lesson 1: introduction to the cisco...

33
55 Boson NetSim for CCNA Lab Manual NETSIM FOR CCNA LAB MANUAL Lab Primer Lab Primer Lesson 1: Introduction to the Cisco Router Command-Line Interface Modes User Mode vs. Privileged Mode User mode is indicated by the > prompt next to the router name. In user mode, you can look at some of the router’s settings. In privileged mode (indicated by the # prompt), you can use the different show commands to display all of the router’s settings. Router> Router>enable Router# The Enable and Enable Secret Passwords You can set an enable password to control access to privileged mode. This is a very important password because, command at the privileged mode prompt. Router> Router>enable Router#config term Router(config)#enable password boson You can securely encrypt an enable password by using the enable secret command. Router(config)#enable secret cisco The enable secret The password is case-sensitive. A password set with the enable password command is stored as clear text, whereas a password set with the enable secret router with an enable secret password is preferred. The enable secret password always takes precedence if both the enable secret password and the enable password are set. command. To exit con- end command or press the CTRL+Z key combination. Router#config t Router(config)#end Router#

Upload: nguyenkhue

Post on 26-Jan-2019

243 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

55Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Lab PrimerLesson 1: Introduction to the Cisco Router Command-Line InterfaceModes

User Mode vs. Privileged ModeUser mode is indicated by the > prompt next to the router name. In user mode, you can look at some of the router’s settings. In privileged mode (indicated by the # prompt), you can use the different show commands to display all of the router’s settings.Router>Router>enableRouter#

The Enable and Enable Secret PasswordsYou can set an enable password to control access to privileged mode. This is a very important password because,

command at the privileged mode prompt.Router>Router>enableRouter#config termRouter(config)#enable password boson

You can securely encrypt an enable password by using the enable secret command.Router(config)#enable secret cisco

The enable secretThe password is case-sensitive. A password set with the enable password command is stored as clear text, whereas a password set with the enable secretrouter with an enable secret password is preferred. The enable secret password always takes precedence if both the enable secret password and the enable password are set.

command. To exit con-end command or press the CTRL+Z key combination.

Router#config tRouter(config)#endRouter#

Page 2: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

56 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Accessing HelpTo view all commands available from a mode, type ?; you do not have to press the ENTER key after typing the question mark. This will display a list of all available commands in the current mode. You can also use the question mark after you have started typing a command. For example, if you want to see all commands that can be used with the show command, type show ? at the # prompt.Router#show ?access-expression List access expressionaccess-lists List access listsbackup Backup statuscdp CDP informationclock Display the system clockcls DLC user informationcompress Show compression statisticsconfiguration Contents of Non-Volatile memory--More--

The Host Name

host name is also visible via Cisco Discovery Protocol (CDP). However, the host name is not used for TCP/IP ad-dress resolution. The following code demonstrates how to set the host name of a router or switch.Router>Router>enableRouter#conf tRouter(config)#hostname Router1Router1(config)#

in the router’s

command. The following is an example of the type of output you will see when you run the command.Router>Router>enableRouter#show running-configBuilding configuration...

Current configuration:!version 12.0!hostname Router!interface Serial0

Page 3: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

57Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

no ip addressshutdown!interface BRI0no ip addressshutdown!interface Ethernet0no ip addressshutdown!line con 0line aux 0line vty 0 4!end

Router#

in the router’s CLI. If you

erase

Router#erase startup-configErasing the nvram filesystem will remove all files! Continue? [confirm][OK]Erase of nvram: complete

Router#reload

Proceed with reload? [confirm]

Lesson 2: Basic CommandsShow Commands

Show VersionThe show version showversion to obtain critical information, such as the router platform type, the operating system revision, the

showversion command.

Page 4: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

58 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Router>show versionRouter1 Operating System SoftwareRouter uptime is 2 minutesSystem returned to ROM by power-onSystem image file is “flash:c2500.bin”[output ommitted]1 Ethernet/IEEE 802.3 interface(s)1 Serial(sync/async) network interface(s)1 ISDN Basic Rate interface(s)32K bytes of non-volatile configuration memory.4096K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Show Protocolsshow protocols command.

The following is an example of the type of output you will see when you issue the show protocols command.Router>show protocols

Global values:Internet Protocol routing is enabledBRI0 is administratively down, line protocol is DownEthernet0 is administratively down, line protocol is DownSerial0 is administratively down, line protocol is Down

Show Flash

is an example of the type of output you will see when you issue the command.

Router>show flash

System flash directory:File Length Name/status1 3015588 c2500.bin[3015652 bytes used, 1178652 available, 4194304 total]4096K bytes of processor board System flash (Read/Write)

Show HistoryBy default, the router’s command-line interface (CLI) maintains in memory the last 10 commands you have entered. This default value can be changed. You can use one of two methods to cycle through previous router commands entered since the last power loss. To simultaneously view all of the past commands still in router memory, use the show history command. For single-line retrieval, use either the UP ARROW key or the CTRL+P key combination to see the previous command, and use either the DOWN ARROW key or the CTRL+N key combi-nation to see the next command.Router>show history

Page 5: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

59Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

show versionshow protocolsshow flashenableshow running-configdisableshow history

Show Clock The router keeps its own clock that can be used to synchronize devices. The show clock command displays the clock.Router#show clock*00:38:35.755 UTC Mon Mar 1 1993Router#

Show HostsYou can create a list of host names on your router. You can view the entries (if any) by typing show hosts.Router#show hostsDefault domain is not setName/address lookup uses static mappings

Host Flags Age Type Address(es)Router#

Show UsersThe show users command displays users who are connected to the router. Router#show usersLine User Host(s) Idle Location* 0 con 0 idle 00:00:00

Router#

Show InterfacesThe show interfacesRouter#show interfacesBRI0 is administratively down, line protocol is downHardware is BRIMTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255Encapsulation HDLC, loopback not setLast input never, output never, output hang neverLast clearing of “show interface” counters neverInput queue: 0/75/0 (size/max/drops); Total output drops: 0Queuing strategy: weighted fairOutput queue: 0/1000/64/0 (size/max total/threshold/drops)Conversations 0/0/256 (active/max active/max total)

Page 6: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

60 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Reserved Conversations 0/0 (allocated/max allocated)5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 5 interface resets0 output buffer failures, 0 output buffers swapped out0 carrier transitions--More--

Notice the --More-- indicator. This means that more information pertaining to the last command can be displayed. To view more commands line by line, press the ENTER key. To view more output one screen at a time, press the SPACEBAR. To exit the output and return to the router prompt, press any letter. (It may be helpful to remember to press the E key for “exit.”)

PingThe ping command allows a user to test basic connectivity. The syntax for the ping command is as follows:ping ip_address

The pingreceives a reply, it will be noted in the CLI with an exclamation mark (!). If no reply is received, it will be noted with a period (.).

The following shows the output of a successful ping of the 10.1.1.1 IP address:Router#ping 10.1.1.1

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/37/44 ms

Router#

The following shows the output of a failed ping of the 2.2.2.2 IP address:Router#ping 2.2.2.2

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:.....Success rate is 0 percent (0/5)

Router#

The ping command is one of the most commonly used test tools. The PING protocol uses Internet Control Message Protocol (ICMP) to communicate with other routers.

Page 7: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

61Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Address Resolution Protocol (ARP) resolution.

You can also use the command or the show ip interface command on the local router to view its IP addresses.

IP Addressing

The following syntax places an IP address on the interface:ip address ip_address subnet_mask

Remember that /24 denotes a subnet mask of 255.255.255.0. For your convenience, here is a handy table matching slash notation to the corresponding dotted decimal subnet masks:

Slash Dotted Decimal Slash Dotted Decimal Slash Dotted Decimal

/8 255.0.0.0 /16 255.255.0.0 /24 255.255.255.0

/9 255.128.0.0 /17 255.255.128.0 /25 255.255.255.128

/10 255.192.0.0 /18 255.255.192.0 /26 255.255.255.192

/11 255.224.0.0 /19 255.255.224.0 /27 255.255.255.224

/12 255.240.0.0 /20 255.255.240.0 /28 255.255.255.240

/13 255.248.0.0 /21 255.255.248.0 /29 255.255.255.248

/14 255.252.0.0 /22 255.255.252.0 /30 255.255.255.252

/15 255.254.0.0 /23 255.255.254.0 /31 255.255.255.254

Page 8: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

62 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Router>Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router1Router1(config)#int e0Router1(config-if)#ip address 10.1.1.1 255.255.255.0Router1(config-if)#no shutRouter1(config-if)#int s0Router1(config-if)#ip address 172.16.10.1 255.255.255.0Router1(config-if)#no shutRouter1(config-if)#endRouter1#

You can use sh ip interface brief to view the IP addresses on the interface:Router1#sh ip interface brief Interface IP-Address OK? Method Status ProtocolBRI0 unassigned YES manual up upEthernet0 10.1.1.1 YES manual up upSerial0 172.16.10.1 YES manual up upRouter1#

Router>Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router2Router2(config)#int e0Router2(config-if)#ip address 10.1.1.2 255.255.255.0Router2(config-if)#no shutRouter2(config-if)#exitRouter2(config)#exitRouter2#exit

Lesson 4: Router InterfacesExamining the InterfacesRouters can have many types of interfaces, such as Token Ring, FDDI, Ethernet, serial, ISDN, and so on. You will often need to view the status and settings, so you need to know a few important commands. The show inter-faces command is one of the more important commands.Router#show interface

Page 9: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

63Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Ethernet0 is administratively down, line protocol is downHardware is Lance, address is 0060.5cc4.f445 (bia 0060.5cc4.f445)MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255Encapsulation ARPA, loopback not set, keepalive set (10 sec)[output omitted]

This command produces output about each interface. In this case, you can see that Ethernet 0 is administratively down. That means that it has been turned off with the shutdown command.

Ethernet 0 is Line protocol is Meaning

administrativelydown

downIndicates that the interface has been turned off with the shutdown command

up downIndicates that the cable is connected, but keepalives are not be-ing received

down downIndicates a cabling problem, that no clock rate is set on the DCE, or that another router interface is shut down

up up Indicates that the interface is connected and receiving keepalives

You can view particular interfaces with the show interface command; for instance, you can issue the show interface serial 0 command. Alternatively, you can use the show ip interface brief command to quickly display the status of all interfaces.Router#show ip int briefInterface IP-Address OK? Method Status ProtocolEthernet0 unassigned YES not set administratively down downPCbus0 unassigned YES not set administratively down downSerial0 unassigned YES not set up downRouter#

Examining the ControllersControllers are the part of the interface that makes the physical connection. The controller of most interest is the kind of cable that is attached to a serial interface.

A data terminal equipment (DTE) cable is the cable you should typically use. If the local interface is the DTE side of the connection, the other end of the connection must provide clocking.

Data communications equipment (DCE) means that this device must provide the clocking on the wire.

The show controllers command will allow you to see if an interface is a DCE or DTE.Router#show controllers serial 0

HD unit 0, idb = 0xA2B58, driver structure at 0xA7020buffer size 1524 HD unit 0, V.35 DCE cablecpb = 0x42, eda = 0x2140, cda = 0x2000

Page 10: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

64 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

-no shutdown command.

Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#interface ethernet 0Router(config-if)#no shutdownRouter(config-if)#%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up%LINK-3-UPDOWN: Interface Ethernet0, changed state to upRouter(config-if)#endRouter#

If your interface is the DCE, you must provide clocking using the clock rate command.Router#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#interface serial 0Router(config-if)#clock rate 56000Router(config-if)#endRouter#

It is often helpful to use the description command to add a description of the purpose of the interface.Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#int e0Router(config-if)#description My Connection to the Engineering HubRouter(config-if)#endRouter#

You can use any of the following commands to view your changes:show running-config

OR

show interfaces

OR

show controllers

Lesson 5: CDP-

CDP is a Data Link protocol that operates at Layer 2 of the Open Systems Interconnection (OSI) model. This is important to understand because CDP is not routable and can only travel to directly connected devices.

Page 11: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

65Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

CDP allows you to view information such as operating system version, protocol information, and much more. This information can be very handy for troubleshooting a variety of problems.

CDP CommandsThe CDP commands are simple. See the following tables.

no cdp run turns off CDP for the entire routercdp run turns on CDP for the entire router (default setting)cdp timer 120

cdp enable turns on CDP for the interface (default setting)no cdp enable turns off CDP for the interface

Show Commandsshow cdp interface displays interface settingsshow cdp neighbor displays directly connected neighborsshow cdp neighbor detail displays detailed information about neighborsshow cdp displays general information

Lesson 6: ARPARP CommandsShow arpThe show arp command displays the Address Resolution Protocol (ARP) table, which contains detailed informa-tion about interfaces that are learning media access control (MAC) addresses. Looking at the table below, you can see that the router learned the IP address and MAC address of each Ethernet interface. The Age column indicates how long the router has had the information, and the Interface column indicates the interface from which it learned this information. Notice that the age of the 1.1.1.4 address is not indicated because it is the IP address of the Ethernet port that is connected to the router.Router#show arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 1.1.1.2 207 0000.0c32.f57d ARPA Ethernet0Internet 1.1.1.4 - 0060.7062.e040 ARPA Ethernet0Router#

Clear arpThe information stored in the ARP table can become corrupted occasionally, which causes the router to experi-ence packet-delivery problems. When this happens, the ARP table must be cleared and rebuilt. You must access

Page 12: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

66 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

privileged mode and issue the clear arp command in order to clear the ARP table. After you have cleared the ARP table, you can view it again using the show arp command. In this example, notice that all entries, with the exception of the directly connected interfaces of the router, have disappeared.Router#show arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 1.1.1.2 - 0060.7062.e040 ARPA Ethernet0Router#

Lesson 7: Routing ProtocolsRIPRouting Information Protocol (RIP) is a standards-based, distance vector, interior gateway protocol (IGP) that is used by routers to exchange routing information. RIP uses hop count to determine the best path between two locations. Hop count is the number of routers through which a packet must travel in order to reach the desti-nation network. The maximum allowable number of hops a packet can traverse in an IP network where RIP is implemented is 15 hops.

In a RIP network, each router broadcasts its entire RIP table to its neighboring routers every 30 seconds. When a router receives a neighbor’s RIP table, it uses the information provided to update its own routing table and then sends the updated table to its neighbors. This procedure is repeated by each router and results in a state referred to as network convergence, in which all routers have an identical view of the internetwork topology.

Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname Router1Router1(config)#int e0Router1(config-if)#ip address 10.1.1.1 255.255.255.0Router1(config-if)#no shut%LINK-3-UPDOWN: Interface Ethernet0, changed state to upRouter1(config-if)#exit

Router1(config)#int s0Router1(config-if)#ip address 172.16.10.1 255.255.0.0Router1(config-if)#no shut%LINK-3-UPDOWN: Interface Serial0, changed state to up%LINK-3-UPDOWN: Interface Serial0, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to downRouter1(config-if)#exitRouter1(config)#

RIP version 1 is classful, which means it does not include the subnet mask in its routing table updates. RIP version 2 is classless and does include the subnet information in its routing table updates. RIP version 1 is used

Page 13: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

67Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

in the example above. In order to use RIP version 2, the version 2 command must be entered after the router ripcommand.

To enable RIP as the routing protocol on Router 1, the router rip command must be issued. Notice the new mode the router has entered. Router1(config)#router ripRouter1(config-router)#

Once RIP is running on Router 1, network statements must be used to tell the router which networks it is con-nected to. Every router interface that is directly connected to an active network needs a network number. Some

-

Router 1’s Ethernet 0 interface has an IP address of 10.1.1.1 with a /24 subnet mask, and its serial 0 interface has an IP address of 172.16.10.1 with a /16 subnet mask. Because RIP is classful, only the class portions of the ad-

network 10.0.0.0 statement should be used for the Ethernet 0 interface, and the network 172.16.0.0 statement should be used for the serial 0 interface.

Router1(config-router)#network 172.16.0.0Router1(config-router)#network 10.0.0.0Router1(config-router)#

Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router2Router2(config)#int e0Router2(config-if)#ip address 10.1.1.2 255.255.255.0Router2(config-if)#no shut00:17:25: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up Router2(config-if)#exitRouter2(config)#

Page 14: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

68 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Now, the RIP information must be added.

Router2(config)#router ripRouter2(config-router)#network 10.0.0.0Router2(config-router)#exitRouter2(config)#exitRouter2#

RIP should now be running on the network between Router 1 and Router 2.

Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router4Router4(config)#int s0Router4(config-if)#ip address 172.16.10.2 255.255.0.0Router4(config-if)#no shut00:20:35: %LINK-3-UPDOWN: Interface Serial0, changed state to up Router4(config-if)#exitRouter4(config)#

Now, the RIP information must be added.Router4(config)#router ripRouter4(config-router)#network 172.16.0.0Router4(config-router)#exitRouter4(config)#exitRouter4#

show commands can be used to verify that the routers are receiving RIP routes. The most commonly used command is show ip route, which displays all entries in the rout-ing table. This command should be issued at the privileged mode prompt on Router 4 to display the routes to the directly connected Router 1 and to the other routers on the network.Router4# show ip routeGateway of last resort is not set 172.16.0.0/16 is subnetted, 1 subnetC 172.16.10.0 is directly connected, Serial 0R 10.0.0.0 [120/1] via 172.16.10.1 00:03:18, Serial 0

In the line R 10.0.0.0 [120/1] via 172.16.10.1, 00:00:21, Serial0, the R indicates that this is a RIP route. The 10.0.0.0 portion of the output indicates the destination network. The [120/1] portion of the output indicates that 120 is the administrative distance and that 1 hop is required to reach the destination. RIP’s default adminis-trative distance is 120; administrative distance is considered the trustworthiness of the route. If two routing protocols have the same route, the router will pick the route with the lower administrative distance. The via172.16.10.1 portion of the output indicates that 172.16.10.1 is the address of the next hop. The Serial0 portion of the output indicates that this information was learned via the serial 0 interface.

The show ip protocols command displays information about the IP routing protocols that are enabled. The fol-lowing is example output from the show ip protocols command.

Page 15: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

69Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Router4#show ip protocolsRouting Protocol is “rip”Sending updates every 30 seconds, next due in 12 secondsInvalid after 180 seconds, hold down 180, flushed after 240Outgoing update filter list for all interfaces isIncoming update filter list for all interfaces isRedistributing: ripDefault version control: send version 1, receive any versionInterface Send Recv Key-chainRouting for Networks:172.16.0.0Routing Information Sources:Gateway Distance Last Update172.16.10.1 120 00:00:09Distance: (default is 120)

Router4#

The output indicates that updates are being sent every 30 seconds. RIP is a distance vector routing protocol, so it exchanges its entire routing table every 30 seconds. The 172.16.0.0 network is under the Routing for Networks area, which indicates that the network statement is working. Notice that the administrative distance is 120, which is the default.

IGRPInterior Gateway Routing Protocol (IGRP) is a standards-based, distance vector IGP that is used by routers to exchange routing information. IGRP uses a composite metric of bandwidth and delay to determine the best path

unit (MTU), reliability, and load for the link.

In an IGRP network, each router broadcasts its entire IGRP table to its neighboring routers every 90 seconds. When a router receives a neighbor’s IGRP table, it uses the information provided to update its own routing table and then sends the updated table to its neighbors. This procedure is repeated by each router and results in a state referred to as network convergence, in which all routers have an identical view of the internetwork topology.

Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router1Router1(config)#int e0Router1(config-if)#ip address 10.1.1.1 255.255.255.0Router1(config-if)#no shut

00:35:15: %LINK-3-UPDOWN: Interface Ethernet0, changed state to upRouter1(config-if)#exit

Router1(config)#int s0

Page 16: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

70 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Router1(config-if)#ip address 172.16.10.1 255.255.0.0Router1(config-if)#no shut00:35:16: %LINK-3-UPDOWN: Interface Serial0, changed state to upRouter1(config-if)#exit00:35:16: %LINEPROTO-5-UPDO WN: Line protocol on Interface Ethernet0, changed state to up

IGRP is classful, which means it does not include the subnet mask in its routing table updates.

To enable IGRP as the routing protocol on Router 1, the router IGRP AS command must be used. The AS param-

administration with a common routing policy. The same autonomous system number must be used on every router with which Router 1’s routing table should be shared.

In this example, autonomous system number 100 will be used. Notice the new mode the router has entered. Router1(config)#router IGRP 100Router1(config-router)#

Now that IGRP is running on the router, network statements must be used to tell the router which networks it is connected to. Every router interface that is directly connected to an active network needs a network number. Some networks will use the same IP addressing schemes with different subnets, and some will use entirely dif-ferent addressing schemes. The diagram below shows two different addressing schemes.

Router 1’s Ethernet 0 interface has an IP address of 10.1.1.1 with a /24 subnet mask, and its serial 0 interface has an IP address of 172.16.10.1 with a /16 subnet mask. Because IGRP is classful, only the class portions of

network 10.0.0.0 statement should be issued for the Ethernet 0 interface, and the network 172.16.0.0 statement should be issued for the serial 0 interface.Router1(config-router)#network 172.16.0.0Router1(config-router)#network 10.0.0.0Router1(config-router)#

Page 17: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

71Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router2Router2(config)#int e0Router2(config-if)#ip address 10.1.1.2 255.255.255.0Router2(config-if)#no shut01:23:17: %LINK-3-UPDOWN: Interface Ethernet0, changed state to upRouter2(config-if)#exit01:23:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to upRouter2(config)#

Router2(config)#router IGRP 100Router2(config-router)#network 10.0.0.0Router2(config-router)#exitRouter2(config)#exitRouter2#

IGRP should now be running on the network between Router 1 and Router 2.

Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router4Router4(config)#int s0Router4(config-if)#ip address 172.16.10.2 255.255.0.0Router4(config-if)#no shut

01:23:17: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up01:23:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to upRouter4(config-if)#exitRouter4(config)#

Router4(config)#router IGRP 100Router4(config-router)#network 172.16.0.0Router4(config-router)#exitRouter4(config)#exitRouter4#

show commands can be used to verify that the routers are receiving routes. The show ip route command should be issued on Router 4 to display the route to the directly connected Router 1. Router4#show ip routeGateway of last resort is not set

Page 18: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

72 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

172.16.0.0/16 is subnetted, 1 subnetC 172.16.10.0 is directly connected, Serial 0I 10.0.0.0 [100/651] via 172.16.10.1 00:03:18, Serial 0

In the line I 10.0.0.0 [100/651] via 172.16.10.1, 00:00:21, Serial0, the I indicates that this is an IGRP route. The 10.0.0.0 portion of the output indicates the destination network. The 100 in the 100/651 notation indicates that 100 is the administrative distance (IGRP’s default administrative distance is 100). If two routing protocols with the same route are available, the router will pick the route with the lower administrative distance. The 651 value indicates the calculated metric, which is based on bandwidth delay. The via 172.16.10.1 portion of the output indicates the address of the next hop. The Serial0 portion of the output indicates that this information was learned via the serial 0 interface.

The show ip protocols command displays information about the IP routing protocols that are enabled.Router4#show ip protocolsRouting Protocol is igrp 100Sending updates every 90 seconds, next due in 12 secondsInvalid after 270 seconds, hold down 280, flushed after 630Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setDefault networks flagged in outgoing updatesDefault networks accepted from incoming updatesIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0IGRP maximum hopcount 100IGRP maximum metric variance 1Redistributing: igrp 100Routing for Networks:172.16.0.0Routing Information Sources:Gateway Distance Last Update172.16.10.1 100 00:00:09Distance: (default is 100)

Router4#

The output indicates that updates are being sent every 90 seconds. Because IGRP is a distance vector routing protocol, it exchanges its entire routing table every 90 seconds. The 172.16.0.0 network is under the Routing for Networks area, which indicates that the network statement is working. Notice that the administrative distance is 100, which is the default.

OSPFOSPF is a dynamic link-state, hierarchical IGP that is based on open standards. It was designed as a replace-ment for RIP and was derived from an early version of Intermediate System to Intermediate System (IS-IS). OSPF is a robust protocol whose features include least-cost routing, multipath routing, and load balancing. The short-est path through the network is calculated by using the Dijkstra algorithm. Cisco uses its own implementation of the OSPF standards with additional features that are important for interoperability.

Page 19: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

73Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

a few phases of initialization. First, the router uses “hello” packets to identify its neighbors and develop adjacen-cies (relationships for exchanging routing updates) with them. The router then starts the ExStart phase, which is the initial database exchange. Next is the Exchange phase in which the Designated Router sends the routing information and receives an acknowledgement (ack) receipt from the new router. During the Loading phase, the

which it is an active member of the network.

Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router1Router1(config)#int e0Router1(config-if)#ip address 10.1.1.1 255.255.255.0Router(config-if)#no shut00:12:33: %LINK-3-UPDOWN: Interface Ethernet0, changed state to upRouter(config-if)#exitRouter1(config)#int s0Router1(config-if)#ip address 172.16.10.1 255.255.0.0Router1(config-if)#no shut00:15:30: %LINK-3-UPDOWN: Interface Serial0, changed state to up00:15:35: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up Router1(config-if)#exit

Next, the router ospf 100 command should be issued to enable OSPF as the routing protocol. The 100 param-

same for all of the routers within the OSPF area. The networks that are added to the OSPF session make up the area. Notice the new mode that the router enters once the command is issued. Router1(config)#router ospf 100Router1(config-router)#

Once OSPF is running on Router 1, network statements must be used to tell the router which networks it is con-nected to, as well as to assign it its wildcard mask and OSPF area. Every router interface that is directly connect-

diagram below shows two different addressing schemes.

Page 20: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

74 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Router 1’s Ethernet 0 interface has an IP address of 10.1.1.1 with a /24 subnet mask, and its serial 0 interface has an IP address of 172.16.10.1 with a /16 subnet mask. When the network statements are issued, the class portions of the addresses, the wildcard masks, and the area IDs (an integer between 0 and 4,294,967,295) must be provided. Thus, on Router 1, the network 10.0.0.0 0.0.0.255 area 0 command should be issued on the Ethernet 0 interface, and the network 172.16.0.0 0.0.0.255 area 0 command should be issued on the serial 0

Router1(config-router)#network 10.0.0.0 0.0.0.255 area 0Router1(config-router)#network 172.16.0.0 0.0.255.255 area 0Router1(config-router)#exitRouter1(config)#exitRouter1#

Now, the 100 and that the two networks were added to OSPF area 0.Router1#show running-config

Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router2Router2(config)#int e0Router2(config-if)#ip address 10.1.1.2 255.255.255.0Router2(config-if)#no shutRouter2(config-if)#exit00:21:23: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up00:21:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to upRouter2(config)#

Page 21: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

75Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Router2(config)#router ospf 100Router2(config-router)#network 10.1.1.0 0.0.0.255 area 0Router2(config-router)#exitRouter2(config)#exitRouter2#

OSPF should now be running on the network between Router 1 and Router 2.

Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname Router4Router4(config)#int s0Router4(config-if)#ip address 172.16.10.2 255.255.0.0Router4(config-if)#no shutRouter4(config-if)#exit

Router4(config)#router ospf 100Router4(config-router)#network 172.16.0.0 0.0.255.255 area 0Router4(config-router)#exitRouter4(config)#exitRouter4#

OSPF should now be running on all three routers. The ping command can be used to test connectivity between the routers. From Router 1, Router 4’s serial 0 interface and Router 2’s Ethernet interface should be pinged.Router1#ping 172.16.10.2

Router1#ping 10.1.1.2

Next, Router 1 should be pinged from Router 2 and Router 4.Router2#ping 10.1.1.1

Router4#ping 172.16.10.1

If all pings succeed, the routers are talking to each other in both directions and routing is successful.

Now, the show ip ospf interfaceRouter1#show ip ospf interface

This is an excellent command for learning all interface information. The output includes the interface IP ad-dress, area assignment, process ID, router ID, cost, priority, network type, timer intervals, and adjacent neighbor information. You can also see the Designated Router (DR)/Backup Designated Router (BDR) information when it is applied.

Finally, the show ip ospf neighbor command should be issued.Router1#show ip ospf neighbor

Page 22: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

76 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

This command displays all of the important information concerning neighbors and the adjacency state. It also

Lesson 8: PPP with CHAP Authentication PPPPoint-to-Point Protocol (PPP) is a protocol for communicating between two computers using a serial interface, typically a personal computer connected by phone line to a server. For example, your Internet service provider may supply you a PPP connection so that the provider’s server can respond to your requests, pass them on to the Internet, and forward the Internet responses back to you. PPP is typically used with the Internet Protocol (IP).

PPP is sometimes considered a member of the TCP/IP suite of protocols. PPP operates at the Data Link layer (Layer 2) of the Open Systems Interconnection (OSI) reference model. Essentially, it packages a computer’s TCP/IP packets and forwards them to the server where they can actually be put on the Internet.

or satellite transmissions. It uses a variation of High Speed Data Link Control (HDLC) for packet encapsulation.

PPP is usually preferred over the earlier de facto standard, Serial Line Internet Protocol (SLIP), because it can handle synchronous as well as asynchronous communication. PPP can share a line with other users, and it includes error detection that SLIP lacks. PPP is preferred over SLIP when possible.

CHAPChallenge-Handshake Authentication Protocol (CHAP) provides a more secure procedure for connecting to a system than Password Authentication Protocol (PAP). Here’s how CHAP works:

After the link is made, the server sends a challenge message to the connection requestor. The requestor responds with a value obtained by using a one-way hash function.

The server checks the response by comparing its own calculation of the expected hash value.

If the values match, the authentication is acknowledged; otherwise, the connection is usually terminated.

At any time, the server can request that a new challenge message be sent by the connected party. Because

The following interface command enables PPP:encapsulation ppp

PPP must be enabled on both ends of the link.

The following interface command must be added in order for authentication to be enabled:ppp authentication chap

The routers will now require authentication over the link. They will attempt to log in with their host names as

1.

2.

3.

Page 23: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

77Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

router, an entry that matches the remote router’s user name and password must be made:username Other_Router password Other_enable_pass

(R1)s0----------s0(R2)

PPP without CHAPRouter 1:hostname R1interface serial 0

encapsulation PPP no shutdown

Router 2:hostname R2interface serial 0

encapsulation PPP no shutdown

PPP with CHAP Default Names and PasswordRouter 1:hostname R1enable secret toast1username R2 password cool2interface serial 0

encapsulation PPP ppp authentication chap no shutdown

Router 2:hostname R2enable secret cool2username R1 password toast1interface serial 0

encapsulation PPP ppp authentication chap no shutdown

The following is a link where you can read more about PPP/CHAP authentication: http://www.cisco.com/warp/pub-lic/471/understanding_ppp_chap.html

Page 24: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

78 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Lesson 9: Frame RelayFrame Relay is a network access protocol similar in principle to X.25. The main difference between Frame Relay

-forms both error detection and error correction, Frame Relay only performs error detection.

X.25 performs data checking and correcting at the network level. Consequently, the network devices on an X.25 network correct the corrupt data or ask for the data to be retransmitted. The cost of such checking and retrans-mission is network delay.

Frame Relay leaves the task of error correction to the protocols used by intelligent devices at each end of the network. These intelligent devices provide end-to-end data integrity. Because Frame Relay relies on the devices

and less delay occurs overall.

The following command can be used to add a description to an interface to help keep track of permanent virtual circuits (PVCs). An example of a description might be “Frame Relay to Boston”. description descriptive_string

encapsulation frame-relay [cisco | ietf]

Relay subinterface:frame-relay interface-dlci dlci [broadcast]

A DLCI is assigned by the local Frame Relay provider for every PVC connected to the router. DLCI numbers are not exchanged between routers. DLCI numbering at one Frame Relay site is mutually exclusive from DLCI numbering at another site.

The broadcast keyword is optional and should only be included if broadcast packets (e.g., IP, RIP, or IPX RIP/SAP updates) need to be forwarded out of the subinterface. In static routing examples, routing updates are not required and the keyword is omitted.

type from the Frame Relay provider:frame-relay lmi-type {ansi | cisco | q933a}

LMI is a Frame Relay control protocol sent to the router from the Frame Relay switch at the service provider and is not exchanged between routers. The LMI type at one location does not have to match the LMI type at other locations.

Supported LMI Types

cisco default

ansi ANSI Annex D

q933a CCITT Q933a

Page 25: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

79Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

protocol address and a Frame Relay DLCI:frame-relay map-ip ip_address dlci [broadcast]

Again, the broadcast keyword is optional and should only be included if broadcast packets need to be forwarded out of the subinterface. In static routing examples, routing updates are not required and the keyword is omitted.

-point connection.

interface serial0.subinterface_# [point-to-point | multipoint]

A subinterface is treated as if it were a separate interface dedicated for a PVC to a remote site. Serial0 indicates that the subinterface belongs to the physical serial 0 interface, and subinterface _# is the unique subinterface ID number. The subinterface ID number can be any unique value between 0 and 4,294,967,295 and does not have to be in any particular order (i.e., it is not necessary to begin with 1 and sequentially progress with 2, 3, and so on). In fact, to reduce confusion, it is good practice to identify a subinterface with the same number as the DLCI used on that subinterface.

ip address ip_address subnet_mask

Lesson 10: Access Lists

of packets within a network based on information provided within the list. Standard IP access lists are very straightforward because the source IP address of a packet is the only criterion used to determine whether the packet should be permitted or denied.

Access lists can be used for a variety of reasons, including controlling the propagation and reception of

primary implementation, and the main topic of this lesson, is the implementation of the access list as a security mechanism.

Implementing Restricted Access You may choose to implement security policies for a variety of reasons, including, but certainly not limited to, the

Without the use of access lists, all packets within a network are allowed without restriction to all parts of the network.

an outside network such as the Internet. This type of access list is typically placed at the point of connection between the two networks. When an access list is used for interdepartmental isolation, the access list is typically placed at strategic locations within the internal network.

Page 26: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

80 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

The Basics of Standard IP Access ListsThe basic format of the standard IP access list is as follows: access-list [#] [permit | deny] [source_address | any] [source_mask]

An access list may contain multiple lines, each following the format shown above. The access list may specify multiple source IP addresses to be evaluated. Each line entry of the access list must maintain the same access list

-fore, the most general statements should be placed at the beginning of the list to avoid extra processing.

list based on the access list number that is assigned. The numbering range for standard IP access lists is from 1 through 99. All standard IP access lists must be numbered within this range.

After a number in the appropriate range has been assigned to the access list, the list dictates whether the packets to be evaluated will be permitted (allowed to pass) or denied (dropped and not allowed to pass). This is accomplished by using the permit or deny keyword in the access-list command. The keyword instructs the

permitted or denied.

The standard IP access list allows for a source mask to be applied to the source IP address. Although similar to the subnet mask that is applied to IP addresses, the source mask is somewhat different. When a source mask is used with IP access lists, a bit set to 0 means “match exactly,” and a bit set to 1 means “do not care”. For example, if you would like to include all hosts in the Class C network 192.1.1.0, the source address-source

second, and third octets of the address (192.1.1) must “match exactly” (indicated by 0.0.0, or all zeros, in the

(indicated by 255, or all ones, in the source mask for the fourth octet). The use of this source address-source mask combination allows a single line in the access list to include all hosts in the 192.1.1.0 network.

Using the keyword any is the same as using a source address-source mask combination of 0.0.0.0 255.255.255.255. The 255.255.255.255 source mask indicates that you “do not care” which bits are set in any

the router will, by default, use a source mask of 0.0.0.0 and “match exactly” the address entered.

After an access list has been created, the Cisco router will assume that any source IP addresses that are not explicitly permitted in the list will be denied. In other words, at the end of the access list, the router will implic-

1.1.1.1, all other source addresses will be implicitly denied.

Creating a Simple Standard IP Access ListNow we will discuss creating a standard IP access list using the following format:

access-list [#] [permit | deny] [source_address | any] [source_mask]

Page 27: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

81Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#access-list 1 permit host 1.1.1.1Router(config)#exitRouter#

permit statement for host address 1.1.1.1. Because the source mask was not speci-deny any statement at the end

Applying the Access List to an Interface

command for applying a standard IP access list to an interface is as follows:ip access-group [access_list_number] [in | out]

Access lists can be applied as either outbound or inbound on the router interfaces. When an access list is applied as an inbound list and the router receives an inbound packet, it checks the source address of the packet against the access list. The packet is routed to the destination interface if the source address matches a permit statement in the access list. The packet is discarded if the source address matches a deny statement in the access list.

When an access list is applied as an outbound list and the router receives a packet on an interface, the packet is routed to the appropriate outbound interface, and the source address of the packet is then checked against the access list. At this point, the router either permits the packet to exit the interface if its source address matches a permit statement in the access list or discards the packet if its source address matches a deny statement in the access list.

The following commands apply access list 1 to interface Ethernet 0 as an inbound access list. Note the in param-eter in the ip access-group 1 command.Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#int Ethernet 0 Router(config-if)#ip access-group 1 inRouter(config-if)#exitRouter(config)#exitRouter#

The following commands apply access list 1 to interface Ethernet 0 as an outbound access list. Note the outparameter in the ip access-group 1 command.Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#int Ethernet 0 Router(config-if)#ip access-group 1 outRouter(config-if)#exitRouter(config)#exitRouter#

Page 28: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

82 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Creating a More Advanced Standard IP Access ListIn this exercise, we will create access list 2 to meet the following criteria:

• Permit all packets originating from network 10.1.1.0 255.255.255.128.

• Deny all packets originating from network 10.1.1.128 255.255.255.128.

• Deny all packets originating from network 15.1.1.0, except for packets from a single host of 15.1.1.5.

The following commands will accomplish these goals: Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#access-list 2 deny 10.1.1.128 0.0.0.127 Router(config)#access-list 2 permit host 15.1.1.5 Router(config)#access-list 2 deny 15.1.1.0 0.0.0.255 Router(config)#access-list 2 permit any Router(config)#exitRouter#

permit statement for

, takes care of this criteria. Review the criteria, and verify that the necessary tasks have been completed:

• Permit all packets originating from network 10.1.1.0 255.255.255.128

The last line of the access list, , accomplishes this criterion. It is not necessary to explicitly permit the 10.1.1.0 255.255.255.128 network in the access list because no other statements in the access list deny this network.

• Deny all packets originating from network 10.1.1.128 255.255.255.128.

, accomplishes

of the fourth octet has been assigned to the subnet and the last seven bits have been reserved for host addressing. Thus, the source mask in the deny statement, 0.0.0.127, indicates that you “do not care”

• Deny all packets originating from network 15.1.1.0, except for packets from a single host of 15.1.1.5.

This has been accomplished with line two, , and line three, , of the access list. Remember that access lists

stipulated that packets from network 15.1.1.0 be denied and that packets from host 15.1.1.5 be permit-ted. If lines two and three had been swapped and the entire 15.1.1.0 network was denied prior to permit-ting host 15.1.1.5, packets with a source address of 15.1.1.5 would match the more general criteria of deny 15.1.1.0

Page 29: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

83Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

The last line of the access list, , accomplishes this by permit-

Bringing It All TogetherIn general, the process for creating and implementing standard IP access lists is as follows:

Create the access list with a number in the range of 1 through 99.

Apply the access list, either inbound or outbound, to the appropriate interface.

Items 1 and 2 above have been fairly well covered in this lesson. Lastly, the placement of the access list needs to be discussed. In general, standard IP access lists should be placed nearer to the destination than to the source. However, this is not an absolute rule; certain exceptions exist. Due to the fact that standard IP access lists only operate on the source address, detailed granularity is not always possible. Care must be taken to avoid imple-menting undesirable policies. If a standard access list is placed near the source, it is possible that access will be impeded to devices other than those intended.

For example, if access list 2, which we created in this lesson, were implemented as an inbound access list on the Ethernet interface of a router directly connected to the 15.1.1.0 network, the only host that would be allowed off the local segment would be 15.1.1.5. This access list would most likely be implemented as an outbound access

In the diagram below, assume that Workstation C has the 15.1.1.5 IP address and that Workstation D has the 10.1.1.133 IP address. You want to implement a policy for Workstation A that only allows Workstation C access from Ethernet C. You also want to implement a policy that will deny any access from Ethernet D. Access list placement is critical in this situation. If access list 2 from above is implemented as an outbound access list on

Ethernet B, which is undesired. The same scenario holds true if the access list is implemented as an inbound access list on Router 1’s serial interface. If you place this access list as an outbound access list on Router 1’s Ethernet A interface, the desired policy is intact without any unwanted policy implementations.

1.

2.

3.

Page 30: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

84 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Access List Cheat SheetWildcard masks have a variety of uses in access lists, but typically you will want to do one of the following:

• Match an entire subnet

• Match an IP range

• Match every host and any host

Here are some simple examples to accomplish these requirements.

All wildcard mask bits are zeros. For a standard access list to permit the host 192.168.0.58, you could use the following command:access-list 101 permit 192.168.0.58 0.0.0.0

Because standard access lists assume a 0.0.0.0 mask, you could rewrite the command as follows:access-list 101 permit 192.168.0.58

For an extended access list to permit the same host of 192.168.0.58, you should use one of the following commands:access-list 101 permit ip 192.168.0.58 0.0.0.0 any

ORaccess-list 101 permit ip host 192.168.0.58 any

Page 31: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

85Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Match an Entire SubnetThe key to matching an entire subnet is to use the following formula for the wildcard mask:Wildcard mask = 255.255.255.255 – subnet

So, for example, if the current subnet is 255.255.255.0, the mask would be 0.0.0.255, as calculated below:255.255.255.255 255.255.255.0 - 0.0.0.255

In this equation, subtract each octet separately since an IP address is not a whole number.

To permit access to the network of 200.0.18.0 with a subnet mask of 255.255.255.0, you should use the following commands.

Using a standard access list:access-list 101 permit 200.0.18.0 0.0.0.255

Using an extended access list:access-list 101 permit ip 200.0.18.0 0.0.0.255 any

To permit access to the network of 10.4.0.0 with a subnet mask of 255.255.0.0, you should use the following commands.

Using a standard access list:access-list 100 permit 10.4.0.0 0.0.255.255

Using an extended access list:access-list 100 permit ip 10.4.0.0 0.0.255.255 any

Match an IP Range

address from the higher IP address.10.3.31.25510.3.16.0 -0.0.15.255

In this case, the wildcard mask for this range is 0.0.15.255.

To permit access to this range, you should use the following commands.

Using a standard access list:access-list 100 permit 10.3.16.0 0.0.15.255

Using an extended access list:access-list 100 permit ip 10.3.16.0 0.0.15.255 any

Note that each non-zero value in the mask must be one less than a power of 2 (i.e., 0, 1, 3, 7, 15, 31, 63, 127, 255).

Match Every Host and Any HostThis is the easiest access list to create.

Page 32: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

86 Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

Using a standard access list:access-list 1 permit any

ORaccess-list 1 permit 0.0.0.0 255.255.255.255

Using an extended access list:access-list 1 permit ip any any

Lesson 11: SwitchesSwitches, which work at the Data Link layer (Layer 2) of the Open Systems Interconnection (OSI) model, concen-trate the point of attachment for workstations, servers, routers, hubs, and other switches. A switch provides a dedicated point-to-point connection between two networking devices; thus, collisions do not occur.

Switch ComponentsA switch includes all of the hardware components of a PC, including a CPU, RAM, and an internetwork operating system (IOS). A switch can be managed the same as a router; you can console into its console port, telnet to its IP address, and even change the IOS through the use of TFTP.

Switches use some of the same commands that routers use. To check information about the interfaces, you can use the show interfaces command. To display the IP information for the interfaces, use the show ip interfaces

show version command. To command.

The show mac-address-table command displays the MAC table for the switch. The MAC table is the table that matches all the ports on the switch with the MAC addresses it has learned.

Command-Line Interface

User Mode vs. Privileged ModeUser mode is indicated by the > prompt that follows the switch name. In user mode, you can look at some of the switch’s settings, but you cannot change them. In privileged mode, accessed by using the enable command in user mode and indicated by the # prompt, you can use the different show commands to view all settings on the

command. Switch>Switch>enableSwitch#

Accessing HelpTo view all commands available from this mode, type ?. This will display a list of all available commands in the current mode. You can also use the question mark after you have started typing a command. For example if you want to use a show command but you do not remember which one to use, type show ? to display all commands that you can use with the show command.r1#show ?

Page 33: Lesson 1: Introduction to the Cisco Routercourse.sdu.edu.cn/G2S/eWebEditor/uploadfile/20130910125516436.pdf · Boson NetSim for CCNA Lab Manual 55 NETSIM FOR CCNA LAB MANUAL Lab Primer

87Boson NetSim for CCNA Lab Manual

NETSIM FOR CCNA LAB MANUALLab Primer

access-expression List access expressionaccess-lists List access listsbackup Backup statuscdp CDP informationclock Display the system clockcls DLC user informationcompress Show compression statisticsconfiguration Contents of Non-Volatile memory--More--

command. You can exit end or pressing the CTRL+Z key combination.

Switch#config tSwitch(config)#end