial Mesh

Router A Configuration

Page 88: Ccna configuracion y comandos

Router B Configuration

Router C Configuration

Router D Configuration

Page 89: Ccna configuracion y comandos

Router E Configuration

IP Addresses with Point-to-Point and Multipoint Subinterfaces

Frame Relay Maps and Inverse ARP on Router C

Page 90: Ccna configuracion y comandos

Standard IP Access List ConfigurationStandard IP Access List Configuration Commands

Standard IP Access List EXEC Commands

Standard Access List on R1 Stopping Bob from Reaching Server1

Page 91: Ccna configuracion y comandos

Standard IP ACL: Example 2The criteria for the access lists are as follows:_ Sam is not allowed access to Bugs or Daffy._ Hosts on the Seville Ethernet are not allowed access to hosts on the Yosemite Ethernet._ All other combinations are allowed.

Network Diagram for Standard Access List Example

Yosemite Configuration for Standard Access List Example

Page 92: Ccna configuracion y comandos

Seville Configuration for Standard Access List Example

Yosemite Configuration for Standard Access List Example: Alternative Solution

Extended IP ACL ConfigurationExtended IP Access List Configuration Commands

Page 93: Ccna configuracion y comandos

Extended IP Access List EXEC Commands

Extended IP Access Lists: Example 1In this case, Bob is denied access to all FTP servers on R1’s Ethernet, and Larry is denied access to Server1’s web server.

Network Diagram for Extended Access List Example 1

R1’s Extended Access List

Page 94: Ccna configuracion y comandos

R3’s Extended Access List Stopping Bob from Reaching FTP Servers Near R1

Extended IP Access Lists: Example 2This example uses the same criteria and network topology as the second standard IP ACL example, as repeated here:_ Sam is not allowed access to Bugs or Daffy._ Hosts on the Seville Ethernet are not allowed access to hosts on the Yosemite Ethernet._ All other combinations are allowed.

Network Diagram for Extended Access List

Page 95: Ccna configuracion y comandos

Yosemite Configuration for Extended Access List

Named Access List Configuration

Page 96: Ccna configuracion y comandos

Controlling Telnet Access with ACLsvty Access Control Using the access-class Command

Page 97: Ccna configuracion y comandos