CCNA
Network Interface Card (NIC)
NIC is the interface between the computer and the network.
It is also known as the LAN card or Ethernet card.
Ethernet card have a unique 48-bit address called as MAC (Media Access Control) address
Mac address is also called as Physical Address or Hardware address
The 48-bit MAC Address is represented as 12 Hexadecimal digits
Example: 0016.D3FC.603F
Network cards are available at different speeds.
Ethernet (10 Mbps)
Fast Ethernet (100 Mbps)
Gigabit Ethernet (1000 Mbps)
=== 25/6/24 ===
ARP - Address Resolution Protocol
With the help of ARP, MAC addresses are stored.
Source and destination has ARP table
In ARP table contain Source MAC address, IP address, destination IP, Broadcast (FFFF:FFFF:FFFF)
Switch
Aging time of switch is 5 min/300 sec
Static don’t have aging time. Only Dynamic will have an aging time.
Vlan | MAC add | Type | Port
Router
Console port (RJ45 — RS232)
RAM stores Running configuration (temp)
NvRAM stores startup configuration (permanent)
Flash stores IOS [Internetworking Operating System]
Cisco Packet Tracer
Ctrl + “obj”
To exit from setup mode to user mode ⇒ ctrl + C
Shift + ? — to know commands
‘Enable’ cmd to go to Privilege
Router> — user — ‘enable’ or ‘en’ ( use to enter Privilege mode)
Router# — Privilege Mode
Router(config)# — Global Configuration Mode
User mode, Setup Mode & Rommon Mode
User mode – NO
Setup Mode – Yes
Rommon Mode
Ctrl + Pause break (real time)
Ctrl + C (cisco package tracer)
Rommon mode is use to recover IOS
IOS is stored in Flash Memory
Rommon mode is used for Recovery (password, IOS recovery) & reset
=== 27/6/24 ===
Introduction of Router
Router:
It is an Internetworking device.
It enables communication between two or more different Logical Networks.
It is a Network Layer (layer 3) device.
It comes from the word “Route”. Hence it is also a device that finds the best route (path) for networks.
The IP of Router is the Default Gateway for all devices in LAN.
Types of Router:
There are two types of Routers
Hardware Router: Cisco, Juniper, Multicom, HP, Dlinks, Maipu etc,
Software Router: Microsoft Server, Linux Server
Types of Hardware Router:
Fixed Router (Non - Modular):
Fixed Routers are non-upgradable, cannot add or remove the Ethernet or Serial Ports.
Does not have any slot
It has fixed routers and the ports are integrated on the Motherboard. (fixed on Motherboard)
Modular Router:
Modular Routers are Upgradeable, can add or remove the interfaces as per our requirement.
No.of slots available depends on the series of the router.
Can add LAN and WAN cards.
Cisco Router Category:
Branch Routers
Network Edge and Aggregation Routers.
Service provider Routers.
Branch Routers (SOHO):
Routers used by Small Organization and Branch Offices.
Router Series – Models
800 Series - 810, 860, 880
1900 Series - 1905, 1921, 1941
2600 Series - 2610, 2611, 2620
2800 series - 2811, 2851
2900 series - 2901, 2911, 2921
Network Edge and Aggregation Routers:
Routers that are used at large organizations / Campus and head office.
Routers Series – Models
1000 Series - 1001, 1002, 1004
5000 series - 5001, 5002
5500 series - 5508
Service Provider Router: (ISP)
Routers that are used by the Service providers
Router Series
6000 series
9000 series
External Components of Router
LAN Interfaces - RJ - 45 Ports:
Routers have RJ - 45 ports to connect the router to the LAN.
The speed of the RJ - 45 ports can be
10 Mbps Ethernet
10 / 100 Mbps Fast Ethernet
10 / 100 / 1000 Mbps Gigabit Ethernet
Serial Port:
Serial port is used for WAN connectivity
Serial port is available as
60 pin female connectors
Smart serial 26 pin female connectors
HWIC:
High - speed WAN interface cards (HWICs) provide connectivity to a Wide Area Network.
Console Port:
It is a Local Administrative port.
It is a RJ - 45 port. (RJ - Registered Jack)
It is used for Initial Configuration and Advance Troubleshooting.
Note: It is the most important and sensitive port on the Router. Console cable is blue in color
Auxiliary port:
It is a Remote Administrative Port used for Remote Administration / Configuration.
It's an RJ - 45 port. (RJ - Registered Jack)
A Console / Rollover cable is used to connect the Auxiliary port to a dial up modem.
Interfaces of a Router:
LAN interface
RJ 45 Ethernet / Fast Ethernet / Gigabit Ethernet
WAN Interface
Normal Serial Interface
Smart Serial Interface
Administrative Interface
Console
Auxiliary
Internal Components of Router
ROM (Read Only Memory)
It contains a Bootstrap program which searches and loads the O.S
It is similar to the BIOS of a PC.
It also contains a ROMMAN for advance troubleshooting.
Flash Memory:
The Internetwork Operating System (IOS) is stored here.
IOS is a Cisco proprietary operating system.
NvRAM (Non - Volatile Random Access Memory):
NvRAM is similar to a hard disk.
It is also known as permanent storage.
The startup configuration is stored here.
RAM (Random Access Memory)
It is also called the Main Memory.
It is a Temporary Storage.
The Running Configuration is stored here.
==> Boot Sequence:
Initial Configuration of Router
Access Router through Console:
Cisco Routers and Switches do not have any default IP address or Configuration, hence its required to use the console port for initial configuration.
Require physical connection between the Cisco Router/Switch and PC via Console Cable.
Emulation Software:
Windows:
Hyper - Terminal / Putty / Teraterm
Linux
Minicom -s
Modes of the Router:
Setup Mode
User Mode
Privileged Mode
Global Configuration Mode
Interface Mode
Line Mode
Setup Mode:
The Router enters into the Setup Mode if the NvRAM is Empty.
— System Configuration Dialog —
User Mode:
Only some basic monitoring and limited show commands work in this mode.
Example of commands: enable, Ping, Traceroute, etc.
Privilege Mode:
Monitoring, Troubleshooting and Verification commands work in this mode.
Example of Commands: Show, configure terminal, write, etc
Global Configuration Mode:
Configuration changes made in this mode affects the operation of the device as a whole.
Example of commands: hostname, etc.
Terminal - 9600 (more than 9600)
Ctrl + C - Close
User ⇒ Privilege
? = terminal help
‘Enable’ to enter privilege mode
Router# - ‘configure terminal’ to enter global mode
Router(config)# “Interface fastEthernet 0/0” command to Enter - interface mode
CTRL + Z - exit
To check OS in Router:
To check Router all Interface in Details
To check Running Configuration
To check Startup Configuration:- NvRAM
To change Hostname
‘Write’ to save the configuration
==> To Configure IP address on FastEthernet:
AMP(config)# interface fastEthernet 0/0
AMP(config-if)# ip address 192.168.1.254 255.255.255.0
AMP(config-if)# no shutdown
==> To Check CAM table in switch:
switch# show mac-address-table
==> To Delete Startup Configuration
Router# erase startup-config
==> Interface Mode:
Commands given in this mode will apply to a specific network interface.
I.e. Fastethernet 0/0 or Serial 0/0
Example of commands: ip address, no shutdown etc
Router(config-if)#
==> Line Mode:
Commands given in this mode will apply to specific Physical or Virtual lines.
I.e. console, Auxiliary or VTY
Example of Commands: Password, no shutdown etc.
Router(config-line)#
=== 2/7/24 ===
Wan Connectivity Representation
Device Classification
Serial-back-to-back cable:
When the distance between two Routers is short, a special V.35 Back-to-Back cable is used to replace the copper wire, CSU/DSU and MUX.
For data communication using Back-to-Back serial cable, one end has to be a DCE and the other has to be a DTE
IP Routing
IP Routing
Routing is the process of moving IP Packets from one network to another network.
Routing involves two basic activities:
Determining the Best paths.
Forwarding Packets through these best paths.
Conditions for IP Routing:
The HO (head office) Router FastEthernet IP address should be in the same network as the HO LAN and similarly the BO (branch office) Router FastEthernet IP address should belong to the same network as the BO LAN.
The Serial interface IP between the HO and the BO should be in the same IP network.
HO LAN and BO LAN should be on different IP networks.
All interfaces of a Router should be in a different IP network.
Types of Routing:
Static Routing
Dynamic Routing
Default Routing
Static Routing
Static Routing:
Static routes are configured, maintained and updated by network administrator manually
Administrator should know the destination IP network for configuration.
Administrative distance for Static Route is 1.
Administrative Distance (AD) is the “reliability” of the routing protocol AD range is 0-255, lesser the administrative distance, higher the Priority.
Enabling Routing on IPv4 Network - Verification:
Verify the Routing table
Router# show ip route
Static Routing on IPv4 Network - Configuration:
Router(config)# IP Route <Destination Network ID> < Destination Subnet Mask> <Next Hop IP address>
Static Routing on IPv4 Network - Verification:
Verify the routing table:
Router# show IP route
Note: Static Routing only, we need to advertise Indirectly Network.
DHCP
==> DHCP Reservation:
TELNET
It is an Application Layer Protocol of OSI model.
It uses port no. 23.
It is a TCP base service.
It is a Command Line Interface used for Remote Login.
It is a Secure Service because it needs administrative login and password.
TELNET CONFIGURATION:
R1(config)#enable secret cisco
R1(config)#line vty 0 2
R1(config-line)#password 12345
R1(config-line)#login
R1(config-line)#exit
Note: For Telnet configuration we need to set Privilege Password. Then we can Access Remotely.
For Access Router: Go to any PC in Command Prompt Type: telnet 192.168.1.254 (Router IP)
To set Console Port Password:
R3 (config) #line console 0
R3(config-line)# password CCNA
R3(config-line)# login
R3(config-line)#exitTo Remove Console Port Password:
R3(config)#line console 0
R3(config-line)# no password
R3(config-line)#no loginTo set privilege mode password:
R3(config)#enable password 123
To Remove Privilege Mode Password
R3(config)#No Enable Password
To Set Privilege Mode Secret
R3(config)#Enable secret 12345
To remove privilege mode secret:
R3(config)#no enable secret
To Enable password Encryption for all:
R1(config)# service password-encryption
Disable password Encryption for all:
R1(config)#No services password-encryption
Default Routing
==> Default Routing:
A default route or gateway of last resort, allows traffic to be forwarded, even without a specific route to a particular network.
The default route is identified by all zeros in both the network & subnet mask (0.0.0.0 0.0.0.0).
It is generally configured for accessing the internet, where destination is unknown.
It is the least preferred route in the routing table.
Default routing on IPv4 network - configuration
Router(config)#ip route <destination network ID> <Destination subnet mask> <Exit interface type> <exit interface No>
Ex: IP route 0.0.0.0 (dip destination ip) 0.0.0.0 (destination subnet mask) Net hope ip address
SSH
SSH stands for Secure Shell.
It uses a cryptographic algorithm to encrypt sessions.
It is used by TCP, port no. 22.
It is more secure than Telnet.
==> SSH CONFIGURATION
R1#show users (For Check Users)
R1(config)#enable secret cisco
R1(config)#ip domain name jet.com
R1(config)#crypto key generate rsa (usually 1024 or 2048 bits)
R1(config)#username imran password 123 (For Create Users)
R1(config)#line vty 0 1
R1(config-line)#login local
R1(config-line)#transport input ssh
For Access Router: Go To Any Pc in Command Prompt:-
Type: ssh -l imran 192.168.1.254 (Router IP)
Enable Secret Password:
R1(config)#enable secret cisco
This command sets the enable secret password to “cisco”. This password is used to access privileged EXEC mode.
Set Domain Name:
R1(config)#ip domain name jet.com
This command sets the domain name of the router to “jet.com”. The domain name is required for generating the RSA keys.
Generate RSA Keys:
R1(config)#crypto key generate rsa
This command generates the RSA key pair, which is necessary for SSH encryption. You’ll be prompted to specify the key size (usually 1024 or 2048 bits).
Create a Local User:
R1(config)#username imran password 123
This command creates a local user with the username “imran” and the password “123”. This user will be used for SSH login.
Configure VTY Lines:
R1(config)#line vty 0 1
This command enters the configuration mode for virtual terminal lines 0 and 1. VTY lines are used for remote access.
Enable Local Login:
R1(config-line)#login local
This command tells the router to use the local user database for login authentication on the VTY lines.
Enable SSH Input:
R1(config-line)#transport input ssh
This command restricts the VTY lines to accept only SSH connections, enhancing security by disabling Telnet access.
BANNER
Banner(1)motd (msg of the day)
DELHI(config)#banner motd #Welcome To Delhi Router#
DELHI(config)#banner login #Authorized Person Only!!!!!!!!#
Note:
Login Banner will Work With Telnet
Motd Banner Will Show When We Will Connect Physically.
Dynamic Routing
==> Dynamic Routing
Overview of Routing Protocol:
Purpose of Routing protocol includes the following functions:
Discover the neighbor, finding the best paths
Maintaining the up-to-date routing information
Choosing the best path in available paths.
Whenever the best path is going down, finding the new path and forwarding the data through that path.
Advantages of Dynamic Routing:
Automatic updates.
Changes in the network topology are updated dynamically.
Only the directly connected network information is required for the configuration.
Less Administrative work.
Selecting the best path to destination networks.
Finding the second best path if the best path is no longer available.
More Scalable
Used for medium and large Networks.
Types of Dynamic Routing Protocols:
Classful v/s Classless Routing Protocol:
Routing Information Protocol (RIP)
RIP Characteristics:
Distance Vector Protocol.
Open standard
Uses Bellman Ford Algorithm
Classless routing protocol
Metric = Hop Count
Maximum hop count is 15.
Updates are sent through the multicast address 224.0.0.9
RIP sends periodic updates for every 30 seconds.
RIP supports equal cost load balancing by default 4 paths (maximum upto 16 paths)
Complete routing table is sent as update
Each update can contain a maximum of 25 routes.
Administrative distance is 120.
Uses the UDP port no: 520
Also known as “Routing by Rumor”.
Loopback Interface:
A Loopback interface is a virtual interface that resides on a router.
Loopback interfaces are very useful because they will never go down, unless the entire router goes down.
By default, the router doesn’t have any loopback interface (loopback interfaces are not enabled by default), but they can easily be created.
Loopback Interface - Configuration:
Router(config)# interface loopback <interface no.>
Router(config-if)# ip address <ip address> <subnet mask>
Router(config-if)# end
RIP on IPv4 Network - Configuration:
Router(config)# ip routing
Router(config)# router rip
Router(config-router)# version 2
Router(config-router)# network <Network ID>
RIP on IPv4 Network - Configuration
RIP on IPv4 Network - Verification
Verify the routing table
Router# show ip route
To verify the protocols
Router# show ip protocols
RIP Timer
Update Timer: 30 sec
Time between two consecutive updates
Invalid Timer: 180 sec
Time a router waits to hear an update from the neighbor
The route is marked as unreachable if there is no update for this time period.
Flush Timer: 240 sec
Time after which the invalid route is removed from the routing table.
RIP Updates
To verify the RIP Timers
Router# show ip protocols
Verify RIP Update Packets
Router# terminal monitor
Router# debug ip rip
Change RIP Timers
Router (config)# router rip
Router (config-router)# timers basic <update timer> <invalid timer> <holddown time> <flush timer>
HYD-1 (config)# router rip
HYD-1 (config-router)# timer basic 15 30 90 90
HYD-1 (config-router)# end
Passive interface
Passive interface is configured to stop the updates to exit out of the interface.
If a passive interface is configured between the routers no updates will be exchanged.
Configure Passive interface
Router(config)# router rip
Router(config-router)# passive-interface <interface type><no.>
HYD-1 (config)# router rip
HYD-1 (config-router)# passive-interface FastEthernet0/0
HYD-1 (config-router)# end
Summarization
Combining the continuous networks in one full network and advertising to the neighboring router is called a summarization.
Advantages of summarization
Less number of updates
Reducing the size of the routing table.
Disable Auto-summary
Router(config)# router rip
Router(config)# no auto-summary
Router(config-router)# end
=== 13/7/24 ===
To Take Backup of Startup Configuration on TFTP Server
==> To Take Backup Startup Configuration on TFTP Server
TFTP Server IP: 192.168.1.200
Copy Startup Configuration
R1#Copy Startup-config TFTp:
Address or name of remote host []? 192.168.1.200
Destination filename [R1-confg]?
Writing startup-config...!!
[OK - 1344 bytes]
Delete Startup Configuration
R1#erase Startup-config
Note:- Restart Router All Configuration Will be Erased.
For Startup Configuration Restore from TFTP Server
Note:- We Need To Establish Connection Configure IP Address of Serial 0/1/0 OR Fa0/0
Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 192.168.1.5 255.255.255.0
Router(config-if)#no shutdown
Router#ping 192.168.1.200
Router#copy tftp: startup-config
Address or name of remote host []? 192.168.1.200
Source filename []? R1-confg
Destination filename [startup-config]?
Accessing tftp://192.168.1.200/R1-confg…
Loading R1-confg from 192.168.1.200: !
[OK - 1024 bytes]
Note:- We Can Copy Startup Configuration into RAM
(Router#copy startup-config running-config)
Otherwise Restart Router. Router Will Load Startup Configuration From NVRAM.
=== 15/7/24 ===
ROUTER IOS BACKUP & RECOVERY FROM TFTP SERVER
Copy Flash to Tftp server
R1#show flash: (To Check IOS)
2800nm-advipservicesk9-mz.151-4.M4.bin
R1#copy flash: tftp: (To Copy)
Source filename []? 2800nm-advipservicesk9-mz.151-4.M4.bin (IOS Name in flash)
Address or name of remote host []? 192.168.2.200 (TFTP Server IP)
Destination filename [2800nm-advipservicesk9-mz.151-4.M4.bin]?
Writing 2800nm-advipservicesk9-mz.151-4.M4.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 33591768 bytes]
How To Delete IOS
R1#delete flash:
Delete filename []?2800nm-advipservicesk9-mz.151-4.M4.bin
Delete flash:/2800nm-advipservicesk9-mz.151-4.M4.bin? [confirm]
R1#show flash:
No IOS is There.............
Note: if You Will Restart Router Then It Will Boot From rommon Mode.
R1#reload (to restart a router)
How To Recover IOS/ROMAN From TFTP Server
Note: We Need To Use Cross Cable To Connect Router To TFTP Server. Connect Fa 0/0 to the TFTP server directly.
rommon 1 > tftpdnld
rommon 2 > IP_ADDRESS=192.168.2.20 (assign a IP Address to router)
rommon 3 > IP_SUBNET_MASK=255.255.255.0 (Assign a Subnet Mask)
rommon 4 > DEFAULT_GATEWAY=192.168.2.200 (Assign TFTP Server IP as Default Gateway)
rommon 5 > TFTP_SERVER=192.168.2.200 (TFTP Server IP Address)
rommon 6 > TFTP_FILE=2811.bin (Router IOS File name)
rommon 7 > tftpdnld
Do you wish to continue? y/n: [n]: y
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
rommon 8 > reset
PASSWORD RECOVERY
PASSWORD RECOVERY:
It is 16-bit value, represent in the form of hexadecimal
It is stored in the NvRAM
It tells the Booting Behavior of Router.
By default, Register Value is 0x2102
Step 1:
Power off / On Router
Press CTRL + Break key (CTRL + C)
Rommon 1> confreg 0x2142
Rommon 2> reset
Router# copy startup-config running-config
R1(config)# line console 0
R1(config-line)# no login
R1 (config-line)# no password
R1 (config-line)# exit
R1 (config)# no enable password
R1 (config)# exit
R1 (config)# write
After that we have to change config register value to boot from NvRAM
R1(config)#config-register 0x2102
=== 17/7/24 ===
RIP-V2
RIP-V2 Configuration
==> RIP V2 Configuration Networks:
=====================================================
Subnet:-1 192.168.1.1/26
DHCP 192.168.1.0/26
DG 192.168.1.1
Subnet:-2 192.168.1.65/26
DHCP 192.168.1.64/26
DG 192.168.1.65
Subnet:-3 192.168.1.129/26
DHCP 192.168.1.128/26
DG 192.168.1.129
==> RIP v2 Configuration <==========
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 192.168.1.0
R1(config-router)#network 10.0.0.0
R1(config-router)#network 11.0.0.0
R1(config-router)#no auto-summary
*****************************************************************************
EIGRP
EIGRP (Enhanced Interior Gateway Routing Protocol)
Advance Distance Vector Routing Protocol.
Open standard was Cisco proprietary.
Diffusing update algorithm (Dual)
Classless Routing Protocol
Metric = Composite Metric + Bandwidth, load, Delay, Reliability, MTU (Maximum Transmission Unit)
Updates are sent as Multicast (224.0.0.10) or Unicast
The EIGRP protocol alone supports equal and unequal cost load balancing.
Default of 4 paths and maximum of 16 paths.
EIGRP Characteristics:
Administrative Distance is 90.
Maximum Hop count is 255 (Default 100)
Hello timer - 5 seconds, Hold on timer - 15 seconds
Supports Multiple Routed Protocols - IP, IPX, APPLETALK.
EIGRP Protocol number 88.
==> EIGRP Table:
Neighbor Table:
Contains information about directly connected neighbors.
Topology Table:
Contains entries for all destinations, along with feasible distance and the advertised distance.
Contains the successors.
Contains feasible successor if any
Routing Table:
Entries with the best path for each destination from the topology table are moved into the Routing table.
==> Autonomous Systems:
The Autonomous System is a collection of routers under one common administration.
Autonomous system is identified by numbers.
Autonomous systems range from 0 - 65535
Public: 1 - 64511
Private: 64512 - 65535
=== 18/7/24 ===
==> Routing Protocol Classification:
==> EIGRP Metric:
EIGRP uses the default metric as Bandwidth and Delay
Metric =(BW + Delay) * 256
Metric = ((107/lowest bandwidth in kbps) + (sum of total Delay / 10)) *256
==> Router ID:
The Router - ID is used to identify the router in EIGRP.
First preference is given to the Router-Id command.
Second preference is given to the highest loopback interfaces configured on the router.
Third preference is given to the highest physical IP Address.
==> To find a Wildcard Mask.
255.255.255.255 - subnet mask = wildcard mask
#Router EIGRP
#Router EIGRP 100
#Network 192.168.1.0 0.0.0.63
#Network 10.0.0.0 0.0.0.255
#Network 12.0.0.0 0.0.0.255
==> EIGRP Configuration:
Port Security
Port Security Configuration
S1 Side:
Note: Send Packet All PC Then Mac-Table Will Be Update.
S1(config)#interface range fastEthernet 0/1-9
S1(config-if-range)#switchport port-security
Command rejected: FastEthernet0/1 is a dynamic port.
Command rejected: FastEthernet0/2 is a dynamic port.
Command rejected: FastEthernet0/3 is a dynamic port.
Command rejected: FastEthernet0/4 is a dynamic port.
Command rejected: FastEthernet0/5 is a dynamic port.
Command rejected: FastEthernet0/6 is a dynamic port.
Command rejected: FastEthernet0/7 is a dynamic port.
Command rejected: FastEthernet0/8 is a dynamic port.
Command rejected: FastEthernet0/9 is a dynamic port.
Note: We Need To Convert Access Port Then We Can Configure Port Security.
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport port-security mac-address sticky
S1(config-if-range)#switchport port-security maximum 1
S1(config-if-range)#switchport port-security violation shutdown
S1#show port-security
S1#show port-security address
S1#show port-security interface fastEthernet 0/9 ( Check Port Security Selected Interface)
S1#show port-security
S1#show ip interface brief
Again UP Interface
S1(config)#interface fastEthernet 0/9
S1(config-if)#shutdown
S1(config-if)#no shutdown
Note: Now Connect Previous PC And Get IP Address... It Will Work....
Remove Port Security
S1(config)#interface range fastEthernet 0/1-9
S1(config-if-range)#no switchport port-security
OSPF (Open Shortest Path First)
It is the Link State Protocol.
It is Open Standard.
OSPF is the successor of RIP.
It works with Dijkstra SPF (Shortest Path First) Algorithm.
Classless Routing Protocol.
Update are sent through Multicast IP Address 224.0.0.5 and 224.0.0.6
OSPF sends Incremental / Triggered Updates.
OSPF Hello Packets are sent every 10 sec and Hold Timer is 40 sec.
Administrative Distance (AD) is 110.
Metric = cost =(10)8/Bandwidth in bps (Cisco)
Load Balancing via 4 equal cost paths by default (unequal cost load balancing not supported).
Unlimited Hop Count.
Faster Convergence.
Hierarchical network design.
One area has to be designated as Area 0.
Area 0 is called the backbone area.
Maintains a similar database on all the routers within an area.
Router ID is used to identify each router.
Router ID:
Router ID is used to identify the router.
Router ID is 32 Bit Address.
The highest IP assigned to an active physical interface is the Router ID.
More preference is given to logical interfaces (if configured).
If a logical interface is configured then the highest IP Assign to a logical interface (Loopback) is the router ID.
Highest Preference is given to Router ID Command.
OSPF Metric Calculation:
The OSPF metric is not defined in standards.
Every vendor uses a different formula to calculate metric.
OSPF Metric in Cisco = cost =(10)8/Bandwidth in bps
Ex:
OSPF Packets Type:
Hello Packet
Database Description (DBD)
Link - State Request (LSR)
Link - State Update (LSU)
Link - State Ack
OSPF Packets Types:
Hello Packet:
Hello packets are OSPF Packet Type 1.
These packets are multicast periodically to 224.0.0.5 multicast addresses on all interfaces.
Discovers neighbors and builds adjacencies between them.
It helps to discover the Neighbor.
Database Description (DBD) Packet:
The DBD packets are OSPF Packet Type 2.
Link-state routing protocol, it is required that the link-state databases for all routers remain synchronized. The synchronization starts as soon as the adjacency is formed between neighbors. OSPF uses Database Descriptor (DBD) packets for this purpose.
DBD Packet Checks for database synchronization between routers.
DBD Helps to check the LSDB (Link-State Database) between the neighbors are the same.
Link-State Request (LSR) Packet:
The Link State Request (LSR) Packet is an OSPF packet Type 3.
After the DBD (Database Description) packets exchange process, the router may find it does not have an up-to-date database. The LSR (Link-State Request) packet is used to request pieces of the neighbor database that is more up-to-date.
LSR (Link-State Request) Packets Requests Specific link-state records from Neighbor.
Link-State Update (LSU)
Link State Update (LSU) packets are OSPF packet Type 4.
Link State Update (LSU) Packet sends specifically requested link-state records.
Link State Update (LSU) Packet Reply to the link-state request.
Link-State Acknowledge (LSAck):
Link State Acknowledgement (LSAck) packets are OSPF packets Type 5.
OSPF requires acknowledgement for the receipt of each LSA(Link-State Advertisement). Multiple Link-State Advertisements (LSAs) can be acknowledged in a single Link-State Acknowledge (LSAck) packet.
OSPF is a reliable Protocol, so it needs to be Acknowledged.
Neighbor:
Neighbors are discovered by Hello Packets.
To become neighbors the following should match.
Area ID.
Network ID
MTU (Maximum Transmission Unit) packets
Hello and Dead Intervals.
Authentication (if configured).
Adjacencies:
Adjacencies are formed once neighbor relation is established.
In Adjacencies the database details are exchanged.
OSPF Tables
It maintains three tables.
Neighbor Table
Neighbor table contains information about the directly connected OSPF neighbors forming adjacency.
Also known as the adjacency database.
Contains list of recognized neighbors.
Database Table
Database table contains information about the entire view of the topology with respect to each router.
Typically referred to as LSDB (Link-State Database)
Contains information about all routers and their attached links in the area or networks.
Routing Table:
Routing table contains information about the best path calculated by the shortest path first algorithm in the database table.
Commonly named as forwarding database.
Contains list of best paths to each destination.
The Solution: OSPF Hierarchical Routing:
Link-state routing can have Hierarchical network design.
Maintains a similar database on all the routers within an area.
Minimizes routing update traffic.
Minimizes routing table entries.
Localizes the impact of a topology change within an area.
This two-level hierarchy consists of the following:
Transit area (backbone or area 0)
Regular area (non-backbone areas)
==> Physical Configuration of Router:
Putty or Mobaxterm
Putty: serial → open
Control panel → Program & features → turn on windows features → telnet client (install)
Switching
Ethernet:
A technology originated by the University of Hawaii, later adopted by Xerox corporation.
Ethernet is the most popular physical layer LAN technology.
Ethernet standard known as IEEE Standard 802.3
Ethernet speed is 10 Mbps
Types of Ethernets
Ethernet
FastEthernet
GigabitEthernet
10 GigabitEthernet
FastEthernet:
The Fast Ethernet standard (IEEE 802.3u) has been established for Ethernet networks that need higher transmission speeds.
FastEthernet speed is 100 Mbps
Gigabit Ethernet
Gigabit Ethernet was developed for faster communication networks with applications such as multimedia and Voice over IP (VoIP)
Gigabit Ethernet standards are IEEE 802.3ab and IEEE 802.3z (optical fiber)
Gigabit Ethernet speed is 1000 Mbps i.e 1Gbps
10 Gigabit Ethernet
10 Gigabit Ethernet is the fastest and most recent of the Ethernet standards i.e. IEEE 802.3ae.
10 Gigabit Ethernet is based entirely on the use of optical fiber connections.
10 Gigabit Ethernet speed is 10000 Mbps i.e. 10 Gbps
Broadcast Domain:
A broadcast domain is a set of network devices for which a broadcast frame sent by one device is received by all other devices in the LAN segment.
Collision Domain:
A collision domain is a set of network devices for which a frame sent by one device could result in a collision with a frame sent by any other device in the same LAN segment.
Types of Switches:
Manageable Switches:
On a Manageable switch an IP address can be assigned and configurations can be made. It has a console port.
Unmanageable switches
On an Unmanageable switch configuration cannot be made, an IP address cannot be assigned as there is no console port.
Campus Network
Campus is a LAN network supporting larger buildings or multiple buildings close to a specific area.
Cisco uses three terms to describe the role of each switch in a campus design.
Access Layer
Distribution Layer
Core Layer
Cisco’s Hierarchical design for switches:
Access Layer Switches: Switches series: 1900, 2950, 2960
Distribution Layer Switches: Switches Series:
Fixed: 3550, 3560, 3750
Modular: 4500, 5500
Core Layer Switches: Switches Series: 6500
Initial Configuration of Switch
Initial Configuration:
Duplex and Speed:
Switch automatically adjusts duplex mode and speed depending upon the remote device.
We can set duplex mode and speed to match any of the supported modes.
Interface Speed & Duplex – Configuration
Switch (config)# interface <interface type><no.>
Switch (config-if)# speed { 100 | 1000 | 10000 | auto }
Switch (config)# interface <interface type><no.>
Switch (config-if)# duplex { full | half }
Methods of Switching:
Cisco switches supports three types of switching
Store and forward
Cut through
Fragment free
Store and Forward
This is the basic mode of switching.
Switch stores the entire frame into memory and performs CRC check, to ensure the frame is not corrupted.
A frame less than 64 bytes and greater than 1518 bytes is invalid, only valid frames are processed, invalid are dropped.
Latency is more
Cut Through
The switch reads only the first 6 bytes of frame that is the destination MAC address.
This is the fastest method of switching.
Invalid frames are processed.
Fragment Free
This is the best method for switching.
Switch checks only the first 64 bytes of frames for error.
It processes only those frames that have the first 64 bytes valid.
Any frame less than 64 bytes is called a RUNT and this frame is invalid.
Low latency.
Virtual LAN (VLAN)
Virtual LAN
Divides a Single Broadcast domain into Multiple Broadcast domains.
VLANs group interfaces to create a smaller broadcast domain.
It provides Layer 2 Security.
By default all ports of the switch are in VLAN1.
VLAN1 is known as Administrative VLAN or Management VLAN.
VLAN can be created from 2 - 1001
VLAN information is stored in vlan.dat on the flash memory of the switch.
VLAN - Configuration
Creating VLAN
Switch (config) # vlan < vlan number >
Switch (config-vlan) # name < name >
Switch (config-vlan)# exit
Implementation of VLAN
Switch (config)# interface <interface type> <interface no>
Switch (config-if)# switchport mode access
Switch (config-if)# switchport access vlan <vlan ID>
Switch (config-if)# exit
VLAN - Verification
switch# show vlan
switch# show interface <interface type><interface no.> switchport
Trunk
Trunk:
Trunk port allows multiple VLAN traffic to pass through a single physical connection by adding a header to Ethernet frame.
Trunking protocols of two different types.
VLAN Tagging
VLAN Tagging is used when a link needs to carry traffic for more than one VLAN.
Each frame has a tag that specifies the VLAN it belongs to.
Tag is added to the frame when it goes on to the trunk and tag is removed when it leaves the trunk.
Switch forwards the frame to a particular VLAN based on tag information.
Trunk - Configuration
Switch (config)# interface <interface type> <interface no.>
Switch (config)# switchport mode trunk
Switch (config-if)# switchport trunk allowed vlan <vlan id / all>
Switch (config-if)#end
Note: you can configure switchport mode trunk on only one switch and it’s works.
Trunk – Verification
Switch# show interface trunk
Switch# show interface <interface type><interface no.> switchportNative VLAN
The native VLAN is the only VLAN whose frames are not tagged on a trunk, i.e. native VLAN frames are transmitted unchanged.
By default VLAN 1 is native VLAN, we can configure another VLAN as native VLAN.
Native VLAN – Configuration
Switch (config)# interface<interface type><interface no.>
Switch (config-if)# switchport trunk native vlan <vlan id>
Switch (config-if)# endNative VLAN - Verification
Switch # show interface trunk
Dynamic Trunking Protocol (DTP)
Dynamic Trunking Protocol (DTP)
DTP is a Cisco proprietary protocol.
DTP is responsible for dynamically negotiating trunks between switches.
DTP is enabled in all Cisco switches by default.
DTP modes
Dynamic desirable
Dynamic auto
DTP Modes
DTP - Configuration
Switch(config)# interface<interface type><interface no.>
Switch(config-if)# switchport mode { dynamic auto | dynamic desirable}
Switch(config-if)# end
DTP – Verification
Switch# show interface trunk
Switch# show interface <interface type><interface no.> switchport
=== 29/7/24 ===
VLAN Trunking Protocol [VTP]
VLAN Trunking Protocol [VTP]
Cisco proprietary protocol created to maintain VLAN configuration consistency throughout the network.
It provides accurate VLAN tracking and monitoring.
Dynamic reporting of added VLANs.
“Plug-and-play” configuration when adding new VLANs
VTP only works when trunking is configured on FastEthernet or higher ports.
Note: Switches should be configured with the same Domain Name. Domain Names are Case sensitive.
VTP Modes
Server
Default mode
Create, Modify and Delete VLANs
Forwards advertisements
Synchronizes
Client
Cannot create, Modify or delete VLANs
Does not store VLAN Information in the NVRAM
Forwards advertisements
Synchronizes
Transparent
Create, Modify and Delete local VLANs only
Forwards advertisements
Does not synchronize
VTP - Configuration
Switch (config)# vtp mode { server | client | transparent }
Switch (config)# vtp domain <name>
Switch (config)# vtp password <password>
VTP - Verification
Switch# show vtp status
Switch# show vtp password
=== 30/7/24 ===
Inter-Vlan Routing
Inter-Vlan Routing:
Inter-vlan routing is a process of forwarding the traffic from one vlan to other vlan using a router.
The port where the router is connected on switch should be configured as trunk to allow multiple vlan traffic.
The physical interface on router is divided into multiple sub-interfaces
Each subinterface is associated with one VLAN and one IP subnet.
This is also called a Router on a stick.
Routing Between VLANs
Routing between VLANs can be done in below ways:
Using multiple physical links called as legacy inter-vlan routing.
Using a single link and creating sub-interfaces called “router on a stick”.
Using the multilayer switch.
Router on a Stick - Configuration
Creating Sub Interface
Router(config)# interface Fastethernet 0/0.<no.>
Router (config-subif) # encapsulation dot1Q <vlan id>
Router (config-subif) # ip address <ip> <subnet mask>
Router (config-subif) # exitEnable IP Routing
Router (config)# ip routing
Router on Stick - Verification
Router# show ip route
LAB
=== 31/7/24 ===
Cisco Discovery Protocol (CDP)
Cisco Discovery Protocol (CDP)
It is a Cisco proprietary protocol.
CDP is enabled by default in all Cisco devices.
CDP advertisements are sent through all the ports by default.
CDP Advertisements are sent every 60 seconds.
CDP Advertisements are sent via multicast address 01:00:0c:cc:cc:cc.
Advantages of CDP
Once layer 1 is active CDP sends the information to its active neighbors.
It can be used for layer 1, layer 2, layer 3 troubleshooting.
Information advertised by CDP
Logical address (if defined)
Hostname
Hardware Platform
IOS Version
Interface Type and Interface Number of local and remote devices connected.
CDP - Configuration
Switch (config)# cdp run
CDP Verification
Switch# show cdp neighbors
Switch# show cdp neighbor detail
Disadvantages of CDP
CDP can be used only between Cisco devices.
Information about only directly connected neighbors can be known.
Lab
Link Layer Discovery Protocol (LLDP)
Link Layer Discovery Protocol (LLDP)
Open Standard Protocol - IEEE 802.1AB
LLDP is a neighbor discovery protocol used by devices for advertising information about themselves to other devices on the network.
By default it is disabled on cisco devices, we need to manually enable it on devices.
LLDP Advertisements are sent every 30 seconds.
LLDP Advertisements are sent via multicast address 01:80:c2:00:00:0e
LLDP - Configuration
Switch (config)# lldp run
LLDP - Verification
Switch# show lldp neighbors
Switch# show lldp neighbor detailNote:
To run LLDP, first turn off the CDP (no cdp run)
=== 1/8/24 ===
Access Control List [ACL]
===> Access Control List [ACL]
Standard ACL
Can be named or numbered.
The access-list number range is 1 - 99
Can block a Network, Host and Subnet. (not selected services)
All services are blocked.
Filtering is done based on only the source IP address.
Extended ACL
Can be named or numbered.
The access-list number range is 100 - 199
We can allow or deny a Network, Host, Subnet and Service.
Selected services can be blocked.
Filtering is done based on source IP, destination IP, protocol, port no.
WildCard Mask for Single Host
Default mask for one single host always = /32 = 255.255.255.255
Global Subnet Mask - Subnet Mask = Wildcard mask
255.255.255.255 - 255.255.255.255 = 0.0.0.0
WildCard Mask for a Host will be always 0.0.0.0
Router(config)# access-list <acl no> <permit/deny> <source address> <source WCM>
IP Protocol
TCP
HTTP
Telnet
FTP
SMTP
UDP
DNS
DHCP
TFTP
SNMP
ICMP
Ping
Tracert
Operators used in Extended ACL
= → Equal to = eq
≠ → Not Equal to = neq
> → Greater than = gt
< → lesser than = lt
===> Practical Access Control List [ACL]
==> Standard ACL Configuration:
Access-list (ACL-NO) Deny/Permit host (IP address)
Access-list(ACL-No) Deny/Permit <IP Address> <WildCard Mask>
Access-list(ACL-No) Permit any
Task:-
Deny :- 192.168.1.1 & 192.168.1.2 =====> 192.168.2.0
R2#Show Access-lists
R2(config)#access-list 10 deny 192.168.1.1 0.0.0.0
R2(config)#access-list 10 deny host 192.168.2.1
R2(config)#access-list 10 permit any
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip access-group 10 out
config# access-list 15 deny 192.168.2.1 0.0.0.0
Permit :- 192.168.1.2 - 192.168.2.0 Deny :- Remaining
R2(config)#Access-list 10 Permit Host 192.168.1.2
R2(config)#Interface FastEthernet 0/0
R2(config-if)#IP Access-group 10 Out
R2#show access-lists ( Check ACL )
Remove ACL
R2(config)#no access-list 10
R2#show access-lists ( Check ACL )
Standard Name ACL:
# ip access – list standard jet
# permit host 192.168.1.69
#exit
# interface fastethernet 0/0
# ip access-group jet outTo Remove Name Acl
# no ip access-list standard jet
=== 1/8/24 ===
==> Extended ACL Configuration:
Block http Single PC
Router(config)#access-list 120 deny tcp host 192.168.2.3 host 200.200.200.2 eq www
Router(config)#access-list 120 permit ip any any
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 120 in
Block http Network :
Router(config)#access-list 150 deny tcp 192.168.2.0 0.0.0.255 host 200.200.200.2 eq 80
Router(config)#access-list 150 permit ip any any
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 150 in
Block FTP Protocol
Router(config)#access-list 120 deny tcp host 192.168.2.1 host 200.200.200.5 eq 21
Router(config)#access-list 120 permit ip any any
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 120 in
(block the use of FTP server)
SMTP Block
Router(config)#access-list 121 deny tcp host 192.168.1.3 host 200.200.200.3 eq 25
Router(config)#access-list 121 permit ip any any
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 121 in
==================================
======: Incoming Mail Block :========
Router(config)#access-list 100 deny tcp host 192.168.1.1 host 200.200.200.3 eq 110
Router(config)#access-list 100 permit ip any any
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 100 in
===================================
==========: ICMP Block Between Two PC :==========
R2(config)#access-list 188 deny icmp host 192.168.1.1 host 192.168.2.1 echo
R2(config)#access-list 188 deny icmp host 192.168.1.1 host 192.168.2.1 echo-reply
R2(config)#access-list 188 permit ip any any
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip access-group 188 in
================================
==========: Telnet Block :==========
R2(config)#access-list 100 deny tcp host 192.168.1.1 host 200.200.200.254 eq 23
R2(config)#access-list 100 permit ip any any
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip access-group 100 in
==================================
===> Allow Telnet Single PC Remaining Block
R3(config)#access-list 110 permit tcp host 192.168.2.2 host 200.200.200.254 eq telnet
R3(config)#access-list 110 deny ip any any
R3(config)#interface fastEthernet 0/0
R3(config-if)#ip access-group 110 in
=================================
==========: Remove ACL :==========
R2(config)#no access-list 10
R2#show access-lists ( Check ACL )
=================================
===========: Completed :=============
-------------------------------------------------------------------------------------------
Notes:
Ip Configuration for servers
DNS Address: 200.200.200.1 for all devices
DNS server: → Services → DNS → DNS Service → ON
Name: www.google.com
Address: 200.200.200.4
ADD
Name: gmail
Name: yahoo.com
GMAIL Server: → Services → Email → SMTP Service, POP3 Service → ON
Domain name: gmail.com
User: shivani
Password: 12345
User: Imran
Password: 123456
User: Krishna
Password: 1234567
Yahoo Server: → Services → Email → SMTP Service, POP3 Service → ON
Domain name: yahoo.com
User: rajesh
Password: 12345
Google → Services → HTTP → index.HTML (Edit)
User(personal pc) - configure mail → userinfo → name, Email
Your name: imran
Email add: imran@gmail.com
Server information
Incoming mail server: gmail.com
Outgoing mail server: gmail.com
Username: imran
Password: 123456
Extended
#access-list 110 deny tcp host 192.168.1.1 host 200.200.200.4 eq www
(or)
#access-list 110 deny tcp host 192.168.1.1 host 200.200.200.4 eq 80#access-list 110 permit ip any any
Any - for destination
Any - for sourceInternet fastethernet 0/0
Ip access-group 110 in
Access-list 111 deny tcp 192.168.2.0 0.0.0.255
Host 200.200.200.4 eq 80
=== 5/8/24 ===
FTP:
Services → ON → Username:Imran, Password: 12345 → write, read, Delete, Rename, list
Command prompt:
Ftp <ip address>
Username
Password
#Access-list 112 deny tcp host 192.168.1.3 host 200.200.200.5 eq 21
#Access-list Permit ip any any
#interface fastethernet 0/0
#ip access-group 112 in#Access-list 150 deny tcp host 192.168.1.1 host 200.200.200.2 eq smtp
#Access-list 120 deny tcp host <IP address> host <ip address> eq 110
Ip access 120 out
Name ACL:
#ip access-list ?
#ip access-list Extended Telnet
R3(config-ext-nacl)# deny tcp host 192.168.2.3 host 200.200.200.254 eq 23
#permit ip any any
#interface fastethernet 0/0
#ip access-group Telnet inNo ip access-list extended telnet
No access-list 150
Ip access-list standard jetking
#deny host 192.168.1.1
#permit any
Interface fastethernet 0/0
Ip access-group jetking out
=== 8/8/24 ===
Spanning Tree Protocol (STP)
Redundant Topology
To Eliminate single point of failure, backup links are used.
This type of network is called a redundant topology.
Problem in Redundant Topologies:
Redundant topology causes
Multiple frame copies
MAC address table instability
Broadcast storms
The above problems are collectively called layer 2 switching loops.
Spanning Tree Protocol
Spanning-tree protocol is used in switched networks to avoid switching loops.
It uses a spanning-tree algorithm.
STP blocks redundant paths that could cause a loop
STP is an open standard (IEEE 802.1D)
STP Terminology
Root Switch
The switch with the best (lowest) Switch ID.
Out of all the switches in the network, one switch is elected as a Root switch. This Root switch becomes the focal point of the network.
Switch ID
Each switch has a unique identifier called a Bridge ID or Switch ID.
Bridge ID = Priority + MAC address of the switch.
Default priority is 32768.
Non-Root Switch
All switches other than the Root switch are called Non-root switches.
BPDU
Switches exchange information using Bridge Protocol Data Units (BPDUs)
BPDUs contain information that helps the switch to determine the topology
BPDUs are sent every 2 sec.
STP Port states
STP Terminology
Root port
Every Non-Root Switch must have a root port.
Only one port per switch can be the Root port.
All Root ports will be in forward state.
A Switch’s Root port is the port closest to the Root Switch
The port with the least cost.
The port with the lowest Neighbor switch ID.
Lowest Physical Port Number.
IEEE Cost Values
Designated Port Election:
Designated port
For Every segment there will be a Designated port.
A designated port will always be in forward state
The port with the least cost.
The port with the lowest Neighbor switch ID.
Lowest Physical Port Number
All ports (Trunk ports) on the Root bridge are Designated ports
STP Terminology
Non-Designated port
The ports that are neither Root ports nor the Designated ports.
These ports are blocked by STP
STP - Configuration
To Configure a switch as a Root Switch
Switch(config)#spanning-tree vlan 1 root { primary | secondary }
=== 9/8/24 ===
NAT & PAT
Network Address Translation
Private IP Address
Network Address Translation
Method of translation of private IP to Public IP address.
In order to communicate with the internet, we must have registered a public IP address.
Can be configured on Routers, firewalls, servers.
Types of NAT:
Static NAT
Dynamic NAT
Port Address Translation (PAT)
Static NAT
One to one Mapping done Manually.
Every private IP needs one registered public IP address (one : one)
Dynamic NAT
One to one mapping done automatically by NAT device.
For every private IP needs on registered IP address (one : one)
Port Address Translation (Dynamic NAT Overload)
Thousands of Private users - use single Public IP.
Use port numbers mapped to single Public IP to differentiate connections.
PAT is the real reason we haven’t run out of valid IP addresses on the Internet.
Lab Setup for NAT
Configure IP address as per the diagram.
Configure default route towards ISP from R1.
Configure static route from ISP to public IP used for translation.
Lab: Static NAT
Lab-1 Static NAT
Steps:
Configure IP address according to the diagram.
Configure default route towards ISP from R1.
Configure static route from ISP to public IP used for translation.
Configure NAT (static NAT according to the requirement)
Implementation
Verify by generation some traffic from LAN to outside servers
#show ip nat translations
R-1#sh ip int brief
R-1(config)# ip route 0.0.0.0 0.0.0.0 100.1.1.2
ISP#sh ip int brief
ISP#conf terminal
ISP(config)# ip route 50.0.0.0 255.0.0.0 100.1.1.1
Configuration of static NAT
R-1(config)#ip nat inside source static 192.168.1.1 50.1.1.1
R-1(config)#ip nat inside source static 192.168.1.2 50.1.1.2
R-1(config)#ip nat inside source static 192.168.1.3 50.1.1.3
Implementation
R-1(config)#interface fastethernet 0/0
R-1(config)#ip nat inside
R-1(config)#exit (interface facing towards LAN)
R-1(config)#interface serial 0/0
R-1(config)#ip nat outside (interface facing towards ISP)
Generate Traffic from Inside User PC (192.168.1.1)
PC>ipconfig
PC>ping 200.1.1.1
PC>ping 200.1.1.2
Generate Traffic from Inside User PC (192.168.1.2)
PC>ipconfig
PC>ping 200.1.1.1
Generate Traffic from Inside User PC (192.168.1.3)
PC>ipconfig
PC>ping 200.1.1.1
R-1#sh ip nat translations
To verify generate telnet traffic from inside user PC’s
192.168.1.1
192.168.1.2
192.168.1.3
---------------------------------------------------------------------------------------------------------------
PC>telnet 100.1.1.2
R-1#sh ip nat translations
LAB: Dynamic NAT
==> STATIC,DYNAMIC & PAT CONFIGURATION
==> ISP ROUTER CONFIGURATION
ISP(config)#interface fastEthernet 0/0
ISP(config-if)#ip address 200.200.200.254 255.255.255.0
ISP(config-if)#no shutdown
ISP(config)#interface serial 0/3/0
ISP(config-if)#ip address 10.0.0.2 255.255.255.0
ISP(config-if)#no shutdown
ISP(config)#ip route 50.1.1.0 255.255.255.0 10.0.0.1
==> R1 ROUTER
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#no shutdown
R1(config)#ip dhcp pool Jetking
R1(dhcp-config)#network 192.168.1.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.1.254
R1(dhcp-config)#dns-server 8.8.8.8
R1#show ip interface brief
R1(config)#interface serial 0/1/0
R1(config-if)#ip address 10.0.0.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2
===============================================================================
==> STATIC NAT CONFIGURATION ________________________________________________________________________
|R1(config)#ip nat inside source static <Private-IP> <Public-IP> |
|________________________________________________________________________|
R1(config)#ip nat inside source static 192.168.1.1 50.1.1.1
R1(config)#ip nat inside source static 192.168.1.2 50.1.1.2
R1(config)#ip nat inside source static 192.168.1.3 50.1.1.3
===> Implementation <===
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip nat inside
R1(config)#interface serial 0/1/0
R1(config-if)#ip nat outside
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 50.1.1.1:10 192.168.1.1:10 200.200.200.10:10 200.200.200.10:10
icmp 50.1.1.1:11 192.168.1.1:11 200.200.200.10:11 200.200.200.10:11
icmp 50.1.1.1:8 192.168.1.1:8 200.200.200.10:8 200.200.200.10:8
icmp 50.1.1.1:9 192.168.1.1:9 200.200.200.10:9 200.200.200.10:9
===============================================================================
#==========> Remove Static NAT Configuration <==========#
R1#clear ip nat translation *
R1(config)#no ip nat inside source static 192.168.1.1 50.1.1.1
R1(config)#no ip nat inside source static 192.168.1.2 50.1.1.2
R1(config)#no ip nat inside source static 192.168.1.3 50.1.1.3
===============================================================================
#==========> DYNAMIC NAT CONFIGURATION <==========#
________________________________________________________________________________
|R1(config)#Access-list <No> Permit <Source> <Wildcardmask> |
|R1(config)#ip nat pool <Name> <Start Pub-IP> <End-Pub-IP> netmask <Subnet-Mask> |
|R1(config)#ip nat inside Source list <ACL-No> <Poolname> |
|________________________________________________________________________________|
R1(config)#Access-list 50 Permit 192.168.1.0 0.0.0.255
R1(config)#IP Nat Pool MCC 50.1.1.1 50.1.1.2 Netmask 255.255.255.0
R1(config)#IP Nat Inside Source List 50 Pool MCC
===> Implementation <===
R1(config)#Interface FastEthernet 0/0
R1(config-if)#IP Nat Inside
R1(config)#Interface Serial 0/1/0
R1(config-if)#IP Nat Outside
R1#SHow IP NAT Translations
Pro Inside global Inside local Outside local Outside global
icmp 50.1.1.1:1 192.168.1.3:1 200.200.200.10:1 200.200.200.10:1
icmp 50.1.1.1:2 192.168.1.3:2 200.200.200.10:2 200.200.200.10:2
icmp 50.1.1.1:3 192.168.1.3:3 200.200.200.10:3 200.200.200.10:3
icmp 50.1.1.1:4 192.168.1.3:4 200.200.200.10:4 200.200.200.10:4
===============================================================================
#==========> Remove Dynamic NAT Configuration <==========#
R1#clear ip nat translation *
R1(config)#no IP Nat Inside Source List 50 Pool MCC
R1(config)#no IP Nat Pool MCC 50.1.1.1 50.1.1.10 Netmask 255.255.255.0
R1(config)#no Access-list 50
===============================================================================
#==========> PAT CONFIGURATION <==========#
________________________________________________________________________________
|R1(config)#Access-list <No> Permit <Source> <Wildcardmask> |
|R1(config)#ip nat pool <Name> <Start Pub-IP> <End-Pub-IP> netmask <Subnet-Mask> |
|R1(config)#ip nat inside Source list <ACL-No> <Poolname> Overload |
|________________________________________________________________________________|
R1(config)#Access-list 50 Permit 192.168.1.0 0.0.0.255
R1(config)#IP Nat Pool Pune 50.1.1.1 50.1.1.1 netmask 255.255.255.255
R1(config)#ip nat inside source list 50 pool Pune overload
===> Implementation <===
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip nat inside
R1(config)#interface serial 0/1/0
R1(config-if)#ip nat outside
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 50.1.1.1:1024 192.168.1.2:1 200.200.200.11:1 200.200.200.11:1024
icmp 50.1.1.1:1025 192.168.1.2:2 200.200.200.11:2 200.200.200.11:1025
icmp 50.1.1.1:1026 192.168.1.2:3 200.200.200.11:3 200.200.200.11:1026
icmp 50.1.1.1:1027 192.168.1.2:4 200.200.200.11:4 200.200.200.11:1027
===============================================================================
*******************************************************************************
================================ Completed ====================================
=== 10/8/24 ===
==> DHCP Snooping
R1:- 192.168.1.254/24 DHCP Configure
R2:- 192.168.2.254/24 DHCP Configure
Go To Switch And Configure DHCP Snooping:==========
S1#SHow IP DHcp SNooping
Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
none
Insertion of option 82 is enabled
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Interface Trusted Rate limit (pps)
----------------------- ------- ----------------
S1(config)#INterface FastEthernet 0/24
S1(config-if)#IP DHcp SNooping
S1(config)#IP DHcp SNooping VLan 1
S1(config)#NO IP DHcp SNooping Information Option
S1(config)#INterface FastEthernet 0/24
S1(config-if)#IP DHcp SNooping Trust
S1#SHow IP DHcp SNooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:1
Insertion of option 82 is disabled
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Interface Trusted Rate limit (pps)
----------------------- ------- ----------------
FastEthernet0/24 yes unlimited
S1#
Note:- R2 Will Not Provide IP Address To The Client
========================================:COMPLETED:========================================
=== 13/8/24 ===
==> Border Gateway Protocol (BGP):
==> Switch Backup:
Switch#interface vlan1
Switch#ip address 192.168.1.254
Switch# ping <tftp server IP>
Switch# copy tftp: startup
==> Access Point:
Comments
Post a Comment